The flurry of news surrounding mobile wallets and how NFC (near field communications) will soon allow us all to ditch our credit and debit cards in favour of a payment-enabled mobile phone ignores the security issue that is staring us in the face, says Phil Lieberman, the CEO of Lieberman Software.
With O2 announcing plans to launch an m-wallet offering in the second half of this year, I agree with Computerworld’s Ira Winkler that the m-wallet is a disaster waiting to happen.
Ira’s comments are bang on the money. Whilst it’s great to hear that m-wallet solutions will be Visa PayWave or MasterCard PayPass-compatible – meaning that the wireless data transmissions are encrypted – the problem comes if the smartphone itself in less than secure.
And with Google having to once again withdraw several infected dozen apps from the Android Market – the second time this has happened this year – it’s difficult to see how smartphones can ever be made as secure a desktop or laptop computer.
Yes, Windows is not without its fair share of malware attacks, but the platform also has very large raft of security applications that dovetail neatly in with company IT security systems.
Smartphones do not have access to this level of API-driven security and with large numbers of Apple iPhone users jailbreaking their handsets to escape network locks, it looks like that most flavours of smartphones will be susceptible to security faux pas for some time to come.
Some proponents of m-wallet technologies, note that m-wallet transactions are limited to £15.00 and under, but if a smartphone is loaded with £100.00 worth of bank credit – or is linked to a user’s bank account – there is then a risk that hackers can replicate the m-wallet credentials, and then make multiple small transactions using a cloned mobile wallet.
This is financial death by a thousand cuts – and with large numbers of users of m-wallet technology expected to converge on London next year for the Olympics, the risk of a cybercriminal attack on this form of payment is significantly increased.
With the first DroidDream Android infection reported to have hit as many as 200,000 smartphone users back in March, if an m-wallet security hack occurs – as Ira says in his blog – all you need is a malicious Angry Birds, and it will make the Heartland data breach seem like a footnote.
I have to agree with Ira. M-wallet technology is a potentially serious security risk just waiting to happen. Cybercriminals must be laughing their socks off at the prospect of having millions of insecure smartphone users with electronic wallets just waiting to be ripped off.