PaymentsSource – Starbucks is reportedly storing mobile app users’ passwords in a manner that makes them accessible to a hacker with access to a user’s phone, creating potential security risks that could erode consumer confidence in mobile payments…
Beyond encryption, there are other measures that can protect users from unauthorized access or use of the mobile app without compromising user experience, Pascual says. Starbucks could request additional authentication for online reloads, for example.
Retailers can also store user credentials in a remote server and generate dynamic account numbers for individual transactions. This approach is gaining prominence for corporate payments. In retail payments, this method would give the retailer the power to limit unauthorized use because transactions require a second authentication layer to access the remotely stored card, says David Disque, COO of CSI Enterprises, a payment company that sells virtual card technology.
“The actual card is never stored on the mobile device in this model, so once you do a transaction, the access to do more transactions from that phone is gone,” Disque says.
The retailer could also place restrictions on the app that can limit uses beyond payments at a store, Disque says. “You can control how much people can load on the card, or when a user’s session expires, you can deter certain behaviors the card.”
Read the full story on PaymentsSource.
