Join the Community

22,011
Expert opinions
44,184
Total members
424
New members (last 30 days)
166
New opinions (last 30 days)
28,673
Total comments

Where NatWest got it wrong

  0 5 comments

I had an interesting discussion with Bob Howard (BBC Money Box) this morning concerning the current situation with GetCash service by NatWest. At the end, I felt that it would be important to draw a clear line between "mobile payments are not safe" and "badly implemented mobile payments are not safe". 

Mobile-related frauds are now getting close media attention, and not without a reason. NatWest have been offering cardless cash withdrawals for years. If any fraud did occur with that service, it was of little interest to media.

Enter the mobile payments and things shifted into a different universe. Every mobile phone with GetCash app is a lucrative fraud target - find a hole in the app (for example, via malware) and get an instant reward in cash.

What did NatWest do wrong, in my opinion?

Every banking card issued by NatWest conforms to the EMV ("chip and PIN") standards. Those standards (not without some issues, though) were collectively thought-through, developed, tested and implemented by a consortium, not by a single company. The underlying architecture is sound, there is "secure element" involved, EMV protocols represent "good practice" etc - in a nutshell, EMV works, and it works well.

Why do banks, when it comes to a mobile-based version of that same card, re-invent the wheel? Why do banks think their IT departments are filled with "mobile payments" Da Vincis who can outsmart EMV? Why do banks, well familiar with the advantages of "chip", deploy mobile solutions using the equivalent of a magnetic stripe? 

Is it greed? As in "why pay mobile operators or another party for access to secure element if we can simply keep fingers crossed". Or arrogance? As in "we know better" (than Google, for example). Or ignorance? As in "we are using world-class fraud management tools that cannot be beaten even by well-funded and extremely well-organised fraudsters". What do the banks gain by going it all alone?..

Incidents like GetCash fraud are damaging to the mobile payments industry as a whole. How many times would a consumer need to be stung by a mobile-related fraud to stop even think about using a mobile phone for payments and banking?..

We need to get media on board to help us educate the consumer that it's badly implemented mobile payments that are not safe.

If it's not secure, it's not safe. And there is no "secure" without "secure element" (ask Visa or MasterCard why they don't allow PIN entry via mobile). As simple as that. Anyone doubting that will pay the price.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,011
Expert opinions
44,184
Total members
424
New members (last 30 days)
166
New opinions (last 30 days)
28,673
Total comments

Trending

Kyrylo Reitor

Kyrylo Reitor Chief Marketing Officer at International Fintech Business

Forex Market Regulation on the African Continent

Francesco Fulcoli

Francesco Fulcoli Chief Compliance and Risk Officer at Flagstone

National Payments Vision 2024: The UK's Vision for a World-Leading Ecosystem

Now Hiring