Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unresolved Issues Swirl Around Securing Mobile Payments

Posted by samzenpus on from the at-your-own-risk dept.

CowboyRobot writes "While many mobile payments startups are using both traditional and nontraditional authentication methods, regulatory uncertainty still exists around liability for fraud attacks on customers using mobile payments. Although there haven't been any public attacks from fraudsters on alternative mobile payments providers such as Square, LevelUp or Dwolla, anecdotal stories are already circulating among security experts and regulators of such attacks. One thing that still has to be worked out in this area is regulatory oversight. 'The regulators are not yet clear who owns the regulatory oversight for these environments. These technologies tend to fall through the cracks even in terms of card-present or card-not-present.'"

2 of 44 comments (clear)

  1. Phones by girlintraining · · Score: 3, Informative

    Phones aren't secure because most people don't put a password on them, and any app you run for mobile payments on top of that can be hacked, since once you have physical access to the phone, you're pretty well doomed.

    Just stick with the damn cards. If you lose it, your bank will send you a free replacement, and it's instantly disabled. The same cannot be said for access to your accounts with your phone, for which you will not receive a free replacement, and you may have to close your account since unlike a card, your login, password, social security number, date of birth, access to e-mail account, oh... and probably the phone number the bank would call you back at to verify your identity... are now all in the hands of the criminal.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Phones by stephanruby · · Score: 4, Informative

      Just stick with the damn cards. If you lose it, your bank will send you a free replacement, and it's instantly disabled.

      So this won't affect Square at all. Square is for accepting payments, by sliding a card through it.

      The same goes for LevelUP, LevelUP is the equivalent of keeping a photocopy of your credit card (both front and back) in your wallet. You lose your wallet, you've obviously lost your card.

      The only example where things get dicy is this Dwolla payment solution. Dwolla is for account to account transactions (without going through Visa or Mastercard). It's a lot cheaper because of this, but then, you don't have any of the traditional protections for fraud (unless they're spelled out separately specifically in their terms of use, which honestly, I haven't even bothered to read).