Using a mobile phone to make payments introduces a new entry point for traditional and trusted payment methods in the U.S. It also introduces several new technologies to support mobile payments. The unfamiliarity and complexity of the mobile device and associated technologies create security concerns for consumers who want to be confident that their personally identifiable information and actionable financial information (e.g., account numbers, PINs, security codes, and passwords) are protected in storage and while being used to process a mobile payment transaction, whether that storage is on the mobile device or in the cloud.
This report examines in detail how near field communication (NFC) and cloud technologies address security for mobile payments at the retail point-of-sale (POS). It also provides a brief overview of security for two other mobile technology platforms, QR code, and direct carrier billing (DCB). Each technology manages and processes information uniquely; hence security practices and issues will vary with the technology deployed by each payments platform provider.