The Green Sheet Online Edition
September 12, 2016 • Issue 16:09:01
Mobile debit shift
The notion that mobile wallets could one day displace other forms of payment is gaining traction. A recent Gallop poll of American consumers concerning cash payments revealed that 62 percent of respondents expect the United States to become a cashless society within their lifetimes. And the sentiment was voiced most strongly by millennials; 56 percent polled in this group expressed discomfort with having cash on hand.
Reluctance by younger age groups to bank or rely strictly on traditional payment methods is expected to kindle the mobile flame. According to the Pulse 2016 Debit Issuer Study, two-thirds of issuers had debit cards eligible to be loaded into a mobile wallet in 2015, a significant uptake since less than one-third had that capability the year before. However, the availability of mobile debit so far has not translated into large scale usage. The study confirmed that mobile debit has greater adoption with financial institutions than with cardholders. Currently, Apple Pay dominates the market comprising about 3.5 percent of eligible cards loaded to its mobile wallet, compared with 0.2 percent apiece for Samsung Pay and Android Pay.
That said, Samsung Pay and Android Pay are experiencing higher usage rates than Apple Pay. During the month of January 2016, each averaged 1.8 and 1.7 transactions, respectively, per enrolled card, compared with 0.7 transactions for Apple Pay, the study stated. All totaled, the trio generated about 8 million debit transactions the first month of this year.
"Despite limited usage, mobile payments have now become a table-stakes offering for financial institutions," said Tony Hayes, a Partner at Oliver Wyman Group, who co-led the study. "Issuers foresee a near-term boom in mobile payments – nearly half of issuers project mobile payments to make up over 25 percent of debit transactions in five years' time. That would make mobile a primary payment method."
Time will tell
As financial institutions move to support mobile payment options, including debit, competition continues to heat up among mobile wallet rivals. With the exposure of a recent spate of mobile wallet vulnerabilities, having secure EMV (Europay, Mastercard and Visa)-enabled debit cards uploaded into mobile wallets may offer relief for wary customers, but not entirely.
An August Check Point Software Technologies Ltd. blog post detailed a set of four vulnerabilities, nicknamed 'Quadrooter,' affecting 900 million Android smartphones and tablets that use Qualcomm Technologies Inc. chipsets. With an estimated 65 percent share of the long-term evolution (LTE) chipset market, Qualcomm is a dominant player.
According to Check Point, if any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations to gain root access to devices. Unfortunately, immediate patches are not forthcoming. Distributors and carriers of the Qualcomm chipsets can issue security patches only after receiving fixed driver packs from the original source. This could be an ongoing problem for companies like Samsung that rely on third-party vendors.
"This situation highlights the inherent risk in the Android security model," wrote Check Point research team member Adam Donenfeld in the company's blog post. "Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data."
Security patches, like vehicle recalls, require users to participate in correcting the problem. As long as security vulnerabilities are present in mobile device environments, users remain ripe targets for exploitation by fraudsters. It only takes one malicious app to arm an attacker with such capabilities as keylogging, GPS tracking, and recording video and audio, Check Point noted.
The firm offers a link to scan devices for the Quadrooter threat vulnerability at: https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter. Check Point also posted a list of mobile security recommendations suggesting that users upload security updates immediately, examine new apps prior to installation, use only trusted Wi-Fi networks, avoid apps from third-party sources, and install mobile security solutions to detect suspicious behavior on mobile devices, similar to precautions taken with personal computers. As a new generation of mobile users exerts pressure on debit over cash, backed by a flotilla of security protection, the groundwork for a cashless society is now being laid.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.