Mobile Payment Security
Answered by Jason Oxman, CEO, Electronic Transactions Association on August 1, 2013
Ronnie Carwell, Owner of Carwell Plumbing, Garner, NC asks:
When using a mobile payment processor, what customer information is stored on the phone, if any, and how can the information stay protected?
Expert Jason Oxman answers:
The majority of consumers’ basic identification information is contained and protected on the SIM card in the phone. This information is used by the mobile payments technologies to identify and confirm a payer’s identity. The SIM card does not retain payment account numbers, PINs, security codes, passwords, and the like.
As to what personal information is stored on the phone itself, it varies depending on the method of payment – there are cloud-based wallets (Google); there are NFC wallets (ISIS); there are payment apps (Starbucks); and there is carrier billing (charges appear on your phone bill). Each of these methods has different ways of utilizing the phone owner’s information to initiate and confirm transactions. These vendors have detailed information in regards to data collection on their websites.
ETA, through its Mobile Payments Committee (MPC), is working diligently to address the important issue of consumer protection in mobile payments services. The MPC is an industry-wide task force of 100 representatives from top companies in the innovative market of mobile payments, including credit card networks, processors, mobile network operators, developers, financial institutions and device manufacturers. The ETA MPC is tasked with developing and implementing solutions to the complex policy and business issues surrounding the emergence of mobile payments in the U.S. and globally. Please visit the MPC page to access guidance and resources for Merchants accepting mobile payments.