Sorry for the delay for today’s blog! I am actually looking for a new job right now, thus the delay. Anyways, in our last posting, we examined some of the critical components of Apple Pay, right now the leading mobile payment platform.
But keep in mind, you are just interfacing with the mobile app part of it. There is a lot more that goes to it, which the next series of blogs will now examine, as well as some of the security vulnerabilities that are associated with these individual pieces.
It is important to keep in mind that there is a distinction to be made between a Mobile Payment and a Mobile Wallet. With the former, you are actually entering in your credit card information (unless you have it stored in your account, like that of Amazon) at the final point in the E-Commerce transaction in order to complete the checkout process.
Thus, there is no intermediary that is actually involved.
With the latter, you are using a specialized form of a mobile wallet to make the payment for you, so thus, it becomes an intermediary. As a result, the Security vulnerabilities of the two different types of payments thus greatly differ.
For example, with the Mobile Payment, the main threat is when you transmit your information, there is the real risk that a Cyber attacker could covertly capture that specific information.
But with the Mobile Wallet, the entire payment infrastructure is at risk, thus exposing the Mobile Wallet to an entire array of Security threats and risks. This can be depicted in the illustration at the top of this posting.
We will now examine all of the Security threat vectors that are present to all of the sub components which are depicted above:
From the perspective of the end user
If you think about it, this is probably one of the most important sub components in the entire Mobile Wallet Infrastructure. True, the end user is very much exposed to the technical side of the threat vectors, such as rogue mobile applications, Malware, and even Spyware being covertly installed onto the Smartphone.
But, the end user is also prone to Social Engineering attacks as well. For example, there is the risk of Phishing E-Mails (this has become a prevalent issue yet once again, given the fact of how many individuals use their Smartphone to receive and send E-Mail).
But, there is also the old-fashioned trick of a crank call to the end user, and convincing he or she to share their private/confidential data, and even giving out their financial information as well.
We will stop here and let you digest this for right now. We will continue with the mobile wallet provider component provider tomorrow.