Google Wallet Cracked: What this means for mobile payments
Few people dispute that the age of plastic and cash as a primary means of payment is coming to an end. Although, researchers have just revealed that the Google Wallet PIN could be compromised under the right set of circumstances which could be viewed as a setback (Researcher Cracks Google Wallet PIN).
The article highlights that developers are not applying secure development lifecycle practices in mobile app production, or to put it another away “security is an afterthought”. So what does this mean for the Google Wallet and mobile payments?
In a world where business goals are defined primarily by revenue, earnings, and customer acquisition it’s no wonder that companies focus more on proving the success of a business model than eliminating potential vulnerabilities. After all, what’s there to protect if you don’t even have a viable business in the first place.
Each year, the number of breaches and levels of sophistication of each attack continues to grow, whilst almost all industries continue to opt for a reactive “ramp-up-after-product launch” approach to dealing with these issues – often only after mandated by externally applied compliance and regulation. Only years after the Payment Card Industry Data Security Standards (PCI DSS) came into effect did we see protection by retailers and payment processors eventually take place.
Take Zappos a few weeks back for example, where regulatory compliance both succeeded and failed. They were successful in that customer credit card information was not compromised thanks to PCI. The failure is that other sensitive customer information (name, physical address, email, etc.) was compromised which is arguably a bigger concern when it comes to identity theft. Fortunately breach disclosure laws require that organizations report that customer information has been lost if it has not been properly protected otherwise we’d be hearing about far fewer breaches.
The recurring theme is that security best practices were applied only when proactively mandated. Even with breach disclosure laws and the associated costs such as credit monitoring, card re-issuance, impact on shareholders, brand damage, etc. many companies choose to do the bare minimum in terms of security until a breach actually occurs.
In a time where many disruptive technologies such as cloud, mobile, and social media are coming into play and there really are fewer barriers to the flow of information, security is becoming much more relevant and the mind-set is finally shifting. Going forward companies can no longer afford to roll the dice in the hope that they can learn from another company’s misfortune. Companies that hold customer data are responsible for proactively protecting that information and will be held much more accountable if they don’t – by regulatory authorities and by the customer.
Back to the Google Wallet, every new technology has bumps in the road and Google already have a fix in place. Companies like Google that are able to respond quickly will continue to remain key players in the fast maturing mobile payment ecosystem.
Data security is an evolving, Darwinian, landscape where hackers and criminals are the inevitable virus within functioning to winnow the ill-designed and the ill-prepared. It is virtually impossible to be able to anticipate every threat that may be on the horizon. Companies poised for success already have coverage for known threats and have solid incident response plans for everything else.
Mobile payments will continue its high growth trajectory as the utility and benefits to the customer are so great. The question isn’t around how quickly mobile payments will become main stream, it is which companies, platforms and apps will make it into the customer’s winners circle.
The age of mobile payments is finally here and it will be companies like Movenbank with the most complete offering of rich and relevant functionality, usability and of course – security best practice, that will have the cachet and coolness factor envied by so many today.
by Derek Tumulak
Derek Tumulak is an advisor to Movenbank on security and broader technology matters. He has over 15 years of experience in the technology industry with an extensive background in virtualization and cloud computing, enterprise security, payment systems, and Internet messaging. Derek was most recently with SafeNet as Vice President of Product Management, responsible for commercial data security products. He joined SafeNet through the acquisition of Ingrian Networks where he was Vice President of Product Management and Engineering. Derek’s experience also includes engineering and leadership roles at E-Stamp and Netscape Communications.