The growth of mobility has seen an explosion of messaging applications. Instant messaging has been the “killer app” for smartphones. It has evolved into many flavours from straight up SMS into iMessage to Whatsapp, Google Hangouts, Skype Chat and Telegram to name just a few. As messaging providers look to enhance their product offerings beyond sending text and emojis, payments and money transfer are quickly becoming the next area of feature growth. It’s a natural evolution from chatting with a friend to using that platform to easily send them money.
Stepping Stone to Cryptocurrency Transfers
We’ve talked quite a bit about the rise in popularity of cryptocurrency. Use of messaging platforms to facilitate transfers of cryptocurrency is a logical evolution from a pure money transfer platform. Making the transfers easier, less prone to typo or copy/paste errors will create not only a better user experience, it will also further the adoption of cryptocurrencies as an exchange of value. The experience could be as simple as each party having a wallet address of the same cryptocurrency and performing a basic transaction, to a more complex scenario brokering a transaction from fiat dollars into a cryptocurrency of your choice through a crypto-exchange into the recipients desired cryptocurrency and into their wallet.
Imagine a scenario where you have a bitcoin wallet and the person you wish to send currency has an Ethereum wallet. It would be a logical experience to create a seamless flow transferring fiat currency into Bitcoin, converted to Ethereum and deposited to your recipients wallet. The security implications are enormous. As we have discussed before, your crypto-wallet and keys are vital to protect. Any rise in messaging platforms interacting with your wallet becomes an avenue for attackers to try to exploit.
Not only is it critical to ensure the messaging apps interacting with wallets and cyprotkeys are secure, it is also critical as a user to have peace of mind that the application you are interacting with is in fact legitimate and not a re-packaged application phishing for your credentials or crypto keys. As you know, if your crypto keys are compromised your entire balance is at risk for being stolen at any point in time.
The natural extension of the consumer popularity of messaging apps is to use them for business interaction with customers. You can see examples of this interaction with business using chatbots integrated to Facebook Messenger or through SMS. As a consumer you are able to chat with live or digital representatives of a company through the same messaging channels you use to interact with your friends. If you take this concept of B2C interaction through messaging interfaces further towards transactions and payments you can see the security requirements are more important than ever.
This rise of cryptocurrencies and corporate use of crypto-tokens to purchase and interact with a business and it’s services combined with the more seamless integration of secure messaging and payment solutions mean that in the future users will be able to easily interact with and purchase services from corporations easily navigating between fiat currency, cryptocurrencies and corporate issued crypto-tokens.
Clearly the security of these channels for communications and payment will be more important than ever. As consumers interact with business through messaging interfaces this becomes another attack vector for phishing, fraudulent communication or messaging intercepts.
Some questions you should consider for your organizations:
How is my organization using mobile messaging for business use?
How is my organization leveraging mobile messaging for customer / user interaction?
Is my organization looking at facilitating customer transactions via messaging?
What, if any, future path exists for corporate issues tokens and acceptance via messaging?
We’re in a new, interesting and dangerous land. The answers to the above questions should dictate how you approach application security for mobile messaging. Tread carefully.
What to do next
Contact us to see a demonstration of the RECON Platform
Watch an overview of the Mi3 Security Portfolio