This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Global > United Kingdom > Services > Audit > Enterprise Risk Services > Services > Mobile Payments

Global site selector

Mobile Payments

Mobile payments and e-wallet services represents a unique combination of both first mover opportunities and significant risks.

The mass adoption of mobile technology and the boom in smart phone functionality has led to the number of mobile payment users increasing by over 50 million since 2011 and the value of mobile payments increasing by 61.9% in the same time frame¹.

Challenges

Building new connections: The collaboration between previously unconnected industries to create what is a brand new consumer service presents clear challenges. From initial strategy definition, through to design, planning, implementation & go-live, a mobile payments ecosystem presents a complex web of interconnected risks across revenue, finance, operations, technology, legal & compliance and 3rd party management.

Regulatory and compliance: Any mobile payments service needs to ensure absolute regulatory compliance to financial and consumer-based regulation; this becomes more challenging when players are entering unfamiliar new markets. Ecosystem players will also need to be conscious of complying with relevant data privacy laws.

Mobile payments are broad and can range from simple SMS transactions, peer-to-peer payment systems, direct mobile billing, web or application-based payments on a mobile, through to newer contactless and Near Field Communication (NFC) technologies.

Security and fraud risk: Contactless technology in particular presents new fraud and security risks, such as device and e-wallet vulnerabilities, malware within tags, eavesdropping data or man in the middle attacks.

System design and implementation: New systems and processes will need to be deployed with significant upfront investment costs and integration challenges as the ecosystem interfaces with existing systems. This level of complexity presents significant deployment and integration risks for the entire ecosystem.

How can we help?

Deloitte Enterprise Risk Services has tailored a set of proven risk-based services that can help you address the mobile payment risks applicable to your business. A selection of these services are shown below:

Information Privacy and Data Protection	Regulatory Compliance	Security and Resilience
Example services: Privacy impact assessments: Through the development of a control framework, we would help you identify and manage information privacy risks and regulatory requirements associated with your role in mobile payments. Data management: Assist you in understanding the risks associated with new data sets. We can work with your organisation to instil the appropriate data governance and value & analytics mechanisms to gain benefit from your data – all within a secure and compliant framework.	Example services: Regulatory and compliance advisory: Assist you in understanding the regulatory environment and the impact this could have on your role in the mobile payment value chain. We can assist your team in developing mechanisms and processes to support your compliance and ongoing regulatory requirements.	Example services: Penetration testing services: Identify vulnerabilities in your mobile payments infrastructure and assist you in defining fit-for-purpose controls and remediation plans. Security framework: Define the overall security framework and design appropriate security controls within and beyond mobile payment systems, networks and processes.
Business Model Refinement	Risk Management and Control	System Design and Implementation
Example services: Strategy and Business Model Analysis: Helping you analyse current business models and revenue sharing arrangements through financial modelling tools and bespoke advice with a view to creating more efficient models for the benefit of all parties. Revenue Assurance: Work with you to reduce the risk of lost revenues, assessing risks within overall process flows, identifying gaps and design flaws which drive up costs.	Example services: Risk and control assessment: Drawing on our expertise across both the telecoms and financial / payments sectors, we can provide an independent and comprehensive assessment of the entire risk landscape. From this we can assess the current control landscape and create an overall framework to test and improve controls. Third party assurance: Using our knowledge of assurance service auditing standards we can assist you in achieving assurance requirements to and from third parties.	Example services: Programme management & project management office (PMO): We can assist you in project management and technology rollout. We can help you define and set up PMO functions and project best practice. Project risk and assurance: Drawing on our bespoke project assurance methodologies, we can help identify and manage risks within your programme lifecycle prior to critical decision points, reducing the risk of project failure, delays or overruns and providing assurance over the health of a project.

Information Privacy and Data Protection

Regulatory Compliance

Security and Resilience

Example services:

Privacy impact assessments: Through the development of a control framework, we would help you identify and manage information privacy risks and regulatory requirements associated with your role in mobile payments.
Data management: Assist you in understanding the risks associated with new data sets. We can work with your organisation to instil the appropriate data governance and value & analytics mechanisms to gain benefit from your data – all within a secure and compliant framework.

Example services:

Regulatory and compliance advisory: Assist you in understanding the regulatory environment and the impact this could have on your role in the mobile payment value chain. We can assist your team in developing mechanisms and processes to support your compliance and ongoing regulatory requirements.

Example services:

Penetration testing services: Identify vulnerabilities in your mobile payments infrastructure and assist you in defining fit-for-purpose controls and remediation plans.
Security framework: Define the overall security framework and design appropriate security controls within and beyond mobile payment systems, networks and processes.

Business Model Refinement

Risk Management and Control

System Design and Implementation

Example services:

Strategy and Business Model Analysis: Helping you analyse current business models and revenue sharing arrangements through financial modelling tools and bespoke advice with a view to creating more efficient models for the benefit of all parties.
Revenue Assurance: Work with you to reduce the risk of lost revenues, assessing risks within overall process flows, identifying gaps and design flaws which drive up costs.

Example services:

Risk and control assessment: Drawing on our expertise across both the telecoms and financial / payments sectors, we can provide an independent and comprehensive assessment of the entire risk landscape. From this we can assess the current control landscape and create an overall framework to test and improve controls.
Third party assurance: Using our knowledge of assurance service auditing standards we can assist you in achieving assurance requirements to and from third parties.

Example services:

Programme management & project management office (PMO): We can assist you in project management and technology rollout. We can help you define and set up PMO functions and project best practice.
Project risk and assurance: Drawing on our bespoke project assurance methodologies, we can help identify and manage risks within your programme lifecycle prior to critical decision points, reducing the risk of project failure, delays or overruns and providing assurance over the health of a project.

Why Deloitte?

On top of being independently recognised as one of the global leaders in Business Analytics², our deep set of skills in the area of operational controls makes us the partner of choice for addressing your mobile payment risks. Our team consists of security, privacy, data analytics, and controls professionals with deep knowledge of the challenges your organisation faces in this new and exciting market. We have a proven track record in successful delivery of a variety of projects in the telecommunications, payments and financial services industries and have a large pool of experienced specialists we can draw upon both in the UK and globally.

¹ http://www.gartner.com/it/page.jsp?id=2028315
² http://www.deloitte.com/view/en_GX/global/press/analyst-relations/index.htm

Contact

David Blackwell
Partner
+44 20 7007 6520
dblackwell@deloitte.co.uk

Related insights

Mobile payments: Opportunity vs. Risk
Helping you understand first mover opportunities and business risks.

Useful links

ERS in industries
Learn more about what we are doing in your industry.

Share this page

Follow:

© 2013 Deloitte LLP. All rights reserved. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity.

Please see About Deloitte for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its Member Firms. View our accessibility statement.

Get in touch