There is still a heavy dependency on native SMS as a payment solution in Africa - an inherently insecure technology when used on its own.
This according to Sybase, which will deliver a presentation on mobile payment security at the upcoming ITWeb Mobile Payments event being held at The Forum, in Bryanston, on 3 and 4 November. The session will be presented by Julie Tomlinson, director of Sybase Mobile.
Sybase explains that SMS technology leaves a footprint on the handset, and as SMS is a 'store and forward' technology, staff at mobile network operators (MNOs) have easy access to the message contents, such as the username and PIN.
The company notes that mobile payment service providers in Africa are increasingly moving away from SMS towards unstructured supplementary service data (USSD), because of the increased security this standard offers.
“USSD is the preferred solution because it is real-time-session-based, leaves no transaction footprint on the handset, and is much more difficult for MNO staff to snoop on,” explains Sybase.
There has also been a great uptake of secondary authentication such as OTP/ IVR, as well as progress towards multi-factor authentication hierarchy, states the company.
Smart security
Summarising the major trends in mobile payment security across Africa, Sybase explains that solutions are moving towards the wider use of USSD, MNO-bank partnerships, and layered authentication.
This is resulting in the development of mobile payment applications that can be delivered via app stores and bank Web sites, using the latest PC security tool and transaction authentication methods, notes the company. “This is essentially secure Internet banking on smaller form factor.
“Netbooks offer great mobility, affordability, and application flexibility with the highest possible means of delivering secure technology to the user,” opines Sybase.
The company notes that secure mobile payment services may be the more viable option in the future. The two-factor or three-factor authentication process built into mobile payment solutions means that, in many cases, the service is more secure than traditional transaction services.
“Mobile payment transactions are capable of being highly secure, much more so than the credit or debit card transactions we perform in the billions everyday,” concludes the company.
Share