In order for its system to work, Gungor explained Facebook will have a shadow accounting system in place behind its presentation layer. This accounting system resides in authorized and secure locations, including databases and servers. Above the accounting system will be an integrated presentation layer, where transaction data can be sent in accordance with security rules. All these security layers are required for payment transfers to be sent securely via Messenger.

PayPal manages accounts in a similar way, but it follows a simple email and password authentication formula to hide all account and credit card information in a secure database. Merchants are under an agreement with PayPal to take part in its payment finalization procedure, and PayPal handles security.

Facebook, Venmo – an app that enables anyone with a mobile device to send and receive payments via text message – and other mobile payment systems are all subject to security issues. All of these players may find paths to follow and make significant changes in the mobile payments market, Gungor suggested, but when it comes to security, "It seems that hybrid solutions, using secure elements of host card emulation (HCE) and tokenization will come to light," he said.

HCE is on-device technology that permits a phone to execute card emulation on an NFC-enabled device. Tokenization replaces sensitive data with unique identification symbols in order to retain essential information without compromising security.

"Samsung, Apple and Facebook are not payment solution providers, but they are tapping into the payment solutions industry with their new products," Gungor said. "These giants are entering the middle-earth. This place has its own rules and regulations."

Read more: Mobile payments security will require more than procedures set up by app-makers…

He added that it seems these giants will become hybrid solutions that use secure elements, host card emulation (HCE) and tokenization – something application platforms such as Facebook will also offer as a service.

HCE relates to mobile devices, particularly Android devices, and Gungor said he expects to see more extensive tokenization use, which will make transactions more secure.

"We [Cardtek] are providing our TOKENxpert product for that reason," he said. "It's not limited to the banks, it's available to any service provider to financial markets."

Today, Google Wallet encrypts data and uses tokenization, like Apple Pay does, to prevent merchants and other parties involved with a transaction from ever seeing account details. Plus, the phone's owner can disable the payment account online without having to access the phone.

Federal law requires financial institutions to verify the identity of their customers, but is less lucid on how the rules pertain to mobile payment systems, which have weakened the link between financial institutions and the payments they facilitate.

The relatively new Venmo, a company owned by eBay's PayPal unit, has demonstrated early success by handling $2.4 billion in transactions in 2014. However, reports earlier this year identified security defects with the company's fraud alerts and nominal user identity authentication. Venmo did not notify users of changes it made to its account settings, which could open the door for hackers to go unnoticed if they were to change user passwords and siphon funds.

Venmo addressed this issue in a March 9 company blog post, stating that it plans to take on the consumer worry of the lack of multifactor authentication. If someone hijacks Venmo to steal money from a checking account, the most a consumer will lose is $50, provided they notify Venmo within two days of the theft, according to company policy. If the notification takes longer, the limit will increase to $500. Most credit card issuers don't impose any fraud losses on cardholders, and federal law limits consumer liability to $50 in most fraud or theft cases involving credit cards.

In order for mobile payments companies to protect their users, Gungor suggested companies use rules and regulations as standards for security. However, as companies such as Facebook, Venmo and Apple Pay are more extensively used for payments, the security provided to users will almost certainly require more than procedures set up by the app-makers. As Spencer Tierney, staff writer for NerdWallet, recently wrote in his blog, "When fraud hits systems like Venmo and Apple Pay, the repercussions fall more on the banks and card-issuing companies involved, similar to fraud that arises following retail system data breaches."