Don’t use your phone to pay bills, buy things or conduct any form of financial transaction.
Two Australian experts agree that moving to chip and PIN from a signature for card payments at retailers from August 1 is a step in the right direction to keep financial information secure.
The terminals where you enter PIN and card have tamper proof protection and will shut down if anyone tries to get inside them.
However, online the world is still a dangerous place to lose you credit card details because all that’s needed is for you, or someone, to enter card details. A PIN or even a signature isn’t needed.
Asha Rao, a specialist in information security at RMIT University, says she generally stays away from financial transactions on phones.
“It doesn’t matter whether it’s Samsung or iPad, iPhone or Windows or whatever, they inherently have less security than a proper computer,” says Associate Professor Rao.
“I wouldn’t trust them to do financial transactions.”
A mobile phone isn’t as powerful as a computer, and is therefore less secure, and you can lose a mobile phone along with your passwords.
“And someone could put malware software it and siphon off your (financial details),” she says.
“I do have a smartphone but I don’t do any banking from it.
“I’ve found the bank says you have to use all this extra security when using a computer but when it comes to a mobile phone a password is okay … the security has been dumbed down for them.”
Richard Boddington, a visiting fellow at the Centre for Forensic Research at the University of Western Australia, agrees.
“I definitely would not do financial transactions using my phone or anyone’s phone,” he says.
There’s less security on them in terms of them being manipulated and remotely hijacked.
And, if you’re hacked, it’s hard to get evidence to show that it wasn’t you who made the withdrawal or made the purchase.
“Once they’ve done the dastardly deed there’s no evidence to find,” he says.
The devices the hackers have used are at the bottom of the harbour before anyone knows a crime has taken place.
The servers they use are not designed to capture that mobile and WIFI activity.
And law enforcement is under resourced and doesn’t have the latest tools to try to work out what happened.
However, Boddington says there’s progress with tracking financial transaction, enabling more evidence to be gathered.
“This is very bleeding edge stuff and we’re just starting to make some headway,” he says.
“There are a lot of clever people throughout the world helping us in this research. We can actually find out what’s on phones as of today. What’s on phones as of tomorrow is going to be an ongoing challenge.”