What do fast food companies Wendy's and Burger King and the fashion store Express all have in common? They've recently announced they will be accepting mobile payments.
This is part of growing trend to incorporate mobile technology inside brick and mortar stores. (This process is sometimes referred to as "digital physical.") The idea is to create more ways for customers to interact with the business.
Mobile Commerce Daily reports on some of the fascinating ways Express is already doing this. In its new Times Square location, Express has iPads, mobile charging stations, and point-of-sale systems (cashier technology) that allow customers make mobile payments.
But after the Target data breach, many IT consultants are concerned about mobile payment security. Express is known for its tight pants, not its tight network security. So let's take a closer look at the risks involved with accepting mobile payments.
Pros and Cons of Using Mobile Payments
The Columbus Dispatch reports on the details of incorporating mobile payments into a client's point-of-sale system. First let's go over the positives:
- Customers are more likely to visit an establishment and more likely to make larger purchases when you incorporate mobile payments.
- Mobile payments cost less than credit card transactions.
- Mobile payments can be faster and more convenient than other payment methods.
- Businesses that accept mobile payments may gain an advantage over competitors who are slow to incorporate this new technology.
In other words, mobile payments can help your clients lock in new customers and get them to spend more money more often at their establishment. Sounds like a great deal, doesn't it? Unfortunately, it's not all roses.
Mobile payments come with security risks that can cause major headaches for IT professionals like you. Here are the risks involved with mobile payments and increased digital-physical crossover:
- More pressure on network security. Many businesses now offer Wi-Fi, charging stations, and other mobile-targeted features in their stores. Doing so means they'll be wearing a target on their back for a massive data breach. Unsecure Wi-Fi and plugin outlets are some of the easiest ways to gain access to a user's device (or the store's network).
- Convenience and security are often opposites. If something is easier for a customer, it's probably also easier for a hacker to break in. Most of these businesses are trying to get payments from their customers faster. We likely won’t see them using two-step verification.
- More data, more liability. One of the simplest ways to quantify security risk is to look at the data. For each transaction, a record is created. That record is stored somewhere. Maybe on a client's network, maybe on a third-party vendor's. In either case, it is exposed to data breach risk. For more on vulnerabilities associated with outsourcing, make sure to check out yesterday's post, "Gmail Just Got Safer (But You Could Still Be Sued)."
- New tech brings new risk. Unknown ventures obviously bring new risk. But this risk is caused by more than just the uncertainty associated with new technology. As businesses roll out new technology, they often focus first and foremost on functionality, paying less attention to security. New ventures are expensive, and many businesses are more willing to cut security features than they are to cut design and functionality.
Small Business Insurance for Mobile Payment Systems
Is there insurance for mobile payment systems? Sort of. IT professionals can purchase E&O Insurance which covers a data breach / identity theft lawsuit if a client's mobile payment system is hacked. It makes no difference whether the data is stored at their network or outsourced to a third-party payment processor. If your client is hacked, E&O Insurance can cover your lawsuit expenses.