SlideShare a Scribd company logo

New trends in Payments Security: NFC & Mobile

SISA Information Security Pvt.Ltd
SISA Information Security Pvt.Ltd

SISA CEO, Mr. Dharshan Shanthamurthy spoke on new trends in Payments Security at ISACA Bangalore CPE Meet. Visit us at www.sisainfosec.com.

Technology
1 of 29
Download to read offline
New trends in Payments Security: NFC & Mobile www.sisainfosec.com SISA Information Security
Speaker Qualifications: PCI QSA, PA-QSA, CISA, CISSP, CEH, FCA, ISO 27001 Implementer, CEH, OCTAVE (SEI-CMU) Authorized Trainer and Advisor, SANS Certified Web Application Pen Tester (GWAPT), Microsoft Certified Professional (MCP), VISA Qualified Payment Application Security Professional (VISA QPASP) Dharshan Shanthamurthy, Founder and Chief Executive Officer  Payment Security Expert. Worked on Aadhar initial security framework and was the lead author of the PCI DSS Standard Risk Assessment Guidance document.  Amongst the first PCI Qualified Security Assessors of the PCI Council. First PCI QSA in Asia.  OCTAVE Authorized Trainer from Software Engineering Institute, Carnegie Mellon University.  Author of the CPISI and CISRA Certification programs. Email: dbs@sisainfosec.com Linkedin: dharshanshanthamurthy SISA Information Security
Session Objective Mobile and NFC Technology based Payments Payment Card Industry Ecosystem Challenges and Solutions with respect to payment security Mode: Interactive SISA Information Security
Mobile Payments SISA Information Security
Global Mobile Payment Transaction Volumes from 2015 to 2019 (In Billion US Dollars) This statistic shows the global mobile payment transaction volume from 2015 to 2019. The worldwide mobile payment volume in 2015 was 450 billion U.S. dollars and is expected to surpass 1 trillion U.S. dollars in 2019. SISA Information Security
Three routes for contactless payments SISA Information Security
Near Field Communication (NFC) Near Field Communication (NFC) is shaping the future of mobility and is becoming the system of choice for mobile payments. NFC is a technology that has been around already for years, but has gained much attention after Apple announced that the new IPhone 6 line was fitted with the technology for credit card-less payments. NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices over about a 10 cm distance. SISA Information Security
Players likely to drive growth in global mobile payments SISA Information Security
PayPal PayPal, Paydiant and mobile payments PayPal has been an ecommerce force for years. In March, news broke of PayPal's plan to acquire startup Paydiant, a platform that companies use to build branded mobile-payment and loyalty-card services. Subway, Capital One and retail consortium Merchant Customer Exchange (MCX) already use Paydiant's platform, according to the IDG News Service. Paydiant lets consumers pay for items via their mobile devices using NFC and QR codes. PayPal also said in March that it would sell NFC-equipped versions of its credit card readers to merchants. SISA Information Security
Innovation by Amex Amex also recently partnered with Jawbone to add mobile payment features to the company's upcoming UP4 fitness tracker. American Express is experimenting with facial recognition and wearable technology that could form the foundation for new mobile-payment and security features Amex tests new ways of using its payment services on devices such as the Apple Watch and Google Glass in its own tech development lab.SISA Information Security
Innovation by Samsung Samsung has announced Samsung Pay, which uses two different wireless technologies: NFC and magnetic secure transmission (MST). LoopPay developed the MST, which has been embedded as a copper ring inside the new Samsung Galaxy S6 smartphones. Samsung Pay, NFC and MST Samsung Pay was launched in the summer of 2015 SISA Information Security
Samsung’s MST Magnetic Secure Transmission (MST) is a technology that emits a magnetic signal that mimics the magnetic strip on a traditional payment card. MST sends a magnetic signal from your device to the payment terminal's card reader (to emulate swiping a physical card without having to upgrade the terminal’s software or hardware). MST technology is accepted at nearly all payment terminals with a card reader. Some payment terminals may require software updates. Simply select a card from Samsung Pay, and transmit the payment information by moving your device within an inch of the payment terminal. Your transaction and payment information will be kept private and secure with the use of tokenization. MST is more secure than using a traditional payment card and is as secure as paying with Near Field Communication (NFC). SISA Information Security
Apple Pay The Apple Pay mobile-payment and digital-wallet system debuted in October 2014. It lets consumers with NFC-enabled iPhone 6, iPhone 6 Plus, and Apple Watch devices pay in stores at contactless terminals and buy goods using apps that support the service. Apple Pay's impact was significant and immediate. More than a million credit cards were registered for use with the service in its first three days of availability. SISA Information Security
Vulnerabilities of Mobile Payments New processes create new security vulnerabilities. Over- the-air provisioning of payment credentials and applications, for example, potentially creates new attack vectors for eavesdroppers to steal and misuse customer data. SISA Information Security
The 2015 Mobile Payment Security Study, released by ISACA, showed that the growing concerns over mobile security safety. Basked on the survey results, ISACA ranked the following risks and vulnerabilities associated mobile payments: • Use of public WiFi (26 %) • Lost or stolen devices (21 %) • Phishing/shmishing (phishing attacks via text messages) (18 %) • Weak passwords (13 %) • User error (7 %) • There are no security vulnerabilities (0.3 %) Vulnerabilities of Mobile Payments SISA Information Security
