Tag: ping it

Barclays' PingIt app will 'certainly' be targeted by criminals

Barclays has announced its money-sending app, PingIt, which the bank claims is as safe as any other banking transaction.

While many may be concerned about sending money via their smartphones, Barclays believes that mobile payment will “revolutionise” the way money is passed around.

The free to use PingIt app will, at first, only send money from a Barclays account – but will mean that anyone will be able to register to receive money from a sender’s smartphone.

The money is sent using Barclay’s Faster Payments service, and the bank chain says that with a five digit PIN code needed to send payments it is as safe as a regular bank transaction.  However, in order make the transactions quick, full bank details are not required.

Barclays is playing down the amount of money users can send, painting it as an opportunity to quickly send a tenner to a friend or family member.

But the possibility to send up to £300 using the service – more than many standard accounts let you withdraw as cash from the bank each day – there will be concerns about the security.

Rik Ferguson, Director of Security Research & Communication at Trend Micro believes that there is serious potential the system could come under attack from criminals.

“It will certainly be a target,” Ferguson told TechEye. “Criminals follow consumer behaviour and if consumers begin to move money around on mobile devices that will be of distinct interest for criminals, and they will try and exploit it.”

Mobile users are already fairly lax with security, Ferguson says. “There are still far too many people who are not in the habit of locking their phone with a PIN,” he continued. “Obviously there is a PIN for the app itself but if you are not using the PIN on your phone you are increasing your risk.”

There is also the real possibility that criminals could create malicious software to target PingIt.

“We are already seeing increasing number of malicious apps out there,” Ferguson says. “Replica versions of the official apps available in app stores are already common tactics – for example, Angry Birds or Cut The Rope.

“It would be quite a simple matter to make a copy of the app and have people download it, and have it look like it is acting as normal but actually stealing information and finding out what the PIN is.”

Ferguson believes that there are plenty of ways in which PingIt has the potential to be exploited: “There is the possibility of key logging, so Barclays need to look at this as well as potential vulnerabilities or flaws in the code,” he said.