Last week I had the opportunity to attend TEDx OregonStateU here in Corvallis and I had a few ideas from those talks for blog posts. One of them was prompted by the talk given by David Edelstein, a Senior VP at the Grameen Foundation.
I won’t try and repeat what David had to say, you can see it for yourself once the talks are available on YouTube, but the gist of it was about people David referred to as the “Unbanked”, people in developing nations, and even the poor in many developed nations, who do not have the necessary resources to open a bank account or get credit. These folks cannot take advantage of the financial world around them at all, and are left to dealing with Payday loan type places when they have a need for money. Obviously, this isn’t good.
But, mobile technology is changing that. Think about how many financial transactions are already accomplished with your mobile device? Using the Starbucks app, using Uber, online banking apps, taking payments with Square? What if a cell phone carrier could, in exchange for keeping the mobile customer, offer financial products tied to the phone? What if people without access to banks could use their phone as a debit card substitute, with an added ability to pay head against an automated deposit?
It really opens up some intriguing possibilities, and the technology already exists and is being used.
As David was talking about this, I had only one thought.
Given all the financial and health info going mobile, mobile phone security is a huge issue. #mydisruption
— Mike McBride (@mikemac29) February 13, 2015
I’m surrounded by the world of forensics and cybersecurity as part of my role in eDiscovery every day, so perhaps my view is a bit skewed, but I started to think about what kind of financial information is on my phone, and I’m not one who uses my phone for a lot of this stuff. (I’m not an early adopter of Apple Pay or Google Wallet, for example.) Still, if I were to lose my phone, I’d be depending on my passcode to prevent access to apps that absolutely do have access to financial information. Someone with my phone in their hands could order up Uber rides all day long and have them charged to me, and might be able to grab enough information from my iTunes account, emails, and various other apps to get a good head start on hacking the rest of my information. In my case, the damage would be limited because I don’t do a lot with my phone and I don’t access some information over a cell phone network, but if I was dependent on my mobile device for my financial services, I’d be in a world of hurt.
This is why it’s such an important thing that Apple and Android devices allow for encryption by default! If the government gets it’s way and gets the phone companies to disable that so that they can always get into mobile devices, then these new developments around mobile financial and health tools, may wind up doing more damage to users than offering them help. Seriously, why bother stealing money from people when you can steal their phone, and with a few technology tools, access all the financial information to get much more money from that person? Talk about an inviting target!
The best way to avoid that fate, is to take steps to make your phone less of a target, by enabling proper security measures, including having a phone that is encrypted. For these kinds of solutions to make sense, they need to be as secure as possible, period.