In this brave new world of mobile, security risks are brand risks, as seen by Yahoo admitting a data breach to one billion customers.
As soon as Google Pixel was launched recently as the next frontier in the Android ecosystem, the tech pundits immediately reviewed its camera and speed performance, but notably, they had also put the smartphone to a security test to see if the system is prone to hacking. Three, one of the largest mobile service providers in the United Kingdom, announced that close to 134,000 customers were affected by a data breach exposing information on their mobile handsets.
These are signs of the times in this brave new world – where mobile security has turned into a matter of concern even for the Federal Bureau of Investigation in the United States, as its dispute with Apple earlier this year shows.
It’s not difficult to see why. In 2016, close to 40% of web traffic worldwide comes from mobile devices, representing a 21% year-on-year jump. Correspondingly, mobile data traffic has increased exponentially from just over 500 petabytes at the end of 2011 to more than 4,500 petabytes in 2015. This development is rapidly expanding the web of digital data trails to an unprecedented degree and heightening the risk of security exposures in the process.
For this reason, as marketers continue to leverage mobile for consumer engagement, they have to keep in mind the issue of data security – not just as a technological or operational challenge, but very much as fuel for innovation.
Security risks are a threat and an opportunity for brands
The small screen of a smartphones and pared-down mobile websites allows fraudsters to easily create legitimate looking websites and portals. The links to these compromised sites are passed on through emails, texts, social networks, or web pages, tricking people into providing their Internet banking credentials and account details.
While such threats can easily undermine financial brands’ credibility, banks in Singapore like DBS and OCBC have been stepping up efforts to proactively educate their customers about such fraud attempts. As consumers log onto their accounts on mobile phones, they would land on a page notifying them of recent fraud risks. As they log out, they are then encouraged to clear their cache.
More importantly, the banks have also invested in enhancing the mobile banking experience through their own app platforms – like POSB digibank – which allows quick shortcuts for payments and money transfer with two-step authentication via SMS, but also improved authentication capabilities through biometrics.
Such consumer-focused investments leverage mobile’s technological capabilities to turn the security threats into an opportunity for highlighting the value and convenience of mobile banking, drawing consumers to a differentiated, value-added experience. In return, brands enjoy greater productivity and higher consumer engagement.
Given the rise of mobile wallets like Apple Pay, another key security concern that will prove increasingly important for brands and marketers to consider is mobile payment fraud. With mobile commerce expected to rise to $467.3 billion in value in 2019, consumers are confronted with issues like unauthorized access to mobile wallets and data theft that supports fraudulent transactions. As such, even as brands embrace these modes of payment, they ought to first ensure that they have the necessary systemic safeguards in place, with close and active monitoring to detect malware and other threats.
Just in August, HES Hotels, a U.S. company operating Sheraton, Marriott, Hyatt, and Westin hotels in ten American states disclosed that a malicious software had been capturing credit card information from its payment processing systems. While chip-enabled credit cards are meant to reduce fraud with its chip-and-pin feature, any online and mobile payment would still be exposed to the malware threat. For days and even weeks after the announcement, the hotel brands continued to be featured in media stories on the episode that hurt their image.
Enhanced security and privacy is the new normal for consumers
A survey by Deloitte shows that 83% of consumers are aware of security breaches and data protection concerns, with 59% saying a single data breach would negatively impact their likelihood of buying from an affected company. These demonstrate consumers’ growing expectations of a more secure ecosystem, especially as they become ever more reliant on mobile devices.
This shift requires various constituents – from hardware manufacturers, communication service providers, telecom software companies, payment gateway providers to end user application developers – to work together.
Apple’s fingerprint scanning technology on the iPhone and along the Touch Bar in the new Macbook Pro, as well as Fujitsu’s iris- scanning technology that unlocks phones literally at a glance represent innovations in biometric authentication system by hardware vendors. End-to-end encryption is also becoming the standard for chat apps like WhatsApp and Telegram to protect information transfer and user privacy, an area that payment gateways have also already invested in. The Payment Card Industry (PCI) has developed standards that all applications enabling mobile commerce are recommended to follow to reduce the risk of data theft.
Mobile users are an important part of this equation, too, because an advanced piece of security technology is as good as none if it is not used correctly. It is like putting the best locks on your front door, only to leave the door ajar or the key unattended. Security solutions such as antivirus software capable of real-time scanning are must-haves, and users should remain vigilant when sharing payment information or downloading apps from third-party app stores.
For their part, if CMOs and marketers want to ride on the wave of mobile commerce growth while protecting brand reputation, they should own the challenge and work closely with engineers and developers to drive a more reliable, seamless consumer experience on mobile. Brands also have a chance to win consumers’ trust and loyalty by ensuring that they are aware, educated and engaged about relevant security issues.
Rohit Dadwal is managing director of the MMA in Asia Pacific. He can be found tweeting @rohitdadwal