Tuesday, May 28, 2013
Many subscribers are using smartphones to handle tasks formerly conducted only on desktop computers, including online financial transactions. Indeed, smartphones and tablets are becoming default devices for browsing the Internet and making purchases online. An increasing number of merchants are using mobile devices at the POS, as well.
This mobile device penetration has created lucrative opportunities for merchants to market to their customers, but it has also provided tempting opportunities for hackers and criminals. According to a survey released May 20, 2013, by Andrew Seybold Inc., 69 percent of smartphone users said they use their devices to conduct financial transactions, and 65 percent use them for both personal and business transactions.
Yet only 4 percent are using mobile security applications on their smartphones, and 30 percent reported they are unlikely to install a security app on their devices. In discussing Mercator Advisory Group's recently released report, M-Commerce: Opportunities, Challenges, and Inevitability, Dave Kaminsky, a Senior Analyst in Mercator's Emerging Technologies Advisory service, stated, "While proximity-based wallets are receiving the lion's share of the publicity, mobile e-commerce (or m-commerce) is witnessing the vast majority of transaction volume."
And as m-commerce rises, the incidents of data theft are rising, too. According to data provided by security and compliance management company Trustwave, 90 percent of vulnerabilities common on desktop computers also exist in both Android and iOS devices, and in 2012, Android malware increased 400 percent. Yet less than one-third of app makers test their applications for such vulnerabilities before launching them.
Charles Henderson, Director of SpiderLabs at Trustwave, told The Green Sheet, "One of the big differences between computers and mobile devices is that great care has been given to make mobile devices easy to use. The tradeoff is that ease of use can become ease of poor decisions – the easier something is to use the easier it is to misuse. That's a powerful notion in security. The less thought you give to any number of things, the greater the likelihood you will make a bad security decision."
Criminals can install malware by simply attaching it to an email or text message. The phone function itself may be hijacked, rerouting calls to false banks or financial centers in other countries. Instructions for doing this are available on the Internet.
Despite this, a significant number of businesses and smart device users have a lackadaisical attitude toward security, especially when it comes to downloading mobile apps. Many consumers are much more security savvy when it comes to their desktop computers.
"Mobile device users may not recognize the potential security threat," said Jennifer Mazzanti, President of Mazzanti Technologies. "They suffer from a type of mobile myopia which leaves their device the perfect malware gateway."
There are many steps payment professionals can take to help ensure the security of m-commerce. It is most important to be vigilant and to remind merchants to be vigilant, too. In addition, here are some tips from researchers that you can provide to your merchant customers:
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.