-2

I ask this question in light of the recent Equifax hacking. I'm sure people in China get hacked all the time, but I was recently talking to someone from there and they told me they never walk around with a wallet. Everything is on their phone, including all of their credit cards and payment methods. And this person is a computer programmer. Personally, I would be very wary of putting my credit cards on my phone to use on demand.

So I guess my question is why does this person feel so safe using that as their primary means of payment? Is it because their internet is not as open and free flowing as ours, in the US is?

Adjit
  • 159
  • 4
  • Chinese use the same tech as us to protect information. In the United States we have [Apple Pay](https://www.apple.com/apple-pay/), among others; I don't know why you feel unsafe using that sort of thing. BTW their internet is no less "free flowing" than ours, to a hacker. – John Wu Sep 08 '17 at 21:03

1 Answers1

3

So I guess my question is why does this person feel so safe using that as their primary means of payment? Is it because their internet is not as open and free flowing as ours, in the US is?

He may have a different threat model. This means his adversaries may be common thieves on the street, hence prioritizing not keeping valuable information on his person in the form of a wallet. He may consider the risk of his phone being compromised to be lower than the risk of his wallet being stolen (which may or may not be true, depending on the circumstances, the community he lives in, etc). If having the information on him in one form or another is non-negotiable, then he may have opted to keep it on his phone.

For example, imagine if you had to go through some dangerous ghetto, and you needed access to your money. Would you rather keep a phone, locked with your password that the average thug will not be able to access, or would you rather bring your whole wallet and risk mugging? Now imagine you were going to an airport in Los Vegas, with Wi-Fi riddled with hackers and script kiddies. Would you rather bring your phone, risking your credit card being stolen as soon as you buy something, or would you rather keep your wallet, knowing that it is incredibly unlikely for someone to steal it from you if you take even the most basic safety measures? This is threat modeling.

Alternatively, he may simply be security ignorant. Being a programmer does not make someone know what is safe and what is not. Computers are incredibly complex, and someone with expertise in one discipline can be completely naive when it comes to another. I'm proficient with Linux and UNIX security, down to the kernel itself, but I still struggle to set up network routes that are anything other than trivial (a point a networking-savvy friend of mine loves making fun of). The fact that expertise in one area of computing does not imply expertise in another applies equally to all countries, and China is no different.

But in the end, this really boils down to knowing the thought process and perceptions of the person you are referring to. Without being able to talk to him, all anyone can do is speculate.

forest
  • 64,616
  • 20
  • 206
  • 257
anon
  • 136
  • 4