The security concerns associated with mobile payment solutions relate primarily to three questions:
- What happens if the smartphone is stolen?
- How tamper-proof are contactless transactions?
- Who guarantees data security and privacy?
In principle, mobile payment is no less secure than other cashless payment methods. Under certain circumstances, the new technology may even offer more protection than the established systems.
If the smartphone is lost, it’s virtually impossible for someone to complete any unwanted transactions. All common payment apps require the display lock to be activated. An unauthorized third party would first have to authenticate themselves as the owner to be able to use the device’s payment functions. In addition, bank data is only stored in encrypted form (if at all) on the end device. The situation is different with the classic credit card, where the card numbers are stamped directly onto the card for everyone to see.
It is also unlikely for a user to accidentally initiate a transaction on a mobile payment app. Transmission via NFC only works over a distance of a few centimeters. If you want to pay with your smartphone, you have to hold it directly over the POS terminal. In addition, the user must have activated the NFC chip and usually also the payment app. The short range of the NFC technology also protects the user against access by third parties. In addition, all transaction data is transmitted exclusively in encrypted form and is therefore worthless to unauthorized persons.
As far as data protection is concerned, the evaluation of mobile payment solutions varies from provider to provider. However, all of the providers introduced in this article encrypt the transaction data and at least hide it from the retailer whose POS terminal is used by the app. In this respect, mobile payment offers significantly better protection than classic card payments. However, users should know to what extent the app provider has access to the data and how it is processed. For example, while Apple claims that it only sends transaction data to its payment service provider in encrypted form, Google reserves the right to collect extensive transaction data and use it to operate its own services in accordance with the Google Payments Privacy Notice. This includes the following data:
- Date
- Time
- Amount of the transaction
- Dealer location and description
- Description of goods purchased
- Names and email addresses of buyers and sellers
- Payment method used
- Reason for the transaction
- Transaction-related offers