Could a Hacker Steal Your Money Using One of Your Mobile Apps?
by Gary Foreman
|Could a Hacker Steal Your Money Using One of Your Mobile Apps?|
According to Statista, there are over 1.6 million phone apps available for users. And billions of dollars are moved using these apps. But anywhere there's money, there's also likely to be bad guys trying to take it from you. That's true in the online world, too. To help us understand the problem and whether it's serious, we spoke with Shaun Murphy. Mr. Murphy is CEO of PrivateGiant.
Q: Roughly how much money is moved via mobile phone apps?
Mr. Murphy: Forester Research published some research last November saying we're sitting south of $60 billion in mobile payments now and will grow to $142b by 2019. With Apple, Google, and Samsung all throwing the needed technology into their top phones, this is easy to believe. source
Q: What exactly happens when we move money using a cell phone app?
Mr. Murphy: Not all mobile payment apps are created equal!
Apple Pay, for example, has a very sophisticated process (tokenization) that generates a per-transaction secure code that the retailer uses to charge you instead of your bank or credit card account number that could be (and commonly is) copied and used fraudulently around the world. This process takes place on your phone so there isn't a threat of a remote attacker stealing your account information (that we know of!).
Google Wallet (soon to be replaced with Android Pay) was interesting. Google was basically a purchasing proxy for you. You would put money in (or link accounts), and when you purchased something, Google would purchase it on your behalf and charge you the same amount. Privacy advocates (me) obviously didn't like this approach since your credit cards (and other accounts lived on Google's servers and they were directly involved in every transaction you would make). No hiding from Google!
Android Pay takes the same tokenization approach found in the Apple Pay offering so I'm excited to see how this works as phone carriers roll it out later this year.
There are several payment apps that have shot up recently that allow you to split restaurant bills and purchase things from retailers with loyalty benefits, etc. All you have to do is link your checking account or put in your debit card! This is a bad idea. If fraud happens, you have to email, tweet, etc. to the app developer meanwhile your rent check or car payment has bounced and fees are piling up. Credit cards insulate you a bit, but most of those apps charge you a per-transaction fee to use them! Scary.
Q: How secure is our private data when we use a mobile phone app to pay a bill or transfer money?
Mr. Murphy: This could range from very secure (tokenization) to nightmare (giving your checking account to an app). It all boils down to the technology in use and the terms of service. Anytime you have an entity in the middle of a transaction there's an opportunity for data collection. More often than not, that data is very valuable to the company (and to hackers!).
Q: Can a thief get enough information from an app to withdraw money from your account?
Mr. Murphy: Apple pay claims to have a very strong and hardware-based protection of your account details. The apple watch can also access the information so there might be an attack vector there, but it would not be easy. Any other app that stores your account information on their servers, in the cloud, puts you at significant risk. source
Q: I understand that you're working on a solution to the problem. What elements are necessary for that solution to be useful to the average consumer?
Mr. Murphy: I think technology startups have been so fast to get out the next disruptive thing that privacy and security takes a back seat. It's not easy to build a secure service, but it is easy to build a beautiful/appealing capability that makes lives easier and more convenient.
I believe all three elements need to be in place for any service, financial or not. Provide an easy and convenient service where only the necessary parties have access to the needed data. Communication and information sharing is the first problem I'm tackling. When a group of people are sending information back and forth, only those parties should be able to read and use that information, not my company, employees, advertisers, and not me. We're seeing the damage caused by the Ashley Madison hack (Slack before that, and so on and so on) and it's proving that app/service providers should not have access to information we create and share with other people. It's not a matter of if you'll get hacked; chances are that you already have been.
Q: Are there any warning signs that your information isn't private anymore?
Mr. Murphy: Consider terms of services that are 100 pages long and companies that offer free apps and services that are worth billions of dollars. Things that don't treat you as a customer will treat you as a product to be sold. There is a lot of money revolving around. People know everything about you and everyone you know and our lives are increasingly becoming dependent on our online resources.
Q: Tell us a little about PrivateGiant.
Mr. Murphy: I've been in the communication space for over 20 years now and a good portion of that was developing very strong and secure systems for big businesses and government. A few years ago, I saw just how much damage was being done by the tech giants from reading our emails to getting hacked and exposing personal details on millions of people. I knew I had to take my talents to the masses.
PrivateGiant is a different tech company. We want to help people. We want to educate them on how to stay safe and provide solutions to the problems that are out there while still maintaining the fun and convenience we all expect from online stuff. We have a different take on security than most experts. We think you should be free to use social media and not have to have 20 character passwords. Instead, companies should be held to a higher standard to protect the data the users entrust with them.
So at our core, PrivateGiant is all about privacy and security, but when we release our upcoming products and services, you won't be burdened by all of the top secret mumbo jumbo, just the peace of mind that while you and your friends, colleagues, and family communicate and share. It's only you that can read that information.
Shaun Murphy is one of the nation's leading experts in communication security with over 20 years of experience in the industry. Shaun worked as a subject matter expert on high-level government communications software and hardware systems for numerous agencies. Now, Shaun has dedicated his life to developing technology solutions for the average consumer. His mission is to create a protected communications platform in a world where privacy has almost ceased to exist. Shaun earned his Bachelors of Science in Computer Engineering from the University of Central Florida. He also holds a Masters of Computer Science from Florida Tec with a concentration in pattern recognition and machine learning in communication systems.
Take the Next Step:
- Join those who 'live better...for less' - Subscribe to The Dollar Stretcher newsletter, a weekly look at how to stretch both your day and your dollar! Subscribers get a copy of our ebook Little Luxuries: 130 Ways to Live Better...For Less for FREE!
Share your thoughts about this article with the editor.