Search
Close this search box.
Blog » Business Tips » Hacking in Mobile Payments Space

Hacking in Mobile Payments Space

Whether it’s an app, digital wallet, social peer-to-peer platform, or mobile POS or NFC system, mobile payments are the future of payments. However, privacy and security concerns have prevented mobile payments from going mainstream.

Take for example the 2015 holiday season. A survey conducted Inside Secure found that despite an increase of users planning to make in-store holiday purchases with their mobile device from 33% to 40%, a whooping 70% of respondents claimed that they would not use their smartphones to make a purchase over concerns of identity theft.

Another survey released from the Federal Reserve found similar findings. The report stated, that “Concern about the security of the technology was a common reason given for not using mobile banking or mobile payments (62 percent and 59 percent, respectively, of non-users).”

Even those in the cybersecurity industry have reservations with the security of mobile payments. According to ISACA’s 2015 Mobile Payment Security Study, almost half of the professionals believed that mobile payments are not secure. In fact, those 87% surveyed believe that they expect to see an increase in mobile payment data breaches within the next year.

As the mobile payment space continues to expand, the threat of hacking remain a serious and viable threat. And, it will continue to be that way until the landscape changes.

Mobile Payments Are Vulnerable

Not to scare you, but there have already been a number of mobile payment platforms that have been jeopardized. As Troy Leach, CTO of PCI Security Standards Council, states in Forbes, “The risk is that there are many different ways payments can move through the mobile payment platform from SIM, to host card emulation (HCE,) to in-app purchases.” Leach also said, “Each unique type of transaction requires unique risk for how criminals may attempt to circumvent controls to steal cardholder data or commit fraud.”

Over the last couple of years, mobile payment systems, as the following, have been compromised:

  • Google Wallet has had it’s fair share of hacks in the past, such as the 2012 hack that exposed user’s PINs.
  • The Starbucks app was hacked in May 2015 which automatically withdraw funds from user’s bank, credit, or PayPal accounts.
  • CurrentC was jeopardized in 2014 after the email addresses of pilot participants.
  • Slate discovered in early 2015 that the accounts of users on the popular mobile-payment solution Venmo had been hacked, which resulted in their accounts getting drained.
  • Fraudsters were able to hack into Apple Pay accounts when users were first inputting their credit card information.
  • LoopPay, the core of Samsung’s mobile payment system, was broken into in 2015 by state-sponsored Chinese hackers. While no information was stolen, it’s believed that the group left backdoors so that they could reenter the system.

That’s not to say that platforms offered from Apple, Google, Samsung, and others have not addressed this issue. Apple Pay, example, uses tokenization and it’s Touch ID to replace credit card numbers and passwords to increase security.

However, because some platforms, such as Google, store credit card information in the cloud, hackers can still break into the system – even if tokenization is used. As Sharon Profis states in CNET, “anything that operates in the cloud — instead of locally — is automatically more vulnerable to security attacks.”

How to Secure Payments From Hackers

One way to secure mobile payments is to introduce legislation and regulations. The Clearing House (TCH) white paper, Ensuring Consistent Consumer Protection for Data Security: Major Banks vs. Alternative Payment Providers, suggests that these regulations focus on:

Data Security Act of 2015.

This is a proposed law that would establish “flexible and common-sense standards for firms of all sizes to follow in order to secure consumers’ sensitive financial information and prevent breaches.”

More resources.

Provide the FTC with more resources to properly staff investigations and enforcement actions.

Better security.

Require alternative-payment providers to have the same level of security as banks. For example, giving the FTC or the Consumer Financial Protection Bureau examination authority.

Another suggestion from IBM Master Inventor Christopher Hockings is to integrate the following:

Access Management:

A set of services that, among other capabilities, provide authentication and user context-based decisions for Web and RESTful Web services. When used with the aforementioned capabilities, products in this domain must provide the risk-based framework for authorizing users on devices using particular app code to perform transactions. It must provide this capability along with a set of industry-standard authentication mechanisms for authenticating user

Fraud Protection:

Fraud protection services ensure the status of the connecting device is known. This includes the identification of an individual device and attributes of the device, such as jailbroken, rooted, malware infection status, installation of rogue applications and the use of root-hiding tools. It provides quantitative, risk-based trustworthiness metrics that reflect the device’s operating state

Application Security:

Application protection wraps the app code to ensure executable code authenticity. For example, the app being used on the device has not been tampered with.

You can also take several simple security measures on your own that can protect your mobile platform system.

  • Keep your actual mobile device secure by adding extra layers of security by having a strong password, using biometrics, and being able to remotely shutdown your device. The same is true when using your mobile payment platforms.
  • Only download trusted and secure mobile payment apps.
  • Be cautious on public Wifi connections by using a VPN (Virtual Private Network) service.

Finally, hackers could be thwarted if more mobile payment platforms embrace blockchain technology. Blockchain apps are hyper-secure because third-parties are removed from transactions, each token has a unique code known only to the parties involved, and each transaction is recorded on a public ledger. It also takes a lot of energy to break blocks free.

About Due’s Editorial Process

We uphold a strict editorial policy that focuses on factual accuracy, relevance, and impartiality. Our content, created by leading finance and industry experts, is reviewed by a team of seasoned editors to ensure compliance with the highest standards in reporting and publishing.

TAGS
CEO at Due
John Rampton is an entrepreneur and connector. When he was 23 years old, while attending the University of Utah, he was hurt in a construction accident. His leg was snapped in half. He was told by 13 doctors he would never walk again. Over the next 12 months, he had several surgeries, stem cell injections and learned how to walk again. During this time, he studied and mastered how to make money work for you, not against you. He has since taught thousands through books, courses and written over 5000 articles online about finance, entrepreneurship and productivity. He has been recognized as the Top Online Influencers in the World by Entrepreneur Magazine and Finance Expert by Time. He is the Founder and CEO of Due.

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.

Categories

Top Trending Posts

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More