Bracing For New Mobile Security Challenges
When employees carry sensitive financial information on their mobile devices, small and midsize businesses will need to adopt new security policies, procedures, and products to keep pace.
Cell phones have increasingly become more powerful. Now, many function as mini-PCs, enabling employees to check important information, reach cohorts at crucial moments, and enter vital information instantly. While these functions have been beneficial, the devices themselves have not been easy to manage, and they are about to present small and midsize businesses with new challenges.
Cell phones have become quite popular among businesspersons and consumers. As a result, suppliers have been searching for new ways to boost their usage. Recently, the GSMA, the global trade group for the mobile industry, outlined plans so these devices can be used as electronic credit or debit cards.
The new feature becomes possible after a couple of enhancements are made to the products. The first is the integration of Near Field Communication (NFC) capabilities, which are basically short-distance wireless communications. Equipment vendors and wireless network service providers see a number of advantages in using NFC rather than other options, such as Bluetooth and Wi-Fi, for short-distance wireless exchanges. NFC, which supports transmission speeds up to 212 Kbps, is inexpensive, costing 10 to 20 times less, and requires one half to one third as much power as alternatives.
In addition, the GSMA crafted the Single Wire Protocol interface, which enables handsets to exchange information with devices, such as Point of Sale terminals. With these new features, businesses and individuals can use their cell phone like credit cards or debit cards, purchasing a range of goods and services. The vendor consortium called for these two new features to be integrated into all handsets, starting in the middle of 2009.
Trials with these new features are now under way in eight countries, including the United States, and involve nine mobile operators. Most of these projects are in the early deployment stage. However, companies and consumers in Japan have been using the technology for a few years to buy items, and many customers manage their bank accounts via their cell phones. Since such ideas have been slow to catch on in other parts of the world, the GSMA is trying to spur adoption.
However, the organization must overcome a number of hurdles. In addition to the handset vendors, support has to come from the credit card and debit card suppliers. MasterCard and Visa have shown interest in the technology, but a great deal of infrastructure has to be added so the major credit card companies can ensure interoperability among NFC cell phones, POS terminals, retailers' business software, and financial institutions' systems.
Also, the handset vendors have to work with the carriers to determine what types of services will be available and whether or not there will be any additional charges for them. On the Internet, electronic banking and e-commerce do not warrant any additional charges, but it is not clear at this time if that model will hold true with cell phones.
Many of those items should be resolved as more of these services become available. Observers think there is no doubt that these services will become popular, with uncertainty centering on when they will work their way into the mainstream. As the market evolves, corporations could outfit their handheld devices so they not only provide employees with access to information but also function as corporate credit cards or debit cards. Also, they may be able to let their suppliers and customers use such features to purchase goods and services.
This evolution could create problems for small and midsize businesses. Many companies have been having difficulty keeping tabs on their handheld devices as the variety of devices has increased. With more of them working their way into the company, securing them has become important. How secure will these new features be? Backers note that NFC has a transmission range of only few feet, which makes it difficult -- some would say impossible -- for intruders to tap into a communications line and steal confidential information.
However, the level of security found with these news features is an open question. Chances are that these transmissions will not be encrypted as they move from the handheld device to the register. Also, the likelihood increases that employees will be carrying sensitive financial information on their personal devices, so it will have to be protected. Consequently, small and midsize businesses will need to buy additional security products and put policies and procedures in place so that information will be secure. In sum, the number of payment options will increase, as will the IT department's responsibilities.
See more columns by Paul Korzeniowski.
Paul Korzeniowski is a Sudbury, Mass.-based freelance writer who has been writing about networking issues for two decades. His work has appeared in Business 2.0, Entrepreneur, Investor's Business Daily, Newsweek, and InformationWeek.