Smartphone or computer: Which is safer for credit card payments?

By Megg Mueller

Ho Ho Holy cow, have I been shopping online lately. I shop locally every chance I can, but there are some Internet shopping sites that offer such great deals. Throw in free shipping, and my credit cards and keyboard have been getting a workout. As an avid Web consumer, I have been reading with great interest the stories about online security issues, mobile payment glitches and the scariest words to an online shopper like myself: identity theft.

People still worry about typing their credit card numbers into the shopping cart forms. Clearly I don't, but according to a Javelin Strategy & Research Consumer study done in September of this year, many people still aren't comfortable when it comes time to hit the "place order" button.

Of the more than 2,000 people surveyed, four out of five indicated they would be likely to spend more money on online purchases if they didn't have to use their credit cards. Javelin did the study for PaymentOne.com, which is a provider of payment services that don't require credit cards, so as with most studies you have to consider the source.

Some of the reasons people freak when it comes time to hit send include such concerns as:

• My credit card information will be intercepted
• Merchants will misuse my info
• I'm going to start getting junk mail
• My info is going to be sold to someone else

All of those possibilities are unfortunate, but according to the survey providers what people want is a way to pay online without their credit cards, such as by using a mobile phone number and having the charges appear on their monthly cell bill. Mobile payments are also one way online shoppers want to pay, although according to Javelin, while 95 percent of the survey respondents have mobile phones, only 36 percent say they have used them to actually make a payment. And maybe that's because mobile payments just took a hit of their own.

Google Wallet was released this year as a way to store credit card numbers securely in your cellphone, making paying for merchandise and services something as simple as waving your phone at a secure payment device. But it might be smarter to wave a magic wand and whip out some cash instead; an analysis by researcher at viaForensics revealed some pretty serious security flaws in the mobile payment system.

Credit card encryption

While credit card numbers and CVV numbers (that three-digit code on the back) are encrypted on the phones using Google wallet (only a few models actually support the application currently but the list will grow), it appears that most other personal data isn't. Credit card limits, the name on your card, PIN numbers, expiration dates and a whole bunch of other information associated with your credit card account are stored on the phone in plain text. Well that sounds secure to me. Oh, a savvy hacker can also get your email address associated with the account, your address…get the picture?

Google responded pretty quickly to the analysis, and they admitted some holes and even took steps to clear up some of the most-easily-solved issues, but the overall concern about the lack of encrypted data, well, that's still a problem.

So we don't really like using our credit cards online, but using mobile payments isn't quite ready for prime time. Does this mean we have to go back to cash and checks at our local market? Not likely, but at least for now, I'll check to make sure it's a secure (https:) site before shopping and I'll keep my smartphone for more important things, like Facebook, Angry Birds and the occasional phone call.