Walgreens Touts Strong Mobile Feature Stats. Are New Security Holes Soon To Follow?

Walgreens last week (March 3) announced that one of its mobile features—Refill By Scan—"accounts for more than half of all prescription refills ordered through Walgreens' mobile applications, less than four months after becoming available." On its own, that stat is really not that impressive; after all, the universe involved here is the chain's mobile users.

Using a mobile device to re-order drugs is already a departure from routine behavior. Of those customers sufficiently comfortable with mobile to fill prescriptions, to ask them to scan a barcode instead of keying in information is not a big leap.

But the trick is not—in this case—getting people to use this feature. It's getting them to use the mobile device itself for commonplace functions. It's also waiting a year or so to see if this scan convenience exposes security issues, such as the one last year involving Walgreens and chat transcripts. Will those scans be encrypted and protected as aggressively as the older methods?

As new methods are tried, extra effort must be applied to anticipate new data breach attack methods. Quite a few major banks, for example, have been pushing the ability to deposit checks through a mobile device, where the consumer scans the checks from wherever they are. With checks, the target is money, whereas the prescription scans could attract information-seeking identity thieves. Or will intercepting such scans help drug dealers find the drugs they want to sell?

Sound far-fetched? Perhaps, but consider what a sniffer listening in on a local drugstore could do. Armed with the name of a legitimate customer from that store who happens to have a legitimate prescription for the desired drug, how difficult would it be to create a fake refill order?

Just like all other frauds, this one would ultimately have to be stopped by the store associates, knowing what customers look like and being strict about seeing full ID for everyone else. I think Walgreens' initial success with this mobile app is a good development. But let's hope that it's being met with an equal level of security at both the network and the store level.