The Credit Union National Association has released the results of a new survey that show mobile payments are gaining ground in the U.S. Mobile payments have been growing more popular among consumers for the past few years, but exactly how popular this new form of commerce has become is an oft debated topic. Many people favor the convenience associated with mobile payments, but have concerns regarding the safety of their financial information. The new survey aims to shed some light on the issue.
More than half of smartphone users participate in mobile commerce
According to the survey, more than half of smartphone users in the U.S. have made mobile payments. The survey defines mobile payments as any transaction made with a mobile device and shows that the majority of people making mobile payments praise the convenience of being able to purchase products from their smartphones. The majority of those making mobile payments spend more than $30 on average per purchase, suggesting that people are more willing to spend money when participating in mobile commerce.
Security remains a top concern for many consumers
Security remains a major concern for those interested in mobile payments. Some 77% of respondents claimed that the security of their financial information was a top priority. Security concerns often determine whether a person will make a mobile payment or not and the survey suggests that most consumers tend to be cautions when it comes to spending money through a mobile device.
Consumers expected to grow more interested in mobile payments over time
Despite the concerns surrounding mobile commerce security, more consumers are showing an interest in shopping online. The availability of mobile Internet access has made it easier for consumers to shop online using the smartphones and tablets, thereby exposing them to mobile commerce initiatives coming from retailers and other businesses. Consumers are expected to continue growing more fond of mobile payments as better services become available to them, especially if these services can help placate fears regarding security.
A new opportunity for attackers to gain access to smartphone apps from these networks has been discovered.
This week, mobile security experts demonstrated an example of the discovery that was recently made that allows a very simple attack to be made which exploits a code vulnerability in Apple iOS applications.
This vulnerability gives attackers the ability to persistently alter server URLs from which the data is loaded to the apps.
This means that the attacker will be able to change the URL from which the iOS application is loading its data, presenting a massive mobile security threat. This is particularly unpleasant as the victim will not know when it is happening nor that it has occurred. It means that the attacker could invisibly use the data to be able to load malicious links or to insert false news regarding market movements into a news application.
The makers of the applications were not notified of the mobile security threat ahead of the announcement to the public.
The mobile security threat was identified by Skycure and it has, in the past, already notified app makers of this type of threat’s existence. Typically, the developers are provided with this knowledge ahead of the public announcement. However, in this circumstance, they stated that it was not possible for them to wait to notify developers before making this information public. They felt that because the vulnerability was present in hundreds of different apps – including stock management applications – it was important for people to be notified as soon as possible, without waiting to tell the app makers, first.
Skycure, a mobile security expert firm, declined to provide the names of the specific apps that were tested positive for the threat. The reason was that they didn’t want to provide this information to potential attackers who could exploit this knowledge before a solution to the issue could be found. The company’s chief technology officer, Yair Amit, said that “The vulnerability affects so many apps that it’s virtually impossible to alert app makers.” The researchers from the company also assembled a short video to demonstrate how an app could be manipulated by an attacker.
