Welcome to FIMEBLOG

Spotlight on China: Piecing together the mobile payments security puzzle

Spotlight on China: Piecing together the mobile payments security puzzle

China’s love affair with mobile has grown rapidly. With the staggering popularity of mobile-based social applications such as WeChat, its unsurprising over 70% of handsets in the country are now smartphones. But being social isn’t the only mobile driver, as payments are gathering some serious momentum too.

Now the global leader in mobile payments, with over 475 million users, this growing market is hard to ignore. But following a period of rapid development, Chinese mobile payments are now at a pivotal point.

As the value of a market rises, so too does the interest of hackers and fraudsters. Card not present (CNP) fraud has grown significantly in recent years. What’s more, despite a largely unencumbered evolution, mobile payments are now subject to a number of new regulations.

For players looking to launch mobile wallet solutions, three major pieces of the mobile payments puzzle need to be considered to help turn this corner: authentication, security implementation and fraud mitigation.

Authenticating the user

In the first instance, developers need to ensure the right person is using the service. Setting aside the registration process, biometric technology offers several solutions, from facial recognition to the more ‘traditional’ fingerprint scanner.

Other strong authentication options include 3DS, and it’s important to authenticate that the right application is being used on the correct device.

Layering security solutions

Once both user and device have been authenticated, the transaction data needs to be secured.

Tokenization is one popular solution, replacing sensitive data with a randomised ‘token’ that is meaningless to fraudsters if intercepted. Additional software-based security methods include white-box cryptography and code obfuscation, which offer a means to ‘hide’ and protect data.

Technologies such as secure elements (SE) or trusted execution environments (TEE) are also worth considering as a complimentary solution to separate data from the data-rich and vulnerable device OS. A tactical, layered approach to these technologies is crucial to ensure a quality security solution.

Fraud mitigation

Unfortunately, nothing is ever totally secure. Even with layers of security, instances of fraud can still occur and procedures need to be in place to mitigate these.

For example, usage restrictions can be applied to tokens to further minimise the impact of the fraudulent use of a stolen token. A back-end server monitoring process can also be implemented to flag fraudulent activities and vulnerabilities early on, allowing the best chance to action and resolve issues quickly and efficiently.

Putting the pieces together

Navigating the complexities of the world of payments and ensuring compliance with global and local requirements can be a real challenge for those looking to launch mobile wallet solutions. Expert support can help select the best technologies to meet business model needs and streamline the path to launch.

With unrivalled payments expertise, FIME can offer end-to-end project support to put the pieces of a secure, compliant mobile payments strategy together.

We understand the market’s unique challenges. Find out more about how we’re supporting the Chinese players or contact our China office directly. You can now also follow FIME on WeChat and Weibo

Return