Credit card industry analysts who fear mobile payment technologies will increase fraud aren't seeing the big picture, according to Javelin Strategy & Research founder Jim Van Dyke. In a post to Javelin's corporate blog, Van Dyke drew from his company's research to show two ways consumers can look at payment fraud data.
On one hand, Javelin's studies show that smartphone owners experience 35 percent more fraud than typical consumers. The data echoes reports of malware on devices running Google's Android operating system, capable of capturing credit card numbers, online banking login details, and other financial information.
However, Van Dyke points out, nearly half of all payment fraud cases were solved after consumers detected unauthorized purchases themselves. Those cases nearly always involved smaller losses than fraud claims first uncovered by bank investigators. Van Dyke theorizes that smartphones enable users to stay informed about account activity using online banking apps and SMS alerts, minimizing both risk and loss.
Research shows optimism over smartphone payments
"I believe that the good will outweigh the bad," Van Dyke writes. "It's all about how the technology is deployed, and banks must take care to avoid marketing slogans that aren't supported by actual empowering safety capabilities."
According to researchers at Symantec, inclusion of "near field communication" mobile payment technology could make smartphones more of a target for criminals over the coming years. Hackers have already discovered ways to force some Android devices to send expensive text messages to premium lines without users' knowledge. Google temporarily suspended its own virtual prepaid card trial after discovering hackers could gain access to customers' funds using lost or stolen phones.
Smartphone vendors have responded with a combination of technology and strategy. Android and Apple's iOS platforms use "sandboxing," a security feature that restricts apps' access to core data or to the operating system. Apple's App Store requires software developers to submit code for manual review before release, and can remotely disable software later discovered to pose a security risk.