Ever been virtually mugged?
Rohit Sethi discusses the risk of cybercrime when dealing with mobile payments
- Duration 8:11
- Date Apr 12, 2012
Rohit Sethi discusses the risk of cybercrime when dealing with mobile payments
Also in this playlist...
This transcript is automatically generated
And welcome back to foxnews.com live let's talk now about the security of your mobile apps especially the ones that you might be using.
To actually do banking and make payments people assume.
That this is secure but it might not always be in joining us and talk about this.
Is the vice president of product development for security compass.
Ro hits set these thank you so much for being with us -- had so the predictions are that local kids are going to top one trillion dollars by the year 2015 people are using.
Their mobile devices to pay bills.
-- Iraq is the safe.
That we're learning a lot of things about mobile application development zone that the banks some of the e-commerce vendors are starting to.
Build applications that you can use on your phones to sort of interact with the company's whereas you know previously people used to use.
Web sites when -- -- and so we we learned a lot about security about these web sites from constant attacks over the years as an industry we sort of matured.
What we're finding with mobile software in particular is it it's it 'cause its new.
That -- new set of challenges that that may be on everyone's aware of the so.
Some of the larger institutions in your big financial institutions for example -- are generally have a.
Strong software security practices and so they're they're very well aware of a lot of the risks that today you might -- mobile security.
I'm and -- trying to beat that into the applications.
So that you don't have.
It that you don't have the same kinds of concerns as as we did -- in -- -- new web software right.
So if you are making a mobile payment and you're using Wi-Fi.
Is it important to use a private Wi-Fi connection vs public.
Yes so that to get questions so -- -- a few things to keep in mind when you're using -- you know -- device.
Your mobile payment certainly one of them is that if -- -- a public network.
You wanna make sure that down.
It's encrypted so you see like a WP -- sometimes.
If you go to coffee shop for example some -- to connect over plain text now it may be.
That the software that you're using.
-- encryption on top of it which is which is good news and and so again it does have more reputable vendors will often make sure that they've they've built that into the software and where you might have some concern.
Is when you're you're looking at some of the smaller vendors you know some of this of one off mom and pop shops that might be.
Building applications ask your credit cart -- its gonna be careful about is in the public's.
Right now what about I see a lot of people -- commuting on the train on there Kindle for example and -- they'd buy you know with like one click they buy from Amazon.com.
The latest newspaper.
And they're using the public Wi-Fi available on the train and -- just clicking purchase and I guess -- Somehow you're purchasing information is going through the airwaves is that safe if other people are hacking into you know -- -- -- into you know.
Not really typing a password even.
So if you were using Amazon in particular there's -- a good chance that when you make that that.
That purchase it's going to be over an encrypted connection there is a chance that depending on the security of the place for example it train.
Around the they may not be actually locking down.
There their network devices when you connect to the Wi-Fi -- could be if someone is broken and that -- could pose a problem so you wanna be careful.
About what level of security you know you're looking at the end maybe on -- train -- something like that.
You wanna be hesitant -- making any big purchase so it's probably best is still stick with your home computer.
If you want to do online purchases and and and not just do it on the spot he can avoid it.
Well it's silly.
You know if you're using a public Wi-Fi it's one thing -- -- using some of the mobile network it's it's a little bit different -- a little harder to intercept that kind of communication like I said.
-- as long -- they've sort of built in the right controls in place.
You have a reasonable level of assurance that the -- like you stop.
Right so -- your company security -- focuses on is actually working with the developers when they're developing.
These mobile apps because you say that believe it or not.
The security is one of the last things that they think out -- thinking about making the app work right there securities' Michael I have to pot yeah a lot of people don't know that actually so.
Well what what often happens as -- You know people go to school to learn about how to build software.
And in the they're training they don't learn about securities is not a standard topic and other some institutions that they're starting to offer this and usually it's an elective.
But a lot of people will learn about how to program they'll learn about security.
So what they'll do is build software.
And then they'll test it for security issues either because there's some compliance regulatory requirement or you know because they've seen other companies -- -- -- -- this careful about it.
Is strikes us a little bit backwards to sort of build something.
And then tested for for security issues -- right there's an analogy I like to use which is in the automotive industry.
A for a long time driving cars is really a lot less safe than it is today -- and that's because there's no liability automotive manufacturers so they would just you know build a car and ended.
Give the sort of you know -- luck of the draw in terms of how safe that would be.
But then when when -- -- liability.
There was a change right so this automotive manufacturers started to build safety into the cars for the start right right so -- in the blueprints but where we are in the software industry today and this is this is very pervasive across industries.
I with a few exceptions is that you build the software.
And you sort of throw it against -- -- you test it for security issues you look at the source code you try to hack into it.
And then you go back to fix it and it you know we we it was sort of what we're trying to do was help companies think about -- -- the -- -- you're -- -- blueprint -- -- -- -- -- -- -- -- -- -- -- -- -- Yeah.
So you say that you get this -- symbol here in the corner of your screen sometimes and that people feel 100% confident that happens they're safe and they're really not.
Well and I you know that's how a lot of us have been educated look for the -- signal and we used to -- signal.
It's safe what that means study is that you know -- they're talking about the that the communication.
Between you know your mobile devices you know the Wi-Fi -- that that means it's encrypted society can't listen in on it.
That's one aspect of security there's a lot of other things that you need to keep in mind and so you got a lot of web sites and let's say we have.
128 bit encryption we have firewall so therefore.
-- protected but what they're not saying is we built our software securely.
So what you -- to do you know -- companies really respond to customer.
We're requirements and demands.
If you think that this is important you wanna you wanna let your institutions no event that companies that you're working with say.
You know I I want to make sure that you're you're thinking about security as you building here your applications and -- will incentivize them.
I think that the banks are sort of off and already there that -- they're already worrying about this but it's a lot of the other industries where.
-- -- Desire to to spend money and think about security upfront.
Isn't quite at the same levels building more features into this off right.
Well I mean could you -- liability when it comes to cars.
I did but at the company would not be -- and they'll probably lose a lot of business if they got hacked into -- there was some kind of a security breach.
But these companies don't end up being liable today if something like this happens and information is compromised.
So what I'm not I'm a legal expert but I know that there's a lot of communication in the south the security industry right now about you know I am always has been.
-- about whether there should be liability right it doesn't.
You know -- I'm not sure I'm not sure where that's gonna go for the time being.
You know we can't rely on unnecessary the legal system to say to enforce right -- people are building software.
Securely it's more along the lines of.
Customers demanding it and in some cases in regulated industries the the regulations for example you process credit card information their specific regulations.
That they that the credit card companies pass -- to say you must follow.
Some secure practices right.
All right interesting information you can find out more about it on -- security compass dot com.
Again -- it's a big thank you so much for joining us thank you.