Wireless Transactions and the Human Element

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Somewhere, hackers are smiling. They are, that is, if they've read the two pieces we've seen recently that say personal finance over the Web is here.


The stories describe at least two ways in which people will be able to bank, buy things and pay bills wirelessly. One story -- in the Chicago Tribune -- describes "wireless wallet" approaches in which near-field communications (NFC) platforms enable transactions to be completed without any physical contact between the system and the user. The other story, a Reuters piece that we saw at redherring.com, describes a deal between AT&T and Wachovia and other banks to enable many operations to be done by cell phone.


Neither of the stories discusses security in any detail, and it doesn't really matter that they don't. Clearly, all the parties involved wouldn't have taken things this far if they weren't comfortable with the safety of the data. We're sure there will be an impressive array of protections available that will seem impregnable -- whether or not they prove to be in the long run.


We've been dealing with network security long enough to be skeptical that any protections are enough. That, also, doesn't matter. Unfocused fear is a not a reason to keep new and potentially valuable services or applications from launching. If they were, nothing new ever would emerge. It's up to each individual or company to determine whether they are willing to take the risk -- or what level of security must be in place before they are willing to do so.


What we would like to hear more about now is how these new services will be guarded against phishing and other social engineering attacks. While many solutions to these challenges are technical, there are others -- such as user education -- that can make a big difference. It's long been apparent that the weakest link in the security chain is people. It seems that changing the contact point between people and their financial institution is a big move. The fact that cell phone user interfaces generally are trickier and more apt to be used incorrectly than PC interfaces suggests that great care must be taken.