Mobile ‘Wallets’ Give Rise to New Generation of Cyber Pickpockets

Posted by · April 3, 2012 12:37 pm

Sometimes convenience comes at a cost. For those of us who have decided to exchange our purses and wallets for the more convenient mobile ‘wallets’ that can be accessed using our phones, the security team at McAfee reminds us that, even if they might help us avoid a pickpocket on the street, mobile payment software like Google Wallet and the Square credit card readers come with their own set of risks.

“As mobile phones allow us to carry our money in an electronic ‘wallet,’ they will also become a greater target for crooks,” writes Jimmy Shah on the McAfee blog. “Picking a pocket is a risky endeavor for a [sic] thieves, but it will be much less so if all they need to do is bump into their victims or brush by them with a mobile phone.”

Shah goes on to explain how the increased convenience provided by mobile payment software extends not only to consumers but to the thieves who victimize them.

“Thieves are now more likely to go after both mobile payment software and phones enabled with near-field communications (NFC),” he observes.

All is not lost, however. As a result of thieves’ increased interest in these digital payment methods, security researchers are making large strides in shoring up their security.

Recently, notes the blogger, Square added encryption to their credit card readers, addressing a serious vulnerability of consumers’ credit card information as it is passed from the reader to the phone. And as researchers continue reverse-engineering these mobile payment systems, we can only expect things to get better from a security standpoint, he suggests.

One key vulnerability that remains, however, is with the above-mentioned NFC-enabled contactless credit cards (sometimes called “tap and pay”), which more tech-savvy thieves can exploit by simply creating an app that grabs credit card information from nearby phones. By activating such an app on a mobile phone and proceeding through a crowd of people, these cyber pickpockets could potentially grab countless credit card numbers and expiration dates without so much as touching their victims.

And although such an app wouldn’t be able to lift CVV2 numbers—making most online purchases impossible—the theft of a credit card number and an expiration date would still place victims at significant risk.

With that in mind, what do you think of mobile “wallet” technology? Is it worth the risk, or do you still prefer an old-fashioned wallet?