4260818208_43befef90b_z

Indian Mobile Payment Users Beware: Qualcomm Fears for Your Safety

December 15, 2024         By: Steven Anderson

There’s been a lot of talk in recent days—and plenty of it right here—about mobile payment systems in India lately. Most of it has been a response to the ban on 500 and 1000 rupee notes, and how the citizens of India have been dealing with the issue.

Mobile payment systems, particularly PayTM and Mobikwik, have gained a lot of ground in the process, but recently, Qualcomm offered up a new report that suggests the mobile payment picture in India isn’t near as safe as it could be.

Qualcomm noted that both mobile wallet and mobile banking systems in India were lagging the market in security, not turning to “hardware-level security” that can help provide security to mobile transactions.

It wasn’t specifically a fault of Indian mobile payment systems, as noted by Qualcomm’s senior director of product management Sy Choudhury, because quite a few mobile payment systems don’t actually use hardware-based security.

As Choudhury noted, most apps worldwide run completely in Android mode, which opens up some potential for password theft. Even fingerprint security alone isn’t good enough; though biometrics have routinely been shown as excellent protection systems, without that hardware-based security, it’s possible to steal a thumbprint by illicit means and then use said thumbprint as an access point for theft.

This is changing, however, as Qualcomm’s concocting some new features to help on this front like “device attestation,” a set of security tools that can verify a user and a payment gateway from the operating system on the phone, which helps prevent malware from getting involved. It’s also been working with Avast to generate alerts for devices infected with malware.

The good news about all this is that, chances are, an already fairly safe system is about to get a whole lot safer in the fairly near term. So right now, a little extra vigilance on the part of payments users in India shouldn’t go amiss, and when Qualcomm and Avast step up the security at the chipset level, the problem should be mostly taken care of.

A little extra protection now will go a long way, and soon, we may be able to use mobile payments with only simple protections in place.