In today’s blog posting, we look at the security threats which are posed to other critical parts of the mobile wallet infrastructure: The Payment Service Provider and the Acquirer. The former actually authenticates the Apple Pay customer to the transaction he or she is conducting, and the latter actually further processes the transaction.
Just keep in mind, that everybody is vulnerable to very sophisticated and extremely covert Cyber attacks in this process. So read all this carefully!!!!
From the perspective of the Payment Service Provider
This subcomponent of the Mobile Wallet Infrastructure sends the credit card information from the merchant’s Point of Sale Terminal to their respective financial institution in order to further process the Mobile Wallet transaction which was just initiated.
Although the Payment Gateways have been a long-favored target, a newer attack vector is that of the network connections between the merchant and the Payment Service Provider.
Although these connections are reasonably secure through the use of Secure Sockets Layer and Virtual Private Networks (VPNs), the Cyber attacker of today is very sophisticated and is constantly trying to find ways to get into these network connections.
Once in, the favored type of attack is once again the Man in the Middle Attack.
From the standpoint of the Acquirer
These are the actual financial institutions that process the Mobile Wallet payment, after it has been received by the Payment Service Provider. In this regard, the main point of interest for the Cyber attacker are the servers which contain the financial information and data of the end user.
In order to get into the system, the Cyber attacker tries to determine and ascertain any weaknesses which can be found in the Security defense perimeters. They can also launch their attacks by installing rogue backdoors and from there install Malware files into the primary servers in order to get this valuable information/data. Also, covert Repudiation Attacks can occur.
A Repudiation Attack can be defined as follows:
“Repudiation is the ability of users (legitimate or otherwise) to deny that they performed specific actions or transactions.”
This is when a legitimate Mobile Waller transaction can be covertly reversed. As a result, the issuing bank of the credit card automatically puts a hold on the credit card, and the end user is greatly inconvenienced by having to get a new credit card.
In tomorrow’s blog, we look at the last component of the mobile wallet infrastructure: The Payment Network Provider.