SecurityMetrics, profile picture
Uploaded bySecurityMetrics
1,208 views

Mobile Processing: The Perfect Storm for Data Compromise

The document discusses the rapid growth of mobile payment processing and its vulnerabilities to data compromise, highlighting that 1 mobile device exists for every 5 people globally. It outlines security issues stemming from mobile malware, particularly through apps, and emphasizes the need for improved security practices in mobile processing. Key recommendations include encryption, regular updates, and employee training to enhance mobile payment security.

Embed presentation

Mobile Processing: The Perfect Storm for Data Compromise
Currently 1 mobile device for every 5 people on the planet. }{
30 million businesses accept payments 2 billion Visa cards $80 billion total transactions $6.3 trillion in total volume 1958 2013 First merchant transaction THEN… NOW…
Mobile Processing It has been estimated that mPOS could expand payment card acceptance up to 19 million businesses and increase new-card payments by $1.1 trillion by 2015.
Micromerchants love mobile processing (mPOS) – Convenient – Cost effective – Easy implementation – Low barrier of entry
Of the small businesses that use mobile devices, 1/5 use them to accept payments
Let me explain… …our definition of mobile processing.
Mobile Wallets Mobile Processing
THE PROBLEMMOBILE POS
Card Reader Dongle + App{ }
Sled/Keypad + App}{
App Only }{
Picture/Video/Scanning App}{
THE PROBLEMPROBLEM: HACKERS
Usernames Internet history Security question answers Bank account number Passwords Health data PIN numbers Credit card number What Data Do People Store On Their Device?
Hackers Want Data They… • Steal data • Sell it to other cybercriminals for a profit • Use it to create fake credit cards
32% of mobile malware created in 2012 was designed to steal information from your device.
THE PROBLEMPROBLEM: TECHNOLOGY
“Mobile is so technologically advanced, its got to be secure against hackers…right?”
Mobile vs. POS • POS terminal – Firewall-controlled environment – Limited access to Internet – Built for payments
Mobile vs. POS • Smartphone/tablet – No firewalls – Internet always available – Built for convenience – Insecure OS – Mobile malware – SMS threats
In a nutshell, phone operating systems have less security than computers or typical POS terminals
THE PROBLEMPROBLEM: THREATS
Apple and Google are about to reach 50 billion total unique app downloads.
Malicious App Malware • Write code into new apps • Or write code into old apps and repackage • Collect personal data, change settings, read from card readers
Open source development • Good for app creation • Bad for security Susceptible to malware in other ways • URLs redirect users to malicious sites
In 2012, 97% of malware was designed specifically to attack Android & 32.8 million devices were infected.
Meet Tom • Uses smartphone to process cards • Downloads flashlight app • App has malware • Customer’s data stolen
THE PROBLEMBEST PRACTICES
A more secure processing future… • Process cards on one chip • Browse Internet, text, use apps on the other Dual processing
Who is Responsible for Mobile Security? • Regulated by PCI Council • Mobile Payment Acceptance Security Guidelines
6 Best Practices Encrypt at type/swipe 1 2 3No manual card entry Update apps and OS { }
6 Best Practices Install apps via official sources 4 5 6Employee mobile training Mobile scans }{
• Android & iOS app • Scans for threats that originate from: – Mobile malware – Wi-Fi networks – Account data access – NFC – Bluetooth
Malware will target cardholder data Don’t wait for PCI DSS mobile requirements Make mobile processing safer by following best practices Acquirers and vendors must offer secure solutions
THE PROBLEMQUESTIONS? mobilescan@securitymetrics.com

More Related Content

PDF
Article on Mobile Security
byTharaka Mahadewa
 
PDF
Mobile Apps and Security Attacks: An Introduction
byNagarro
 
PDF
Comparative Study on Intrusion Detection Systems for Smartphones
byiosrjce
 
PPTX
IoT Overview
byMohamed El-Refaey
 
DOCX
India and its wall of data security
byAshish Jhalani
 
PDF
New trends in Payments Security: NFC & Mobile
bySISA Information Security Pvt.Ltd
 
