Apple and Google (and especially Visa) last week gave us yet another example of how security and convenience are often at odds with each. And it looks like they opted for convenience.
The latest issues speaks to only a subset of iPhone and Android users — specifically, those who use their phones for mass transit payments. If you think of how subways work in a major city (I’ll use New York City as an example), they require extreme speed. Using facial recognition or entering a PIN right before paying to get on the subway would dramatically slow down the line.
Instead of allowing authentication to happen earlier — say, perhaps within five minutes of a transaction — or by accelerating the process to a split second, Apple, Google, and Visa apparently chose to forego any meaningful authentication. (Note: I am focusing on Visa because the hole still exists for it. MasterCard and others have already patched the flaw.)