Risks Associated with Mobile Payments Failure to understand exactly where and how sensitive account data is stored and transmitted can prevent organizations from clearly defining and implementing data protection solutions. Phishing/smishing (phishing conducted over SMS): More often than not, mobile phishing attacks targeted credit card and bank card data. Insecure Coding: The app itself could also have coding or process flaws, which can lead to leaked banking information. SISA Information Security
Risks Associated with Mobile Payments Device Theft: Additionally, if the device is lost or stolen, the stored financial data could be whisked for malicious purposes. If you’re not careful, your data and credentials could end up in the wrong hands. A report from Kaspersky Lab highlights how mobile malware became more sophisticated, with "mobile Trojans which could check on the victim's balance to ensure the maximum profit." Man-in-the-Middle (MitM) attacks via fake or malicious apps and data breaches to take advantage of the new payment methods. SISA Information Security
1983 Re-embossed counterfeit fraud 1988 Re-encoded counterfeit fraud 1989 Card not present fraud/ fraud applications 1991 Never received issued fraud 1992 Merchant fraud 1994 Identity Theft 2000 Skimmed counterfeit 2002 Communications interception 2007 Wireless/ Chip sniffing and card counterfeit/ Fake terminals 2010-14 Server Hacking/Malware/Memory Scrapping Payment Card Fraud Evolution SISA Information Security
Some more Mobile Payment Risks SISA Information Security
Payment Data Breaches The survey was conducted by the Ponemon Institute. It involved a survey of 3,773 IT security practitioners from more than a dozen major industry sectors in the United States, United Kingdom, Germany, France, Belgium, Netherlands, Japan, India, Russian Federation, Middle East and South Africa. Industries represented include communications, entertainment & media, financial services, government, healthcare, hospitality, IT Services, retail, technology, transportation and utilities. SISA Information Security
Hilton Hotel Breach Hilton Worldwide was a target of an attack by means of a malware that was installed on their point of sale (PoS) systems at restaurants and shops in certain Hilton hotels including Waldorf Astoria, Embassy Suites, and Hampton Inn and Suites. Hilton announced ‘Customers who used their payment cards between November 18 and December 5, 2014, or April 21 and July 27, 2015, may be affected by the info-stealing malware.’ Hilton customers’ personal information such as cardholder names, payment card numbers, security codes, and expiration dates are believed to have been compromised by the PoS malware, but no addresses or personal identification numbers (PINs) were affected. SISA Information Security
Starwood Hotels Credit Card Breach at over 50 locations Malware aimed at stealing credit and debit card information was found on payment systems at restaurants and stores in 54 Starwood hotels in North America "The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date," Similar examples of Hotels being targeted by malware on their payment systems: • Trump Collection • Mandarin Oriental Hotels SISA Information Security
Wendy’s Card Data Breach As many as 6000 locations were affected by the breach in December 2015 Jimmy John's, Rainforest Cafe, Morton's, P.F. Chang's, and Dairy Queen have been victims of credit card hacks since 2014. "Traditionally [POS systems] have been some of the weakest spots [in a restaurant's operations... because restaurant owners] tend to do really sloppy things like enable the same password for each system.“, Security Experts. In all the above cases, Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online. SISA Information Security
LoopPay Attack and Breach LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government- affiliated Chinese hackers (Codoso Group). The attackers are believed to have broken into LoopPay’s corporate network, but not the production system that helps manage payments, said Will Graylin, LoopPay’s chief executive and co-general manager of Samsung Pay. LoopPay executives said the Codoso hackers appeared to have been after the company’s technology, known as magnetic secure transmission, or MST, which is a key part of the Samsung Pay mobile payment wallet SISA Information Security
Other facts As well, ownership for payment data security is not centralized, with 28% of respondents saying responsibility is with the chief information officer, 26% saying it is with the business unit, 19% with the compliance department, 15% with the chief information security officer and 14% with other departments. Hackers are targeting the latest technology in mobile payments According to the independent study, 55% said they did not know where all their payment data is stored or located. Senior threat researcher Numaan Huq who spoke about the current PoS security landscape, explained POS malware still remain a threat despite the newer payment technologies. With the recent introduction of new payment technologies such as EMV and RFID contactless cards, business are expected to upgrade to new secure payment systems. However, attackers will attempt to come up with new strategies against these improved systems and environments. SISA Information Security
How to Secure Payment Environment  Payment Security Standards – PCI DSS, PA DSS and PCI PIN  Training - Get the teams trained on Payment Security Implementation  Payment Security Risk Assessment  Payment Data Discovery  Effective Segmentation in between Payment data and Non payment data. SISA Information Security
OS Hardening – • Deploying DB in the same server • Patch management • Firewall – securely configuring the FW is more important • IPS – configure it for dropping the packets • VAPT • Web App PT • Firewall Rule review • Encrypting the DB credentials • Storing truncated PAN, instead of full PAN and CVV2 Process Application Server Network PCI Security Layered Approach SISA Information Security
PCI for Protecting PaymentsSISA Information Security
Thank You! Please feel free to write any questions to dbs@sisainfosec.com SISA Information Security

