Whenever we go shopping either online or at an actual brick and mortar store, our first rounds of fears hit is when we actually enter in our credit card information, and then hit the “submit” button; or in the case of the latter, when we swipe our credit card through the register.
I am actually a witness to the latter, as when I was shopping once at Wal Mart, my credit card was hacked into and used in three different locations located hundreds of miles apart from one another.
There is no doubt that these fears are real, and are founded. After all, given the sophistication of the Cyber attacker of today, anything is literally fair game.
These grave security risks even continue with a mobile wallet infrastructure. In today’s blog, we look at this issue, and what the potential security breaches the merchant faces when they use Apple Pay.
From this angle, the most common Cyber related threats which are posed to this subcomponent is the installation of Malware on the Point of Sale (PoS) terminals. Really, there is nothing new about this, as we have seen large scale Malware attacks at the retail giants of Home Depot and Target.
The primary goal of this is to covertly hijack the credit card data of the end user who has had their card swiped at the PoS. But keep in mind, with the Mobile Wallet Infrastructure, the end user is not actually swiping their credit card, rather the payment is being made from the Mobile Wallet app, and the financial information is transmitted on the Near Field Communications (NFC) wireless protocol.
It is at this point that the Cyber-attacks are targeted towards. Keep in mind that at the present time, NFC is an unencrypted protocol, so any information and data which is sent across it sent in Cleartext.
So, in this regard, the most common Cyber based threat is that of the “Man in the Middle Attack”. All a need is a Network Sniffer, and to be in close range when a Mobile Wallet transaction is actually being carried out.
Another eminent Cyber based threat in this regard is that of the “Relay Attack”. Malicious software can be installed on the end user’s Smartphone, and thus can be used to relay specific commands to the Card Emulator (this is actually used as a proxy on the POS).
This has been a known problem on the Smartphones which make use of the Android Operating System in testing environments. It has been shown that a Cyber attacker can easily conduct unauthorized payments.
So, the bottom line is as a merchant, make sure you take extra efforts to secure the NFC protocol that you are using and that your POS Terminals are up to date with the latest anti malware software! Better yet, get a penetration test done to make sure that you uncover and plug up any unforeseen holes and vulnerabilities!!!