Dorsey fired back, calling it "not a fair or accurate claim and it overlooks all of the protections already built into your credit card," noting the waiter "could easily steal your card details if he wanted to -- no technology required."
But beyond this slugfest, which pits an industry veteran against a newcomer, fateful decisions on mobile-payment security are expected to be made by the Payment Card Industry Security Standards Council, which sets rules for merchants and processors.
Earlier this year, the council quietly "de-listed" all approved applications for mobile payments that had included in its PA-DSS certification program -- including the VeriFone smartphone-based product for the iPhone. The council says it made this decision to de-list them entirely because it is embarking on a total review of mobile-payment security.
"The rapid development and deployment of these new and innovative mobile payment technologies has brought a level of complexity to the industry never seen before and has introduced a new set of risks and threats that may affect the security of cardholder data," said Bob Russo, general manager of the council. He said the "technology is still evolving, and there hasn't yet been any standardization when it comes to securing the applications and devices."
Read more about anti-malware in Network World's Anti-malware section.
Sign up for Computerworld eNewsletters.