PPTX
Internet of Things
byMphasis
 
PPTX
Internet of Things
byMphasis
 
Article on Mobile Security
byTharaka Mahadewa
 
Mobile Apps and Security Attacks: An Introduction
byNagarro
 
Comparative Study on Intrusion Detection Systems for Smartphones
byiosrjce
 
IoT Overview
byMohamed El-Refaey
 
India and its wall of data security
byAshish Jhalani
 
New trends in Payments Security: NFC & Mobile
bySISA Information Security Pvt.Ltd
 
Internet of Things
byMphasis
 
Internet of Things
byMphasis
 

What's hot

PPTX
Emerging trends in computer science and related technologies
bySidraAfreen
 
PPTX
Trylogic- Cyber security by Vikalp Sharma- FDP Presentation July 9 2020
byVikalp Sharma
 
PPTX
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
byIBM Security
 
PPTX
Internet of Robotic Things
byAl-Mustafa University College
 
PDF
Sholove cyren web security - technical datasheet2
bySHOLOVE INTERNATIONAL LLC
 
PPTX
The Future is Internet of Things (IOT)
byAdnyesh Dalpati
 
PPTX
Smartphone and mobile device safety & security
byAlbanMichael
 
PDF
Beam Internets Everything: The Only Unified Messaging Platform that Connects ...
byWithTheBest
 
PPTX
Internet cybercrime,ebanking and security
byDheeraj Kumar Tiwari
 
PDF
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
byn|u - The Open Security Community
 
PPTX
Internet of Things
byMphasis
 
PDF
Securing 3-Mode Mobile Banking
byJay McLaughlin
 
PDF
Mobility, Security and the Enterprise: The Equation to Solve
byIcomm Technologies
 
PPTX
How To Develop IoT Mobile Applications
byAshish Kumar
 
PDF
776 s0005
byoscarh1986
 
PDF
Cyber Security Awareness Challenge: In India
byIRJET Journal
 
PDF
Secure your Future with IoT Security Testing | Application Security
byCigniti Technologies Ltd
 
PPTX
Follow the Money, Follow the Crime
byIBM Security
 
PPTX
Iot
bybittumithu
 
Emerging trends in computer science and related technologies
bySidraAfreen
 
Trylogic- Cyber security by Vikalp Sharma- FDP Presentation July 9 2020
byVikalp Sharma
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
byIBM Security
 
Internet of Robotic Things
byAl-Mustafa University College
 
Sholove cyren web security - technical datasheet2
bySHOLOVE INTERNATIONAL LLC
 
The Future is Internet of Things (IOT)
byAdnyesh Dalpati
 
Smartphone and mobile device safety & security
byAlbanMichael
 
Beam Internets Everything: The Only Unified Messaging Platform that Connects ...
byWithTheBest
 
Internet cybercrime,ebanking and security
byDheeraj Kumar Tiwari
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
byn|u - The Open Security Community
 
Internet of Things
byMphasis
 
Securing 3-Mode Mobile Banking
byJay McLaughlin
 
Mobility, Security and the Enterprise: The Equation to Solve
byIcomm Technologies
 
How To Develop IoT Mobile Applications
byAshish Kumar
 
776 s0005
byoscarh1986
 
Cyber Security Awareness Challenge: In India
byIRJET Journal
 
Secure your Future with IoT Security Testing | Application Security
byCigniti Technologies Ltd
 
Follow the Money, Follow the Crime
byIBM Security
 
Iot
bybittumithu
 

Viewers also liked

PPTX
SiSense and Salesforce
byFutureBI
 
PDF
MOOD 13 Preview
byTrendslator
 
PDF
Aprovechamiento turistico recreativo-de_la_cooperativa__de_la_costa_(1)
byJulián Zanelli
 
