New payment methods create new security issues

Today’s consumers want their smartphones to do everything. Electronic payments are no exception. But while online payments are nothing new (PayPal was founded in 1998), there’s an increasing clamor for (what else?) smartphone digital payment systems. As digital payments move into the mobile realm, new business models have appeared -- as well as new security concerns.
Every bank wants to get in on the action with their own paperless person-to-person payment system. PNC kicked off the trend in January 2010. This was the first major bank to allow customers to send money without revealing sensitive data like routing and account numbers. Rather, the system worked in a similar manner to PayPal; A customer’s information was based on their email address or phone number.

Barclays mobile app represents a tipping point in the field. Their Pingit lets customers in the UK send money to anyone with a current British phone number. One need not even bank with Barclays to use the app, making this a potentially serious contender to the PayPal throne if it ever breaks out of the United Kingdom.

Square offers perhaps the most ingenious business model to come down the electronic payment pike. The company offers a free mobile phone attachment for taking credit card payments. Users then pay a small fee (2.75 percent) on every transaction made through the payment system. This effectively allows anyone to take a credit card payment via their mobile phone.

Of course, with any new technology, new security and privacy concerns crop up. Geode, a digital wallet from iCache attempts to address one concern: What happens when your mobile phone is stolen and used for authorized payments? Not a problem if you have Geode: It’s impossible to make a payment without authorizing it with your fingerprint. Yet another technology that started in the realm of science fiction has moved to the world we live in. What’s more, this makes digital payments made via mobile phone even more secure than those used with a traditional plastic credit card. Anyone can steal one of those, but literally no one can steal your Geode. At least not if they want to actually do anything with it.

But one digital payment security issue has to be addressed and is rarely ever thought about. Technology now exits that allows would-be identity thieves to steal your information through cloning. You might have heard of people having their financial information stolen by card swipers, physical devices that take all the information from your credit card when you swipe it at the gas pump, for example, and make a copy of it. Technology has now progressed to the point where a thief can do this merely by walking by you.

Such technology is currently utilized by police departments, though obviously not for the purposes of identity theft. Even when used by proper legal authorities, this technology (known as an “extraction device”) is highly controversial. As with any technology, it’s only a matter of time until it falls into the wrong hands and is used for even more nefarious purposes.

In general, in the world of innovation, the new consumer technologies tend to come first and the security measures come second. This is understandable: What purpose is there in creating security measures for technology that doesn’t exist yet or isn’t yet in wide use?

However, one way that the market provides solutions is by seeing these demands and meeting them. Just because there isn’t currently a perfect security system in place doesn’t mean that there won’t be one, and soon. All it will take is a couple of mainstream media stories about extraction device horror stories and you can bet that private companies will rush to find a solution -- for a nominal fee, of course.