Mobile Payments: Don't Buy into It

Hackers are counting on all of us to use our smartphones for purchases, so don't buy into this ill-equipped technology, writes Bill Snyder of CIO.com. Mobile phones are simply not secure enough yet to be used like a credit card.

If you're anywhere close to my age, you might remember the late Orson Wells making a pitch for Paul Masson saying, "We will sell no wine before its time." That boast may have been true for the vintner, but sadly it's not true in the technology industry.

Case in point, the growing hype for a soon-to-be-released technology called near-field communications. A near-field chip in your smartphone will allow you to make a purchase by simply swiping the phone near a specially designed terminal that will then pick up your credit or debit card information over the air and complete the sale.

Sounds great, and it may well work someday. But for now, it's far from ready for prime time and if someone tries to sell it to you in the near future cover your ears and shout La La La La.

The main issue is security, and that's largely because cell phones are simply not very secure, at least not yet. Mobile payments, says Ira Winkler, author of the book "Spies Among Us" and president of Internet Security Advisors Group, "are a disaster waiting to happen."

What's more, there are serious issues on the merchant side as well. Techno-marketers are touting a vision of buying a candy bar or a soda with a quick swipe of the cell phone, but remember, merchants pay a fee for every single transaction using a credit or debit card.

It makes no economic sense for them to spend money upgrading their credit card machines and then make almost no money on small purchases. Unless, of course, they jack up prices to make up for that lost margin, something you, the buyer, probably wouldn't like.

Cell phones are Insecure

If you've paid much attention to the news about technology recently, you know that not a month goes by without news of a serious security breach. There's a reason for this plague of malfeasance and it's not just because some technologies are rolled out too quickly.

Hacking is no longer about fun and games, it's a very serious business conducted by organized gangs, many based in Eastern Europe and Asia, with the goal of making money. Modern hackers zero in on targets that have lots of users — that's why there are so many more attacks on Windows computers than on Macs, though that's starting to change. It reminds me of the famous story of Willy Sutton, the Depression-era bandit, who when asked why he robbed banks replied: "Cause that's where the money is."

When people start using smartphones to purchase stuff, that's where the money will be and you can be sure the hackers will follow. No platform will be exempt, but for now, Android is looking particularly vulnerable, according to researchers at McAfee Labs. That's because Google exercises much less control over the Android Marketplace and other app stores then Apple does over iTunes. That gives hackers a chance to upload poisoned apps that can steal information from your phone. (I wrote about this issue a few weeks ago and presented five security tips for smartphone users.)

That's not to say that devices running Apple's iOS will be exempt; they won't, and neither will competitors from Microsoft or HP.

Here's what Winkler says about security and mobile payments: "A smartphone's operating system controls the exchange of data between programs, input/output devices and all of the other hardware components. If malicious software ends up on your phone, it can easily capture your PIN every time you enter it to pay for something. Until there are significant improvements in the underlying security of smartphones and tablets, it would be foolish to use these technologies," he says.

And that's the problem. Most of us happily download apps with little regard for potential security hazards. A well-designed poisoned app will steal information from your phone and you won't know it until you see the bogus charges on your credit card bill.

Mobile payment schemes have been around for much of the decade, and by and large they've flopped, as a colleague at InfoWorld (our sister publication) wrote recently. Some of the issues are the same: Who's responsible for fraudulent charges and returned or defective items? And if you or your kid loses a cell phone (something young people are prone to) you'll have to scramble to turn off the linked card as well as the cell phone itself. What a hassle.

It's an annoying fact that more and more technology companies seem to think it is just fine to roll out software (Google is a great example) and even hardware (think about RIM's Playbook) that's not quite finished. That may be okay when it's your browser or even a tablet, but it's not at all okay when we're talking about financial applications.

Right now, the winners in this game will be the cell phone carriers, the makers of the NFC chips, the credit card companies and the companies that clear payments.

The losers? Any consumer who buys into this technology before its time.

San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach him at bill.snyder@sbcglobal.net. Follow Bill Snyder on Twitter @BSnyderSF. Follow everything from CIO.com on Twitter @CIOonline

Insider Resume Makeover: How (and When) to Break the Rules
Join the discussion
Be the first to comment on this article. Our Commenting Policies