FB pixel

Congress investigates security of mobile payments


The House Energy & Commerce Committee held a hearing Tuesday to preliminary review disruptive technologies in the mobile payments space, according to a report by Bank Info Security.

With testimonies from PayPal, Samsung Pay and the Merchant Customer Exchange, the hearing’s main takeaway was that while most mobile payments options offer stronger user authentication and convenience, they fail to provide the same legal and legislative protections as other methods.

Though the committee did not reveal any plans to take legislative action regarding this issue, it called on stakeholders to provide additional comments and concerns about mobile security over the next 30 days.

“We want to explore the new ways consumers are paying for goods through their mobile devices, and how consumer information is being secured on mobile devices,” said Rep. Frank Pallone Jr., D-N.J. “We want to be sure that information saved on mobile devices is secure, even if data on mobile devices can still be hacked.”

Meanwhile, Sarah Jane Hughes of the Maurer School of Law at Indiana University said that lawmakers will need to determine whether Congress should enforce the same regulations regarding consumer fraud protections and privacy on mobile carriers, payments gateways and mobile service providers as they do with banking institutions.

Hughes mentioned the federal regulatory requirements imposed under the Electronic Fund Transfer Act [Regulation E] and the – EFT and [Dodd-Frank Wall Street Reform and] Consumer Protection Act, which only apply to banking institutions.

“Protections for mobile do not exist, and that is a big issue for the unbanked and underbanked, who don’t have credit or debit cards,” said Hughes. “Consumers who bill to a mobile phone statement, as opposed to a financial institution, do not have the same level of protections.”

In addition to these legal requirements, banking institutions have also expressed their concerns about the security practices of non-bank payments providers and processors, Hughes said.

“The potential for a mobile payment provider and the downstream payments participants necessary for clearing and settlement of the payment back to the merchant involved to collect and use information about the customer’s spending habits and vendors of choice is, and will continue to be, substantial,” Hughes said. “Whenever additional entities handle payment and user information, the risks of capture and improper use of these data grow. Thus, a multiparty, mobile-payments downstream network could create privacy risks in a degree comparable to or greater than privacy risks experienced in credit and debit transactions.”

John Muller, PayPal’s VP of global payments policy, told the committee that the multiparty networks that often process mobile payments have a fair share of security challenges. For this reason, stronger authentication practices, such as biometrics, are becoming a necessary component of mobile payments.

“Biometric authentication features on mobile devices are radically changing this [mobile] model and, subsequently, are minimizing damage done in a breach or hack,” Muller said. “Through PayPal’s leadership and collaboration with Samsung and the FIDO Alliance, PayPal was the first payment company to introduce fingerprint biometric payment authentication on Android mobile devices.”

Sang Ahn, chief commercial officer for Samsung Pay in the U.S., told the committee that Samsung Pay also uses biometric fingerprint authentication for transactions.

Ahn added that Samsung’s “smartphones incorporate the Samsung KNOX security platform, keeping all payment data locked and secure” while “other mobile payment solutions employ tokenized transactions… [but] these solutions only work in the small fraction of stores with NFC-equipped terminals.”

Despite a lack of regulations oversight, mobile payments providers are given enough guidance to put into place a set of best practices that can effectively protect consumer privacy and provide greater security for transactions, Hughes testified.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News


Biometric video injection attacks getting easier; ID R&D helps devs mitigate

Through the use of generative AI and open-source tools, hackers are gaining the ability to easily create deepfakes and voice…


Innov8tif patents document authenticity check method to boost IDV security

Smartphones play a central role in remote identity verification (IDV), enabling a host of advanced functionalities that compliment biometrics, including…


Controversial US privacy bill rewritten again, but path still unclear

The already controversial American Privacy Rights Act of 2024 (APRA), which was originally introduced in April by U.S. Senate Commerce…


Idemia and Iowa collaborate on mDLs in Samsung Wallet

Idemia is bringing mobile ID to Samsung Wallet in Iowa, in collaboration with the state’s Department of Transportation (DOT). The…


Australia, Nigeria announce moves to ease digital birth registration

Governments in Australia and Nigeria are working on digital birth registration to make it easier for parents to qualify their…


UNHCR to seek provider for BIMS lightweight fingerprint and iris scanners

Biometrics firms should be aware of a forthcoming procurement opportunity with the United Nations High Commissioner for Refugees (UNHCR), which…


29 Replies to “Congress investigates security of mobile payments”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events