As the payment industry works to build the next generation of payment technology, security is obviously a major concern, and with good reason: Multiple high-profile data breaches over the last couple of years clearly illustrate that our ability to use technology to protect sensitive payment information has been outstripped by the ability of criminals to use technology to exploit sensitive payment information. Clearly, whatever solution the industry adopts next will have to do a better job of keeping payment information safe.
As of this moment, there are two major options that could become the payment technology of the future. One involves users storing their payment information on their mobile phones, and then using those phones to make payments directly at points of sale.
The other model is based on cloud technology. Just like the mobile payments model, consumers have the option to conduct transactions using their mobile phones, but their financial data will not be stored directly on the device. Instead, their data will be stored in a secure cloud data center, and their devices will merely serve as the tool used to access that information.
From a security perspective, there are benefits and challenges associated with each option. In this article, we’re going to focus on the cloud model.
Risks involved with the cloud payments model
When famous bank robber Willie Sutton was asked why he robbed banks, he supposedly replied that he robbed banks because that’s where the money was. The quote was apocryphal, most likely a creation of a reporter with an overactive imagination, but it can still illustrate an important point about mobile payment security on the cloud.
Any security risks that exist around storing sensitive payment information in the cloud are predominately due to the fact that criminals view the cloud as an opportunity to steal a lot of information at once, rather than any intrinsic security problems that exist with the cloud itself.
Just like the banks of Willie Sutton’s days, today’s cloud data centers that store mobile payment information do so with a huge target painted on their back. Criminals know that stealing data off of individual mobile phones would be very time consuming and hence not likely to provide a valuable payback. However, due to the fact that payment information stored on the cloud is centralized, criminals conceivably stand to earn millions off of a single data breach.
So, does that mean that we should abandon the idea of cloud storage for payments? No, but it does mean we have to be very careful about the cloud data centers we use to store sensitive payment information. Banks take on a tremendous amount of responsibility when they store consumers’ money, and cloud storage providers take on a similar level of responsibility when they store consumers’ payment information. In order for cloud-based mobile payments to work, the people doing the storage have to really know what they’re doing, and they have to have a plan in place to make absolutely certain that consumer payment information is safe.
Benefits of the cloud payments model
One of the key benefits of storing payment information in the cloud is that individual consumers are not responsible for ensuring the security of their own payment information. While consumers obviously have an incentive to keep their data safe, that doesn’t mean that they always have the ability to do so. Your average person on the street doesn’t have the level of security knowledge that a cloud data center professional does, so it’s easy to see why there would be security benefits involved with leaving things up to the professionals.
Sometimes, even when a person has the best of intentions, they can mess up, and this is obviously a very big security concern when it comes to mobile payments. When consumers carry their payment information with them everywhere they go, it can be very easy for that information to be lost or stolen. Once a device has fallen into the hands of someone other than the owner of the device, mobile payments offer no security advantages over the traditional magnetic-strip credit cards in widespread use today.
Proponents of device-based mobile payment are quick to point out that big-time criminal rings are unlikely to target payment information stores on an individual device because the payout would be so low. However, this idea would do nothing to make a person feel better once their phone has fallen into the wrong hands, leading to a slew of unauthorized transactions. Cloud-based payment information storage is safer because it removes the burden of individual consumers having to carry around a physical storage of their data everywhere they go.
Benefits outweigh the Risks
It is clear that the cloud still has to make a few changes in order to prove itself as a secure method of storing payment information. However, when you stop to consider the alternatives, the cloud emerges as the clear option for secure mobile payments. Working together with retailers, banks, and other stakeholders, cloud data centers can help build the secure payment method of the future. Any further efforts that cloud data centers have to put in to adding extra security for sensitive payment information will end up paying off in a mobile payment model that is much more secure than storing data on mobile devices.
Caronet is a provider of managed-cloud and cloud-hosting services. Our cloud services are secure by design, giving you the peace of mind that comes from knowing your data is completely safe. Contact us today to learn more.