Payments 101: An Intro to Payment Security and Transaction Trends

By | July 10th, 2014|Uncategorized|

EMVThe security of transactions and payments is a hotly debated topic around the world. Which methods are most secure? Which should we all adopt? And why one over the other?

But before we start diving more into the debate on this topic, how about a simple introduction? Let’s define some of the major terms and security issues that you will often see discussed:

Magstripe:
This is a type of card that is capable of storing and transferring data within a magnetic stripe. The information is read by swiping past a magnetic reading head. If you’re in the US, this is likely what you are familiar with on your credit card, debit card, public transportation card or even ID card for your office. Typically, you are asked for your signature at a POS when using your magstripe card.

EMV:
EMV, which takes its name from Europay, MasterCard and Visa, is a global standard for payment cards that is based on micropressor chips. These are often called IC cards or “chip cards.” A computer chip is embedded in the card and associated with a PIN. The owner must supply the PIN to allow for the card’s processing. This use of a PIN to identify the owner is considered more secure than the use of a signature, as you use with magstripe cards.

Chip and PIN:
This is another name for EMV cards or the EMV standard.

CNP Transaction:
CNP stands for Card Not Present. This is a type of transaction made with a card in which the cardholder does not or cannot physically present the card to the merchant. For instance, CNP transactions often take place over the phone or Internet. CNP transactions can be major sources of credit card fraud, as it can be difficult for the merchant to authorize the user’s identity. When you make a purchase in person, you may be requested to prove your identity with a photo ID, signature or PIN. However, in a card not present transaction, there isn’t an easy way to authenticate you are who you say you are.

Contactless Payments:
Now we are seeing more instances of contactless payments, in which the user can wave a card, device or fob over the POS system to make the transaction. This type of payment uses radio-frequency. Near Field Communication (NFC), for instance, is a set of standards for smart devices to establish radio communication when in proximity with one another. Security risks include malware and interception of the transaction. However, since smart cards and devices often have more than one use, the owner only has to replace the one card or device if it is lost or stolen.

Keep an eye out on our blog, cyberSAFE webinar series and social media channels for more on this topic as we begin to take part in the debate. In the meantime, what do you think about each type of card? What about each type of transaction? Join the conversation on Twitter, Facebook and LinkedIn.

Security Implications – and Solutions – of Mobile Ecommerce

By | December 12th, 2013|Uncategorized|

Mobile Security PicMore than half of the U.S. adult population has a smart phone, the Pew Internet & American Life Project reports, and 25 percent of Americans older than 15 own a tablet. So it’s no surprise that more and more Americans are making purchases with their mobile devices. In fact, IBM found that mobile sales exceeded 17 perfect of total online sales on Cyber Monday this year, which was an increase of 55.4 percent compared to the year prior. What does this mean for mobile security? What are the implications for businesses when consumers make transactions via mobile devices? The risks are many, but there are solutions and prevention tips businesses can use to avert security mishaps.

Mobile malware has grown extensively this year. In the third quarter of 2013 alone, the F-Secure Mobile Threat Report found that the number of mobile malware threats rose 16 percent. When consumers make mobile purchases on a device plagued with malware, cyber criminals can gain access to their login credentials and other personal information stored on their phone or in your email. This can lead to stolen credentials and unwarranted purchases. Additionally, consumers’ poor password habits – especially on mobile devices – can also lead to unwanted cyber attacks.

To circumvent security risks, businesses can require shoppers to create strong login credentials and passwords. On average, it takes a hacker 11 minutes to crack a password with numbers and letters; when you add punctuation, it could take them years to hack. Businesses can also require users to use multi-factor authentication, or a second step to log into an account, such as responding to an email, text message or security question before logging into your site. Lastly, businesses should always monitor customers’ information online. If a hacker has breached a major organization, you may have mutual customers who have used repeat passwords. If this is the case, the hackers may use the compromised customers’ login information to access information on your site. Use a monitoring service to keep an eye on customer data in the depths of the Internet.

What additional tips do you have for businesses regulating against mobile ecommerce threats? Do you anticipate that this mobile ecommerce trend will continue to rise? Let us know what you think on Twitter or Facebook, and take a look at our news Tumblr.

Mobile Apps: Protect Your Children’s Privacy and Identity

By | December 12th, 2012|Uncategorized|

This week the FTC released an alarming reporton mobile apps, announcing that hundreds of popular smartphone and tablet apps aimed at children are collecting personal data and sharing without proper disclosure to parents. Of the 400 apps surveyed from Apple’s App Store and the Google Play Store for Android, 60 percent sent the devices’ ID to third parties such as ad networks and analytics companies. Some of these ad networks are even storing this ID with more sensitive data such as email addresses and passwords.

This report has sparked a larger discussion among parents and industry professionals on how to combat these privacy and security concerns. Some of these apps are encouraging children to share personal information on social networking sites without providing any privacy notices. This topic highlights the importance of another issue – monitoring your child’s identity to protect them from the risk of identity theft. Below we’ve suggested some ways to equip your child with the proper tools to protect their identity when using a mobile device.

Educate

A recent study found that 72 percent of the 100 top-selling education apps in Apple’s App store were aimed at preschoolers and those in elementary school. Kids are being equipped with technology from a very early age. Parents need to provide children with an honest discussion on cybersecurity and the risks involved when providing personal information via an app to a social media site or the app itself.

Secure

To protect your child’s device, install a security app like Lookout. This will help protect them from downloading a bad app or visiting a malicious website. In addition, security apps can show you which apps can access your location and personal data.

Authenticate

The final measure of defense in protecting your child’s personal data is to use a strong password. A weak password (or no password) provides cybercriminals with the breadcrumbs necessary to accessing your personal data. Practice strong password habits by creating alphanumeric passwords with punctuation. 

Share your thoughts on mobile device privacy and security with us on Facebook and Twitter.

Load More Posts