Open source code used in mobile payments may put banks at risk

This article is brought to you by Retail Technology Review: Open source code used in mobile payments may put banks at risk.

VocaLink, The Payments Council, Pinsent Masons and SQS discuss the technical and legal compliance issues associated with mobile payment services using open source software (OSS).

"Financial organisations that do not build quality into their mobile payments applications will fail to meet increasing demand to roll out mobile payment services quickly, at a reduced cost," believes Julian Brook, Associate Director at SQS UK.

He presented his opinion during the "Mobile Payments" seminar in London on 1st October. The event saw speakers from VocaLink, The Payments Council, Pinsent Masons and SQS discuss how open source software can help deliver mobile payment solutions quickly, while reducing intellectual property risks, potential brand damage and exposure to security vulnerabilities.

The event was opened by Julian Brook, from SQS, the world's leading specialist in software quality. Brook warned: "With £1.5 billion mobile payments anticipated by 2022 – five times the number made in 2012 – banks that do not yet have mobile payments on their roadmap, are at risk of missing out on a lucrative market."

For financial institutions implementing mobile payments, there is a general lack of awareness of the open source software being used. Brook added: "Very few of the organisations will have sufficient controls in place to accurately quantify the amount of open source they are using with any confidence. There is 50% visibility at most."

Addressing an audience including in-house legal practitioners, product managers, system development leaders, Heads of Quality, and IT security, Brook underlined the risks associated with not having an effective open source governance process in place within mobile payments services. "Despite the projected growth in mobile payments, a lack of governance and controls mean banks do not have full visibility of open source software used. This opens banks up to potential security concerns associated with non-licensed code being used, which could put them in danger of exposing commercially sensitive information."

He also highlighted the benefits of using open source to drive down development costs and improve efficiency, explaining how financial organisations can achieve quicker time to market using open source thanks to the code already being used and tested by other organisations worldwide.

Pinsent Masons associate Angus McFadyen's presentation noted that of the 60 to 70 billion apps downloaded this year, 80 per cent will use open source. He then outlined the legal and compliance aspects of mobile payments, and how these can be managed by ensuring software such as open source is correctly licensed, whether it is developed in-house or comes from existing code. McFadyen also highlighted the risks of open source software that financial institutions should be aware of: from non-standard code hampering interoperability and uncertainty over enforceability of licenses and copyright when code comes from many contributors, to dealing with potential IP and copyright infringements.

Following the presentations, Nick Daniel, Head of Business Development at VocaLink, and David Picton, Senior Project Lead with the Payments Council, joined Julian Brook and Angus McFayden, as part of the panel answering attendees' questions. The panel focused on The Payments Council's upcoming Mobile Payments Service, which is due to launch in April 2014, and how it will enable customers to make secure account-to-account transfers using only a recipient's mobile phone number. Picton believes this new service will be ideal for users transferring money between accounts while on the move – a point confirmed by Daniel, who stated that VocaLink anticipates the number of people using mobile payments to reach 25 million by the end of 2014.

Eight financial institutions, including Barclays, Cumberland Building Society, Danske Bank, HSBC, Lloyds, RBS and Santander have already committed to offering the new service from spring next year. This 'launch group' represents 90% of UK current accounts and Brook believes that almost every financial organisation that is developing mobile payment software will be using open source code to some extent.

For further information www.sqs.com