FB pixel

Congress investigates security of mobile payments

 

The House Energy & Commerce Committee held a hearing Tuesday to preliminary review disruptive technologies in the mobile payments space, according to a report by Bank Info Security.

With testimonies from PayPal, Samsung Pay and the Merchant Customer Exchange, the hearing’s main takeaway was that while most mobile payments options offer stronger user authentication and convenience, they fail to provide the same legal and legislative protections as other methods.

Though the committee did not reveal any plans to take legislative action regarding this issue, it called on stakeholders to provide additional comments and concerns about mobile security over the next 30 days.

“We want to explore the new ways consumers are paying for goods through their mobile devices, and how consumer information is being secured on mobile devices,” said Rep. Frank Pallone Jr., D-N.J. “We want to be sure that information saved on mobile devices is secure, even if data on mobile devices can still be hacked.”

Meanwhile, Sarah Jane Hughes of the Maurer School of Law at Indiana University said that lawmakers will need to determine whether Congress should enforce the same regulations regarding consumer fraud protections and privacy on mobile carriers, payments gateways and mobile service providers as they do with banking institutions.

Hughes mentioned the federal regulatory requirements imposed under the Electronic Fund Transfer Act [Regulation E] and the – EFT and [Dodd-Frank Wall Street Reform and] Consumer Protection Act, which only apply to banking institutions.

“Protections for mobile do not exist, and that is a big issue for the unbanked and underbanked, who don’t have credit or debit cards,” said Hughes. “Consumers who bill to a mobile phone statement, as opposed to a financial institution, do not have the same level of protections.”

In addition to these legal requirements, banking institutions have also expressed their concerns about the security practices of non-bank payments providers and processors, Hughes said.

“The potential for a mobile payment provider and the downstream payments participants necessary for clearing and settlement of the payment back to the merchant involved to collect and use information about the customer’s spending habits and vendors of choice is, and will continue to be, substantial,” Hughes said. “Whenever additional entities handle payment and user information, the risks of capture and improper use of these data grow. Thus, a multiparty, mobile-payments downstream network could create privacy risks in a degree comparable to or greater than privacy risks experienced in credit and debit transactions.”

John Muller, PayPal’s VP of global payments policy, told the committee that the multiparty networks that often process mobile payments have a fair share of security challenges. For this reason, stronger authentication practices, such as biometrics, are becoming a necessary component of mobile payments.

“Biometric authentication features on mobile devices are radically changing this [mobile] model and, subsequently, are minimizing damage done in a breach or hack,” Muller said. “Through PayPal’s leadership and collaboration with Samsung and the FIDO Alliance, PayPal was the first payment company to introduce fingerprint biometric payment authentication on Android mobile devices.”

Sang Ahn, chief commercial officer for Samsung Pay in the U.S., told the committee that Samsung Pay also uses biometric fingerprint authentication for transactions.

Ahn added that Samsung’s “smartphones incorporate the Samsung KNOX security platform, keeping all payment data locked and secure” while “other mobile payment solutions employ tokenized transactions… [but] these solutions only work in the small fraction of stores with NFC-equipped terminals.”

Despite a lack of regulations oversight, mobile payments providers are given enough guidance to put into place a set of best practices that can effectively protect consumer privacy and provide greater security for transactions, Hughes testified.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics and injection detection for deepfake defense a rising priority

Biometrics integrations with injection attack detection to defend the latest front in the global battle against fraud, deepfakes, is the…

 

Biometric Update Podcast looks at the road to a global standard for age assurance

Episode 2 of the Biometric Update Podcast is a dispatch from the 2025 Global Age Assurance Standards Summit, held from…

 

WEF launches new DPI initiative focused on emerging tech, including biometrics

Global Digital Public Infrastructure (DPI) initiatives are lagging behind emerging technologies such as AI, which could lead to inefficiencies, bottlenecks…

 

Odds are good for biometrics firms in the global gambling sector

Gambling has always been a vice associated with certain kinds of criminal activity, but the development of the online gambling…

 

New Zealand issues tender for digital ID services accreditation infrastructure

New Zealand’s accredited digital identity services regulator, the Trust Framework Authority (TFA), has published a request for information (RFI) for…

 

Pindrop surpasses $100M in annual recurring revenue, kicks off BU podcast

A release from Atlanta-based voice biometrics firm Pindrop celebrates a milestone: the firm has surpassed US$100 million in Annual Recurring…

Comments

29 Replies to “Congress investigates security of mobile payments”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events