In my previous post, I wrote about how mobile payment wars were heating up. In one corner is Apple Pay; CurrentC, backed by huge retailers, is on the other.
An important dimension to the mobile payment category is security. The emerging systems simply add another possible entry point to those available to crackers. They also have not been vetted, so great care must be given to any sign of instability.
Network World suggests that folks hold off on adopting either technology until the two systems have been exposed to hackers. A tremendous amount of money and effort has been put into security, but the effectiveness of the resulting technology and techniques still is unclear.
Ryan Olson, the director of Palo Alto Networks’ Unit 42 threat intelligence team, told Network World that there is no shortage of opportunities for criminals:
There are plenty of places attackers will probe for weaknesses to exploit, Olson says. For example, attackers could go after the point-of-sale systems stores use to accept mobile payments in addition to the phones themselves, he says. Backend systems could also be hacked, but none of it is easy. “All three of these are more challenging to crack than the current POS systems we’ve seen in the headlines in the last year,” he says.
And it seems those problems are already emerging. Search Security reports that CurrentC’s sponsors told The Wall Street Journal that the email addresses of pilot program participants were compromised, though the payment application itself was not impacted. The story says that the incident is being investigated.
Business Insider reports that CurrentC says that many of the compromised emails were from dummy accounts used for testing purposes. The crux of the report is that the hack is more embarrassing than dangerous. This is especially true because CurrentC had made a big deal about the security of its system.
Mashable’s story introduces the idea that Apple Pay actually improves security to traditional credit card transactions. Apparently the near-field communications (NFC) adds layers of security in the connection between the device and the retailer equipment. The tokenization and cryptography are designed to ensure that the device making the transaction is not fraudulent.
Clearly, any new techniques for retail payments are going to get the undivided attention of hackers and crackers. However, the jury still is out on whether that attention will lead to massive breaches.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.