Recommended

Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityKevin Lee
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 

Recommended

Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityKevin Lee
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overviewFabio Pietrosanti
 
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key FindingsSymantec
 
Mobile security article
Mobile security articleMobile security article
Mobile security articleKulani Mahadewa
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects HelpNetwork Simulation Tools
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Mobile device security
Mobile device securityMobile device security
Mobile device securityLisa Herrera
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overviewPrivateWave Italia SpA
 
Smart phone and mobile device security
Smart phone and mobile device securitySmart phone and mobile device security
Smart phone and mobile device securityCAS
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionNagarro
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
Hipaa risk analysis_1.4
Hipaa risk analysis_1.4Hipaa risk analysis_1.4
Hipaa risk analysis_1.4SISA Information Security Pvt.Ltd
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAAManas Deep
 

More Related Content

What's hot

Mobile security
Mobile securityMobile security
Mobile securityhome
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsVince Verbeke
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overviewFabio Pietrosanti
 
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key FindingsSymantec
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Mobile device security
Mobile device securityMobile device security
Mobile device securityLisa Herrera
 
Smart phone and mobile device security
Smart phone and mobile device securitySmart phone and mobile device security
Smart phone and mobile device securityCAS
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionNagarro
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 

What's hot (20)

Mobile security
Mobile securityMobile security
Mobile security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview
 
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Mobile security
Mobile securityMobile security
Mobile security
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You Think
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
Mobile device security
Mobile device securityMobile device security
Mobile device security
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overview
 
Smart phone and mobile device security
Smart phone and mobile device securitySmart phone and mobile device security
Smart phone and mobile device security
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An Introduction
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity Predictions
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 

Viewers also liked

Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAAManas Deep
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessmentdata brackets
 
NFC Mobile Payments 2016 What’s Next?
NFC Mobile Payments 2016 What’s Next?NFC Mobile Payments 2016 What’s Next?
NFC Mobile Payments 2016 What’s Next?NFC Forum
 
