Special Segment: Social Security

October 31, 2011 8:52:34 PM PDT
Smart phones and social networking make everything more convenient, from paying for products to letting people know where you are.

But is sharing information digitally putting your privacy at risk?

As more information becomes public, local companies and experts are trying to find ways to keep your identity safe.

At Swirlz Cupcakes in Lincoln Park, they're trying a new system called Paycloud that lets customers use their smartphone at the register to earn discounts for loyalty.

"It's cupcake sales going hi-tech," said Pam Rose, co-owner of Swirlz Cupcakes. "When a customer is making a purchase at the register, they're automatically a little wary of new technology."

According to Transnational Bankcard, the suburban credit card processing company behind Paycloud, the app does not keep personal information on the phone. Instead, an ultra low frequency sound sends data through an encrypted code to a tiny microphone on the store's secure credit card terminal. It's just like swiping a card that immediately self-destructs.

"Everything that we've done in the design process starts with security in mind," said David DeSanto with Transnational Bankcard. "In an era where technology has given great new efficiencies, there's always going to be people trying to exploit those efficiencies."

As more and more apps come on the market place, local experts say Paycloud's focus on security is actually very uncommon.

"There's always a race to get the latest feature out, to get it out before your competitor, and at the same time, security is not easy to do," said Andrew Hoog with viaForensics, a digital security company in Oak Park.

ViaForensics tested the security of 100 popular smartphone apps in a recent study. They found that in many cases, personal data and passwords are stored in plain text on your smartphone, which is a big problem if the phone is lost or stolen.

"It was very clear from our analysis that the social networking apps have the largest security issues," Hoog said. "A lot of these applications are storing sensitive information on your phone and in some situations it may put you at risk, or certainly put your information at risk."

Keeping your data safe isn't just about monitoring apps on your smartphone. When you open up online, shared data can become an easy target for thieves.

"Certainly if you collect enough information, enough public information, you start to know a lot about the individual," said Illinois Institute of Technology professor Bill Lidinsky. He tells his classes that online sharing can build a profile ripe for identity theft.

"It's actually very scary the things that people can find out about you via things as simple as Facebook," said IIT student Shauna Martin.

Lidinsky says some companies have even made a business out of crawling the web for your information and then selling access to what they find.

All that is public information but on the other hand, they start to get a substantial picture of the individual.

"Companies especially need to focus more on what sorts of information is being stored, how can we do this in a secure fashion, because in the end, if there's compromise of somebody's phone, it's the consumer who's left holding the bag who pays the price," Hoog said.

ViaForensics is in the process of developing an app that will check all of the apps on your phone for potential security problems.

Even with their security measures in place, Paycloud decided to launch first as a gift card program before adding the option to link credit cards to the app so that they could prove their system was safe.

To read viaForensics' study findings, go to http://viaforensics.com/appwatchdog/

For recommendations from FTC on app security, check out http://onguardonline.gov/articles/0018-understanding-mobile-apps