Are mobile wallets secure enough to stop cybercriminals?

NFC is being gradually rolled out by Visa and MasterCard for their respective PayWave and PayPass systems, which allow cardholders to normally pay for smaller purchases – typically of £15.00 or less – without entering a PIN or signing.

The UK banks, Infosecurity notes, are rolling out PayWave and PayPass across London in preparation for the Olympics next year, when hundreds of thousands of visitors from around the world – many from Asia where NFC payments are commonplace – will visit London with their cards.

According to Ira Winkler, president of the Internet Security Advisors Group, NFC payments are a disaster waiting to happen. Any sort of financial transaction, he argues, requires much more than minimal security.

When you get down to it, he says, NFC-driven systems on mobile phones are reliant on insecure platforms, namely the mobile phone.

"Until there are significant improvements in the underlying security of smartphones and tablets, it would be foolish to use these technologies", he says in his latest security blog.

"Any device that is used for Internet browsing or accessing other data and applications is at significantly greater risk for exposure to malware. With that said, though, there is still the concern raised by the fact that very few iPads and Android tablets use even minimal security", he adds.

Winkler's comments are echoed by another IT industry veteran, Phil Lieberman, CEO of Lieberman Software, who says Ira's comment's "are bang on the money".

"Whilst it's great to hear that m-wallet solutions will be Visa PayWave or MasterCard PayPass-compatible – meaning that the wireless data transmissions are encrypted – the problem comes if the smartphone itself in less than secure", he said.

"And with Google having to once again withdraw several infected dozen apps from the Android Market – the second time this has happened this year – it's difficult to see how smartphones can ever be made as secure a desktop or laptop computer", he added.

The problem says Lieberman, whose firm specialises in privileged identity management, is that most types of smartphones are susceptible to security problems.

"With the first DroidDream Android infection [in March] reported to have hit as many as 200,000 smartphone users back in March, if an m-wallet security hack occurs – as Ira says in his blog – all you need is a malicious Angry Birds, and it will make the Heartland data breach seem like a footnote", he explained.

What’s Hot on Infosecurity Magazine?