Mobile payment security gaps exposed at Hong Kong university
As services like Alipay and Apple Pay become increasingly important to customers and retailers, researchers show how thieves can still exploit them
Just how safe is it to pay bills by waving your phone at the cashier or scanning a QR code?
Not completely, according to cybersecurity experts at a Hong Kong university, who have exposed loopholes in various mobile payment systems, which are becoming increasingly important to retail in China and around the world.
The potential vulnerabilities have been reported to the systems’ operators, who have acted on the reports, but researchers reminded users to stay alert for suspicious apps and links.
China is the world’s leading market in mobile payments, with US$5.5 trillion worth of transactions logged last year. By comparison, Hong Kong is catching up slowly, with services like Apple Pay receiving a lukewarm response since launching in the city a couple of years ago.
A two-year study by researchers at the System Security Lab at Chinese University’s department of information engineering looked at four forms of data exchange which have been widely adopted in mobile payments.
Those forms were near-field communication (NFC), QR code scans, magnetic secure transmission (MST) – used on Samsung handsets – and audio signals.