Researchers warn that even though companies that offer virtual wallets for mobile phones are putting great efforts into ensuring that they’re secure, there are still some flaws that make these money bags a tempting target for thieves.
McAfee’ Mobile Security Researcher Jimmy Shah informs that organizations have rushed to fix weaknesses whenever they were notified by security researchers, but mobile payment software and near-field communications (NFC)-enabled devices are still of interest to cybercrooks.
“As mobile phones allow us to carry our money in an electronic ‘wallet,’ they will also become a greater target for crooks. Picking a pocket is a risky endeavor for thieves, but it will be much less so if all they need to do is bump into their victims or brush by them with a mobile phone,” Shah wrote.
It’s well known that Google fixed the vulnerabilities that affected the Wallet and even Square added encryption mechanisms to its latest versions of mobile credit card readers, but there are some experts, such as Adam Laurie, who can’t wait to get their hands on a new device and try to crack it.
Laurie is known for finding security holes in places that should have an airtight security, such as PIN and chip cards, safes in hotel rooms, and even RDIF passports, so it’s no wonder he’s eager to take a shot at the new Square readers.
The latest issue regarding mobile payment technology refers to Visa contactless credit cards. Chanel 4 News, in collaboration with viaForensics, demonstrated that these types of cards transmit the information to the reader in an unencrypted form, allowing anyone with a mobile card reader to swipe data from them.
Visa argued that the unencrypted data only consist of credit card number, expiration date, and cardholder name, but as the researchers demonstrated, these details are more than enough to make purchases on hundreds of sites, including Amazon.