Now that AT&T and Verizon have decided to turn smartphones into credit cards, you may be asking yourself, "Is this really a good idea?"
After all, it's not hard to imagine some wily thief picking up the BlackBerry you left at a restaurant and going on a major shopping spree. How, exactly, do the carriers and device manufacturers plan to make smartphones safe to be used on a mass-market level for financial transactions?
The answer is that consumers will have to start adopting practices and applications that have traditionally been used by corporate users. While credit card transactions will undoubtedly be encrypted before being sent over networks, that won't prevent someone from taking your phone and using it as his own credit card, or from hacking into your phone using malicious applications. In other words, the phone itself will have to be just as secure as the software used to complete credit card transactions.
"The integrity of a transaction is only as good as the device itself," says Dan Hoffman, the CTO of SMobile. "You have to look at mobile devices in the same way you look at PCs."
For starters, smartphone credit card users are going to have to install some form of remote-wipe application that will let them erase any and all data on their smartphone if they ever lose it.
Although remote-wipe capabilities have been staples of Research in Motion's BlackBerry devices for years, they've only recently come to more popular consumer devices such as the Apple iPhone and devices based on Google's open source Android operating system. In addition to remote wipe, users should subscribe to some sort of mobile backup service so they can retrieve their data to a new device after wiping out data from their old device.
But remote wipe and data backup capabilities are only part of the story. In an era where users can unwittingly download applications riddled with malware and viruses on their smartphones, they will have to be much more active in protecting themselves from malicious apps.
"With the proliferation of applications out there right now it's difficult to sort out what apps are safe," says McAfee CTO George Kurtz. "Among other things, we're concerned about malicious apps that will be downloaded onto smartphone platforms that can sniff out credit card information and use those credentials to commit fraud."
To prevent this, users need to not only take care in the types of apps they download onto their phones but to also install antivirus, antimalware and firewall programs onto their devices. Khoi Nguyen, the group product manager for the Mobile Security Group at Symantec, says that companies that run and manage application stores might also have to step up their games to ensure they aren't inadvertently selling applications that will spread malware to their users. So while he says he admires the success of Google's user-policed Android Market application store, he thinks Google might have to start taking more of a direct role in ensuring that applications on the store are safe, particularly in an era when more people will be using Android-based devices as personal credit cards.