Skip to main content

Paying with Smartwatches

Wednesday, 29 Apr 2015

Information Age

Information systems and technology associate professor Katina Michael is worried about paying with wearables and other emerging contactless devices.

The University of Wollongong academic voiced her concerns at FST Media's recent Future of Security in Financial Services Summit.

Michael said "lax security" of some contactless payment methods, for example, made it easier for juveniles to swipe $100 "from a parent's card without their knowledge."

Even when a second factor for authentication was introduced, it did not mask the underlying weakness of these newer platforms, she said.

"What are we doing introducing insecure technologies like NFC [near field communications] and 'touch and go' [payments] through different types of wearables and card tokens and then trying to back them up with some kind of second tier authentication like biometrics?" she said.

"We're saying, 'Yes, we know it's an insecure device and we know it will increase our fraud'.

"Let's get serious."

Michael made the comments as part of a panel discussion on emerging risks in the payments industry.

Other panellists, including Visa Australia's risk services director Sasha Slevec, disagreed with Michael's assessment.

"Despite what [was] said about contactless ... it has the lowest fraud rate of any channel we have," Slevec said.

This wasn't simply because it was newer than other payment options, he later told Information Age.

"Although the contactless bit may be new, the [authentication] technology that it relies on - EMV - has been built up over time," he said.

"The first EMV card issued in Australia was in 2001. It's been around."

Slevec was, however, cognisant that emerging devices and payment systems could challenge the process rigour typically expected of payments processing.

"Moving into wearables, we've got an eye to that," he said.

Ditto e-commerce, where Visa Australia is particularly focused on driving standards - and trust - for the handling of payments.

Visa's answer is to encourage newer payment platforms to adopt authentication standards (EMV) and "tokenisation" standards, which payment operators like itself have been working towards.

In the future, tokens (unique numbers) may exist for payments using a mobile phone or wearable device. The tokens could be device or platform-specific, meaning fraud damage could be limited if the tokens fell into the wrong hands.

Click here
to log in and continue reading.