Posted by: abelapolo
« on: 30. December 2016., 17:31:23 »
As we go cashless, few can afford to be bystanders in the mobile digital payments era. But is it safe?
Since the demonetisation move herded India’s unsuspecting citizens into the digital payments territory, worries over the safety of mobile wallets and shopping apps have bubbled to the surface.
So, are they or aren’t they? Secure, that is. If one were to demand a simple yes or no answer, then one would have to say no. Think of just some of the companies that have been hacked or whose data has been breached just this year: Yahoo, LinkedIn, Dropbox, Snapchat, Cisco, Verizon... to quote a list from IdentifyForce. And that’s not even to mention many government agencies in various countries including the United States. We have to accept that as things stand right now, nothing can be considered hack-proof or safe from malicious intent, whether it’s on your computer, online or on the mobile phone.
Not so simple
But there are levels and layers of security and not all are easy to break into. So the not-so-simple answer would be: your mobile phone is relatively secure. But, phone makers, companies and users all have to work together to make sure whatever security measures exist are being deployed rather than opt out of all online and digital payments and information because after all, that’s the direction the world is headed in as cashless-ness becomes the norm. In fact, there’s no escape for those who are planning on being bystanders to the digital economy as the government, just this week, has reached out to tech companies, through NASSCOM, propelling them to reach out to underserved sectors of society and train them on going cashless.
Not just one measure
It isn’t one measure alone that will secure e-wallets and apps. It’s a multitude of them. That is what chipmaker Qualcomm pointed out recently, ruffling rather a lot of startup feathers in the process, because of the implication that e-wallets were not safe. And there are so many of them now, it would seem a new one is launched every week. We tend to think of our mobile phones as vulnerable because someone can steal them or get in when the phone screen is unlocked for a short while and access open apps.
Passwords, patterns, fingerprints, iris scans etc are beginning to work well enough to make it difficult to access what’s on the phone. But this last mile access isn't the only threat to the information on or through a mobile device. An entity, in the form of an app or a virus, could be sitting on your mobile phone. You may have downloaded a cloned app from the Play Store, for instance. Your fingerprint and iris scan may be some of the safest ways to secure your device, but if a piece of malware can grab it from inside your phone, there's little point to using it.
Start at the chip
SY Chowdhary, Senior Director, Product Management, Qualcomm, said that wallets and banking apps needed to use hardware level security built in at the chipset level to be significantly more secure. He said the company was reaching out to app makers, specifically wallets and banking apps, antivirus company Avast, and phone makers so that they could come together and ensure security was threaded through today’s smartphones and apps. Relying on pins and passwords isn’t nearly enough, according to Chowdhary, who explains that Qualcomm's secure execution environment would act like a firewall, repelling any intrusions from the hardware up. Chowdhary also proposed a sort of device health token that, when all was working as it should, would signal the security level present on a phone. Users should know what each app is doing as well. Recently, BlackBerry, on its DTEK50 and DTEK60 phones, gave users granular control over the access that each app is given on the device, allowing them to revoke certain permissions.
Digital and offline
In all of the controversy over whether wallets are safe enough, a startup called PaySe has an interesting hybrid solution that’s digital, yet offline. Ashutosh Pande, Founder and Chief Innovation Officer at PaySe describes his company’s offerings as a hardware wallet. It’s the size of a metro card which can be loaded with money at various outlets and be swiped at vendors who have accepted the service. A second card is a thick credit card like device which can be used to send and receive money. The list of vendors needs to be increased, of course, to increase PaySe’s coverage, which wants to target people who need to make digital payments and don't even own a mobile phone.
In the coming months, we’re certain to hear more steps being taken to enhance the security of mobile wallets,banking apps and shoppings apps as 'real' money gets more scarce.