[Security] Mobile payment options to grow in 2012

Paying for items through a smartphone, which is a concept that seemed far-flung 5 years ago, could start to become more commonplace in 2012, according to analysts. Although this technology still is emerging, numerous security measures are in place to keep consumers’ financial information protected.

Ben Ramirez, who is a technology analyst with Frost & Sullivan, believes that the concept will begin to take off with quick, daily transactions, such as getting a cup of coffee or paying to ride public transportation.

Starbucks already has a mobile payment application that allows consumers to transfer and reload a set amount of money to the app by entering their Starbucks gift card’s number into their smartphone. When customers make purchases, a scanable barcode pops up on their smartphone’s touchscreen.

Another mobile payment option that might gain traction in 2012 is Square. This option relies on a postage-stamp-size credit-card reader that plugs into the headphone jack of a merchant's smartphone (and allows the vendor to take credit-card payments via his/her smartphone). This payment option is becoming more commonplace among small businesses at street fairs and farmers markets and the Salvation Army tested a Square payment option this past holiday season. (According to Square’s website, credit-card information is sent to Square’s server system and isn’t stored on a vendor’s smartphone.)

Other mobile payment methods that are taking, off such as Google Wallet, ISIS (which will go into market testing in Salt Lake City in summer 2012) and PayPal Mobile, rely on near field communications (NFC) to complete a transaction. NFC relies on radio-frequency identification (RFID) to transfer information between devices that are close to each other (less than 6 inches apart). Consumers who use payment methods such as Google Wallet or PayPal Mobile create a four-digit password to enable a payment transaction from their smartphone. When individuals use Google Wallet, for example, they input their credit-card information (Google Wallet accepts Citibank’s MasterCard only), which then is accessed by Google Wallet for use in transactions. When a purchase is made, Ramirez explains, the individual uses his/her pass code to authenticate a Google Wallet transaction, his/her device “communicates” with a payment scanner via radio frequency, and the credit-card information is transferred from the smartphone to the credit-card processor. When the transaction is complete, a confirmation is sent to the smartphone.

Google Wallet uses Secure Element. This chip is embedded in a smartphone, SD card, or credit-card (smartcard) and encrypts payment information. Google’s website says MasterCard PayPass secures credentials as the transaction is made. Ramirez says the probability of information being intercepted by a third party in the middle of a transaction is very unlikely because of how wireless networks communicate with each other. “It’s infeasible because of the fact that you can’t have two channels communicating to each other at the same time,” he says.

However, a study by security company viaForensics found that Google Wallet stored information, such as the smartphone user’s name, credit-card information, email address and the last four digits of a credit card, which was obtainable by root-accessing a device. Root-accessing allows unrestricted access to information that’s stored on a device. Andrew Hoog, who is a co-founder of viaForensics, says his company notified Google of its findings.

Nate Tyler, who is a spokesperson for Google, tells Consumers Digest that the Google Wallet app has been updated to delete transaction information permanently after a purchase.

Ramirez reminds mobile payment users to safeguard their data by setting separate pass codes for their smartphone and mobile payment account. Consumers also should cancel their credit card if their smartphone is lost or stolen. When it comes to loyalty-based payment apps, such as Starbucks, Hoog reminds consumers to download the company’s official app for the best security. “Look for names that are reputable,” he says.

– K. Fanuko


Comments

Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

[Security] Internet blackout scheduled in protest of SOPA