One of the most important things that retailers have to do is adapt to the changing times. It is why electronics stores now sell iPods and MP3 players instead of CD players and Walkmans and why video game retailers now sell digital download codes alongside boxed discs.

One of the next frontiers of 'change', is widely believed to be mobile payments as developers and smartphone makers create software and phones that can process transactions on the go.


Many of today's smartphones and tablets have fingerprint sensors in their 'home' buttons, allowing for an added layer of security. Apple has rolled out its Apple Pay NFC (near-field communication) system while Google has launched the Android equivalent, Android Pay.

And then there examples like PayPal (which lets you bump iPhones together to transfer money to someone), Square (which allows mobile devices to read credit cards as well as process payments from them), and Google Wallet which promotes itself as "a fast, free way to send and request money".

With all of these listed, it would be easy to believe that mobile payments are catching on fast; and in some respects they are. However, it's not being adopted quickly everywhere, as although 65% of those in the Asia-Pacific region are confident about linking their cards to their mobile devices, just 41% of those in North America are willing to do the same (according to Nielsen). And in Europe, another Nielsen survey stated that only 40% would pay in stores if their cards could be stored securely on their mobile devices, 22% are on the fence and 38% are against the idea altogether.

So what is the reason for this uncertainty? A new ISACA survey aims to find out.

How do ISACA's surveys work?

ISACA (Information Systems Audit and Control Association) is an independent non-profit organisation that discusses and researches IT security knowledge, as well as the industry's best practices. The organisation's survey we are discussing here today - 2015 Mobile Payment Security: Perceptions and Behaviors - aims to "quantify and qualify the underlying forces at work in the mobile payments space - specifically the risk and value tradeoffs that are driving both personal and corporate adoption".

To gather results, ISACA quizzed and queried over 900 cyber security experts about mobile payment security, asking them what they feel is keeping consumers from using mobile payments to purchase their goods and what is keeping retailers from adopting the technology.

Key findings from ISACA's Study.

While the study, overall, is incredibly insightful and offers quotes from ISACA executives that pose some interesting questions, we have broken down some of the key findings from it, which you can read below:

  • 87% of those who ISACA surveyed said that they expect mobile payment breaches to increase over the next year.
  • Following on from that, just 23% of the cyber security experts said that they felt that transactions conducted using mobile payment "methodologies" were secure, which means that an overwhelming majority of those who work in the field of IT security, do not have faith in the security of one of the fastest growing types of commerce.
  • ISACA's respondents broke down their concerns into the following categories: 18% were worried about phishing (via email and SMS), 26% were concerned about payment-enabled devices using public Wi-Fi, and 21% were worried about their devices being stolen.

What can you do about Mobile Payment Security concerns?

For Consumers, the Cyber Security Experts did have some suggestions to improve their security level and trust in mobile payments:

  • 66% of respondents recommended the use of two-factor authentication.
  • 9% suggested phone-based security applications.
  • 18% suggested the use of limited duration codes.
  • Respondents also said that parents should educate their children about their use of mobile devices, with 73% of respondents saying that this education should happen before the child is 13.

As for what Enterprises and those who offer mobile payment can do to improve security, there are several options.

One primary method is putting a secure software development life cycle (Secure SDLC) in place in order to make sure that security controls are incorporated into the very first phases of the development of your mobile payment app or platform. Security testing is highly recommended, with vulnerability tests and penetration tests both able to assess any possible attack vectors that hackers would use to get into your network.

Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.