Mobile payments security: Four tips for keeping crooks' fingers out of m-wallets

Expect new ruses from criminals as mobile-wallet use increases...

With criminals sniffing around mobile payments, the challenge of securing customers' money and data is only just beginning in earnest, says security expert Malcolm Marshall.

The launch of Google Wallet and the impending introduction of a range of new mobile wallets, or m-wallets, are already throwing up security challenges for CIOs and consumers. So how will the expected adoption of m-wallets change the way we view security?

The optimistic answer is that the movement of money, identification and credit cards onto mobile devices will immediately add a level of security simply by extending existing encryption and password protections to mobile devices. And while passwords can certainly be hacked, doing so requires a greater level of sophistication.

Google Wallet

The launch of Google Wallet in the US highlights the growth in mobile payments systems but security concerns persist among consumers and businessesPhoto: Google

At the same time, since m-wallets tend to retain customer information and credentials in the cloud rather than on the device itself, it should also be relatively straightforward for anyone whose device has been compromised to wipe it quickly and remotely of personal information and - within minutes - transfer their wallet to another device.

What's more, even small m-wallet transactions can be tracked and traced, something that's all but impossible with physical cash.

Security as a barrier to adoption

But consumers and business leaders also have good reason to be concerned about the security of mobile payments. In fact, according to a recent survey by KPMG, more than 70 per cent of businesses suggested security was the number one barrier to the widespread adoption of mobile payments.

The experience with internet banking does not augur well for mobile payments. It's true that great progress has been made in online banking security. In the first six months of 2011 alone, online banking fraud dropped by almost a third over the same period in 2010.

But my experience of working with many banks shows that many of their clients continue to lack confidence in security.

One bank estimates that three in 10 of their customers are not using internet banking because of security concerns, a sentiment that will probably carry over to mobile banking as well.

Securing the channel

We're already seeing innovation in online crime targeted at mobile devices. Malware and spyware are increasingly being detected on mobile devices and malicious apps are starting to creep onto phones and tablets.

While many of the threats that are now assailing mobile devices are merely extensions of old-school techniques, the reality is that...