Are you a business owner considering accepting mobile payments in person or on your mobile website and wondering what risks might be involved- in this evolving terrain?
“It is easy to plan for many risks individually – however, the wide and varied nature of the risks associated with the changing and rapidly growing mobile payments sector creates a whole array of risks that will challenge even the best of plans and strategies for addressing problems within the mobile payments sector,” corporate risk analyst Bill Trueman said in a July 2013 RealWire article.
Take Uber, for example, a startup founded in San Francisco founded to modernize the cab experience. They take credit card payments in a very different way than traditional cab companies that use card readers. Uber is a cab service users request rides from through an application on their phones so when travelers land at a major airport they can open the app, request a ride, walk straight past the long cab line, and get into a luxury ride. It’s a great option for travelers going to major cities like New York, D.C. or Dallas.
One of the biggest perks is the hassle free “checkout” for riders. There’s no credit card swipe or “cash only” policy. Riders’ put their credit card information in the app once and Uber saves it. That’s it. They do not have to swipe, sign, or anything. It’s brilliant – or is it?
So is Uber taking any sort of risk in exchange for consumer convenience?
“Uber holding [consumers’] card numbers, that makes me nervous,” Deb Brazie, special investigator for Elavon, said. “Can they be hacked? How much access do employees have? Any time they hold [consumers’] numbers that makes me nervous.”
Business owners should take measures to protect consumer data very seriously, or they could end up facing large financial penalties for data breach or even worse, losing their business.
What other steps should businesses take for protection when accepting payments on a smartphone, tablet, or other mobile device?
Here are few basic steps we recommend business owners implement:
• Download antivirus software on the related devices (Such as Malwarebytes, Kaspersky, McAfee, or AVG which is FREE for mobile)
• Only allow employees to connect to secure networks when accepting payments (Including password protected networks, the device’s 3G/4G network, a MiFi, server, or cloud)
• Don’t jailbreak (unlock and modify the operating system) any devices
• PCIComplianceGuide.org recommends turning off a “store and forward” feature on wireless devices, reducing the risk of any breaches.)
• When downloading other apps, do not allow it to access stored data such as photos or contacts
So while businesses continue to modernize, it’s a smart move for owners to keep security front of mind in this evolving space so they’re not left paying the FTC or losing a business due to data breach.