Welcome to WealthWisdom, the economy and investment knowledge blog! Enjoy reading and do sign up as members, before logging off! Feedback on the blog welcome on email@example.com.
Tuesday, March 15, 2016
Why using a digital wallet is like leaving a door open
I am hoping my kids don't do it," says Sarah Jane Hughes. The professor of commercial law in the US isn't alluding to sex or drugs. She's talking about the dangers of mobile payments services. She's not the only one sounding an alarm: In September almost half of about 900 members of Isaca, an association of IT professionals and risk managers, said mobile payments aren't secure.
In 2016, 148 million people around the world will reach for their handsets to make payments at in-store point-of-sales terminals, according to a report from Juniper Research. Many millions more will use payment apps such as Dwolla or Venmo to send money to friends and businesses.
The boom is creating opportunities for hackers and thieves, and security gaps in some of the apps are leaving buyers as well as sellers exposed. According to a September report by researcher LexisNexis, merchants reported that "alternative payment methods," a category that includes PayPal and other nonbank financial companies, accounted for 21% of all fraud in 2015, up from 13% the previous year.
Along with a handful of well-known companies such as Apple, Google and Samsung, the mobile payments field has attracted thousands of thinly capitalized startups. "There's a lot of two engineers and a goat," s a y s R i c h a r d Crone, chief executive officer of Crone Consulting, which advises the industry.
Crone predicts the number of digital wallets that can be used in stores will double within the next 12 to 18 months and the number of mobile web or in-app payment services will triple over the same period. "We have a lot of people competing to deliver the same service," says Michael Belton, vice president for applied research at Optiv Security. He says that in the rush to get their product out, many developers are cutting corners.
Mobile app security provider Bluebox found vulnerabilities in all the roughly 10 unnamed US mobile payment apps it examined last year. "Most of the time, the apps themselves aren't using any kind of encryption to protect the data on the phone or to protect the data in transit," says Andrew Blaich, Bluebox's lead security analyst.
On March 2 the Consumer Financial Protection Bureau levied a $100,000 fine on Dwolla, a service that allows people and businesses to make and receive payments via a website or mobile app. The agency said Dwolla misled users by claiming that its data security practices "exceed industry standards," while in a number of instances it stored and transmitted social security numbers and other sensitive information without encrypting the data. Current laws may need to be updated to determine who's liable in instances of fraud. The Electronic Fund Transfer Act does not cover services not offered through traditional financial entities, such as banks and credit unions.
The bottomline: Mobile payments technology is evolving faster than re gulation, leaving some users exposed to fraud.