Transcript of "27 sep today's manager mobile payments_life is more secure in the cloud"
Client : PayPal Country : SingaporePublication : Today’s ManagerDate : 27 April 2012Topic : Mobile Payments: Life is More Secure In The CloudURL : http://m360.sim.edu.sg/article/Pages/Mobile-Payments.aspx?skw=PaypalVisitorship : NAMobile Payments: Life is More Secure In The CloudWITH so much focus on mobile and digital wallets these days it’s understandable that the security offinancial information on mobile devices is a hot topic. However, mobile done right can actuallyincrease the security of this information from its current plastic incarnation, depending on theapproach.First, to clear up some confusion. A “mobile wallet” and a “digital wallet” are not the same thing. A“mobile wallet” refers to when the actual mobile phone becomes the wallet. All relevant financialinformation such as bank account and credit-card numbers are stored on the mobile device and theuser needs to actually have the phone with them for the transaction to be possible. Payments aremade using Near Field Communications technology embedded in the phone in card emulation modeand the device is waved over a special terminal at a retail location for payment.
A “digital wallet” is something different. Digital wallets exist in the cloud and they are not tetheredto any one specific device such as a mobile phone, but are accessible from a variety of devices and ina number of ways–from a physical card or a mobile phone number and PIN to a mobile device in NFCpeer-to-peer mode. Sensitive financial information is stored in the cloud, not on the actual device.I’m a firm believer in the cloud approach to a digital wallet and let me explain why.The most significant problem with the “mobile wallet” approach is rather obvious. Putting aside themany challenges such as consumer adoption or expensive technology upgrades for retailers, thisapproach puts consumers at unnecessary risk. Asking someone to permanently store critical detailsabout their financial lives on their mobile phones opens up a world of problems if the phone is lostor stolen. Suddenly every bit of financial information is exposed to potential theft. To be so utterlydevice dependent when dealing with such sensitive information puts the user at a very high, andvery avoidable, level of risk.The “digital wallet” approach relies on the inherent security of the cloud. This is where a consumer’sfinancial information lives, not on their phone. They can access their “wallet” anytime, anywhere, nomatter what device they’re using, and they never have to worry when they switch devices orupgrade phones. Even if the phone is lost or stolen there’s no need to worry. Of course, we alwaysrecommend that our customers protect their phones with a PIN as a first line of defense.All sensitive financial information is stored safely in the cloud, not on the device. This is an intuitivelysmarter approach. The risk of financial information being compromised is dramatically reduced, yetthe consumer still gets all the functionality and flexibility of being able to make mobile payments.Look at it this way: if your phone gets stolen and all your financial information is on the device, andthe thief began making transactions, it would almost be impossible to tell if it was really you. Withthe cloud approach your account is constantly being monitored. So, for example, if a transaction ismade by you in San Francisco on your desktop computer, then 10 minutes later one is made in Parison your phone, it will immediately be clear that something’s wrong.As mobile phone and mobile device use continues to explode, there’s no doubt consumer habits formaking payments will continue to evolve in ways we have yet to imagine. As this happens, thesecurity of financial information will become increasingly more important and will be forced to keeppace with the rapid changes in technology.In my opinion, the “digital wallet” that exists in the cloud offers this security now, while offering theflexibility of not being dependent on a specific mobile device.Author blurb: Prashanth Ranganathan is director of mobile security and risk for PayPal. He waspreviously CEO of Truvie, an early stage developer of real-time fraud detection software that wasacquired by PayPal in 2011.
Prashanth Ranganathan is director of mobile security and risk for PayPal. He was previously CEO ofTruvie, an early stage developer of real-time fraud detection software that was acquired by PayPalin 2011.