Is It Time To Insist On Mobile Authentication Beyond PIN?

Is it time to insist that mobile devices have some type of authentication beyond PIN? The frightening scenario: A thief watches a shopper making a mobile purchase at the mall and shoulder surfs his 4-digit PIN. The thief steals the phone, walks into a store, buys a $5,000 necklace with that phone and that PIN and then dumps the phone into a trashcan.

That authentication might be biometrics (the phone can scan the buyer's facial shape, match a voiceprint or do a retinal scan, although preferably not a fingerprint) or a onetime-password fob or even—for the ultimate simplicity—a rotating series of personal questions, so that shoulder-surfing wouldn't work. Even Square and SMB PayPal trials are using customer photos for verification. But with in-store mobile purchases now going into widespread retail trials, it may be time for some real security. Or is the absurdity of signature verification not enough to motivate anymore?

Suggested Articles

Costco changes up its menu items, and Alibaba and Guess partner for a physical store.

Janey Whiteside, Walmart's new chief customer officer, is well acquainted with the importance of customer service in modern retail.

Whole Foods will offer deals on Amazon's Prime Day, and tariffs against China are causing pricing hikes.