1. Client : PayPal Country : Singapore
Publication : Today’s Manager
Date : 27 April 2012
Topic : Mobile Payments: Life is More Secure In The Cloud
URL : http://m360.sim.edu.sg/article/Pages/Mobile-Payments.aspx?skw=Paypal
Visitorship : NA
Mobile Payments: Life is More Secure In The Cloud
WITH so much focus on mobile and digital wallets these days it’s understandable that the security of
financial information on mobile devices is a hot topic. However, mobile done right can actually
increase the security of this information from its current plastic incarnation, depending on the
approach.
First, to clear up some confusion. A “mobile wallet” and a “digital wallet” are not the same thing. A
“mobile wallet” refers to when the actual mobile phone becomes the wallet. All relevant financial
information such as bank account and credit-card numbers are stored on the mobile device and the
user needs to actually have the phone with them for the transaction to be possible. Payments are
made using Near Field Communications technology embedded in the phone in card emulation mode
and the device is waved over a special terminal at a retail location for payment.

2. A “digital wallet” is something different. Digital wallets exist in the cloud and they are not tethered
to any one specific device such as a mobile phone, but are accessible from a variety of devices and in
a number of ways–from a physical card or a mobile phone number and PIN to a mobile device in NFC
peer-to-peer mode. Sensitive financial information is stored in the cloud, not on the actual device.
I’m a firm believer in the cloud approach to a digital wallet and let me explain why.
The most significant problem with the “mobile wallet” approach is rather obvious. Putting aside the
many challenges such as consumer adoption or expensive technology upgrades for retailers, this
approach puts consumers at unnecessary risk. Asking someone to permanently store critical details
about their financial lives on their mobile phones opens up a world of problems if the phone is lost
or stolen. Suddenly every bit of financial information is exposed to potential theft. To be so utterly
device dependent when dealing with such sensitive information puts the user at a very high, and
very avoidable, level of risk.
The “digital wallet” approach relies on the inherent security of the cloud. This is where a consumer’s
financial information lives, not on their phone. They can access their “wallet” anytime, anywhere, no
matter what device they’re using, and they never have to worry when they switch devices or
upgrade phones. Even if the phone is lost or stolen there’s no need to worry. Of course, we always
recommend that our customers protect their phones with a PIN as a first line of defense.
All sensitive financial information is stored safely in the cloud, not on the device. This is an intuitively
smarter approach. The risk of financial information being compromised is dramatically reduced, yet
the consumer still gets all the functionality and flexibility of being able to make mobile payments.
Look at it this way: if your phone gets stolen and all your financial information is on the device, and
the thief began making transactions, it would almost be impossible to tell if it was really you. With
the cloud approach your account is constantly being monitored. So, for example, if a transaction is
made by you in San Francisco on your desktop computer, then 10 minutes later one is made in Paris
on your phone, it will immediately be clear that something’s wrong.
As mobile phone and mobile device use continues to explode, there’s no doubt consumer habits for
making payments will continue to evolve in ways we have yet to imagine. As this happens, the
security of financial information will become increasingly more important and will be forced to keep
pace with the rapid changes in technology.
In my opinion, the “digital wallet” that exists in the cloud offers this security now, while offering the
flexibility of not being dependent on a specific mobile device.
Author blurb: Prashanth Ranganathan is director of mobile security and risk for PayPal. He was
previously CEO of Truvie, an early stage developer of real-time fraud detection software that was
acquired by PayPal in 2011.

3. Prashanth Ranganathan is director of mobile security and risk for PayPal. He was previously CEO of
Truvie, an early stage developer of real-time fraud detection software that was acquired by PayPal
in 2011.