PPT
10piestesperdesenvopuparactvs tic
bycpnapenyal
 
PPTX
Herramientas
byJeimmy19
 
PDF
Eirl aportedinerario
byjacsquimico
 
PDF
ApresentaçãO De Resultados 2 T08
byProfarma
 
PDF
APIMEC 1T07 MAIO
byProfarma
 
PDF
Tarea 7
bysamvilpal
 
PDF
Agresividad infantil
byMarieta1308
 
PPTX
Biología 201101 grupo_161
byguisao11
 
PPS
CINAHL [Guia d'ús]
byBibliotecaHUVH
 
PPTX
3projects together angel
byConci Mazzullo
 
PPTX
Diapositivas (2)
bycarola0997
 
PPTX
mi vida
byGiselle011997
 
PPTX
Współpraca ze złem
byNatalia Tendaj
 
PPTX
desember
byNafies Adintha
 
DOCX
Adryana
bysarabyady
 
DOCX
Cartilla
byWlliamMoreno
 
PPTX
Hallowen in my head
bylopezdeabetxukoander
 
SiSense and Salesforce
byFutureBI
 
MOOD 13 Preview
byTrendslator
 
Aprovechamiento turistico recreativo-de_la_cooperativa__de_la_costa_(1)
byJulián Zanelli
 
10piestesperdesenvopuparactvs tic
bycpnapenyal
 
Herramientas
byJeimmy19
 
Eirl aportedinerario
byjacsquimico
 
ApresentaçãO De Resultados 2 T08
byProfarma
 
APIMEC 1T07 MAIO
byProfarma
 
Tarea 7
bysamvilpal
 
Agresividad infantil
byMarieta1308
 
Biología 201101 grupo_161
byguisao11
 
CINAHL [Guia d'ús]
byBibliotecaHUVH
 
3projects together angel
byConci Mazzullo
 
Diapositivas (2)
bycarola0997
 
mi vida
byGiselle011997
 
Współpraca ze złem
byNatalia Tendaj
 
desember
byNafies Adintha
 
Adryana
bysarabyady
 
Cartilla
byWlliamMoreno
 
Hallowen in my head
bylopezdeabetxukoander
 

Similar to Mobile Processing: The Perfect Storm for Data Compromise

PPTX
CS_UNIT 2(P3).pptx
byGaytriDhingra1
 
PDF
Securing Mobile Apps - Appfest Version
bySubho Halder
 
PDF
Mobile App Security Testing: Tools, Techniques & Insights
bydigitaljignect
 
PDF
Can You Steal From Me Now? Mobile and BYOD Security Risks
byMichael Davis
 
PPTX
Mobile security trends
byKen Huang
 
PPT
Mobile app Unit 1 best notes for students .ppt
byAnuradhaGupta789099
 
PPTX
Why Mobile Security is the Next Frontier in Cybersecurity
bywininlifeacademy5
 
PDF
Mobile Application Security by Design
byDMI
 
PPTX
Building a Mobile Security Program
byDenim Group
 
PDF
Mobile Application Security
byDirk Nicol
 
PDF
ISACA CACS 2012 - Mobile Device Security and Privacy
byMichael Davis
 
PPTX
Ms810 assignment viruses and malware affecting moblie devices
byrebelreg
 
PPTX
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
PDF
Overcome Security Threats Affecting Mobile Financial Solutions 2020
byFusion Informatics
 
PDF
Andrew Jaquith SOURCE Boston 2011
bySource Conference
 
PDF
DefCamp_2016_Chemerkin_Yury_--_publish.pdf
byYury Chemerkin
 
PDF
Securing Your Mobile Applications
byGreg Patton
 
PPTX
Mobilination Ntymoshyk Personal Mobile Security Final Public
byTjylen Veselyj
 
PPT
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
byIBM Danmark
 
PDF
iScan Online - PCI DSS Mobile Task Force
byMAX Risk Intelligence by LOGICnow
 
CS_UNIT 2(P3).pptx
byGaytriDhingra1
 
Securing Mobile Apps - Appfest Version
bySubho Halder
 
Mobile App Security Testing: Tools, Techniques & Insights
bydigitaljignect
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
byMichael Davis
 
