Mobile Payments and the Internet of Things (IoT) Driving Security Concerns

Mobile Payments and the Internet of Things (IoT) Driving Security Concerns
Posted: Feb 19, 2016
Comments: 0
Author: Lou Grilli

10 Steps Credit Unions Should Take To Keep Member Data Safe

Taken at face value, mobile payments are considered more secure than credit cards, even more secure than EMV chip cards. Unlike chip cards, the payment credentials stored on the phone or watch are tokenized, whereas the chip card has the actual card number on the chip. Also, the phone requires an additional authentication (a fingerprint or a passcode) which the card does not require. This is the current case with Apple/Samsung/Android Pay. But there are other forms of payments both in the market and in start-ups whose focus is not on security. These start-ups are working on merchant-specific payment and loyalty apps, on-demand service apps, pay-at-the-table apps, and the vulnerability of these new forms of payments are driving increased security concerns.

In a survey of 3,700 IT security practitioners conducted by the Ponemon Institute on behalf of Gemalto, 54% of the companies represented have had their payments data breached four times in the last two years. This number is expected to rise as new payment forms are introduced and new payment disruptors enter the industry. The two most common problems cited are not being PCI DSS compliant, and lack of encryption.

If demonstrations at trade shows are any prediction of the near future of payments, then there will be many new forms of payments going on. The Amazon commercial shown at the end of the Super Bowl where Alec Baldwin asks his Amazon Echo to order replacement socks; a Tesla performing self-diagnosis, and ordering parts and scheduling service; and the Samsung smart refrigerator that has a camera inside to monitor food, and order groceries for delivery, are all harbingers of the future of “things” that will be making payments on our behalf.

But all of these connected devices are like adding more windows to the building – you’re creating more points of vulnerability, as demonstrated by the fact that the fridge has already been hacked and gmail credentials were compromised. Likewise, security researchers were able to show how the connected Tesla could be hacked (Tesla had a security patch remotely downloaded before any real hackers could take advantage).

So does all this imply that credit unions should avoid fraud by shunning the future of payments? Of course not! There are several recommendations to help keep your members data safe.

10 steps credit unions should take to keep member data safe

  1. Enroll your BINs in tokenization programs with your processor.
  2. Enroll in Visa Checkout or MasterPass.
  3. Implement mobile alerts.
  4. Enroll your BINS in Apple/Samsung/Android Pay and other tokenized wallets.
  5. Establish daily parameter controls with your processor such as daily limits, etc.
  6. Monitor closely for patterns.
  7. Make sure all of your vendors and suppliers are PCI DSS compliant.
  8. Raise fraud awareness among staff and double down on fraud training.
  9. Encryption. Credit unions should go above and beyond minimum requirements for PCI data security.
  10. Educate your members to:
  • Avoid clicking on suspicious links in emails, tweets, posts, or anywhere!
  • Never download 3rd party apps unless they are vetted and certified by Google or Apple and come directly from the Apple App Store or Google Play.
  • Protect their passwords, use strong passwords; don’t re-use the same password across multiple sites and apps.
  • Avoid using public Wi-Fi for banking or shopping.
  • Pull a free credit report once a year. There are three credit reporting bureaus – you can stagger them so you get a free report every four months.
  • Turn on mobile credit card alerts.
  • Choose signature when using their debit card, or use a Visa or MasterCard-branded chip credit card.

Credit unions need to assure members that the digital wallets and online wallets being enabled for debit and credit cards, namely Apple/Samsung/Android Pay as well as Visa Checkout and MasterPass, have the proper safeguards in place, and are backed by your zero liability on Visa and MasterCard signature rails.


Lou Grilli

Lou GrilliLou Grilli

Lou is the Director of Payments Strategy at CSCU and is responsible for providing leadership to the organization for emerging payments and industry trends, as well as managing the product portfolio.

Other posts by Lou Grilli

Full biography , Contact author

Please login or register to post comments.


Featured Stories