Sujobinterview 090508185333 Phpapp01
Sujobinterview 090508185333 Phpapp01Sujobinterview 090508185333 Phpapp01
Sujobinterview 090508185333 Phpapp01Wlovelady
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousIBM Security
 
Skapa värden med kundmötet
Skapa värden med kundmötetSkapa värden med kundmötet
Skapa värden med kundmötetMartin Moström
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunellesjbusnpa
 
Mobile Payment - Will NFC finally unlock a new value chain?
Mobile Payment - Will NFC finally unlock a new value chain?Mobile Payment - Will NFC finally unlock a new value chain?
Mobile Payment - Will NFC finally unlock a new value chain?Martin Gutberlet
 
SISA Collaboration without boundaries
SISA Collaboration without boundariesSISA Collaboration without boundaries
SISA Collaboration without boundariesSitra / Hyvinvointi
 
smart card alliance - proximity mobile payments - leveraging nfc and the cont...
smart card alliance - proximity mobile payments - leveraging nfc and the cont...smart card alliance - proximity mobile payments - leveraging nfc and the cont...
smart card alliance - proximity mobile payments - leveraging nfc and the cont...Boni
 
Trends Assessment Presentation #1 - Mobile Payments Using NFC, 2-14-12
Trends Assessment Presentation #1 - Mobile Payments Using NFC, 2-14-12Trends Assessment Presentation #1 - Mobile Payments Using NFC, 2-14-12
Trends Assessment Presentation #1 - Mobile Payments Using NFC, 2-14-12Andrew Baird
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentKona Software Lab Limited.
 
Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast, 2011...
Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast, 2011...Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast, 2011...
Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast, 2011...Cisco Service Provider
 
Whitepaper on Evolution of the Payment Industry of Bangladesh
Whitepaper on Evolution of the Payment Industry of BangladeshWhitepaper on Evolution of the Payment Industry of Bangladesh
Whitepaper on Evolution of the Payment Industry of BangladeshKona Software Lab Limited.
 
The Consumer Side of NFC and Mobile Payments
The Consumer Side of NFC and Mobile PaymentsThe Consumer Side of NFC and Mobile Payments
The Consumer Side of NFC and Mobile PaymentsDan Armstrong
 
Mobile wallets Analysis
Mobile wallets AnalysisMobile wallets Analysis
Mobile wallets AnalysisRamraj Mulasa
 

Viewers also liked (20)

Hipaa risk analysis_1.4
Hipaa risk analysis_1.4Hipaa risk analysis_1.4
Hipaa risk analysis_1.4
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
 
NFC Mobile Payments 2016 What’s Next?
NFC Mobile Payments 2016 What’s Next?NFC Mobile Payments 2016 What’s Next?
NFC Mobile Payments 2016 What’s Next?
 
Sujobinterview 090508185333 Phpapp01
Sujobinterview 090508185333 Phpapp01Sujobinterview 090508185333 Phpapp01
Sujobinterview 090508185333 Phpapp01
 
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting SeriousThe Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
The Cybercriminal Approach to Mobile Fraud: Now They’re Getting Serious
 
Skapa värden med kundmötet
Skapa värden med kundmötetSkapa värden med kundmötet
Skapa värden med kundmötet
 
Hipaa and him security brunelle
Hipaa and him security brunelleHipaa and him security brunelle
Hipaa and him security brunelle
 
Mobile Payment - Will NFC finally unlock a new value chain?
Mobile Payment - Will NFC finally unlock a new value chain?Mobile Payment - Will NFC finally unlock a new value chain?
Mobile Payment - Will NFC finally unlock a new value chain?
 
SISA Collaboration without boundaries
SISA Collaboration without boundariesSISA Collaboration without boundaries
SISA Collaboration without boundaries
 
smart card alliance - proximity mobile payments - leveraging nfc and the cont...
smart card alliance - proximity mobile payments - leveraging nfc and the cont...smart card alliance - proximity mobile payments - leveraging nfc and the cont...
smart card alliance - proximity mobile payments - leveraging nfc and the cont...
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
 
Trends Assessment Presentation #1 - Mobile Payments Using NFC, 2-14-12
Trends Assessment Presentation #1 - Mobile Payments Using NFC, 2-14-12Trends Assessment Presentation #1 - Mobile Payments Using NFC, 2-14-12
Trends Assessment Presentation #1 - Mobile Payments Using NFC, 2-14-12
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc payment
 
Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast, 2011...
Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast, 2011...Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast, 2011...
Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast, 2011...
 
