Mobile card reader security: best practices and what you need to know

Hardware
Ryan Gibbons


With the upsurge in wireless technology and mobile payments, cash is becoming more irrelevant with each passing year. In spite of the popularity and efficiency of these methods, however, bad actors continue to find ways to usurp security barriers for the purpose of stealing and compromising data. 

By understanding the definition and types of mobile payments, the security risks they face and the best practices that help to combat them, you can optimize the safety of the customer information that you store, manage and transmit.

Mobile payments explained.

In general, the term “mobile payments” refers to all transactions that take place using mobile devices. There are several types of mobile payments. They can occur online, via an app, or through the use of a terminal or contactless card reader in your physical store. 

The launch of digital wallet solutions such as Apple Pay, Samsung Pay, and Google Pay have made it even easier for customers to complete their purchases without even needing to produce cash or a credit card.

How mobile payments work.

Mobile card readers operate by means of near-field communication (NFC). This technology establishes a connection between the customer’s device and your POS terminal or mobile card reader. 

Data is transmitted from the former to the latter with close-proximity radio frequency identification. As soon as the customer verifies their identity with a PIN or biometric information, the funds transfer happens. 

Throughout, tokenization is used to replace sensitive data with random letters and digits that a hacker would find useless.

How mobile card readers enhance security.

There are three main ways in which data is safeguarded through the use of mobile card readers. As we stated above, tokenization keeps primary data from hackers by transforming it into randomly generated series of characters.

Device-specific cryptograms provide assurance that the payment originated with the customer’s mobile phone. Even if the purchase is hacked, the criminal cannot use the original cryptogram on a different device, rendering the target information inaccessible to the thieves.

Two-factor authentication, also known as 2FA, requires that the customer provide two forms of authentication before the purchase will go through. This can consist of a combination of a password, a credit/debit card, or phone and a biometric mechanism such as facial recognition or fingerprint. 

With these extra precautions in place, both merchants and buyers are further shielded from the damage that security breaches can do.

Even so, the headlines remain populated with horror stories about breaches that compromise the data and identities of millions of customers each year. Therefore, it is vital that you learn about the major issues affecting mobile payments as well as the most effective strategies to address them.

Lost or stolen devices.

In recent years, most consumers have become inseparable from their mobile phones. They store credit card, banking, and personal details on these devices, often without a second thought. 

Unless they protect their digital assets with strong passwords and take advantage of the security technologies recommended by their device vendors, their payment data – and your sales transactions – are at greater risk of being compromised.

Tokenization and encryption.

Whereas tokenization replaces sensitive data with unique tokens, encryption occurs when details are encoded in such a way that they cannot be read without a decryption key. Implementing one or both of these strategies from one end of the transaction to the other helps to ensure that data is shielded from theft or access by an unauthorized party.

Multi-factor authentication.

When you require that a customer provide more than one form of verification before a purchase can be completed, you immediately protect both you and the shopper with an extra security layer. 

Today’s customers are becoming accustomed to this strategy and are usually happy to provide you with something they know (a password), something they have (their mobile device), and something they are (a biometric ID such as a fingerprint or facial recognition).

Vigilance in updating software and managing security patches.

Bad actors are constantly working to find chinks in even the most updated of digital security protections. That’s why it is essential that you regularly upgrade all systems and software whenever the manufacturer makes a release. 

Patches are issued to correct vulnerabilities that criminals could exploit. Being conscientious about maintaining your security software, mobile operating systems, and payment applications mitigates your risk and helps to protect both your customers and your brand reputation.

Maintaining secure network connections.

Although your mobile card readers are wireless, they still need to connect securely to the payment network you use. Therefore, you should always use secure Wi-fi connections and virtual private networks (VPNs) whenever you are processing mobile payments. 

Avoid public networks at all costs since they can be easily breached by criminals. Furthermore, firewalls and intrusion protection software can be crucial in helping you to monitor traffic, detect suspicious activities and respond proactively.

Commitment to education and training.

Data safety cannot happen unless you build a solid culture that makes security awareness a priority for everyone, including staff and customers. To that end, train your workers about the most common security threats and how to avoid them, focusing on phishing attacks, social engineering and tactics to gain unauthorized access. By the same token, you should inform your customers about how to set up and use security features like effective password management and biometric authentication.

Mobile device management (MDM) solutions.

MDMs provide retailers with a centralized way to secure, monitor and manage all mobile devices that are being used to process payments. They assist merchants in enforcing security policies to protect devices as well as facilitating secure remote device and application management. 

These solutions also help retailers to create and maintain a robust security posture that is in compliance with today’s stringent data security standards.

The use of mobile card readers continues to gain popularity with retailers of all types and sizes. 

As long as you understand how these technologies work and make a concerted effort to adhere to best practices, you can minimize your risk of data breach while simultaneously providing your customers with the gold standard of safe and efficient payment processing.