Telstra security operations specialist Darren Pauli has spent nearly a year with his smartphone replacing a wallet – securely making payments for everyday items and services. There are some guidelines you should keep in mind if you’re considering doing the same.
My wallet is history. I carry my phone instead.
How often do you use your Medicare card? How often do you pull out your driver’s licence? If you’re like me, the answer is rarely.
It was some time in March of last year that I acted on this realisation and threw my wallet in the bin – opting instead to carry only my phone.
That digital device – these days much more of a computer than just a phone – is my credit card, driver’s licence, and the link to my entire digital life.
With it, I can buy coffee by tapping it at point-of-sale machines (using Android Pay or Apple Pay), and I can securely access all of my important data and essential digital services with a few taps of apps.
The reason behind my switch from wallet to phone was simple: modern mobiles are faster and more user-friendly than ever, and security technology is now both reliable and easy to use.
This confluence of technology meant that, for me, the wallet’s 400-year reign as a mandatory hip accessory was over.
Replacing your wallet with your phone isn’t without risks. Keeping a scan of my driver’s licence and other documents in the cloud may be not be enough to keep some security pros happy, but the checks I employ are a big improvement on those the average person uses.
The two essentials
Firstly, your mobile and your bank must support near field communication (NFC) payments. This is required to make contactless payments.
Almost all Android phones include NFC, and most modern Apple devices have technology for Apple Pay built in (a full list can be found here).
Secondly, you must acquaint yourself with a security-driven mindset. Sometimes called operational security, this mindset is used to safely navigate technology through competence and confidence, not fear.
You can start now by setting a unique password for your bank account. Change your email account password next week.
Think of operational security (opsec) as the measure of your security awareness in the world of technology. You win points for knowing how to spot phishing, and for making up a fake birthday and home address for Facebook and other websites.
In short, you become more security-savvy the more you think like an attacker and build roadblocks to frustrate your opponent.
In 2018 this is a necessary skill: You cannot force your favourite online chat forum to use better security that’s harder to hack, but you can change your forum password to something unique or disposable. You can keep your real information out of your forum profile.
And doing this means hackers who break into that forum will not be able to use your password to get into your emails, or use your real name, birthdate, and address to help open a bank account.
In bite-sized chunks, strong, painless mobile security is possible. And maybe even a future of lighter pockets.