“Gartner Listed - mobile application security guide”

April 10, 2017

Consumer fears for mobile payment security are a threat to adoption rates

New research shows that as the adoption of mobile payment continues trust, and security, are key to the next stage of adoption, showing the need for mobile app security testing as a key part of mobile growth strategies.

Visa’s 2016 Digital Payments Study shows that growth has tripled in Europe with 54% of consumers using mobile to make payments. The transaction rate for app enabled payments is set to grow at 10% according to research from Capgemini showing that more are realising that mobile payments are faster, easier, and more convenient.

This positive news for mobile payment providers is underscored by research from Thales showing that 88% of users would abandon mobile payments in the event of a breach.

Consumers are right to be concerned about the security of mobile payment apps and questions the measures being taken to secure their data such as regular mobile app security testing. The security incidents that were the source of the most concern were theft from a linked account(70%), unauthorised changes(68%), stolen password (59%). and increased spam (30%).

The question for providers is how to protect the trust of consumers. A good place to start is to follow PCI-DSS compliance. PCI-DSS instructs companies in how to secure their code to stop the introduction of vulnerabilities and exposing customer account data to theft.

The compliance requirements state that anyone developing a mobile payment app needs to show secure development and maintenance of their app with documentation, training for developers, and monitoring of deliverables.

In addition to mobile app security testing to fulfil PCI vulnerability assessments companies need to do regular code reviews and test against the CWE/Sans Top 25 Most Dangerous Software Errors.

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.