Monday, June 6, 2011

Wave and Pay, your money away: it's the device that counts!

Infosecurity notes, that the UK banks are rolling out PayWave and PayPass across London in preparation for the Olympics next year, when hundreds of thousands of visitors from around the world – many from Asia where NFC payments are commonplace – will visit London with their cards. Next to this, Telefonica O2 also announced plans to launch a mobile wallet system using NFC technology.
Hm, last week it was Google Wallet. By the way, Google Wallet links with MasterCard, O2 with VISA Europe.
Still, I'm scarier using a mobile wallet-app than an NFC-enabled creditcard.
Why?
Wave & Pay with your creditcard is different in security than Wave & Pay via your smartphone app. Both creditcard and mobile wallet-app use NFC-technology, but your smartphone is, contrary to your creditcard, used for Internet browsing or accessing other data and applications and therefore is at significantly greater risk for exposure to malware.
What then if you let the software encrypt and transfer the data. According to Ira Winkler, president of the Internet Security Advisors Group , it's like putting an airbag on a motorcycle, the airbag (the encryption) may protect, but lots of other things can go wrong.

IMFO, mobile NFC(!)-payments at this moment are of higher risk than paying cash, creditcard or via your bankcard.
All because the underlying device, the smartphone is still not secure enough for these financial transactions. Just look at the Android infections in the beginning of this year.
Then again, European banks, like Rabobank and ABNAMRO work already for years with mobile payments.
The USA should work more with their European counterparts in the security of mobile banking (banking and phones), then perhaps a secure app can be made, although even the secure element in the Android is susceptible to reverse engineering.
Could it become a dream or a nightmare. Time will tell...