Security & Mobile Payments: Debunking the Myths

Many of us depend on our smartphones. We use them for travel, entertainment, work – in addition to, well, communication. So it’s natural that we’re now entering the era of smartphone payments, with mobile payment revenue expected to top 1 trillion USD (883m EUR) in 2019. That’s a huge 22,000% increase from four years ago. And as you’ll read, mobile payments are safer than you think.

“Mobile payments” is an umbrella term that covers any payment made using a smartphone, from a digital wallet transaction to a purchase in a webshop. Across Europe, these payments are becoming increasingly popular: for example, in 2017, 68% of European consumers used a digital wallet.

However, younger people are particularly enthusiastic about mobile payments. Take Belgium, for instance: 68% of Belgian consumers say they’ve downloaded a mobile banking or payment app, but that rises to 83% for those under 35 years old. And according to a Visa Europe report in 2017, 92% of European millennials expect to be using mobile payments by 2020.

In this article, we’ll be focusing on contactless mobile payment solutions – that is, digital wallet and QR code apps which allow customers to use their devices for payment at a store terminal. The speed and convenience of these payments – no need to find a cashpoint or even take your physical wallet – is behind their growing popularity.

But mobile payments come with their own unique security concerns. Both merchants and customers want to be confident that these transactions keep payment data safe. With these issues in mind, here we’ll discuss: how mobile payment apps work, how secure mobile payments are, and what merchants can do to reinforce the security of their payment systems.


Contactless mobile payments

As a merchant, if you want to accept mobile payments in-store you have two main options: a QR code system or a payment terminal set up for NFC-enabled smartphone wallets.

QR code system: A unique QR code for your business can either be displayed at the till, on the terminal, or viewed on the merchant’s smartphone. The customer scans the code with their smartphone (having first downloaded a QR code app), checks the transaction details and merchant information are correct, and then authorises the payment.

To accept QR code payments for your business on a smartphone, you can download the CCV Tap & Go app for free today. Payments will be fully integrated with your MyCCV environment, and only a small fee per transaction is required.

NFC-based payment system: Customers can use an NFC (Near-Field Communication) enabled smartphone device – pre-loaded with their payment details – to pay for goods at a contactless payment terminal. NFC transactions occur through radio waves over a short distance. To accept NFC payments, you’ll need a contactless payment terminal which is set up to receive them. CCV experts can help you find the best contactless solution for your business.


Mobile payment security concerns

As with any digital payment method, customers want to protect the security of their data during transactions. Although European consumers do have concerns about mobile payment security, confidence is increasing year on year as the technology becomes commonplace in daily activities.

Of course, data breaches do happen. Using phishing scams and malware, hackers are sometimes able to steal payment and other personal data from smartphones – particularly as mobile devices are less likely to be protected by antivirus software. But the fact remains that mobile payments are still more secure than traditional card payments.

Research from IT association ISACA has identified three key security advantages of mobile payments:


Tokenisation: Secure digital wallet apps use a randomly generated token to replace the user’s payment data during a contactless transaction, meaning their card number can’t be intercepted by hackers.

Cryptograms: A cryptogram accompanying the customer’s payment data is specific to their smartphone, ensuring that any data which is intercepted by hackers becomes useless without the original device.

Strong authentication: Mobile payments can be protected by a combination of two or more different mechanisms used to authorise a transaction. For example, these include possession of the smartphone (including the token), plus a fingerprint or facial recognition authentication.


Digital wallets always need a fingerprint, facial recognition, or a PIN/password to complete a transaction. This is in contrast to a physical bank card card, whereby transactions below a certain amount (between €20-50, depending on country) can be done by tap-and-go without any authentication.

So to summarise – if a merchant’s payment system is hit by a cyber attack, mobile payment data is only available in tokenised form – useless to criminals. In addition, a rogue employee can’t steal any card information from the system – something that’s easier to do with traditional card payments. And even more simply, nobody can peer over the customer’s shoulder and note down their card details.

Nonetheless, mobile payment users need to do all they can to protect themselves. This includes: using a reputable digital wallet provider with the best security, only uploading card details to the app over a secure network, and protecting the app and device with strong passwords or other security measures.


The merchant’s role in security

As a merchant who accepts mobile payments, your responsibility is to maintain the highest levels of security in your payments system. A trustworthy payment provider like CCV will be able to give you the best advice and ensure you earn and maintain the confidence of your customers.

The European Union Agency for Network and Information Security (ENISA) recommends that merchants:

  • Update POS software as soon as a security update is released
  • Be vigilant regarding potential hardware tampering
  • Change passwords on POS systems regularly and restrict access
  • Use a secure internet connection
  • Deploy firewalls

If you’re using a QR code payment system, it’s also important to keep the code safe, so that potential criminals can’t replace it or tamper with it.

Once you’ve put all these safeguards in place, the security risk faced by any customer who makes a mobile payment with you will be minimal. You can then enjoy the benefits of these payments: stronger customer loyalty programmes, a greater number of purchases (thanks to your flexible payment options), and – of course – shorter queues at checkout.



The speed and convenience of contactless mobile payments mean that more and more consumers, especially the young generation, are using them on a regular basis. There are always security risks to take into account, and that keeps all stakeholders vigilant. But these risks are significantly reduced when merchants and customers take appropriate caution – and technology partners build robust solutions.

For more information about how CCV will help you implement secure mobile payments, contact our team today. We will talk you through the steps to take and the technologies that suit your needs.