The Green Sheet Online Edition
June 10, 2013 • Issue 13:06:01
Rethinking mobile security
According to research conducted by MobiThinking.com, there will be more than 6.9 billion cell phone subscribers globally by the end of 2013. Considering that the population of the planet is estimated at just over 7 billion, this number is staggering.
Many subscribers are using smartphones to handle tasks formerly conducted only on desktop computers, including online financial transactions. Indeed, smartphones and tablets are becoming default devices for browsing the Internet and making purchases online. An increasing number of merchants are using mobile devices at the POS, as well.
Opportunities and risks
This mobile device penetration has created lucrative opportunities for merchants to market to their customers, but it has also provided tempting opportunities for hackers and criminals. According to a survey released May 20, 2013, by Andrew Seybold Inc., 69 percent of smartphone users said they use their devices to conduct financial transactions, and 65 percent use them for both personal and business transactions. Yet only 4 percent are using mobile security applications on their smartphones, and 30 percent reported they are unlikely to install a security app on their devices.
In discussing Mercator Advisory Group's recently released report, M-Commerce: Opportunities, Challenges, and Inevitability, Dave Kaminsky, a Senior Analyst in Mercator's Emerging Technologies Advisory service, stated, "While proximity-based wallets are receiving the lion's share of the publicity, mobile e-commerce (or m-commerce) is witnessing the vast majority of transaction volume."
And as m-commerce rises, the incidents of data theft are rising, too. According to data provided by security and compliance management company Trustwave, 90 percent of vulnerabilities common on desktop computers also exist in both Android and iOS devices, and in 2012, Android malware increased 400 percent. Yet less than one-third of app makers test their applications for such vulnerabilities before launching them.
Perfect malware gateway
Charles Henderson, Director of SpiderLabs at Trustwave, told The Green Sheet, "One of the big differences between computers and mobile devices is that great care has been given to make mobile devices easy to use. The tradeoff is that ease of use can become ease of poor decisions - the easier something is to use the easier it is to misuse. That's a powerful notion in security. The less thought you give to any number of things, the greater the likelihood you will make a bad security decision."
Criminals can install malware by simply attaching it to an email or text message. The phone function itself may be hijacked, rerouting calls to false banks or financial centers in other countries. Instructions for doing this are available on the Internet.Despite this, a significant number of businesses and smart device users have a lackadaisical attitude toward security, especially when it comes to downloading mobile apps. Many consumers are much more security savvy when it comes to their desktop computers.
"Mobile device users may not recognize the potential security threat," said Jennifer Mazzanti, President of Mazzanti Technologies. "They suffer from a type of mobile myopia which leaves their device the perfect malware gateway."
What you can do
There are many steps payment professionals can take to help ensure the security of m-commerce. It is most important to be vigilant and to remind merchants to be vigilant, too. In addition, here are some tips from researchers that you can provide to your merchant customers:
- Know that although a mobile app may be available, it hasn't necessarily been vetted or tested. Only allow automatic updates on trusted apps.
- If you see a free version of a popular app, approach it with caution. These are often dangled to encourage users to download code that can damage their devices or steal their data.
- Just as you wouldn't use the default password for a POS device, don't use the default password for your voicemail. Create a unique password that is difficult to break. For example, iPhones use four-digit passwords that can be easily hacked in a short time. Some devices offer programs that automatically erase contents after a set number of failed attempts to enter a pass code.
- Though your mobile device may seem magically easy to use, it pays to take the time to consider all aspects of security before using one in your business (or allowing employees to do so), making online financial transactions or downloading any app.
- And, as always, adhere to the regulations and guidance found in the Payment Card Industry Data Security Standard and related security standards.
For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.