|
SECURITY
Q. What security measures does MoPay incorporate to ensure that customers’ payment details are secure?
A. There are a number of measures that have been put into place to ensure the integrity and safety of consumers’ payment details. At the application level, whatever the payment instrument used (bank account, credit/debit card account), payment details are securely encrypted to financial services standards (3DES, for example). From a physical and logical security perspective, the hosting environment provided by IBM features state-of-the-art security procedures and infrastructure as well as IBM-assured reliability.
Q. Is the PIN or ‘passcode’ used for m-payments the same 4-digit PIN used for card-based transactions (cash withdrawal at ATMs, PoS purchases, etc.)?
A. Yes, but not always advisable and as a security measure, MoPay recommends that m-payment service providers create a new PIN or ‘passcode’ for customers making m-payments. The MoPay platform can generate a PIN or ‘passcode’ for each user. This PIN can be alphanumeric, can be up to 20 characters in length and may be changed by the user, if the service provider wishes to offer this option as part of the service. Alternatively, if service providers prefer using an PIN or ‘passcodes’ currently used for other services, these can be provisioned onto the system.
Whatever secret PIN or ‘passcode’ is used, MoPay recommends that service providers encourage their users to change them frequently.
Q. Is paying for goods and services over mobile phones a secure way to pay?
A. Yes. None of the applications that MoPay supports require users to input any sensitive payment information into their handsets when authorizing payments. Payment details are stored securely in the MoPay database and are accessed by the system only after the user has been authenticated.
The PIN required for all m-payments is a Personal Identification Number, similar to the PIN used to withdraw funds from an ATM. As an additional security measure, the user can change this PIN at will and can be encouraged to do so periodically. The PIN can be composed of a maximum number of 20 alphanumeric characters.
Also, payment requests must be initiated from a registered mobile number. This is a particular feature of m-payments and offers yet another security check that is not possible with purchases made using bank accounts or credit/debit cards over the Internet or at Points of Sale.
Q. What if a user’s mobile phone is lost or stolen?
A. The user will most likely immediately report theft of the mobile device with the participating mobile operator. Once the line has been disconnected, MoPay will no longer be able to receive payment requests sent from that mobile number. Should the user be issued a new mobile number, this number should be updated in the MoPay database.
Q. What if a user’s registered credit or debit card is lost or stolen?
A. If m-payments are made from the user’s credit or debit card account, the user will report the card lost or stolen with the appropriate Issuing bank. In the unlikely event that the thief has the mobile device, the user’s PIN or ‘passcode’, is familiar with the message formats and functions of the m-payment service and attempts a payment request, the authorization will be denied when MoPay queries the participating bank provided the user has reported the card lost or stolen. When the user is issued a new card, the new card number along with the new card expire date must be updated in the MoPay database.
Q. Who has access to customers’ payment and account details?
A. All access to the customer care module is strictly controlled via roles-based secure log ins and passwords. Only those staff within the bank’s, mobile operator’s or merchant’s premises who have been allocated access details can log onto the module and access customer information.
<<<Connecting to MoPay / Commercial Considerations >>>
|
