Visa has finally released their mobile-payment pilot with US Bank.

After the chip is inserted, smart phone users download an application housed on a secure server controlled by U.S. Bank. The application authenticates the user and his password. The application also links the phone to a payment vehicle. U.S. Bank employees’ phones will be linked to the U.S. Bank’s AccelaPay, a Visa-branded prepaid payroll card. “Bank employees have been depositing money into their card accounts,” Venturo said. Montise plc and FIS, formerly known as Fidelity National Information Services, two mobile payment-service providers, developed an application that enables smart phone users to make purchases and check account balances as part of the pilot.

You may remember the promotional video from last May that showed how to “Streamline Your Ballgame Experience”. It starts with a sports fan that lost his wallet and says life would be soooooo much easier if he could make payments with his phone and “much less stressful” to not have to “figure out how much money to bring”:

Why is it so hard to calculate how much money to bring?

I guess it is easier to spend your money if you do not calculate your budget ahead of time. This is, after all, a promotional video for living on credit.

Anyway, security feels misrepresented by these press releases and videos. Here is a good example:

The marketing makes a case for less risk because you do not have to carry cash but instead carry something that can easily be replaced — a chip that makes payments.

The problem with this analysis is that, instead of a limited amount of cash, you are carrying an expensive and easily stolen or broken smart phone.

When an iPhone gets ripped out of your hand or dropped on the ground, dumped in your beer, etc. there will not be any more payments made unless you carry a spare iPhone. Cash is a lot more resilient. You also are more likely to be robbed waving around your $400 iPhone with payment chip just to make $10 beer and hot dog purchases.

Losing either one could be equivalent, except for the fact that proximity cloning of a payment chip would mean you could “lose” it without even realizing that it has been stolen. This is similar to identity “theft” when you still have your identity but it also is being shared around the world by criminals for fraud.

Speaking of proximity attacks, the press release gives a funny example why they think a phone is a more convenient option for payments:

If successful, Gajda thinks the smart phone could replace the wallet because of the phone’s location in consumers’ clothing.

“The smart phone is much closer to your hand than a wallet,” he said, explaining that men keep their smart phones in their front pants pocket and their wallets in their back pants pocket.

Maybe they should have called it the man-payment?

What if I put my wallet in my front pocket and my phone in my satchel?

I want my payment chip in a holster on my side so I can out-draw others. Whip up charges faster than anyone else who might be trying to make a payment. Bling, bling, bling…

So I see inexpensive and convenient in the marketing campaign but not a lot of…security. Looks like it might be getting swept under the rug.