In mobile we trust – but do your customers?

Every business needs to have a mobile strategy but to take advantage of the opportunity; firms have to make sure the technology is trusted

Tags: Gemalto NV ( payments
  • E-Mail
In mobile we trust – but do your customers? End users need to be convinced of the security of mobile services if they are going to use them fully, says Zameer.
By  Sherry Zameer Published  May 8, 2014

The mobile ecosystem is more complex — and filled with a wider range of products and services — than ever before. It is no longer just telecom firms that have an interest in the mobile space. Banks, for example, are pushing mobile apps to their customers and city transportation authorities are encouraging commuters to pay for journeys using their smartphones.

Finance and transport have led the way, but other sectors are catching up fast. Many governments allow citizens to store their electronic ID cards on their phones, enabling them to sign legally binding documents. In the workplace, mobile business applications help professionals to access enterprise data on the move from their own smartphones and tablets. The modern consumer can download a mobile ticket one minute, and check on the health of an elderly relative the next. Modern technology allows a level of flexibility and efficiency that was unimaginable even a few years ago.

Many of the companies exploring new mobile opportunities in these sectors would not have been in the space before the past year or two. This means that consumers need to trust these firms with their personal credentials and money in an entirely new environment. The banking industry, for example, has discovered that mobile trust doesn’t just appear overnight. In an ING survey of 12 countries, 25% of consumers said they used some form of mobile banking. When those who didn’t use mobile banking were asked why not, 33% cited a lack of trust in the security as the main reason. As technologies such as 4G/LTE and NFC super-charge the smartphone, service providers need to ensure that data and money are safeguarded.

Managing human risk

If people don’t have trust in their apps and digital wallets, a major economic and technological opportunity will pass them by. We need to look beyond this and understand that, as with any technology, mobile can be made safe and secure. If we fail to do this, the many benefits of mobility will take time to emerge and technological progress will slow.

Technology providers and those responsible for the ecosystems surrounding the range of services available to the mobile consumer are working to help increase trust in mobile use generally. If users can trust phones with their money, they will likely trust them with much more. If we take the example of enterprises, employers need to provide secure ways of accessing resources — such as VPN networks or CRM systems — over mobile or tablets, especially when employees are using their own devices (BYOD). Banks, retailers and anyone providing vital tools over the internet must invest in secure apps and the marketing to raise awareness of them among the general public.

The industry needs to enable a ‘mobile trust net’ at various stages of the mobile chain; ensuring security of the device, the secure element (where credentials are safely stored), the software, servers and any data exchanges and transactions. This will make sure that consumers feel comfortable about having more of their physical wallet inside their phone, with the best security level and the same level of convenience as their favorite app. Mobile can be a weak security link in the trust chain if it is not relying on state-of-the-art security hardware and software and, therefore, can create doubts for consumers about having their personal credentials, such as ID and payment details, inside the device.

The consumer also needs to trust that the companies behind the various services they use will keep their data secure. The fact that the companies and people behind these services can be contacted helps build customer trust. If we enable this security in the device and on the network, consumers will trust their mobile as a payment or authentication mean at the same level as they trust their chip card.

Several key mobile players have made large strides in setting up trust infrastructures. The Isis NFC mobile wallet in the US, for example, uses a central trusted service manager (TSM), which allows for the secure download of user credentials (such as a credit card, loyalty program or travel pass) to the secure element in the phone and ensures the confidentiality of data exchanges between the mobile operator and service providers.

Turning bad news into good

But even if software and hardware concerns can be allayed; trust in widely used technology and its providers has been affected by recent revelations concerning data security. Yet rather than distance consumers from mobile, there may be an improvement in privacy-focused technology and user education as a result of these stories. Given the exposure digital security received, users will likely start taking the issue more seriously and concern themselves with it more. If the user is more focused on security, he or she is more likely to trust that the mobile service they are using is secure.

Mobile payments have had a lot of media coverage but there are many other new services that are already impacting people’s lives. Mobile health, government identity and mobile ticketing are just three areas where the smartphone is making a huge impact. But users expect, for example, that sensitive health information is secure, or that their identity won’t be compromised and used for fraudulent purposes.

Security isn’t a static science; the right level should be chosen to suit the specific service, the sensitivity of the data it uses and the objectives of the provider that deploys it. The temptation to balance consumer reach and ease of deployment with security and interoperability can be understood for many mobile services with relatively low security risk. However, other services — such as mobile payment, or digital signature — have much higher security requirements. For these, end-to-end security, certification by third parties and cross-industry interoperability will help the industry take a big step towards mass-market adoption.

Users’ concern about mobile security, in part inspired by recent stories in the global media, could and should bring about a safer environment online. Trust will undoubtedly follow; meaning tech industries — and especially the relatively nascent world of potential that the smartphone has ushered in — can continue to bloom. It is the role of the mobile operators and the increasing number of service providers to ensure that this trust is inherent in every service they offer.

Sherry Zameer is VP Telecommunication Solutions for Middle East & Africa at Gemalto.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code