A Thing
The Green SheetGreen Sheet
Subscribe
Sign in

The Green Sheet Online Edition

October 26, 2015 • Issue 15:10:02

Readers Speak

Probing mobile app security flaws

How secure are mobile-payment apps, and who makes sure the companies behind them are doing all they can to keep merchant and consumer data safe? The Clearing House, an advocacy group owned by the world's largest commercial banks, is raising those questions and others in a new report titled Ensuring Consistent Consumer Protection for Data Security: Major Banks vs. Alternative Payment Providers (www.theclearinghouse.org/publications/2015/ensuring-consistent-consumer-protection-for-data-security-white-paper).

The report argues that while these providers are subject to some data-security requirements, they don't face the more extensive regulatory oversight banks do when it comes to cybersecurity. That makes it easier for security flaws to go undetected until a breach actually happens.

I recently interviewed Gary Miliefsky, Chief Executive Officer of SnoopWall, a company that specializes in cybersecurity (www.snoopwall.com), and I believe his insights would be of interest to your readers. "These alternative-payment methods certainly are providing something that consumers want, which is a convenient way to make payments," Miliefsky said. "But I don't think most of those consumers would be too thrilled to know that these companies might not be subject to the same demanding data-security requirements their banks deal with." Waiting to act after a breach happens is too late, because at that point, customers are at risk of becoming victims of fraud or identity theft. "Unfortunately, a lot of companies don't realize just how vulnerable their apps are and what the potential is for leaking their customers' personal information," Miliefsky noted.

In its report, the Clearing House made several recommendations and observations, including these related to legislation that would establish additional data-security requirements for alternative-payment providers:

  • Data Security Act of 2015: This proposed law would establish flexible and common-sense standards for firms of all sizes to follow to secure consumers' sensitive financial information and prevent breaches. The law would also give the Federal Trade Commission express enforcement authority in this area, while making clear that the standards are not applicable to financial institutions already subject to similar requirements from banking regulators.
  • More resources: To exercise any new authority successfully, the FTC would need more resources to properly staff investigations and enforcement actions.
  • Better security: Additional legislation might make it clear that alternative-payment providers are subject to the same type of scrutiny with respect to data security as banks. That could be done by directly giving the FTC or the Consumer Financial Protection Bureau examination authority, or by directly requiring the CFPB to enact rules defining larger participants in the alternative-payment industry.

If they aren't already, and regardless of any proposed legislation, the alternative-payment providers should look into better ways to protect their mobile apps from hackers intent on doing harm, Miliefsky said. "These alternative-payment apps are a great convenience," he said. "But if they aren't secure, the result could be a huge inconvenience for their users."

Brittany Thomas, News and Experts

Brittany,

Thank you for bringing this to our attention. If they haven't already done so, our readers will want to alert their merchant customers to potential data security issues associated with the mobile apps they may use.

Editor

Sound off

Would you like to alert our readers to important issues in payments? Let us know at greensheet@greensheet.com. end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
Facebook
Twitter
LinkedIn

Current Issue

View Archives
View Flipbook

Table of Contents

Lead Story
Advisory Board: Assessing the U.S. EMV rollout - Part 1
News
Industry Update
PCI SSC delivers data breach guidance
AFP finds strong interest in electronic B2B payments
Chinese hackers breach LoopPay
New Yorkers round up to close hunger gap
Commodities traders toss rulebook at Coinflip
Features
The outlook for EMV
The Mobile Buzz: Emerging phablet phenomenon
Views
The very point of sale: EMV's teachable moment
Dale S. Laszig , DSL Direct LLC
Through The Fires, the autobiography of Robert Owen Carr
Brandes Elitch , CrossCheck Inc.
Education
Street SmartsSM:
After the deadline, MLSs share thoughts on EMV - Part 2
Jeffrey I. Shavitz , TrafficJamming LLC
Reconciliation and settlement systems
Chandan Mukherjee , PayCube Inc.
The liability shift is here - now what?
Michael Gavin , Cayan
Company Profile
Harbortouch
QuarterSpot
New Products
A platform to protect, enhance critical infrastructure
ThetaRay Analytics Platform , ThetaRay
Safe, simple, efficient online checkout
PAAY , PAAY LLC
Inspiration
Go forth and find your fortune
Departments
Letter From the Editors
Readers Speak
Resource Guide
Datebook
A Thing