AH Tech Talk: Android And Apple Pay May Be More Fundamentally Security Prone Than Anyone Imagined

March 4, 2015 - Written By John Anon

Over the past few weeks, there has been a lot of interest and news regarding mobile payments. It seems manufacturers are very much keen to jump on board the idea of mobile payment processing. With Samsung recently announced their acquisition of LoopPay and Google trying to reestablish a foothold in the market, with a rumored re-envisioned version of Android Pay, which is expected to be unveiled at this years I/O event. It seems android, in general, is having a bit of a crisis in trying to decide in which direction the platform should collectively move towards. That is if they should be ‘collectively’ moving at all. With Samsung, Google and whoever else decides to try their hand at independent mobile payments, android as a payment entity will become more fragmented.

It seems this lack of direction is resulting in a lot of unknowns for android users. While in contrast, iOS users have already seen their equivalent mobile payment solution, Apple Pay, launching quite successfully. Consumers, banks and retailers all seem to be jumping onboard at quite a steady rate and one which will further highlight an immediate advantage for Apple over any android alternative. That said, a recent report (source link below) has highlighted that Apple Pay has become the latest to fall foul of identity fraud. Interestingly and in spite of the protection one would expect from a mobile payment platform, criminals have come to understand a rather easy workaround. Instead of trying to break Apple’s fingerprint technology, the criminals simply set up a device in the victim’s stolen identity and then contact their bank to verify the device and ‘beam’ over the financial credentials needed to use Apple Pay. Ironically, it seems the criminals are reported to then be often using the devices to purchase Apple goods from Apple stores. This is largely because Apple stores readily take Apple Pay while also offer high-priced goods, which are then easy to turn around again.

It seems the folks behind Apple Pay had not anticipated the type of vulnerability that is being taken advantage of, which highlights an interesting problem (and potential proposition) for android alternatives. Safety, security and protection of identity are going to be paramount to these platforms taking form and securing their place in the market. First off, not only does the android alternatives need to make sure they offer a viable and implementable competitor to Apple Pay, but if they can do so by also making one which does not fall foul in the same way as Apple Pay seems to have, then they might have a good chance of securing their position in the market. Of course, with android being as open as it is, this might actually prove more difficult than first thought.

Either way, android or Apple, it seems mobile payment solutions might not be as criminal-proof as we might have all been led to believe. If criminals can simply hijack the device to begin with, then what is the point of the fingerprint technology or other on-device security features? In the end, reports like this emerging are only likely to further reinforce consumer’s concerns about how safe the platform is to begin with. Regardless of who is winning the mobile payment race between android and apple, both will suffer if consumers do not have faith in the system at a fundamental level. After all, it seems it was the fundamental level in which criminals found the loophole to start with. Do you have faith in the system as it is? Do you think mobile payments can ever be truly safe? Let us know.