by Bill Snyder

Why You Should Avoid Big Retailers’ New Mobile Payment System

Aug 15, 20123 mins
MobileMobile SecurityPrivacy

Best Buy, Walmart and other big retail stores are developing a system that lets you buy goods with the tap of your smartphone, which, though convenient, is just an invitation to get hacked and share personal data with marketers, spammers and cops.

More than a dozen retailers including Best Buy, Walmart, Target and 7-11 are banding together to develop mobile payments systems that would let you charge a purchase with just a tap of your smartphone.

It isn’t yet clear when Merchant Customer Exchange (MCX), one of three competing mobile payments will go live, or exactly how it will function. But no matter what the answer is to those questions, my advice is to run, don’t walk, away from any mobile payments system for the foreseeable future.


In the first place, ask yourself why are these merchants so anxious to roll out yet another payment system? The answer is obvious. Hard data on real consumers is like gold in the worlds of retailing and advertising. Every time you make a purchase with a smartphone, that data will wind up in a number of enormous databases before you walk out the door. And remember, that data will include your telephone number and maybe your email address as well, so be prepared for a deluge of pitches and tailored ads coming your way via your mobile device.

Then there’s the issue of security. How many times have you read about (or even experienced) credit card fraud or a security failure that resulted in the theft of a gazillion passwords? Security lapses are all too common, of course, and it would be astonishing if mobile payment systems don’t spring some leaks, particularly in the early days of a rollout. At the very least, wait until the systems have been operational for a while, before you try one.  After all, why should you be an unpaid beta tester for Walmart? (These are not just hypothetical concerns. Earlier this year, Google Wallet was hacked, not once, but twice.)

Even if the systems are secure, woe to you if some creep gets his hands on your mobile-payment enabled phone. By the time you get around to bricking it, or remotely wiping it, the bad guys could have run up a substantial tab under your name. It’s likely that you won’t be responsible, but proving that you didn’t make those purchases involves an annoying amount of paperwork.

You also may have read that wireless providers are quick to turn over cell phone records and GPS data to law enforcement agencies even when no one has gotten a warrant. Do you think AT&T and Verizon would hesitate to share your purchasing history with government snoops?

Finally, I don’t actually understand why you’d want to make purchases with your phone. Is it really any easier than swiping a debit or credit card? Sure your phone is always with you, but so is your wallet, the real one, not the virtual kind.

If you still want to use a mobile payment system, here are a few tips to do it safely:

  • Use a PIN on your phone that will keep the screen locked.
  • Use an app that issues an immediate electronic receipt. That way you can check the amount of money you spend right after each purchase.
  • Choose a method that gives you at least a two-factor authentication, such as a password on the phone and another to access the payment application.

Did you notice something about those tips? If you follow them, making a purchase via a mobile payment scheme will turn out to be a lot harder than simply using cash or plastic. I rest my case.