Mobile Commerce Insider Featured Article

September 02, 2014

Alibaba Ups Mobile Payment Security with Fingerprint Recognition

If there's anything online that demands the best in security, it's anything that deals with money. Bank records, credit cards, even mobile payments; when it's our money on the line, we want particular security between it and the outside world that would so seek to seize our resources. Alibaba, one of China's leading online firms, has brought a particular note of security to its mobile payment app with a new fingerprint security capability.

With this move, Alibaba joins the likes of Apple and PayPal, who have likewise introduced such technology. Though not everyone will be able to get in on the added security boost—the move is reportedly limited to users who have a particular breed of Huawei smartphone that comes with a fingerprint reader built in, particularly the Mate 7, which is set to be launched soon—those who do get in will be able to get an extra layer of security on the Alipay Wallet app.

Alipay Wallet—Alibaba's online payment system—represents over 100 million total users, so it's clearly a honeypot of note to online criminals out there. Since Huawei represents the third largest vendor of smartphones by volume, at last report, the combination should result in excellent security for a large portion of Alipay Wallet users. For those concerned about misappropriated biometric information, meanwhile, reports suggest that Huawei will be using some substantial encryption and verification tools in a bid to keep that fingerprint information accessed only by those applications that must have said information to function.

But fingerprint recognition, among other biometric security measures, haven't always gone according to plan. Fingerprint readers from makers like Apple, who brought it in on the iPhone 5, and Samsung, who added it to the Galaxy 5, have reportedly found such efforts brought to comparatively naught as the tools in question were subsequently hacked. This new version may therefore have some extra capability to it that prevents it from being beaten, or something similar.

But the problem here is that the universal principle about engineering—and similar creative arts—still applies. What one engineer can create, another can defeat. There's only one real way to render anything unable to be hacked, and that is to disconnect it from any kind of external contact mechanism. Anything that's connected has some risk of being hacked, especially when those involved are sufficiently determined by the right motivation. Here, the “right motivation” isn't hard to provide in the form of the account data and cash balances of around 100 million users.

Still, that's no reason to give up and just hope that passwords and similar login data will prove enough to protect mobile payment systems now and into the future. The future of the Web itself will likely be driven by mobile and online payment systems, so putting the most protection possible into such systems is going to be valuable in the long run. There's a lot at stake here, and both sides will be eager for the gain associated with success. It remains to be seen just who will come out on top, but with developments like Huawei's and Alibaba's afoot, the hackers may have a serious problem afoot.




Edited by Maurice Nagle




Comments powered by Disqus


Related Mobile Commerce Insider Articles