Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mobile payment security under scrutiny

Sarah Putt | April 11, 2013
Paying for goods using your smartphone is closer to becoming a reality, but how secure is it?

" The PayPass card never leaves your hand when you make a payment. It means you are in absolute control;

" There are no accidental payments -- your card must be tapped against the reader at the checkout to work;

" You also don't need to worry about being billed twice. Even if you tap more than once at the checkout, you'll only get billed once for the purchase;

" And MasterCard's Zero Liability protection means cardholders are covered from the costs of unauthorised transactions.

But NFC and contactless payment technology also removes the mental barrier to spending money, Gutmann says.

"Academic studies have shown that the physical act of signing your name to something, for example when you write a cheque, provides a significant psychological barrier to overcome when spending money."

This is slowly being eroded by the move to, first PIN numbers in cards, and now the ubiquitous forms of contactless payment. Gutmann says that even having the cash in your pocket -- in notes and coins -- is a physical representation of the amount consumers have and so makes them hesitate to spend it.

The banks counter this by setting a nominal limit for contactless payments, and a transaction over this amount requires a PIN number. For the MasterCard PayPass card, the limit is set at $80.

In addition to being an expert in cyptography and security, Gutmann has a background in cognitive psychology. This combination of academic disciplines has prompted him to write a book -- the manuscript is currently with his publishers -- that examines the way systems are designed, not for ordinary users, but for the people that create them.

"Geeks have this nasty habit of designing technology which is really cool and works for them, but doesn't work for anyone else," Gutmann says.

He is also part of an international judging panel for a competition to develop a new password hash algorithm which would make it more difficult for hackers to break.

The intention is to raise the standard of password encryption in e-commerce. Gutmann says the reality is that passwords are inherently insecure, but they remain the best defence against hackers.

"To paraphrase Churchill [who was speaking about democracy as a form of government]: 'passwords are the worst form of authentication, except for all the others.'" Entries to the Password Hacking Competition (see www.password-hashing.net) close on January 31, 2014.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.