the growth of mobile payments
DESCRIPTION
The Growth of Mobile PaymentsTRANSCRIPT
MOBILE PAYMENTS MARKETS
THE GROWTH OF MOBILE PAYMENTS The growth in mobile payments is quite impressive. Mobile payments are expected to grow to over $1.3 trillion worldwide by 2017, a growth of over 400% since 2012. Breaking down how mobile payments are being used gives some insight into the role of mobile devices as a payment vehicle. Figure 1 separates out the ways that payments are really being made. The vast majority of mobile payments – $726 billion in 2015 – are being used for purchases that appear on phone bills. Historically, this has included games, ring tones and screen savers.
Key Growth Drivers:
1. Increasing Mobile Commerce industryMerchant purchases using the mobile device as the payment device or through a mobile payment service is the third most popular application – about $177 billion in 2015. An example is the use of PayPal from a mobile device to make purchases from an on-line commerce site
2. Ease of Payments3. Ability to Purchase a wider basket of goods and services via mobile payments
A wider array of goods and services are being offered via mobile payments Eg. Groceries4. Substitution of existing transfer services like Western Union with mobile payment systems
Like Airtel Money, M-PESA5. Mobile Banking
Over 75% of banks provide some kind of mobile banking capability to their customers. Nearly 50% of smart phone owners used mobile banking in the last year, while nearly 30% of all mobile phone owners have used mobile banking in the last year
6. Reduced CostsMerchants have several motivations for providing mobile banking and mobile payments. Beyond customer retention, Merchants can also improve the cost of providing services.
7. Increased reach across geographies8. Transaction Fee Capture
Growth Inhibitors:
1. Security Issues: Authentication2. Commercial Infrastructure3. Regulations4. Cash Endpoints
Significant Security Issues:
A core issue for reliable mobile payments is Authentication. Merchants and banks need assurance that the party at the mobile end of a transaction is who they appear to be. Three general strategies have emerged to improve authentication. First, the use of authentication technology used by other payment processes is being promoted. One example is EMV, implemented in mobile devices through NFC. The experience with the EMV technology has provided a risk profile that banks and merchants have been able to accept. Second, multifactor authentication is being developed. Specifically there is work looking at how to incorporate various kinds of biometrics into the authentication Importance of mobile banking to consumers Country Important or very important Brazil 60% India 55% China 46% US 23% Global average 33% Mobile payment processing Conventional credit card processing 73 process, such as voice identification, iris scans, gesture recognition and finger print analysis. Third,
there is deployment of back end analytic identification prediction, sometimes called continuous authentication or frictionless authentication.
Conventional Credit Card Payment Mechanism
Mobile Payment Mechanism
Major Players:
Alipay Network Technology Co. Ltd. American Express Company Citrus Payment Solutions Google Inc. MasterCard Inc. Microsoft Corp. Inc. Oxigen Services (India) Private Limited PayPal Inc
The Mobile Payment Ecosystem:
The mobile payment ecosystem involves the following types of stakeholders:• Consumers• Financial service providers (FSPs)• Payment service providers (PSPs)• In-service providers (merchants), including content providers• Network service providers (NSPs)• Device manufacturers• Regulators• Standardization and industry bodies• Trusted service managers (TSMs)• Application developers
Mobile Payment Risks:
Target Type
Vulnerability Threat Risk Counter Measures
User Inadvertent installation of
malicious software on
mobile phone by user
Downloaded application intercept of
authentication data
Theft of authentication
parameters, information disclosure, transaction repudiation
Authentication of both user
(PIN) and application
(digital signature by trusted third
party), TPMUser Absence of
two-factor authentication
User masquerading
Fraudulent transactions,
provider
Two- Factor Authentication
Service Provider
POS system accepts OTA
transmissions
Malicious party floods POS system
with meaningless
requests
Denial of Service (DoS)
Request filtering at reader based
on mobile device-reader
relative geometry
Security Best Practices:
1. Authenticate the user-application-device triplet:
• Once the application is installed, there’s a strong binding of the couple application-device.
The specific installed application is identified through a unique identifier that, during the
authentication phase, is utilised in combination with device-specific information (such as
device identifier) to authenticate the combination of application and device.
• There is a strong user authentication giving a high level of assurance that your customer is
actually using that particular installation of the application on that particular device
2. Secure design: The first headline of MSDN’s “Lessons learned from five years of building
more secure software” is: ‘It’s not just the code’. According to them, many vulnerabilities are
design issues and not related to coding at all.
3. Secure application deployment: In the deployment phase, make sure your customer is
directed to, and installs, the correct application. This can be achieved in many different ways
and can have varying degrees of impact on the user experience. The recommendation here
is to design a secure application deployment process that keeps your risk within tolerance,
without deteriorating the user experience too much.
4. Upgrade through the official application stores: Make sure you actively warn against the
customer installing upgrades from other sources. Be aware of security issues that might
allow fraudsters to publish application upgrades that appear to have been signed and built
by you.
5. Maintain the application: make sure that changing circumstances (e.g. new Operating
Systems) do not affect your application security and that release management includes
proper source code control and versioning.
6. Sensitive data not recoverable: make sure that you store the minimum set of sensitive data
on the device and that it is not possible to recover usable data on lost and stolen devices. If
this is not achievable for the design of your product, make sure you devalue the usable data
that can be recovered (e.g. tokenisation).
7. Cover time: make sure you obfuscate the data and code in your mobile application to
protect against reverse engineering. Make sure you have carried out a cover time analysis
and know how long it will take before your obfuscation cannot be considered secure
anymore (this requires up to date expertise on the latest attack methods).
8. Hiding/obfuscation of keys: Make sure you obfuscate keys that have to be stored as part of
your mobile application and that you protect them with a recognised mechanism, such as
key wrapping. You may want to use hardware backed key storage when available.
9. App integrity protection: you may want to implement mechanisms to protect the
application integrity to mitigate the risk of malware trying to modify or gain access to your
installed applications or data.
Info graphics Compiled From Search Engine Research
References:http://www.cgap.org/blog/drivers-mobile-money-profitability
http://www.strategyr.com/MarketResearch/Mobile_Wallet_Market_Trends.asp
http://www.futuremarketinsights.com/reports/global-mobile-p ayment-transaction-market
http://www.visaeurope.com/media/pdf/secure%20mobile%20payment%20systems%20guide.pdf
http://www.researchgate.net/profile/Mark_Sherman4/publication/266657628_An_introduction_to_mobile_payments_market_drivers_applications_and_inhibitors/links/547de5170cf27ed9786255f4.pdf?inViewer=true&&origin=publication_detail&inViewer=true