Slideshow 7 Security Snafus in Mobile Payments

Published
  • January 17 2014, 3:40pm EST
8 Images Total

As with any new technology, mobile wallets must earn the trust of the consumers and merchants who would use them. Many mobile payment apps may attempt to beef up security with password and PIN protection, but a few have had their security scrutinized very publicly. (Image: ShutterStock)

Starbucks (1 of 2)

The Starbucks app this month received a security update after a researcher disclosed that the app stored passwords in plain text instead of encrypting them. This might have made the passwords accessible to a hacker with physical access to the user's phone. (Image: Bloomberg News)

Content Continues Below


Starbucks (2 of 2)

The Starbucks app faced another security issue earlier in its life. A user decided to make his account information public so that anyone could load or spend funds, and even created a program to broadcast the account's balance over Twitter. Starbucks was originally supportive, but soon shut down the account out of security concerns. (Image: Bloomberg News)

Google Wallet (1 of 2)

Shortly after Google introduced its mobile wallet, security researchers discovered that on a "rooted" phone (one that has been modified to run unauthorized software), a hacker could obtain the user's name, credit card balance, limits, expiration dates and transaction history. The full credit card number was still protected. (Image: Bloomberg News)

Google Wallet (2 of 2)

A more straightforward bug in Google Wallet allowed users to bypass the PIN protection on the virtual Google prepaid card by simply resetting the account (deleting the PIN in the process). Google quickly fixed the issue, and it eventually discontinued its virtual prepaid account altogether. (Image: Bloomberg News)

Content Continues Below


Apple's Password Policy

Apple recently entered a settlement with the Federal Trade Commission over how the iPhone maker handled payments for mobile apps. Apple's earlier policy allowed continued purchases for a period of time after the user typed a password. This led to multiple complaints from parents whose kids were able to spend huge sums of money inside mobile games. (Image: Bloomberg News)

Square as a Skimmer

As the audience grew for Square's mobile card reader, incumbent terminal maker VeriFone went on the attack. VeriFone posted a website claiming that Square's card reader could be repurposed as a card skimmer and used for fraud. Square called those concerns overblown, and it soon started talking openly about its plans to improve security through encryption. (Image: Square)

Bitcoin Wallets on Android

Several Bitcoin wallet apps had to issue updates in August 2013 after discovering an issue in the Android operating system's method for generating random numbers, which are used for cryptography. (Image: ShutterStock)