If you are searching for clarity on the challenges facing mobile payments or its future prospects in 2015 and beyond, it's not easy. Numerous reports, blogs and news stories released every month paint a murky and conflicting picture. It's hard to see the wood for the trees when it comes to this particular emerging market. One week Apple Pay is King and the next it's flop. That's to be expected really, because when it comes to predicting the future, the only thing we can be sure of is: we're really not that sure. January has been no different so far - and finding a consensus can be difficult - but let's give it a go anyway.

Security is a major battleground for mobile payments. In some quarters, you will find security is highlighted as the stumbling block for mobile or contactless payments methods. This is no better demonstrated than by the £20 transactions limit imposed on most contactless payment methods. A survey just last month, by Wakefield Research in partnership with Verifone, highlighted this security restraint imposed by the banks is actually supported by their customers as well. Some 84 per cent of respondents to the survey said they would only use their smartphone for small or medium purchase such as a cup of coffee. When it comes to larger purchases, it seems the trust in mobile payments is just not there yet.

It's not all that surprising to me either, especially considering the deluge of cyber crime stories that made the headlines in recent months. And it's an area where education to consumers is vital, because security can in fact be mobile payments greatest strength, not a weakness. Encryption, tokenization, biometrics and device authentication can all be used or combined to make mobile payments arguably the most secure payment method available - let alone the most efficient and convenient.

Despite the perceived hesitancy around security, it's not hard to find consensus that mobile payments are on the rise. Finding agreement on the speed of that rise is harder. In December we cited a Juniper report that mobile commerce would scale to reach 200bn transactions annually by 2019; however another report this month suggests that by the end of this year just 5 per cent of the global base of NFC capable phones, around 30 million, will make contactless in-store payments on a monthly basis. Which seems a pretty big jump from there to 200bn transactions by 2019. But maybe not when you take this into account: The UK Card Association revealed £253million was spent in the UK through contactless payments in September 2014 - a year on year increase of 283.6 per cent.

It's hard to tell who's on the money when it comes to accurately predicting the growth of mobile payments. But even though the signals are mixed, the overall message is clear: mobile payments are on the way. The biggest challenge remains consumer education.

By Matthew Taylor
20th January 2015

2014 wasn't exactly the greatest year for cyber security. No indeed: from banks to retailers, companies and governments, last year was one to forget. Well actually, scratch that - last year was one more than ever to remember. The industry needs to learn from its mistakes, the loop holes need to be closed and customers' financial and personal details need to be better protected. That's exactly what the new Payment Card Industry Data Security Standard 3.0 (PCI 3.0) is trying to help achieve.

PCI 3.0 launched at the start of this year with more than 90 new standards designed to improve credit card security measures. The PCI Security Council, if you didn't know, was set up in 2006 with the mission statement: " to enhance payment account data security by driving education and awareness of the PCI Security Standards."

The standards have been updated in a three year cycle and this iteration of updates couldn't have come any sooner. In 2014 vulnerabilities were exposed, particularly in the US, with major retailers such as Ebay, Target and Home Depot suffering major data breaches and even the bank JP Morgan was compromised. Not to forget the major hack on Sony Pictures - whose perpetrators are still debated.

The latest PCI compliance standards have tried to address the causes for a number of these attacks, with an emphasis on improved cloud standards and practices. Another key update is the requirement for compliance to the standards from third-parties involved in payments. It became clear in the aftermath of the attacks, such as the one on Home Depot for example, that the point of entry for breaches was often attributed to third-parties - in the case of Home Depot, through its air-conditioning company. Third-parties are now obliged to use unique passwords and two-factor authentication.

The new standards also now incorporate more rolling requirements that evolve over time - this helps reflect the constantly changing battle front for security. Security is never set in stone and needs constant vigilance from administrators and companies to stay ahead of the game and minimise vulnerabilities.

We take security very seriously here at Ensygnia and we can link it to your identity and level of authority to control what areas of a system someone is allowed to visit. We actually think it's time to say goodbye to the password all together which was still a major entry point for a number of last year's hacks. We also think our product can provide a powerful payments experience, hence our commitment to complying to the latest PCI standards.

By Matthew Taylor 15th January 2015

Related stories around the web

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain - The Register

How and why to cope with tougher PCI compliance standards - Forbes

Obama makes push for stronger cyber security laws - BBC

pcisecuritystandards.org

Follow @EnsygniaLtd