Aug
27
2014
August 27th, 2014 by Elma Jane

Backoff malware that has attacked point of sale systems at hundreds of businesses may accelerate adoption of EMV chip and PIN cards and two-factor authentication as merchants look for ways to soften the next attack. Chip and PIN are a big thing, because it greatly diminishes the value of the information that can be trapped by this malware, said Trustwave, a security company that estimates about 600 businesses have been victims of the new malware. The malware uses infected websites to infiltrate the computing devices that host point of sale systems or are used to make payments, such as PCs, tablets and smartphones. Merchants can install software that monitors their payments systems for intrusions, but the thing is you can’t just have anti-virus programs and think you are safe. Credit card data is particularly vulnerable because the malware can steal data directly from the magnetic stripe or keystrokes used to make card payments.

The point of sale system is low-hanging fruit because a lot of businesses don’t own their own POS system. They rent them, or a small business may hire a third party to implement their own point of sale system. The Payment Card Industry Security Standards Council issued new guidance this month to address security for outsourced digital payments. EMV-chip cards, which are designed to deter counterfeiting, would gut the value of any stolen data. With this magnetic stripe data, the crooks can clone the card and sell it on the black market. With chip and PIN, the data changes for each transaction, so each transaction is unique. Even if the malware grabs the data, there not a lot the crooks can do with it. The EMV transition in the U.S. has recently accelerated, driven in part by recent highprofile data breaches. Even with that momentum, the U.S. may still take longer than the card networks’ October 2015 deadline to fully shift to chip-card acceptance.

EMV does not by itself mitigate the threat of breaches. Two-factor authentication, or the use of a second channel or computing device to authorize a transaction, will likely share in the boost in investment stemming from data security concerns. The continued compromise of point of sale merchants through a variety of vectors, including malware such as Backoff, will motivate the implementation among merchants of stronger authentication to prevent unauthorized access to card data.

Backoff has garnered a lot of attention, including a warning from the U.S. government, but it’s not the only malware targeting payment card data. It is not the types of threats which are new, but rather the frequency with which they are occurring which has put merchants on their heels. There is also an acute need to educate small merchants on both the threats and respective mitigation techniques.. The heightened alert over data vulnerability should boost the card networks’ plans to replace account numbers with substitute tokens to protect digital payments. Tokens would not necessarily stop crooks from infiltrating point of sale systems, but like EMV technology, they would limit the value of the stolen data. There are two sides to the equation, the issuers and the merchants. To the extent we see both sides adopt tokenization, you will see fewer breaches and they will be less severe because the crooks will be getting a token instead of card data.

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Point of Sale Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Nov
22
2013
November 22nd, 2013 by Admin

As we move to smartphones and tablets as payment methods security and privacy concerns are a real issue. With recent NSA leaks shedding light on our data and the access others have to it, we have to consider security, privacy and health implications. This year alone e-commerce transactions on smartphones and tablets during the holiday season are set to grow by 15%. Although tablets, not smartphones will drive the bulk of that growth, smartphones are set to overtake mobile-commerce payments over the next 5 years. Tablet payments in the U.S. alone are expecting to reach $26 billion in transactions. Currently tablets are more convenient for m-commerce due to their size, but as far as the future of electronic payment processing, smartphones are where it’s at.

The smart merchant sees this coming and realizes frictionless transactions increase sales. The more comfortable and less complicated a transaction is for a customer, the better. Smartphones, tablets, PCs, laptops and more can already process electronic transactions from credit and debit cards, gift cards, electronic checks and more. Money movement is easier than ever and more convenient than cash. Cash is king however in situations where internet connectivity and power are an issue. In India for example, a poor electric grid makes power outages a common occurrence. During natural disasters, when resources are badly needed, power outages or severed internet communications mean no electronic transactions can be processed. So physical currency remains a must, in the future we may see payment technology evolve to where digital money like crypto currency (BitCoin) may be stored on the device itself similar to having cash. As these electronic payment systems evolve, merchants need to position themselves to accept what their market prefers to transact with.

The smart citizen also sees this coming and has concerns that things like a National ID program being established may compromise their privacy.
As an extreme example of electronic transactions, a nightclub in Spain used subdermally implanted RFID chips in a woman that allowed patrons to pay for food and beverages without a credit card.

Posted in e-commerce & m-commerce, Electronic Check Services, Electronic Payments, Gift & Loyalty Card Processing, Merchant Services Account, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,