Digital Wallets in the Crosshairs

By | May 15th, 2015|Uncategorized|

Digital WalletsDigital wallets have been a hot topic for us lately. Their use is growing and like all things when it comes to cyber security, online criminals always follow the money. Kaspersky Labs said it best:

“Enthusiasm over this new payment platform (Apple Pay) is going to drive adoption through the roof and that inevitably attracts many cyber criminals looking to reap the rewards of these transactions.”

This “follow the money” mentality was exhibited this week after news came to light of a brute force attack against individual Starbucks mobile wallet accounts. Thieves have been taking advantage of two things to hack in to Starbucks app accounts: consumers’ bad password habits and the ability to try different passwords on the Starbucks app without being locked out. Thieves have been purchasing email addresses and passwords on the underground black market and then using programs to try out these passwords on high-value sites like the Starbucks app. These programs can try hundreds of login combinations in a matter of seconds, and they only need one consumer that has reused credentials to cash in.

We saw a similar process happen to Jomoco – a fictitious small business we created to see just how quickly a small business can be brought down by hackers. Fictional Jomoco employee, Rachel, was guilty of reusing email addresses and passwords across multiple accounts. When we leaked her email address and password for her personal email account on the online black market one of the first things the hackers did was try it out on other sites. They quickly discovered that they could also access her business email account, which happened to host sensitive business information. Long story short, Jomoco was compromised in every way possible in less than an hour – all because Rachel reused passwords. You can read more about Jomoco on our website.

If you use a mobile wallet – whether it’s the Starbucks app or Apple Pay – always use a unique, secure password and turn on two-factor authentication if it is offered. Similar to how we saw a rise in POS breaches in 2013 and 2014, we fully expect to see a growing number of incidents and breaches involving mobile wallets in 2015, especially as consumers and businesses continue to figure out best security practices for this new technology.

Are you hesitant to use digital wallets? How do you combat reusing passwords across multiple sites? Let us know what you think on Facebook, Twitter and LinkedIn!

News Recap: Rise of Mobile Payments Dominates Security Concerns for 2015

By | January 8th, 2015|Uncategorized|

SecurityAs experts weighed in this week with their predictions on security trends that will shape the coming year, the growth of mobile payments and mobile banking quickly emerged as a popular topic of focus.

Steve Weisman of USA Today shared his predictions on top cyber trends to come in 2015, among them, the concern that as personal banking and financial transactions become “increasingly mobile,” they will become a larger target of hackers. Weisman points to Europe (which has implemented mobile banking for longer) as an example, saying we can learn from the issues the country has faced with hackers “even being able to defeat dual factor identification.” Weisman advises that “malicious apps that are unwittingly downloaded” are often a root cause of smartphone security, and that “limiting sources for apps to legitimate vendors can help limit vulnerability.”

Stuart Dredge of the Guardian also expressed his concerns with mobile payments, stating that “several security companies expect cyber criminals to crack [Apple Pay] and its rival services in 2015.” Dredge points specifically to the fact that cyber criminals will be looking for flaws in these newer systems, especially if user adoption picks up in 2015, as “hackers tend to attack popular platforms where the yield is likely high.”

Forbes contributor Sue Poremba also highlighted attacks against virtual payment systems as a key concern for 2015. Quoting Patrick Nielsen of Kaspersky Lab, Poremba writes that cyber criminals will focus on “attacks against banks/virtual currency operators, the end users and their devices, and everything in-between.” Nielsen comments that we have already seen “examples of malware stealing virtual wallets from users’ devices.”

When considering the biggest security trends to come this year, is the rise of mobile payments on your list? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Load More Posts