Visa will roll out its mobile payment strategy this week. I will be looking forward to hearing about the security features. Will all our phones be PCI DSS compliant? Lots of very cool privacy and security issues to work through. Visa’s CEO states that a mobile payment system must have:
- Convenience
- Simplicity
- Standardization
- Interoperability
- Global accessibility
- Security
That also sounds like a punch list for the security and privacy hurdles that will need to be overcome.
Here is a comparison of mobile security software. If I were a device maker, I might snatch one of these up and integrate it right into my product and pitch it as a competitive differentiator. Of course, perhaps the Visa or the banks will provide it for free as they do for desktop and laptop computing (e.g., Bank of America). Oh look, Barclays already does (I love that bank)! The voluntary uptake for desktop and laptop platforms is low, so I suspect the uptake in mobile security software is equally as low. The reduction in fraud from forcing it onto phones, whether by integration by the device manufacturer or requiring it before use, might outweigh the costs. If this method of payment becomes ubiquitous, it will become an attack vector for the black hats.
Next Practices 