1(630)802-8605 Ravi.das@bn-inc.net

As an American society, we thrive on using our credit cards.  Who wouldn’t?  I mean its an instant line of credit when we need to make a purchase from wherever and wherever, and its an instant source of cash advancements when we need it the most (arghh,  barring those horrible interest rates).

Because of this, our country probably has amongst the highest level of credit card debt in the world.  The average debt is about $20 for each American.

Given how much we use our credit card, this has become a prime source of attack for the Cyber hacker.  Even despite the best efforts of the major credit card companies to secure their credit cards (such as their secure chip – if it really works, who is to tell???), the Cyber hacker is always finding a new way in to get to your information.

Such is even in the case of the mobile wallet infrastructure.  This is the focal point of today’s blog: The credit card issuer.

From the perspective of the credit card issuer

This is the entity that actually issues and distributes the credit card to the end user.  From this angle, there are numerous Security breaches which can occur, which are as follows:

  • The compromise or eventual failure of the Payment Authorization Process:

In fact, this is one of the oldest types of threats that credit card issuers have always been on the lookout for.  For instance, Cyber attackers have always tried to compromise the Central Severs in which the Fraud Controls have been put into place.  One new trend that is emerging from this is the Cyber attacker now attempting to raise the credit or spending limits on the credit cards which have been authorized for Mobile Wallet based transactions.

  • The capture of actual credit card holder information and data:

Just like the threat last described, this vulnerability has also been around for a long time.  As the name of it implies, the primary goal here is to capture the confidential information of the credit card holder. This not only includes the actual credit card number itself, but also the Social Security number of the card holder. This can be accomplished either covert Social Engineering tactics, and the use of what is known as “Advanced Persistent Threats”, or also known as “APTs” for short.  If this method is used, it is the Encryption Keys which are primarily targeted, in an effort to decrypt the sensitive information and data which resides on the Central Servers of the issuer.

  • Payment Fraud: This occurs when a Cyber attacker is in actual possession of the Mobile Wallet information of the end user, and uses it to make unauthorized transaction, in a manner very similar to that of actual credit card fraud.  Although this has become more difficult to accomplish with the use of token technology (which was also described in detail in the first Mobile Wallet article), this is still a prevalent risk, as the sophistication of the Cyber attacker keeps increasing.

Starting next week, we will look at the specific threats which are posed to the Mobile Application Payment Providers and as well as Apple Pay.