From a security standpoint, there’s really no difference between Internet banking and mobile banking and payments. In fact, there’s even more security with mobile, because there’s less personal information on the connecting device itself, compared to when you’re doing Internet banking from a PC.
The main “security” hurdle to overcome for mobile banking and payments is consumer confidence, and we know that’s growing at a rapid rate.
Ten to fifteen years ago, we were still getting used to the idea of Internet banking and shopping, which represented a pretty big shift in mindset and behavior. It took time for banks and retailers to get online and refine their offerings, and for consumers to adjust. I think the transition to mobile will be much easier and faster. SMS provided the means for one kind of mobile payment, but thanks to smartphones with Wi-Fi, browsers and other applications, “mobile” is now almost synonymous with “online,” so the “leap” to mobile is really going to be more like a sidestep.
Just look at the acceleration of payment applications released in the last year, including Starbucks Card Mobile, Google Wallet and Card Case from Square. (See my previous post for more on Google Wallet.) Think about the explosion of person-to-person (P2P) payments worldwide. (Read my June 15th post for more on this.) Consider all the announcements from manufacturers who are building near-field communication (NFC) chips into the phones, and the Nexus S Android phone, which already has it built in. NFC chips add more security to phones than we ever had on a PC.
I don’t mean to downplay the risk that’s built into the devices themselves. Their small and light weight makes them easy to carry, but also easy to lose and steal. From that standpoint, the best defense is strong password protection, and making sure you know how to use the remote wipe capability, so you (or your IT department) can remove all of your personal information if the need arises. Additionally, payment services are protecting individual transactions as well by requiring the user to enter a PIN or password before the payment goes through.