 "ISACA Releases Guidance On Managing Mobile Payments Risks")
With the increased use of mobile devices to pay for goods and services, the security risks associated with these would need to be addressed adequately.
ISACA has come out with its new white paper, “Mobile Payments: Risk, Security and Assurance Issues,” that examines the growing trend of mobile payments and offers guidance on managing risk and increasing security. The free whitepaper can be downloaded from: www.isaca.org/mobile_payments or www.isaca.org/whitepapers.
The Mobile Payments white paper identifies consumer benefits, including the speed and convenience of not carrying cash and credit cards, the consolidation of many cards, and an enhanced layer of security. Enterprises benefit by reaching more consumers, reducing the amount of stored data needed to meet compliance requirements, improving transaction security and fraud detection, and engaging in location-based marketing (geo-marketing). As per a study from Juniper Research, the value of mobile payments for digital and physical goods, money transfers and other transactions will reach almost US $630 billion by 2014.
“It has been acknowledged that there are about 850 million mobile subscriptions in India. In this context, mobile payments offer an exciting range of opportunities and possibilities. Mobile payments offer opportunities to customers for enhanced services. At the same time, they also create possibilities for service segments that are still away from some of the banking services. However, the sheer diversity of technologies, delivery solutions and business models add complexities that make it difficult to enforce uniform governance and control processes,” said Sandeep Godbole, CISA, CISM and a member of ISACA India Task Force.
“Mobile payments offer many benefits, but we also need proactive planning and measures to manage risk, which can include anything from theft of identities and services; loss of revenue, brand reputation and customer information; and money laundering and terrorist funding,” said Nikolaos Zacharopoulos, CISA, CISSP, IT auditor for Geniki Bank, Greece, and chair of ISACA’s project development team for the white paper. “This guidance identifies the risk types and the counter measures that should be in place to mitigate them,” he added.
The Mobile Payments white paper provides practical advice for enterprises so they can:
1. Build robust controls into the planning process.
2. Ensure that transactions are carried out only by the authorized person.
3. Identify the data that are considered personal and sensitive, and ensure that the information is protected.
4. Ensure that third parties involved have robust security governance in place.
5. Pay specific attention to the originating point of a mobile transaction—the customer device and the user.