As promised, in today’s blog, we continue to look at the components which make up a mobile wallet infrastructure. The reason that we are spending so much time on this is that although to the end user all they have to do is merely tap his or her iPhone or Samsung/Windows mobile device on the Point of Sale Terminal to make payment, there is a lot that happens behind the scenes as well.
Given this nature, the security threats and risks which are posed to a mobile wallet infrastructure are also multiplied on an equal level. Remember, any kink in the system will have a direct impact on you in the end. So here we go:
From the perspective of the Mobile Wallet Provider
This entity is the sub-component that actually creates and develops the Mobile Wallet app which is downloaded onto your Smartphone. As it was described earlier, Apple creates the Apple Pay platform, and other vendors create their own brands for the Samsung/Wireless devices, which of course use the Android Operating System.
In this regard, Mobile Wallet Providers are prone to all sorts of Cyber based threats, which include the following:
- Obtaining the Source Code and making attempts to Reverse Engineer it:
These kinds of attacks are more common if the Mobile Wallet app has been developed on a Closed Source platform versus an Open Source platform. The primary reason for this is that is there is more of a gain to be achieved for the Cyber attacker than with the latter. After all, with Open Source Code, everything is revealed, so there is not much motivation to reverse engineer a mobile based on this platform.
- Installing Malware in order to “Rootkit” the Mobile Wallet:
One of our previous articles went into detail about “Rootkitting” a Smartphone. Essentially, this means that bypassing or circumventing the existing Security features on the Smartphone in order to gain complete, one hundred percent administrative privileges to it. Most of the time, this involves misconfiguring the Configuration Profile. The same concepts that are used to “Rootkit” a Smartphone can also be applied to the Mobile Wallet application as well. But in this regard, it is not so much the Configuration Profile which is sought after, rather it is the APIs which are used in the Source Code.
Our series will continue next when we examine this from the merchant component of the mobile wallet infrastructure.