Mobile security trends
byKen Huang
 
Mobile app Unit 1 best notes for students .ppt
byAnuradhaGupta789099
 
Why Mobile Security is the Next Frontier in Cybersecurity
bywininlifeacademy5
 
Mobile Application Security by Design
byDMI
 
Building a Mobile Security Program
byDenim Group
 
Mobile Application Security
byDirk Nicol
 
ISACA CACS 2012 - Mobile Device Security and Privacy
byMichael Davis
 
Ms810 assignment viruses and malware affecting moblie devices
byrebelreg
 
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
byFusion Informatics
 
Andrew Jaquith SOURCE Boston 2011
bySource Conference
 
DefCamp_2016_Chemerkin_Yury_--_publish.pdf
byYury Chemerkin
 
Securing Your Mobile Applications
byGreg Patton
 
Mobilination Ntymoshyk Personal Mobile Security Final Public
byTjylen Veselyj
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
byIBM Danmark
 
iScan Online - PCI DSS Mobile Task Force
byMAX Risk Intelligence by LOGICnow
 

More from SecurityMetrics

PDF
Window of Compromise
bySecurityMetrics
 
PDF
Securing Your Remote Access Desktop Connection
bySecurityMetrics
 
PDF
How to Secure Your Medical Devices
bySecurityMetrics
 
PDF
How to Prepare for a PCI DSS Audit
bySecurityMetrics
 
PDF
Medical Data Encryption 101
bySecurityMetrics
 
PPTX
Understanding the New PCI DSS Scoping Supplement
bySecurityMetrics
 
PPTX
Auditing Archives: The Case of the Evil Java Script
bySecurityMetrics
 
PPTX
The Case of the Suspiciously Flawless Investigation
bySecurityMetrics
 
PDF
Don't Let Phishing Emails Hook Your Empolyees
bySecurityMetrics
 
PPTX
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
bySecurityMetrics
 
PDF
How to Effectively Manage a Data Breach
bySecurityMetrics
 
PDF
5 Steps to Manage a Data Breach
bySecurityMetrics
 
PPTX
The Case of the Mistaken Malware
bySecurityMetrics
 
PPTX
The Case of the Stockpiled Credit Cards
bySecurityMetrics
 
PPTX
Hipaa Reality Check
bySecurityMetrics
 
PDF
What's Causing You to Store Unencrypted Payment Cards?
bySecurityMetrics
 
PPTX
Auditing Archives: The Case of the File Sharing Franchisee
bySecurityMetrics
 
PDF
HIPAA PHI Protection: Where is Your PHI Stored?
bySecurityMetrics
 
PDF
5 Documents to Prepare for a HIPAA Audit
bySecurityMetrics
 
PDF
The 5 Step HIPAA Risk Analysis
bySecurityMetrics
 
Window of Compromise
bySecurityMetrics
 
Securing Your Remote Access Desktop Connection
bySecurityMetrics
 
How to Secure Your Medical Devices
bySecurityMetrics
 
How to Prepare for a PCI DSS Audit
bySecurityMetrics
 
Medical Data Encryption 101
bySecurityMetrics
 
Understanding the New PCI DSS Scoping Supplement
bySecurityMetrics
 
Auditing Archives: The Case of the Evil Java Script
bySecurityMetrics
 
The Case of the Suspiciously Flawless Investigation
bySecurityMetrics
 
Don't Let Phishing Emails Hook Your Empolyees
bySecurityMetrics
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
bySecurityMetrics
 
How to Effectively Manage a Data Breach
bySecurityMetrics
 
5 Steps to Manage a Data Breach
bySecurityMetrics
 
The Case of the Mistaken Malware
bySecurityMetrics
 
The Case of the Stockpiled Credit Cards
bySecurityMetrics
 
Hipaa Reality Check
bySecurityMetrics
 
What's Causing You to Store Unencrypted Payment Cards?
bySecurityMetrics
 
Auditing Archives: The Case of the File Sharing Franchisee
bySecurityMetrics
 
HIPAA PHI Protection: Where is Your PHI Stored?
bySecurityMetrics
 
5 Documents to Prepare for a HIPAA Audit
bySecurityMetrics
 
The 5 Step HIPAA Risk Analysis
bySecurityMetrics
 

Recently uploaded

PDF
_5 Trusted Strategies to Buy Verified Wise Accounts Safely & Legally.pdf
byBuy Verified Wise Accounts
 
PDF
17 Sites for Buying Verified Wise Accounts in the US .pdf
byPVAisBack Developer Digital Marketing
 
DOCX
Where Can I Buy a Bulk Google Voice Number.docx
byxbe2xi4sv80v39p4noad
 
PDF
The Global Risks Report 2026 - World Economic Forum
byMilton Vela Valencia
 
DOCX
Best 19 Sites to Buy Old Gmail Accounts .docx
byhttps://propvaservice.com/product/buy-old-gmail-accounts/
 
PDF
Equinox Gold - Corporate Presentation - Jan 2026
byEquinox Gold Corp.
 
