Kaspersky Labs’ David Emm tells TechWeekEurope that the security threat to mobile payments is still in its infancy – but hackers are learning
With mobile payments becoming an increasingly influential area in commerce and the technology industry as a whole, many people are wondering just how secure the systems processing their transactions can be.
To investigate, TechWeekEurope spoke to David Emm, principal security researcher at Kaspersky Labs, to find out what the current state of the market is and if consumers need to be wary.
Emm says that although Kaspersky has seen “an exponential growth” in mobile malware over the past four years, particularly in banking Trojans targeting mobile devices over the last 18 months, the security threat to mobile payments appears for the moment to be fairly minimal.
“Consumers aren’t facing the same level of risk as we would be if they were using their traditional laptops or Windows-based device,” says Emm, who described the threat as “still in its infancy”.
This is mainly due to good preparation by banks and money transfer services, Emm says. Due to already having an existing system for processing payments online thanks to their existing websites, banks are able to use this expertise to develop mobile solutions which can hopefully keep their customers safe.
“It’s pretty clear over the past few years that the banks have an awareness of the potential risk (of conducting payments via mobile apps),” Emm adds, as the companies have funnelled lots of resources in how to detect and protect from possible threats.
However Emm, whose company has an existing tie-in with Barclays bank, does warn that these systems are far from bulletproof. A common tactic used by hackers is using phishing Trojans to disguise their attacks – sending out emails purporting to be from a banking app or a service like Google Play, but in reality containing a harmful link.
“We’re starting to see a more rounded approach from attackers,” he says, “which is closer to what has become mainstream on desktops and laptops.”
Like many in the industry, Emm sees Apple Pay as being a key catalyst to the widespread acceptance of mobile payment technology in the UK.
But it is in the US where he sees the main impact of the Apple Pay. Due to the lack of Chip & PIN services in the market, the service could be “a step up in security.”
“Effectively, they’re getting Chip & PIN as well, which they don’t get with traditional credit cards,” he says. “A lot will depend on specific implementations, but I do think that the introduction will do a lot to make (mobile payments) a more mainstream thing.”
Safe and secure
So what can consumers do in order to stay safe whilst making mobile payments? Emm (pictured right) recommends a few key actions, chief of which is simply securing your mobile device, which can all too often be easily lost or stolen. A simple passcode or fingerprint scan can ensure no-one else is able to access your device and the personal data within.
Users also need to ensure they are aware what apps remain active on their device. Social media apps such as Facebook, which have increasingly embraced mobile payment services for micro-transactions for games and apps, often remain permanently logged in on many phones, meaning a hacker gaining access to this could easily uncover payment and account information.
Lastly, Emm says that if people are going to start using their mobile devices for more and more services, there needs to be a psychological change as well.
“The psychology of using a mobile device is different to using a traditional computer,” he says, noting that users expect a laptop or desktop to come with security precautions installed.
Thanks to all the innovative services on a modern phone, users just often forget that their device is in effect a sophisticated computing device, and think of it just as a phone.
To combat this, users should install a security product onto their smartphone or tablet (as they would do to their home computer) and ensure they don’t take any risks by connecting to unsecured Wi-Fi networks or access potentially harmful sites or apps.
“Mobile is great,” Emm concludes, “and by all means use it to do your work, check your emails, or whatever it is, but if you are accessing confidential information, stick to a trusted network.”
All clued up on mobile payments? Try our quiz!