The U.S. Federal Reserve reported in early 2012 that only about one of every three Americans makes mobile payments. One reason for this is that the relatively new technology has yet to be adopted by the majority of American consumers. Another reason is the concern over possible data theft and fraud. Their fears are not unfounded, but there are steps they can take to minimize the risks.
Why Security Is Lax
Adam Laurie, a director at security researcher Aperture Labs, explains to the San Francisco Chronicle that “[mobile payment] technology is so vulnerable and so easy to defeat.” For one thing, he explains, many smartphone users don’t password-protect their mobile devices, which leaves them vulnerable to account theft if they lose or misplace them. Also, users may inadvertently download malware onto their phones, which could compromise the integrity of their account information.
Meanwhile, a thief may use mobile payment technology to access the credit card and bank accounts of consumers who don’t even pay for goods or services with smartphones. For example, it’s possible for an unscrupulous type to download a special app onto a smartphone, wave it near a victim’s wallet or purse, and
read the credit cards inside. The crook can then use the stolen data to make fraudulent purchases.
So, what is being done to address these security concerns?
Consumers can establish an initial layer of security by password-protecting their mobile devices (so their account information can’t be accessed by anyone else, even if they lose their phones).
They can also be smart about downloading suspicious apps or information to minimize the risk of acquiring malware. It’s also wise to obtain an app that allows the smartphone to be disabled remotely in the event that it is lost or stolen.
Mobile-payment providers are working hard to close security loopholes by reinforcing the defenses installed on mobile-payment devices and software. One company is developing software to analyze a smartphone user’s purchasing history in an effort to detect anomalous patterns and determine if a smartphone has been stolen or otherwise compromised. To prevent criminals from stealing smartphone data and using it elsewhere, security tools are being developed that can triangulate the location of an authorized smartphone user to see whether the transaction site matches that of the corresponding mobile device.
Intuit’s GoPayment team is working with security professionals to help ensure that our mobile payments system is as safe and impenetrable as possible. All GoPayment hardware and software already meets or exceeds the PCI Security Standards for mobile payments. And Intuit is committed to remaining on the forefront of mobile payments security in the future.