DUBAI: Smartphone manufacturers looking to create devices with contactless payments capabilities will need to ramp up their security measures, according to an industry expert.
Last week, tech giant Apple announced that it will launch Apple Pay, a contactless mobile payments service, in the US next month. It will support credit and debit cards from Visa, MasterCard and American Express. The payments service is expected to be rolled out in international markets next year.
In order to boost security, smartphone manufacturers will need to add more layers of identification, according to Eric Paulak, managing vice president of infrastructure protection at Gartner, an information technology research and advisory firm. Also, they will need to create a way of for the device to be near a reader so that the signal will less likely be intercepted.
“What Apple and others need to do more in the future is not just rely on user ID and password, they need to have other layers of identification capabilities. On iPhone products, you can enable the fingerprint scanner. And that’s what they’re planning on doing is pushing the fingerprint scanner,” he said, on the sidelines of the Gartner Security and Risk Management Summit.
Apple has said that Apple Pay is secure because card numbers will not be stored on the device, nor on Apple’s servers.
The payments service uses near-field communication (NFC) technology, which transmits a radio signal between the iPhone or Apple Watch and a receiver.
Paulak expects that after Apple Pay is rolled out, “Apple is going to be under attack like it’s never been under attack before.”
“But the way Apple has run iOS is they have built security into the system,” he added.
Apple has said that it will boost security measures to keep hackers away after the recent hacking of celebrities’ naked photos. It will inform users through email and push notifications when a device logs into an account for the first time, or when someone attempts to change the password of an account, and restore iCloud data to a new device, the Wall Street Journal reported.
“Through social engineering, [the hackers] were able to figure out what these end-users’ email accounts were, and through very good guesses, they were able to find what those passwords are,” Paulak said.
