I’ve been reading lately in local and international (also here) press about replacing credit and debit cards with the smartphones. On one hand idea seems to be very attractive, however this means that the security on the mobile devices will have to be tightened much more than it is today.
Today many people do not care much about the features, software and settings on the mobile phones, which leaves them vulnerable in one or another way.
- Unauthorized applications and possible issues regarding application permission request handling, which basically can allow access to the critical information
- Recently Symantec’s announced Apple iPhone OS security issue that generally allows accessing any security sensitive information
As the mobile smartphones become more and more popular, they will definitelly gain attention from malicious and criminal space and with the intentions of banks to handle payments using smartphones – the attraction will be even higher.
In case of bank cards, responsibilities in case of the incidents is pretty much clear, because banks must take responsibility for all infrastructure from card to the bank back-end system. If mobile phone is used, I’m pretty sure that banks will try to get rid of some responsibilities and move those to the user space as they have done with e-banking. While there is a lot of effort and resources devoted in order to fight back digital crime in PC space: antivirus, automated OS security updates, automated application updates, phishing prevention in browsers – there is only a little effort in the security area of mobile devices.
So, will mobile devices be accepted as tools for making payments? Probably will because of the pricing and convenience, as the e-banking does now.
Should we pay more attention to the security of the smartphones and the respective payment related infrastructure? Sure yes.