Skip the navigation

Mobile payment systems: A disaster waiting to happen

By Ira Winkler
June 1, 2011 09:29 AM ET

The Square applications carry pretty much the same shortcomings as Google Wallet. Square's Card Case app certainly is no better -- and it doesn't have a secure storage chip or PayPass encryption ability. On top of that, it offers the location-based ability to run up a tab. Card Case also relies heavily on the native operating system, which is a major security concern. It doesn't take a genius to predict that as iPhones and iPads become a preferred platform for financial transactions, they will become a preferred platform for cybercriminals, and the malware targeting these platforms will increase exponentially. As Willy Sutton told us long ago, criminals follow the money.

To a certain extent, I am less concerned about the Register application. But has anyone pointed out that companies that use an iPad as a register must not use it for anything else? Any device that is used for Internet browsing or accessing other data and applications is at significantly greater risk for exposure to malware. With that said, though, there is still the concern raised by the fact that very few iPads and Android tablets use even minimal security.

And any sort of financial transaction requires much more than minimal security. When you get down to it, Google Wallet and Square rely on insecure platforms for their foundations. Until there are significant improvements in the underlying security of smartphones and tablets, it would be foolish to use these technologies. And that underlying security is out of the hands of Square, though it is something that Google and the other platform developers must address.

Ira Winkler is president of Internet Security Advisors Group and author of the book Spies Among Us. He can be contacted through his Web site, irawinkler.com.

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies