Mobile Wallet Meets Social Media Identity Theft

It comes as no surprise that people tend to share a lot—far too much, most likely—on social media. But one company is flagging that when consumers combine mobile wallets with a very sharing-oriented social persona, identity theft problems are inevitable.

NXT-ID, a biometrics vendor, encouraged shoppers to “show us your wallet” for a promotion and they were stunned at how much sensitive payment data people inadvertently shared. “An exuberant contestant submitted a photo of their big fat bulky wallet.

Unfortunately, it displayed all the details of their driver’s license,” said Laurence Savin, a marketing consultant overseeing the contest for NXT-ID. “We obviously had to quarantine it and notified the contestant it was not best practice to publish information like this on social media.”

This isn’t limited to consumers. Security professionals can make the same mistakes. When Google introduced Google Wallet, Osama Bedier, then the Google Payments VP, was presenting to the audience about how very secure the system was, so secure that he was using his personal credit card number to make the demo. Of course, he ended up accidentally broadcasting that information to the live telecast.

In security, the concept of weak link is germane. In a house security assessment, there’s no reason to add a second deadbolt to the front door when the breakable window is the weakest entry point. In payment security, encryption and multi-factor authentication won’t do much if the consumer talks about his passwords and account numbers on his Twitter account. Or allows sensitive details to be world-viewable when posted on LinkedIn. And then there are the personal details inadvertently revealed in the backgrounds of Snapchat images.

Security and authentication are important things for payment companies to deliver, but a little paranoia on the part of consumers and their social media efforts wouldn’t hurt.