PDF
Transforming Ideas into Impact – The DIVARUM Success Story.pdf
byinsightssuccess2
 
PDF
How to Buy Old GitHub Accounts Securely (11).pdf
byBuy Old GitHub Account in USA with Lifetime Support
 
PDF
3 Sites To Buy Verified Binance Accounts (Personal & Business.pdf
byarv2w53nigw38om2mr5l
 
PDF
Buy GitHub Sharing Accounts good Fro se in online.pdf
byBuy Old GitHub Account in USA with Lifetime Support
 
PDF
Retail Store Scavenger Hunt - Jason Roig
byroigjason
 
PPTX
Entrepreneurship Organization (Networking Organization).pptx
bykontodeslaptops
 
PDF
Instructions Kentucky Taxes
bySmiling Lungs
 
PDF
Confidence Without Constraint: Second-Order Constraint Decoupling
byReality Drift Archive
 
PDF
PuertoRicoCubaGuyanaVenezuelaPetroleumRefineryPetrochemicalPetroAgroIndustria...
byOsaJOkundayeODMDFAAO
 
PDF
Camil Institutional Presentation_Dez25.pdf
byCAMILRI
 
PDF
ISO 9001 year 2026 2025 2024 2023 2020.pdf
bySabryAly3
 
PPTX
Maharashtra Industries Policy 2025: Incentives, Subsidies & Investment Benefits
byFinraja Consultancy
 
PDF
WRN_Investor_Presentation_January 2026.pdf
bycmagee4
 
PPTX
Why Most Business Transformations Lose Momentum.pptx
byNaresh Raisinghani
 
_5 Trusted Strategies to Buy Verified Wise Accounts Safely & Legally.pdf
byBuy Verified Wise Accounts
 
17 Sites for Buying Verified Wise Accounts in the US .pdf
byPVAisBack Developer Digital Marketing
 
Where Can I Buy a Bulk Google Voice Number.docx
byxbe2xi4sv80v39p4noad
 
The Global Risks Report 2026 - World Economic Forum
byMilton Vela Valencia
 
Best 19 Sites to Buy Old Gmail Accounts .docx
byhttps://propvaservice.com/product/buy-old-gmail-accounts/
 
Equinox Gold - Corporate Presentation - Jan 2026
byEquinox Gold Corp.
 
Transforming Ideas into Impact – The DIVARUM Success Story.pdf
byinsightssuccess2
 
How to Buy Old GitHub Accounts Securely (11).pdf
byBuy Old GitHub Account in USA with Lifetime Support
 
3 Sites To Buy Verified Binance Accounts (Personal & Business.pdf
byarv2w53nigw38om2mr5l
 
Buy GitHub Sharing Accounts good Fro se in online.pdf
byBuy Old GitHub Account in USA with Lifetime Support
 
Retail Store Scavenger Hunt - Jason Roig
byroigjason
 
Entrepreneurship Organization (Networking Organization).pptx
bykontodeslaptops
 
Instructions Kentucky Taxes
bySmiling Lungs
 
Confidence Without Constraint: Second-Order Constraint Decoupling
byReality Drift Archive
 
PuertoRicoCubaGuyanaVenezuelaPetroleumRefineryPetrochemicalPetroAgroIndustria...
byOsaJOkundayeODMDFAAO
 
Camil Institutional Presentation_Dez25.pdf
byCAMILRI
 
ISO 9001 year 2026 2025 2024 2023 2020.pdf
bySabryAly3
 
Maharashtra Industries Policy 2025: Incentives, Subsidies & Investment Benefits
byFinraja Consultancy
 
