Forbes and Gartner Weigh In on Mobile Security Issues

Recently, Darcy Travlos of Forbes published an article in the ‘Intelligent Investing’ column in which she delivered valuable and relevant insights to the Mobile Payments discussion. Here’s why: The main obstacle to mobile payments adoption in the United States is the “security” issue. Travlos begins her article with a reference to the Harris Interactive and Billing Revolution Study which notes a significant drop in consumer security concerns.

According to the study:

93% of U.S. adults (93%) own a cell phone, and nearly half of these adults (45%) think it’s at least somewhat safe to make a purchase through their cell phone with 26% saying they think it’s fairly or very safe to do so.

Read more…

Travlos adds context to this data by comparing it to data collected only 18 months prior:

Within two years, the iPhone debut and rapid consumer adoption of applications has introduced a brand new way to sell goods and services. Back in December 2007, Harris Interactive conducted a survey and found that 63% of cellphone users were “very concerned” about transaction security on a mobile phone. Within 18 months, sentiments had changed. This past summer, Harris Interactive and Billing Revolution released a new study and found that now 45% were very comfortable with mobile transactions.

Read more…

Yesterday, Gartner weighed in with an estimate that by fraud detection tools for mobile commerce are lagging.”Because of the improving browser experiences on smartphones, mobile commerce and transaction execution are set to increase rapidly,” William Clark, a Gartner analyst, said in a statement.

“Enterprise applications must detect fraud in these mobile environments, but fraud detection tools available today that work in [wired] computing environments don’t work well or at all in the mobile world,” Clark said. Tools to detect fraud in the mobile space are in the early stages of development, and he estimated it will take until at least 2012 for them to mature.

Generally, Gartner outlined three types of fraud prevention methods available now for mobile applications.

The first, called mobile device identification, is a JavaScript running on a server that a mobile user logs into. The script captures information about a user’s browser and mobile phone.

If the mobile phone user accesses the web with an application is browser-based, the Java script application captures unique browser identification information and data to uniquely identify the phone. If the application is installed on the device, the  application can also gather the phone’s serial number and network card number to forward to the merchant (whether the transaction is brick and mortar or eCommerce) — but only after the user opts in to allow that data to be transmitted.

A second way to prevent mobile fraud uses the phone’s location information and requires that the device only be turned on. For an enterprise, using location information can help specifically authenticate the user through correlation with other systems such as a user’s address in a directory.

Mobile phones can forward location information based on GPS data, but also requires user opt-in. Locations can also be received by mobile network operators employing software tools that don’t require user opt-in, Gartner said.

Third, Gartner said some online fraud detection vendors are beginning to customize their risk scoring and rule-based models for mobile applications. Gartner didn’t name any of the vendors, but said they are looking at the device itself, its location and the behavior patterns of the user inside a mobile application on a phone. This tactic is still new and a lack of mobile commerce experience to draw upon makes it difficult to build resilient risk models, Gartner said.

Avivah Litan, another analyst at Gartner, said that with the explosive growth in smartphones and the growth of mobile commerce means setting up mobile fraud detection systems is an “imperative” for enterprises.

© 2010 David Schropfer
Read copyright notice

Published by

David W. Schropfer

David W. Schropfer is the CEO of SAFE (Smartphone Authentication For Everyone), a cybersecurity company in New York (  Every day, he and his team of professionals keep the people who use The SAFE Button protected from some of the most common traps, hacks and attacks that target computer systems of all sizes. David is the author of the bestselling cybersecurity book, Digital Habits: 5 Simple Tips to Help Keep You and Your Information Safe Online. His previous books, including The Smartphone Wallet and industry whitepapers, predicted some of the biggest trends in the payments, mobile, and security industries.  Since graduating Boston College, David earned an Executive MBA from the University of Miami.