Category: Internet

London, UK (16 November 2011)—With the increased use of mobile devices to pay for goods and services, traditional wallets with cash and credit cards could one day be obsolete. A new ISACA white paper, “Mobile Payments:  Risk, Security and Assurance Issues,” examines this growing trend and offers guidance on managing risk and increasing security. Mobile Payments:  Risk, Security and Assurance Issues

A study from Juniper Research found that the value of mobile payments for digital and physical goods, money transfers and other transactions will reach almost US $630 billion by 2014.

The Mobile Payments white paper, available as a free download from ISACA, a nonprofit global professional association, identifies consumer benefits, including the speed and convenience of not carrying cash and credit cards, the consolidation of many cards and an enhanced layer of security. Enterprises benefit by reaching more consumers, reducing the amount of stored data needed to meet compliance requirements, improving transaction security and fraud detection, and engaging in location-based marketing (geo-marketing).

“Mobile payments offer many benefits, but we also need proactive planning and measures to manage risk, which can include anything from theft of identities and services; loss of revenue, brand reputation and customer information; and money laundering and terrorist funding,” said Nikolaos Zacharopoulos, CISA, CISSP, IT auditor for Geniki Bank, Greece, and chair of ISACA’s project development team for the white paper. “This guidance identifies the risk types and the countermeasures that should be in place to mitigate them.”

The Mobile Payments white paper provides practical advice for enterprises:

·         Build robust controls into the planning process.

·         Ensure that transactions are carried out only by the authorized person.

·         Identify the data that are considered personal and sensitive, and ensure it is protected.

·         Ensure that third parties involved have robust security governance in place.

·         Pay specific attention to the originating point of a mobile transaction—the customer device and the user

“Security will be a major driver for the adoption of mobile payments, as trust plays a very important role when the customer decides to use a new payment tool,” said Zacharopoulos. “While more regulation in the mobile payment ecosystem is developing, it is important that enterprises proceed with care so they can offer consumers the conveniences of mobile payments as well as the security and privacy necessary.”

“Mobile paying allows for companies more revenues if applied in a smart manner, meaning if consumers can use mobile devices to select the product or service easily and pay without additional devices but pay via the bill of their mobile operator”, said Marc Vael, chief audit executive at Smals and director of ISACA (and chair of the Knowledge Board).  “Unfortunately, we see in some cases that mobile payment solutions does not function at all since the security requirements insist on mandatory authentication evidence via additional authentication devices, which undermines the whole concept of mobility.  ISACA clearly recommends in this paper a proper approach to promote mobile payment taking into account security and risk management”.

 

For more information on mobile payments, download the free ISACA white paper from www.isaca.org/mobilepayments. Further ISACA guidance on mobile devices is available from the Business Model for Information Security (BMIS), COBIT  the Securing Mobile Devices white paper and the Mobile Computing Security Audit Assurance Program.

About ISACA

With 95,000 constituents in 160 countries, ISACA® is a leading global provider of knowledge, certifications, community, advocacy, and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations. ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter:  http://twitter.com/ISACANews

Join ISACA on LinkedIn:  ISACA (Official)

Like ISACA on Facebook:  www.facebook.com/ISACAHQ

Contact:

Neil Stinchcombe, Eskenzi PR, +44 207 183 2833, This email address is being protected from spambots. You need JavaScript enabled to view it.

Kristen Kessinger, +1.847.660.5512, This email address is being protected from spambots. You need JavaScript enabled to view it.