Gemalto NFC
Gemalto NFCGemalto NFC
Gemalto NFC
 
Whitepaper on Evolution of the Payment Industry of Bangladesh
Whitepaper on Evolution of the Payment Industry of BangladeshWhitepaper on Evolution of the Payment Industry of Bangladesh
Whitepaper on Evolution of the Payment Industry of Bangladesh
 
Mobile cloning
Mobile cloningMobile cloning
Mobile cloning
 
The Consumer Side of NFC and Mobile Payments
The Consumer Side of NFC and Mobile PaymentsThe Consumer Side of NFC and Mobile Payments
The Consumer Side of NFC and Mobile Payments
 
Mobile wallets Analysis
Mobile wallets AnalysisMobile wallets Analysis
Mobile wallets Analysis
 

Similar to New trends in Payments Security: NFC & Mobile

How AI is impacting digital identity security.pdf
How AI is impacting digital identity security.pdfHow AI is impacting digital identity security.pdf
How AI is impacting digital identity security.pdfVLink Inc
 
How to Start Payment Gateway Business in India
How to Start Payment Gateway Business in IndiaHow to Start Payment Gateway Business in India
How to Start Payment Gateway Business in IndiaMyOnlineCA.in
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking sathyananda prabhu
 
The Future of Digital Payment Apps_ Trends and Predictions.pdf
The Future of Digital Payment Apps_ Trends and Predictions.pdfThe Future of Digital Payment Apps_ Trends and Predictions.pdf
The Future of Digital Payment Apps_ Trends and Predictions.pdfSafeDeposit
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Anil Jain
 
Security Measures in Digital Payment Apps: Keeping Your Money Safe
Security Measures in Digital Payment Apps: Keeping Your Money SafeSecurity Measures in Digital Payment Apps: Keeping Your Money Safe
Security Measures in Digital Payment Apps: Keeping Your Money SafeSafeDeposit
 
Review on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayReview on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayIRJET Journal
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex
 
Sentegra MobileBeat 2010 Startup Competition Presentation
Sentegra MobileBeat 2010 Startup Competition PresentationSentegra MobileBeat 2010 Startup Competition Presentation
Sentegra MobileBeat 2010 Startup Competition PresentationVentureBeat
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
 
Key Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment SystemsKey Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment SystemsITIO Innovex
 
CONSUMER PERCEPTIONS ON SECURITY: DO THEY STILL CARE?
CONSUMER PERCEPTIONS ON SECURITY: DO THEY STILL CARE?CONSUMER PERCEPTIONS ON SECURITY: DO THEY STILL CARE?
CONSUMER PERCEPTIONS ON SECURITY: DO THEY STILL CARE?- Mark - Fullbright
 
Next generation payment technologies gain acceptance
Next generation payment technologies gain acceptanceNext generation payment technologies gain acceptance
Next generation payment technologies gain acceptanceDawn Kehr
 
httpssquareup.comusentownsquaremobile-paymentshttpswww
httpssquareup.comusentownsquaremobile-paymentshttpswwwhttpssquareup.comusentownsquaremobile-paymentshttpswww
httpssquareup.comusentownsquaremobile-paymentshttpswwwLizbethQuinonez813
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsIOSR Journals
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsBMI Healthcare
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of SaleTripwire
 

Similar to New trends in Payments Security: NFC & Mobile (20)

How AI is impacting digital identity security.pdf
How AI is impacting digital identity security.pdfHow AI is impacting digital identity security.pdf
How AI is impacting digital identity security.pdf
 
How to Start Payment Gateway Business in India
How to Start Payment Gateway Business in IndiaHow to Start Payment Gateway Business in India
How to Start Payment Gateway Business in India
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking
 
The Future of Digital Payment Apps_ Trends and Predictions.pdf
The Future of Digital Payment Apps_ Trends and Predictions.pdfThe Future of Digital Payment Apps_ Trends and Predictions.pdf
The Future of Digital Payment Apps_ Trends and Predictions.pdf
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
Requirement of PCI DSS in India.
Requirement of PCI DSS in India.Requirement of PCI DSS in India.
Requirement of PCI DSS in India.
 
