News

Mobile Payment Sector at Risk

Riskskill, a division of UKFraud is warning that the expected rapid growth of the global mobile payments market will create a potential cocktail of different risks that pose new challenges for risk managers and other stakeholders in the sector.

In its latest research, Riskskill studied developments in the mobile payments (M-Commerce) arena, i.e. all types of mobile payment services including mobile money and mobile wallets, which are subject to financial regulation and performed from or by mobile devices. Riskskill identified where it feels the key areas of risk lie in the sector. These include:

1.The Scale of Sector Growth and Technology Change.

With commentators suggesting that the mobile payments sector will reach US $1 trillion in global transactions by 2015, the Riskskill research highlights that many risk professionals are concerned by the sector’s significant rate of growth. In Riskskill’s view, this rapid growth could mean that many proven risk strategies, once thought of as realistic and elastic, could be left out of touch in the medium term and lack the solid infrastructure required to be able to accommodate such growth.

Riskskill recognises that as a consequence of this growth, one of the greatest challenges to the development of plans and strategies that align organisations within the mobile payments sector is not only the diversity of sources of change but also the sheer speed of technology change be this hardware, software or the technology platforms used.

According to Riskskill, the main ‘mobile payments’ players are now extremely keen to produce the next ‘big thing’ and this is reflected in the significant investment being made by these key players. Many feel that Apple with its i-infrastructure and significant market presence has the potential to launch something ground-breaking within iOS7. Other market leading names such as PayPal, Google and Amazon are also likely to have a significant and positive market impact with upcoming developments of their own, as will global and EU based telecom infrastructure owners. The international card schemes too, believes Riskskill, have a positive influence on the development route(s) in the sector as will many other highly innovative and respected third parties including: iZettle and mpowa.

Riskskill believes that it is the technology organisations that act the most responsibly and altruistically now that will help minimise market risks over time. They are concerned though that in the rush to ‘jump on the bandwagon’, smaller players will adopt solutions that are based upon outmoded foundations and infrastructures. If this happens some regulators and stakeholders could struggle to keep up with the pace of technology change. This could mean that they might be unable to introduce the safeguards, protected environments and fraud prevention methodologies that are required at this early stage of market evolution. Fraud is deemed to be the greatest risk here. The fraudster thrives in such fast-paced environments, especially when there is no history, formality, process standards, anti-risk architecture or common IT foundations. Typically, fraudsters just ‘adapt’ and outsmart their targets.

2.Globalisation of Mobile Payments

Riskskill also points to the rapid spread of mobile payments globally, with the explosive growth of M-Commerce in China, India, Latin America and the Far East. Recent data from the ITU (International Telecommunication Union) points to global mobile subscriptions now reaching 6 billion. In some of these newer territories, the mobile payments sector is compensating for the lack of a physical and sufficiently robust banking structure and therefore proves extremely popular. Consequently, whilst the growth figures are impressive, the rate of growth could draw into question whether the existing and on occasion nascent regulatory systems and controls are sufficient to cope. Indeed, Riskskill believes that the most worrying aspect of this global spread is whether the technical and security infrastructures are built and based upon the solid foundations required.

3.Consumer Communication and Information Risks.

In addition, in the mobile payments sector there is, Riskskill believes, a continuous stream of new financial products that are all seeking to outdo each other in the eyes of providers and consumers. Riskskill is concerned that alongside other areas of rapid market change, a fast churn of product lifecycles and the sheer variety of product nomenclature might cause consumers to become confused and thus more vulnerable to fraudsters exploiting their confusion. This will also be compounded by the absence of adequate fraud systems which will not have been put in place by all the main players, at an early stage, as some will only just have kept up with competitive product development.

4.Standards and Regulation Outpaced?

The impact of such a rapid evolution of technology and financial products could threaten the applicability and implementations of many existing ‘standards’ programmes. Other newer standards will need to be evolved, although these too might still struggle to keep up with the rate of change. Riskskill believes that as there is such a broad range of organisations and bodies from which such standards might come, that this in itself could cause confusion for market stakeholders and consumers alike. Once again, the most likely beneficiary of such confusion could well be ‘professional’ fraudsters. The hope is then, says Riskskill, that standards bodies will harmonise with other similar organisations around them, especially those who take a lead.

Riskskill believes that there are a number of widely regarded bodies whose intervention could have a major impact in reducing market risk. This includes highly respected organisations such as UK Payments (formerly APACS), the ISO or the European Payments Council, which could potentially, some feel, develop a new SEPA-type regulation for the mobile payment sector. Other widely acclaimed and respected card schemes (such as: Visa / MasterCard etc.) might also take a lead as they have a strong commitment to acting responsibly and correctly in the market.

Riskskill believes that if the standards that do emerge could drive the right risk–reduced conditions, it could in turn lead to both an evolution and a revolution in M-commerce practice and risk management. This could then prove to be a facilitator for wider adoption of mobile-based NFC /contactless payments.

Riskskill has also studied whether the effects of the ‘potential standards debacle’ might also have a ‘knock-on’ effect upon government regulation too, as there is always the possibility that more interventionist governments might take the opportunity to play a constructive role. Riskskill feels that with the respected EU Cyber Security Directive focussing on setting good foundations with the Network and Information Security standards in individual member states, the current thrust seems potentially a long way from specifically addressing mobile payments. In the UK, Riskskill questions whether the government is likely to drive innovation in this area, as the risk, payments and fraud skills within the leading departments (Cabinet Office, FED and the National Fraud Bureau) might not be those required to lead direction and strategy in the mobile payment sector.

Understandably, much of their current focus, many feel, is deployed in addressing the public sector fraud element of the UK’s existing £52 billion fraud problem, as defined by the AFI statistics produced by the National Fraud Authority.

Riskskill’s CEO Bill Trueman believes that whilst the risk in each of these areas can be incorporated into risk strategies, the combined effects are harder to predict. In his view, “It is easy to plan for many risks individually – however, the wide and varied nature of the risks associated with the changing and rapidly growing mobile payments sector creates a whole array of risks that will challenge even the best of plans and strategies for addressing problems within the mobile payments sector. This is a simply enormous issue to address. Organisations and indeed many governments are often now too ‘silo based’ to evolve direction and protection from the attacks in a market that is so rapidly evolving. The ideal solution for leading sector stakeholders should be to drive proper standards through appropriate bodies that will in turn drive both a governmental and a business response globally. It’s a ‘tall order’ and only time will tell if it is possible.”