Mobile phone payments "pose huge fraud risk"

LONDON (Reuters) - “Contactless” payments made via mobile phones pose the greatest future threat to the security of consumers’ financial details, a leading security expert says.

"Contactless" payments made via mobile phones pose the greatest future threat to the security of consumers' financial details, a leading security expert says. REUTERS

Around 52 million consumers will adopt new mobile technologies to pay for everyday goods and services by 2011, according to a recent study by analysts at Juniper Research.

It expects mobile payments to hit 5.9 billion pounds in the next three years, as phones become an increasingly viable alternative to cash, credit and debit cards.

But Greg Day, an analyst at security specialist McAfee, believes the technology will yield immense opportunity for data fraudsters.

“You’ll soon be able to do everything with your mobile phone -- from paying for a parking ticket via SMS (text message) and conducting online banking to using your mobile as your Oyster card,” he told Reuters.

“It makes me quite nervous. It’s to this type of contactless small payments arena that smart data criminals will turn: if they just take a fiver from everyone, rather than larger sums from fewer people, they’ll still make a fortune.

“Little and often, instead of one big heist, will be their mantra.”

“Wave and pay” systems, such as London’s Oyster travel card, have proved popular for paying for small-ticket items, as they reduce the need to carry cash.

Britain’s banks are starting to update debit and credit cards, too, with contactless technology to allow consumers to pay for transactions of 10 pounds or less at participating retailers and vending machines simply by waving their cards over a reader.

But Day believes that “tap and go” mobile phone payments -- many of which will use short range, wireless technology called “near field communication” (NFC) to transmit data from the customer’s mobile phone to the retailer’s card reader -- will go further to revolutionise the way people make day-to-day debit transactions.

Despite that, the majority of mobiles have no security software on them.

At least 79 percent of consumers are knowingly using unprotected mobile phone handsets, while 15 percent are unsure of security levels, according to a recent poll of 2,000 mobile users in the UK, U.S. and Japan.

The research, undertaken by Datamonitor and McAfee, and unveiled at the Mobile World Congress in Barcelona in February, also showed that 86 percent of users are worried about security risks posed to their mobile handset, such as fraudulent bills, or information loss or theft.

“The mobile space is fraudsters’ biggest opportunity for the future, largely because many people still see their phone as a communication device, rather than something that they have to keep secure,” adds Day.

The Royal Bank of Scotland is planning to publicly trial mobile phone debit payments this year, following a pilot at its headquarters in Edinburgh in November last year.

And Britain’s Orange is one of 12 global mobile phone operators currently running trials of contactless mobile payment services as a precursor to commercial launches.

The trials -- in Australia, France, Ireland, South Korea, Malaysia, Norway, the Philippines, Singapore, Taiwan, Turkey and the U.S. -- are part of the GSM Association’s “pay-buy-mobile” initiative, designed to provide a single global approach to mobile contactless payments.

The trade association represents 700 mobile phone operators in around 220 countries.

Read Reuters consumer finance bloghere