Security Measures in Digital Payment Apps: Keeping Your Money Safe
Security Measures in Digital Payment Apps: Keeping Your Money SafeSecurity Measures in Digital Payment Apps: Keeping Your Money Safe
Security Measures in Digital Payment Apps: Keeping Your Money Safe
 
Review on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayReview on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment Gateway
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
Sentegra MobileBeat 2010 Startup Competition Presentation
Sentegra MobileBeat 2010 Startup Competition PresentationSentegra MobileBeat 2010 Startup Competition Presentation
Sentegra MobileBeat 2010 Startup Competition Presentation
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020
 
Key Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment SystemsKey Security Measures Behind Digital Payment Systems
Key Security Measures Behind Digital Payment Systems
 
CONSUMER PERCEPTIONS ON SECURITY: DO THEY STILL CARE?
CONSUMER PERCEPTIONS ON SECURITY: DO THEY STILL CARE?CONSUMER PERCEPTIONS ON SECURITY: DO THEY STILL CARE?
CONSUMER PERCEPTIONS ON SECURITY: DO THEY STILL CARE?
 
Next generation payment technologies gain acceptance
Next generation payment technologies gain acceptanceNext generation payment technologies gain acceptance
Next generation payment technologies gain acceptance
 
httpssquareup.comusentownsquaremobile-paymentshttpswww
httpssquareup.comusentownsquaremobile-paymentshttpswwwhttpssquareup.comusentownsquaremobile-paymentshttpswww
httpssquareup.comusentownsquaremobile-paymentshttpswww
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using Biometrics
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-payments
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_Richey
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of Sale
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

