ENISA: Security of Mobile Payments and Digital Wallets

In the last couple of years we have been witnessing a paradigm shift moving from cash to digital payments on goods and services. For most consumers this shift represents a desire for convenience over the traditional physical wallet. However, the transition to digital solutions is not without risk.

A survey of more than 900 security experts concluded that only 23% of them believe that mobile payments are currently sufficiently robust at keeping personal information safe, nearly half of respondents (47%) felt that mobile payment applications offer no security and 30% of respondents were unsure.

The European Union Agency for Network and Information Security (ENISA) has produced a report that identifies current threats – recommendations to mitigate them – and guidelines to assist mobile payment developers and mobile payment providers towards the recommended security controls.

Some of the key threats identified by ENISA are:

  • Mobile user threats: installation of rogue and malware applications, phishing and social engineering.
  • Mobile device threats: unauthorized access, lost or stolen device.
  • Payment Network Providers threats: token service compromise and denial of service issuer’s threats – payment authorization process compromise, token data compromise.
  • Mobile Payment Applications Providers threats – compromise of sensitive data, compromise of user profile managed in the cloud, token compromise and denial of service attacks

Some of the key recommendations are:

  • Customers should follow a number of minimum security measures that should be required to securely use their application.
  • Mobile payment providers should have a reliable and accurate fraud monitoring system which reliably detects transactions outside the customer’s baseline.

You can download the full report on threats, recommendations and guidelines for implementation of new technology here.