What You Need to Know About the Risks of Mobile Payment Apps

Learn how you can protect your business when it comes to point-of-sale systems for smartphones.
Magazine Contributor
3 min read

This story appears in the June 2011 issue of . Subscribe »

Mobile-Wary: Securitymetrics' Gary Glover.
Mobile-Wary: Securitymetrics' Gary Glover.
Photo© Matthew Turley

The first way to answer this question is with another question: How badly do you need to use a mobile phone point-of-sale app right now?

Most of the mobile POS apps released by companies like VeriFone, Square and others in the last 18 months employ a card swiper accessory that connects to a smartphone, though some may require a merchant to input customer credit card information using the phone keypad. The potential benefits: You unchain yourself from the cash register and the equipment and connectivity costs associated with a fixed, dedicated POS solution.

But Gary Glover, director of security assessment at auditing firm SecurityMetrics, says that for now, the apps carry risks for small-business adopters.

The new mobile apps should not be confused with other wireless POS systems, Glover says. These older systems--the kind that allow you to pay at the table at a restaurant, transmit credit card info over a dedicated Wi-Fi connection--do not have general internet access or share their connections with other devices. Mobile POS apps can be downloaded to any smartphone and use the same OS as other apps without firewall protection on a device that's always connected to the internet.

"The back end [the swiper] may be secure, but it's the phone part of the app I'm not so sure about," Glover says. Adding to the uncertainty, the PCI Security Standards Council suspended its certification of mobile POS apps last November to further study them and ensure enough security protections exist.

"Until I know what controls are in place, I don't know if I want to use an app from an unknown--though maybe from someone like VeriFone that is established," Glover says.

If your business depends on using mobile POS right now, Glover advises the following:

  1. Stick with experienced POS vendors with trustworthy reputations.
  2. Stay tuned to what the PCI council does to develop a vetting process, and do your own due diligence to evaluate apps.
  3. Consider putting the app on a controlled set of phones--don't just allow your employees to use it on their personal phones.
  4. If you're operating a storefront business, you may want to stay with private, dedicated Wi-Fi POS device for now.

Mobile phone POS apps should not be dismissed, Glover says, and could in fact trigger a major shift in how merchants get paid. In particular, the app from Square (a company co-founded by Twitter co-founder Jack Dorsey) could shake up traditional payment processing because, like PayPal, it can turn anyone into a payment-processing merchant.

"It's a brilliant, revolutionary idea," Glover says. "In the long run this is the way the world is going." 

More from Entrepreneur

Kim's expertise can help you become a strong leader, pitch VCs for capital, and develop a growth strategy.
Book Your Session

In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Apply Now

Are paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.
Get Your Quote Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.