New trends in Payments Security: NFC & Mobile

  • 1. New trends in Payments Security: NFC & Mobile www.sisainfosec.com SISA Information Security
  • 2. Speaker Qualifications: PCI QSA, PA-QSA, CISA, CISSP, CEH, FCA, ISO 27001 Implementer, CEH, OCTAVE (SEI-CMU) Authorized Trainer and Advisor, SANS Certified Web Application Pen Tester (GWAPT), Microsoft Certified Professional (MCP), VISA Qualified Payment Application Security Professional (VISA QPASP) Dharshan Shanthamurthy, Founder and Chief Executive Officer  Payment Security Expert. Worked on Aadhar initial security framework and was the lead author of the PCI DSS Standard Risk Assessment Guidance document.  Amongst the first PCI Qualified Security Assessors of the PCI Council. First PCI QSA in Asia.  OCTAVE Authorized Trainer from Software Engineering Institute, Carnegie Mellon University.  Author of the CPISI and CISRA Certification programs. Email: dbs@sisainfosec.com Linkedin: dharshanshanthamurthy SISA Information Security
  • 3. Session Objective Mobile and NFC Technology based Payments Payment Card Industry Ecosystem Challenges and Solutions with respect to payment security Mode: Interactive SISA Information Security
  • 5. Global Mobile Payment Transaction Volumes from 2015 to 2019 (In Billion US Dollars) This statistic shows the global mobile payment transaction volume from 2015 to 2019. The worldwide mobile payment volume in 2015 was 450 billion U.S. dollars and is expected to surpass 1 trillion U.S. dollars in 2019. SISA Information Security
  • 6. Three routes for contactless payments SISA Information Security
  • 7. Near Field Communication (NFC) Near Field Communication (NFC) is shaping the future of mobility and is becoming the system of choice for mobile payments. NFC is a technology that has been around already for years, but has gained much attention after Apple announced that the new IPhone 6 line was fitted with the technology for credit card-less payments. NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices over about a 10 cm distance. SISA Information Security
  • 8. Players likely to drive growth in global mobile payments SISA Information Security
  • 9. PayPal PayPal, Paydiant and mobile payments PayPal has been an ecommerce force for years. In March, news broke of PayPal's plan to acquire startup Paydiant, a platform that companies use to build branded mobile-payment and loyalty-card services. Subway, Capital One and retail consortium Merchant Customer Exchange (MCX) already use Paydiant's platform, according to the IDG News Service. Paydiant lets consumers pay for items via their mobile devices using NFC and QR codes. PayPal also said in March that it would sell NFC-equipped versions of its credit card readers to merchants. SISA Information Security
  • 10. Innovation by Amex Amex also recently partnered with Jawbone to add mobile payment features to the company's upcoming UP4 fitness tracker. American Express is experimenting with facial recognition and wearable technology that could form the foundation for new mobile-payment and security features Amex tests new ways of using its payment services on devices such as the Apple Watch and Google Glass in its own tech development lab.SISA Information Security
  • 11. Innovation by Samsung Samsung has announced Samsung Pay, which uses two different wireless technologies: NFC and magnetic secure transmission (MST). LoopPay developed the MST, which has been embedded as a copper ring inside the new Samsung Galaxy S6 smartphones. Samsung Pay, NFC and MST Samsung Pay was launched in the summer of 2015 SISA Information Security
  • 12. Samsung’s MST Magnetic Secure Transmission (MST) is a technology that emits a magnetic signal that mimics the magnetic strip on a traditional payment card. MST sends a magnetic signal from your device to the payment terminal's card reader (to emulate swiping a physical card without having to upgrade the terminal’s software or hardware). MST technology is accepted at nearly all payment terminals with a card reader. Some payment terminals may require software updates. Simply select a card from Samsung Pay, and transmit the payment information by moving your device within an inch of the payment terminal. Your transaction and payment information will be kept private and secure with the use of tokenization. MST is more secure than using a traditional payment card and is as secure as paying with Near Field Communication (NFC). SISA Information Security
  • 13. Apple Pay The Apple Pay mobile-payment and digital-wallet system debuted in October 2014. It lets consumers with NFC-enabled iPhone 6, iPhone 6 Plus, and Apple Watch devices pay in stores at contactless terminals and buy goods using apps that support the service. Apple Pay's impact was significant and immediate. More than a million credit cards were registered for use with the service in its first three days of availability. SISA Information Security
  • 14. Vulnerabilities of Mobile Payments New processes create new security vulnerabilities. Over- the-air provisioning of payment credentials and applications, for example, potentially creates new attack vectors for eavesdroppers to steal and misuse customer data. SISA Information Security
  • 15. The 2015 Mobile Payment Security Study, released by ISACA, showed that the growing concerns over mobile security safety. Basked on the survey results, ISACA ranked the following risks and vulnerabilities associated mobile payments: • Use of public WiFi (26 %) • Lost or stolen devices (21 %) • Phishing/shmishing (phishing attacks via text messages) (18 %) • Weak passwords (13 %) • User error (7 %) • There are no security vulnerabilities (0.3 %) Vulnerabilities of Mobile Payments SISA Information Security
  • 16. Risks Associated with Mobile Payments Failure to understand exactly where and how sensitive account data is stored and transmitted can prevent organizations from clearly defining and implementing data protection solutions. Phishing/smishing (phishing conducted over SMS): More often than not, mobile phishing attacks targeted credit card and bank card data. Insecure Coding: The app itself could also have coding or process flaws, which can lead to leaked banking information. SISA Information Security
