Mobile Wallet Technology Raises Privacy, Security Concerns

Your smartphone already serves as a portable office, media player, newspaper, GPS, camera and social network hub. Now it can replace your wallet, too.

Imagine: No more fumbling for credit cards or digging through your pockets for loose change. The technology already exists to let you buy a grande soy latte through your phone, simply by saying your name out loud at the register.

As the number of neighborhood bank branches dwindles, Americans increasingly use their mobile phones to manage money and shop. Payments made via mobile devices in the United States are expected to total $90 billion by 2017, a big jump from the $12.8 billion spent in 2012, according to Forrester, a research and advisory firm in Cambridge, Mass.

Privacy advocates worry that the emergence of “mobile wallet” technology will leave consumers more vulnerable than ever to identity theft and invasive data collection.

“All of a sudden, the mobile phone is about to be transformed beyond a spy in your pocket to your bank, your mortgage lender and your landlord,” said Jeffrey Chester, the executive director of the nonprofit Center for Digital Democracy in Washington. “In a way, it’s kind of a privacy tipping point, because one single device knows wherever you go, your geographic history, your social media connections and your financial behaviors.”

One of the most popular mobile payment systems, Square, enables sellers to accept credit cards through a small device attached to a cellphone or tablet.

Consumers who install the “Square Wallet” app on their phones can pay for an item at participating businesses like Starbucks without ever having to pull out their wallets – or even their phones. Instead, they can just say their names to pay. A photo and the name of the customer pops up at the register, and the cashier taps the picture to authorize the sale, automatically charging the customer’s account.

Walla.by, a cloud-based wallet app, allows consumers who input their credit card information to see which card will get them the most rewards or cash back for each purchase. The app also helps consumers take advantage of special offers from banks and merchants.

PayPal, Google and other companies offer similar digital wallets.

Such technologies offer convenience and real-time deals to consumers, while allowing companies to better track customer behavior and test marketing strategies. Mobile payments are already widely used in many developing countries, where cash is scarce and the technology allows people to transfer money safely over long distances, avoiding theft and bribes.

But in the United States, the Federal Trade Commission warned in a report this month that these low-cost or no-cost mobile technologies come with hidden costs and risks.

Advertisers, retailers, operating system manufactures and app developers can use the data collected from mobile devices to build more comprehensive consumer profiles, including shoppers’ personal contact information, details of their purchases and their physical locations, the report said.

For now, consumer protections for mobile payments aren’t really on policymakers’ agendas, said Chris Jay Hoofnagle, director of information privacy programs at the Berkeley Center for Law & Technology at the University of California, Berkeley.

“The FTC knows about these problems and it has written about them, but we’re very early in this process and these types of data transfers are not noticeable to the consumer, so one question is, ‘Will the consumer ever object?’” he said.

“Going to mobile payments – unless rules are put in place – will be zero privacy,” he said.

Safety Tips

Some common-sense safety tips for using mobile payment technology:

• Protect your smartphone the same way you would protect your laptop computer or your real wallet. In other words, don’t leave it on top of a restaurant table where somebody might run off with it.
• If you do use mobile payment technologies, link a credit card rather than a debit card because legal protections are much stronger for credit cards. Never link directly to your checking account.
• Set password protection for unlocking your phone and a second password for any payment apps.
• If a phone is stolen, let your mobile carrier know immediately so the phone and all apps on it can be disabled.