The mobile industry let out a big “oops” this week when flaws were exposed in mobile applications from Google and Citi that put consumers at risk, suggesting that the rush to be first in mobile payments and mobile banking may come with a price.

Two security flaws were identified last week in the Google Wallet mobile payment app that potentially let hackers access consumer accounts. Citi ran into trouble with its iPad mobile banking app, which has a program error that resulted in some customers paying the same bills twice.

“The pace of these mobile wallet wars is pushing a lot of things into the market way out in front of the headlights,” said Joe Lynam, CEO at PaymentOne, San Jose, CA.

“All of these companies are building their solutions with security in mind, but there is this rush to deploy,” he said. “As the pace quickens we are likely to see other flaws like this emerge.

“We are also likely to see a potential rise in security concerns from consumers, especially around identity theft and the use of their private information.”

Convenience outweighs threat
While the volume of items purchased via mobile or the number of bills paid with an app is still relatively small overall, numbers for both are expected to continue to grow, with mobile expected to be a significant financial services and payment method in the near future.

As with new technologies such as mobile payments and mobile banking, the first to market often has an advantage.

Google Wallet was introduced last year as one of the first mobile wallet solutions to use Near Field Communication technology that enables users to tap their mobile devices at certain point of sale terminals to pay for a purchase.

Additionally, Citi was one of the first big banks to introduce an iPad mobile banking application in response to the growing adoption of tablets, in particular the iPad.

As both found out last week, the first-mover advantage comes with a price. However, the impact may not be significant.

“This is a fast moving industry with perceived advantages given to first movers,” said Drew Sievers, CEO of mFoundry, Larkspur, CA. “As a result, the rapid pace to innovate and deploy can lead to an increase in possible coding and quality assurance errors.

“I do not think that these two issues will impact the growth of mobile banking or payments,” he said. “As an industry, we are aware of, and care about, these sorts of things.

“But, truth be told, it takes very large, and very public, missteps to negatively impact this type of business.”

For those consumers who have adopted mobile payments and mobile banking, the perceived added convenience may outweigh any uncertainty caused by security flaws in the services.

Quick actions by Google Wallet and Citi to address the issue will also help to appease customers.

Google is reportedly working on a patch to fix the Google Wallet security flaws and is encouraging users to set up a screen lock. It is also asking anyone who loses their phone to call the company to disable it.

Citi has reportedly fixed the technical issue and is taking steps to reimburse customers.

“Within our own customer base we are seeing a huge uptake of mobile payments, and it’s becoming an immutable trend – people want to pay this way,” PaymentOne’s Mr. Lynam said.

“The risk in the eyes of the consumers is ultimately less than the reward, which is obviously about value and convenience,” he said.

“The brands are doing the right thing, and so consumers are going to feel like they’re covered and will keep up with their rapid pace of adoption.”

Other services
The security issues exposed by Google Wallet and Citi – which center around technology that users download and store on their mobile devices – could push consumers and companies toward other types of digital financial services that are cloud based or take advantage of Web-based technology as opposed to native applications.

“In the case of the Google Wallet hole this will give companies not only a reason to look at the cloud, but also to  look at solutions that do not require providing any sensitive financial information at all,” Mr. Lynam said.

“Mobile payment solutions like direct carrier billing eliminate the need to share any personal data which snuffs out the opportunity for identity theft and directly addresses privacy concerns,” he said.

“In regard to the Citi iPad app flaw, there is also an immutable shift to HTML5, which means developers are building for the open Web vs. building for specific native app stores to address these very issues, which have the potential to be more present in a walled garden, two-party world of the traditional app stores. Naturally, this moves more of the total solution into a cloud based model.”

Final Take
Chantal Tode is associate editor on Mobile Commerce Daily, New York