Cyber Criminals' New Frontier: Mobile Payments

NEW YORK ( TheStreet) -- As Google ( GOOG), Visa ( V) and reportedly Apple ( AAPL) get closer to perfecting mobile payments -- the technology that will allow us to pay for goods with a mere wave of our smartphones -- they're up against a significant block: Consumers worried about the technology's security.

Spooked by the spate of recent high-profile cyber-attacks on governments and corporations like AT&T ( T), folks fret that mobile devices and the credit card information stored within could be cyber criminals' next frontier.

About 73% of respondents polled by mobile payments and marketing company Mobio Technologies said security was the most important factor impacting their willingness to use mobile payments.

And while the technology's proponents contend that the new-wave tech is likely safer than using a physical credit card -- which can easily be lost or stolen -- security analysts are skeptical.

"This technology will cause a feeding frenzy for criminals," said Ira Winkler, president of the Internet Security Advisors Group. "Mobile payments sound like a great idea, but there are some basic security problems that can be bypassed."

A Technology in Its Infancy

First of all, it'll be awhile before this technology goes mainstream. Hurdles include a lack of standards between banks (who control and secure users' account information) and mobile carriers (who manage the data transactions), as well as skepticism among merchants who must pay hundreds of dollars extra to upgrade their retail equipment.

Still, the market looms large. Juniper Research estimates that by 2015, the mobile payments sector will reach $670 billion, up from $240 billion this year. Rushing into the venture are dozens of entrants, including tech giants, banks, wireless carriers, credit companies and lots of start-ups.

Former Google CEO Eric Schmidt has pegged mobile payments as a "mega-scale opportunity" for the company. Google's Mobile Wallet product, currently being tested in New York City and San Francisco, lets consumers pay for goods with a tap of their Android at the register via a wireless technology called near-field communication (NFC).

Carriers AT&T, T-Mobile and Verizon ( VZ) also recently teamed up with major card issuers for their Isis payments partnership, using a similar technology.

Then there are start-ups like Square, which allow smaller merchants to accept payments through a tiny credit card reader plugged into the phone's audio jack. Square raised funding in June at a reported $1 billion valuation, up significantly from a January round that valued the company at $240 million.

Security Woes

Yet while this next-generation tech promises huge technological benefits to users -- simplicity, saved time and ease of use -- it also holds potential as yet another outlet vulnerable to hackers.

"It's a double-edged sword," said Nick Holland, an analyst with the Yankee Group. "There's a huge opportunity with mobile payments, but there's the possibility of threats."

At the crux of the security issue is the potential for a surge in malicious software (malware), or infectious programs containing computer viruses, worms, trojan horses and spyware. Malware aims to gain unauthorized access to a phone's system and cull sensitive information: Users' passwords, e-mail log-ins, credit card numbers, social security numbers, etc.

So do hackers break into users' phones? Some find their way via popular application marketplaces like Google's Android Market, where criminals have been known to create malicious programs disguised as legitimate apps within app stores. Their damaging goods aren't often caught right away.

In March, Google found and removed more than 50 infected programs from its marketplace, but not before nearly 200,000 people had downloaded the apps, according to security firm Lookout.

An example of a "bad app" could be one that mimics, say, Google Wallet, which relies on its "Secured Element" chip inside the phone that stores and encrypts sensitive data like credit card information.

Jimmy Shah, a mobile researcher for McAfee, noted that the bad app could trick the chip into giving up users credentials.

Despite this potential, "we think that Google Wallet is safer than a plastic card," said Marc Freed-Finnegan, senior business product manager at Google.

Yet as smartphone use has exploded around the world, so has the number of new mobile threats: In 2010, the number jumped 46% over the previous year, according to McAfee.

"As more and more data and credit card information ends up on phones, criminals are going to spend time figuring out how to get it," said Charlie Miller, principal research consultant at security firm Accuvant Labs and a white-hat hacker, or a computer security expert who infiltrates software to improve security.

Other mobile payments systems are at risk too.

Companies that use mobile billing -- where consumers pay for online goods through their carrier's bill rather than their credit card -- run a high risk for fraud, said Juniper Research. Juniper found that 25% of mobile payments through such systems were bogus, meaning that bills contained charges made by criminals who had gained access to the user's phone number and personal information.

Consumers Union, the non-profit watchdog group, recently warned that consumer protections put in place for credit cards won't cover transactions made via carrier billing. That could leave users who pay via this way vulnerable.

While some threats to the mobile payment networks are inevitable, consumers can do their part to avoid malware by carefully vetting programs and making sure they're created by trusted developers, said Kevin Mahaffey, Chief Technology Officer at Lookout.

"With any new technology we should be prepared for security problems to exist that doesn't mean we shouldn't use it," he said. "If we were afraid of every new technology, we'd still be using a can and a string for a telephone."

--Written by Olivia Oran in New York.

Readers Also Like:


More from Technology

Worth a Stunning $6.6 Trillion, Tech Stocks Have Taken Over the Market

Worth a Stunning $6.6 Trillion, Tech Stocks Have Taken Over the Market

Here's Why Snap Shares Climbed Monday

Here's Why Snap Shares Climbed Monday

Dropbox Soars in Third-Straight Record-Setting Session

Dropbox Soars in Third-Straight Record-Setting Session

Bitcoin Today: Prices Close to Flat in Low-Volume Trading

Bitcoin Today: Prices Close to Flat in Low-Volume Trading

Tesla's Elon Musk Just Told Short-Sellers They're Toast

Tesla's Elon Musk Just Told Short-Sellers They're Toast