Subscribe to our email alerts

Beyond the Transaction: Every Transaction Has a Story

Mobile Payments Security – The Questions, The Myths, And The Concerns

Mobile payments are at the forefront of the payments industry – and with good reason. Google Wallet has launched, Isis has announced it will commence pilot programs in Salt Lake City, Utah and Austin, Texas in mid-2012, and other payment providers have hinted at future plans.

With the mobile technology in payments moving so quickly, the topic of security often shows up as a potential concern. Sometimes the concerns are built on accurate information and other times, they are built on misinformation that only serves to alarm consumers.  At the end of the day, it’s important for consumers to be well informed and to know what security features are available to them when they use mobile phones to pay.

To help provide more information and transparency around potential security concerns, we’ve compiled a short list of some of the more frequently asked questions about mobile payments from consumers.

Question: If I lose my phone, can someone can access my card information and make unauthorized purchases?

If you lose your phone with contactless payments functionality built in, there are multiple ways in which you are protected.

  • To start, the payment application must be installed on a Secure Element in the phone – which is a tamper resistant chip and prevents any unauthorized access to the payment details.
  • As the cardholder, you have the option to require entry of a PIN before the phone completes any transaction. As long as you choose the required PIN option, the phone can’t be used.
  • Lastly, MasterCard’s Zero Liability applies which means you aren’t liable for any fraudulent purchases.

Of course, the consumer should always be responsible and take care of their phone in the same way they take care of their cards today – but with appropriate care we feel consumers can feel safe loading their credit card accounts into their phone when their banks offer them this option.


Question: Is it possible for someone to walk near me with a laptop and activate the phone or snatch my account information over the air?

The MasterCard PayPass protocol only transmits information over very short distances (less than four centimeters!) from the phone to the terminal, so consumers have some basic protection unless someone gets VERY close to them with a laptop. That said, the customer could also set the mobile payment application so that a PIN is required on every transaction and these attempts at invading your personal space with a laptop will be futile.


Question: Does the mobile phone keep track of what and where I’m buying something and share it with unauthorized third parties?

No, the mobile wallet software does not currently receive data about what products you buy.  In some implementations, the software does record on the phone the time when a transaction was initiated and the method of payment (prepaid card, regular card – just like a paper receipt would). This is to provide a useful record for the cardholder and show how much they have spent.  Customers who are concerned about who has access to transaction data should read carefully the terms and conditions for any services they enroll in – or for any software they download.

Question: If I download applications to my phone, can it access the account information stored in my phone?

Because the payment credentials stored on the phone for contactless payments are within the Secure Element mentioned above – access to those credentials can be managed and controlled.  Software that is not authorized to have access to the payment application cannot access card details.  As with all card information, consumers should be cautious about providing their details to entities other than their bank or a trusted party.

Question: Does a transaction performed from a mobile phone offer fewer protections than a credit, debit or prepaid card?

This is perhaps the biggest misconception of mobile payments. All protections that apply to the card apply to transactions made using a phone. Think of the phone as a different form factor but the account is the same. For example, you are not responsible for unauthorized purchases on your mobile phone in the same way you are not responsible for them if they were made using your card. In the case of MasterCard transactions, MasterCard offers Zero Liability on any unauthorized purchases.


We believe in providing more information to our consumers, as we feel the innovations in mobile payments will serve to help ease the lives of consumers everywhere. We understand that adoption relies on many factors – not the least of which is the assurance of security. In the past few years, we have worked hard to address these (and other) security concerns in our products and services.

Innovation is very important to us but never at the expense of consumer safety and privacy. We want to ensure that our consumers have all the information they need to feel comfortable and safe when using technology like mobile payments and hope that we’ve provided some transparency via this post.

If you have any remaining questions or concerns around mobile payments, leave a comment below and we’ll get an answer back to you.