  • 17. Risks Associated with Mobile Payments Device Theft: Additionally, if the device is lost or stolen, the stored financial data could be whisked for malicious purposes. If you’re not careful, your data and credentials could end up in the wrong hands. A report from Kaspersky Lab highlights how mobile malware became more sophisticated, with "mobile Trojans which could check on the victim's balance to ensure the maximum profit." Man-in-the-Middle (MitM) attacks via fake or malicious apps and data breaches to take advantage of the new payment methods. SISA Information Security
  • 18. 1983 Re-embossed counterfeit fraud 1988 Re-encoded counterfeit fraud 1989 Card not present fraud/ fraud applications 1991 Never received issued fraud 1992 Merchant fraud 1994 Identity Theft 2000 Skimmed counterfeit 2002 Communications interception 2007 Wireless/ Chip sniffing and card counterfeit/ Fake terminals 2010-14 Server Hacking/Malware/Memory Scrapping Payment Card Fraud Evolution SISA Information Security
  • 19. Some more Mobile Payment Risks SISA Information Security
  • 20. Payment Data Breaches The survey was conducted by the Ponemon Institute. It involved a survey of 3,773 IT security practitioners from more than a dozen major industry sectors in the United States, United Kingdom, Germany, France, Belgium, Netherlands, Japan, India, Russian Federation, Middle East and South Africa. Industries represented include communications, entertainment & media, financial services, government, healthcare, hospitality, IT Services, retail, technology, transportation and utilities. SISA Information Security
  • 21. Hilton Hotel Breach Hilton Worldwide was a target of an attack by means of a malware that was installed on their point of sale (PoS) systems at restaurants and shops in certain Hilton hotels including Waldorf Astoria, Embassy Suites, and Hampton Inn and Suites. Hilton announced ‘Customers who used their payment cards between November 18 and December 5, 2014, or April 21 and July 27, 2015, may be affected by the info-stealing malware.’ Hilton customers’ personal information such as cardholder names, payment card numbers, security codes, and expiration dates are believed to have been compromised by the PoS malware, but no addresses or personal identification numbers (PINs) were affected. SISA Information Security
  • 22. Starwood Hotels Credit Card Breach at over 50 locations Malware aimed at stealing credit and debit card information was found on payment systems at restaurants and stores in 54 Starwood hotels in North America "The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date," Similar examples of Hotels being targeted by malware on their payment systems: • Trump Collection • Mandarin Oriental Hotels SISA Information Security
  • 23. Wendy’s Card Data Breach As many as 6000 locations were affected by the breach in December 2015 Jimmy John's, Rainforest Cafe, Morton's, P.F. Chang's, and Dairy Queen have been victims of credit card hacks since 2014. "Traditionally [POS systems] have been some of the weakest spots [in a restaurant's operations... because restaurant owners] tend to do really sloppy things like enable the same password for each system.“, Security Experts. In all the above cases, Cards impacted by this event appear to be those swiped at the stores, and did not include those cards entered manually or online. SISA Information Security
  • 24. LoopPay Attack and Breach LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government- affiliated Chinese hackers (Codoso Group). The attackers are believed to have broken into LoopPay’s corporate network, but not the production system that helps manage payments, said Will Graylin, LoopPay’s chief executive and co-general manager of Samsung Pay. LoopPay executives said the Codoso hackers appeared to have been after the company’s technology, known as magnetic secure transmission, or MST, which is a key part of the Samsung Pay mobile payment wallet SISA Information Security
  • 25. Other facts As well, ownership for payment data security is not centralized, with 28% of respondents saying responsibility is with the chief information officer, 26% saying it is with the business unit, 19% with the compliance department, 15% with the chief information security officer and 14% with other departments. Hackers are targeting the latest technology in mobile payments According to the independent study, 55% said they did not know where all their payment data is stored or located. Senior threat researcher Numaan Huq who spoke about the current PoS security landscape, explained POS malware still remain a threat despite the newer payment technologies. With the recent introduction of new payment technologies such as EMV and RFID contactless cards, business are expected to upgrade to new secure payment systems. However, attackers will attempt to come up with new strategies against these improved systems and environments. SISA Information Security
  • 26. How to Secure Payment Environment  Payment Security Standards – PCI DSS, PA DSS and PCI PIN  Training - Get the teams trained on Payment Security Implementation  Payment Security Risk Assessment  Payment Data Discovery  Effective Segmentation in between Payment data and Non payment data. SISA Information Security
  • 27. OS Hardening – • Deploying DB in the same server • Patch management • Firewall – securely configuring the FW is more important • IPS – configure it for dropping the packets • VAPT • Web App PT • Firewall Rule review • Encrypting the DB credentials • Storing truncated PAN, instead of full PAN and CVV2 Process Application Server Network PCI Security Layered Approach SISA Information Security
  • 29. Thank You! Please feel free to write any questions to dbs@sisainfosec.com SISA Information Security