At long last,consumers can pay for their mobile commerce purchases with only the swipe of a finger. Using fingerprint-based identification, biometric technology allows for the ultimate in mobile checkout and, because fingerprints are unique, mobile commerce security. EBay Inc.’s PayPal recently began enabling consumers with the new Samsung Galaxy S5 smartphone to pay at any e-retailer that accepts PayPal on its mobile commerce web site with just the swipe of a finger.
Biometrics is the latest step in the evolution of mobile security, and PayPal’s biometric feature is a perfect example of how retailers today are relying on vendors to advance mobile payment security. Further announcements between major retailers and technology vendors are expected in the coming months: A vendor executive tells Internet Retailer on condition of anonymity that a handful of the nation’s top retailers will soon debut versions of their apps that include fingerprint scanning for security and one-touch checkout.
Retailers know they can’t ignore the demands of mobile consumers. U.S. consumers will make $18.2 billion in purchases on their smartphones this year, up 143% from $7.5 billion in 2011, according to research firm eMarketer Inc. Half of smartphone users have completed a purchase on a phone, according to Prosper Mobile Insights.
With retailers needing to manage mobile sites and mobile shopping apps in addition to desktop web sites, there are more properties to keep secure, and retailers are turning to vendors to provide additional layers of security.
“With all these crazy hackers out there, I don’t claim to know where to begin with mobile security,” says David Byun, president of e-retailer Accessory Geeks. “We rely on our cart vendor, Magento, for mobile security.”
In the hopes of preventing problems like those in recent high-profile security breaches, Malauzai Software Inc., an app builder for the banking industry that retailers can learn from, uses, among a variety of tools, the viaLab app security testing tool from mobile security vendor viaForensics. It tests apps as it builds them to find any problems before going live, because it’s more expensive to fix a security problem after an app has launched, the company says.
“ViaForensics has made its mobile security testing abilities and institutional knowledge into a product that we can use any time, so this mobile security expertise isn’t something that just lives in the heads of viaForensics experts,” says Danny Piangerelli, co-founder and chief technology officer at Malauzai Software.
ViaForensics looks at how apps handle data at rest and in motion. A viaLab scan might reveal, for instance, that an app is storing a user’s user name and password in an unsecure fashion, an example of exposing data at rest. Or a scan might reveal that an app is not properly identifying both parties in a financial transaction, thus allowing for “man in the middle” attacks, where a criminal intercepts data in transit between a consumer’s app and the retailer, an example of exposing data in motion.