WRN_Investor_Presentation_January 2026.pdf
bycmagee4
 
Why Most Business Transformations Lose Momentum.pptx
byNaresh Raisinghani
 

Mobile Processing: The Perfect Storm for Data Compromise

Editor's Notes

  • #2 Mobile Processing: The Perfect Storm for Data CompromiseMobile device payment processing (e.g., dongles and apps that process credit cards) is a double-edged sword. It has been hyped as the future of consumer and business transactions in every industry, but as the number of businesses using mobile point-of-sale (mPOS) options escalates, so does the challenge of securing mobile devices. The problem is: smartphones weren't made for security or payment processing, and hackers know it. Every day, thousands of malicious apps are downloaded through app stores, putting numerous merchant smartphones and tablets at risk for payment card theft. This presentation will explain the risks of processing via mobile devices, help attendees understand the implications to both business and consumer data security, and provide best practice solutions to securely fortify mPOS solutions.
  • #3 We define mobile device as smartphones, internet connected phones, and tablets
  • #4 1958 was when the first BankAmericard (now Visa) credit card. Until 1958, no one had been able to create a working revolving credit financial instrument issued by a third party bank that was generally accepted by a large number of merchants.
  • #5 Every smartphone/tablet a cash register.Mobile processing has been hyped as the future of consumer and business transactions, but as the number of businesses using mobile point-of-sale (mPOS) solutions increase, so does the challenge of securing mobile devices.
  • #6 Mobile processing is great for dog groomers, tradesmen, and photographers because its convenient, cost effective, easy to implement, and anyone can buy a smartphone or tablet
  • #9 We’re not going to focus on mobile wallets, because that’s not even remotely related to what we do. It’s all consumer facing, not merchant facing.
  • #11 There are 4 main ways of accepting cards via mobile devices.
  • #17 Data theft has been profitable in the past via computers, so why not with mobile?
  • #20 People think this…and its totally wrong.Only 28% of consumers consider mobile processing to be secure.
  • #21 Mobile devices were built for convenience, NOT security or payments
  • #22 Mobile devices were built for convenience, NOT security or paymentsTexting, internet browsing, all these things are insecure communication threats
  • #24 How are mobile devices become infected?
  • #26 Examples of MalwareDroid Dream (2011) – infected legitimate apps on Android market, root access gained, affects 50,000 usersDroid Deluxe (2011) – root access to Android phone, all files accessibleiOS Code Signing Vulnerability (2011) – allowed unreviewed application into app storeFinSpy Mobile (2012)– mobile variant of Finfisher device “wire-tap”Works on iPhone, Android, Blackberry, Windows Mobile, SymbianMonitors calls, texts, emails, captures keystrokes, controls microphone, tracks GPS, etc.
  • #27 Malicious URLS are easier to hide on a mobile screen because screen is smaller
  • #28 How big is this problem? Because of its mammoth market share and open source development, Android is the #1 target for cybercriminals looking to infect mobile devices.The year 2012 saw a 163% jump in mobile malware with over 65,227 new varieties.
  • #29 Tom owns a plumbing company and he’s always on the road. He loves the fact that he can just download an app that processes people’s credit cards on the go. So he thought, hey it’d be cool if I used a flashlight app instead of a real flashlight. So he downloaded a flashlight app. Unbeknownst to him, there was secret malware inside the flashlight app’s code that captured credit card data for the malware owner. The card brands get wind of it and they narrow it down to Tom. Poor Tom is nailed with forensic fees, payment card brand, and fines. Tom was not prepared.
  • #32 Who is responsible for protecting users? Carriers? Operating system providers? App makers? Nobody.
  • #33 Encrypt at swipe/type readersNever manually enter data (unless encrypt at type)Upgrade your apps and OS to fix bugs. People don’t update OS or apps partly because they’re lazyAnd partly because some smartphone manufacturers don’t require users to be alerted of security updates, so the user is simply unaware it needs to be done. But its really important to fix any security vulnerabilities.
  • #34 Only install apps from official sources (aka the well known stores). No third party app vendorsEnsure everyone who comes into ontact with device (employees, waitresses, etc) is educated on mobile security!Use a mobile vulnerability scanner (aka SM MobileScan!)