Mobile payment systems: A disaster waiting to happen
The Square applications carry pretty much the same shortcomings as Google Wallet. Square's Card Case app certainly is no better -- and it doesn't have a secure storage chip or PayPass encryption ability. On top of that, it offers the location-based ability to run up a tab. Card Case also relies heavily on the native operating system, which is a major security concern. It doesn't take a genius to predict that as iPhones and iPads become a preferred platform for financial transactions, they will become a preferred platform for cybercriminals, and the malware targeting these platforms will increase exponentially. As Willy Sutton told us long ago, criminals follow the money.
To a certain extent, I am less concerned about the Register application. But has anyone pointed out that companies that use an iPad as a register must not use it for anything else? Any device that is used for Internet browsing or accessing other data and applications is at significantly greater risk for exposure to malware. With that said, though, there is still the concern raised by the fact that very few iPads and Android tablets use even minimal security.
And any sort of financial transaction requires much more than minimal security. When you get down to it, Google Wallet and Square rely on insecure platforms for their foundations. Until there are significant improvements in the underlying security of smartphones and tablets, it would be foolish to use these technologies. And that underlying security is out of the hands of Square, though it is something that Google and the other platform developers must address.
Ira Winkler is president of Internet Security Advisors Group and author of the book Spies Among Us. He can be contacted through his Web site, irawinkler.com.
More by Ira Winkler
- A simple cure for the cybersecurity skills shortage
- Ira Winkler: 6 failures that led to Target hack
- Ira Winkler: The RSA Conference boycott is nonsense
- Electronic privacy? There's no such thing
- Guys, stop creeping out women at tech events
- Ira Winkler: Stupid users, or stupid infosec?
- We're missing out on the value of security awareness
- Are your security professionals qualified?
- Ira Winkler: Press falls short in reporting on chip hack
- 8 realities about location-based apps
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts