In a 2010 study, 80 percent of respondents voiced privacy concerns about location services.
Since then, there has been little action from the location-based technology industry to allay consumers' fears, despite the fact that location-based technology has exploded, and nearly every smartphone sold today features GPS, near field communication (NFC) and geo-fencing capabilities.
In fact, the Federal Trade Commission (FTC) only recently released a report that offers various recommendations to mitigate some of the privacy and security risks associated with mobile payments. Though it's a step in the right direction, at least for that subset of location-based services, we still need app developers and technology providers to educate consumers and take decisive action.
When it comes to mobile and location-based capabilities, responsibility falls on app developers to take steps for shoring up the security infrastructure. Developers need to secure not only the software itself, but any transmission of data as well as the servers used. Additionally, data security and encryption need to be paired with strong privacy policies.
Think about this for a second. Financial fraud is one of the biggest privacy and security concerns associated with location-based technology. In the United States, credit card fraud is already a huge problem – to the tune of about $8.6 billion in lost funds, according to the Aite Group. So, as consumers begin to use location-aware smartphones to pay, a new avenue for fraud has opened.
But even without that added security, many consumers don't realize that mobile payments are actually significantly safer than paying with credit or debit cards. Paying with your phone means there a greater number of authentication points, including device identification numbers, passwords, encrypted transaction records and more. People also tend to notice missing phones faster than lost credit cards, which means they often report theft or loss before fraud happens.
Of course, your money isn't the only thing that can be stolen. Your data is also valuable and in the wrong hands can pose a serious threat. When using location-based technology, such as social networks or mobile payment apps, people relinquish quite a bit of information about themselves, whether they know it or not.
For example, when consumers pay with their phones, merchants may be able to associate names and other identifying details with the payment and purchase data. The dangerous part? The information could be used by criminals for identity theft or other nefarious purposes. With data made so readily available, it's even more important for merchants to explore strong point-of-sale security solutions.
The good part of sharing this data, however, is that it enables most businesses to more deeply understand their customers and create a better experience for them, encouraging greater loyalty and repeat business. From this perspective, it's easy to see why businesses and app developers recognize the value of this data.
The last thing they want to do is misuse it or give their customers any reason to mistrust them. Protecting this data is as important as protecting sensitive credit card information, and part of protecting that data is ensuring consumers feel safe enough to want to share it.
According to a recent study, when using a mobile app or new payment process for the first time, consumers feel most secure when they must enter a username, password and some type of verification code. Basically, consumers are most comfortable with security layers that are similar to what they already know and use online, so app developers should build in these features whenever possible. They should also be very careful about how and with whom they share data from their apps, in order to maintain customer trust and avoid lawsuits or bad press.
Sadly, there are some consumers who have already encountered real problems from sharing location data.
Location-based technology can easily enable stalking, or alert thieves to the fact that you're on a beach in Aruba, making your house a prime target for burglary. On the less extreme – but far more common – side of things, it's also easy to incriminate yourself when sharing information in an automated and not 100 percent private fashion.
You probably don't want your users to head for the hills because they don't feel comfortable sharing location information. So help them out by making privacy controls intuitive and transparent. Ensure that a user's “friends” can't accidentally (or intentionally) share their location with others without the user reviewing and approving. And be very careful when you choose partners, ensuring their privacy policies are in line – and just as stringent – as your own.
From your mother-in-law commenting on your check-ins to bigger concerns around serious data fraud, now is the time to become more deeply aware of how location-based services work and how they impact our lives.
As IT security professionals, our call to action should be to show consumers why mobile location-based services are a good change, and help them understand why you don't need to be freaked out, even just a little.