Security Archives - Page 9 of 11 - Payment Processing News
May
30
2014
May 30th, 2014 by Elma Jane

Southwest Airlines is now accepting mobile boarding passes at 28 total U.S. airport locations, its newest convenience feature that enables fliers to pass security and board an aircraft simply by waving their mobile device.

Following a tiered rollout from last year, the paperless boarding system requires minimal user action. Passengers check in via the Southwest mobile site or branded app and choose to view their boarding pass. The image will open in a new browser and can be saved to a device’s photo gallery upon request.

Mobile apps are critical touch points in the customer journey. Native and hybrid apps are continuing to dramatically increase the ability to deploy and optimize digital strategy. If you’re customizing the experience on mobile Web only, you’re missing a huge opportunity.

Long awaited arrival
New airline initiatives are offering a level of customer service that has never before been possible, and is transforming the experience of traveling to create a new barometer on which carriers will be judged.

Southwest offers two ways to attain an e-boarding pass: have one sent directly to a mobile device though electronic mail or text message when checking in online, or use the airline’s app to check in and have the pass  appear with the option to save a replica to the photo gallery. When ready for boarding, passengers present their screen at both security checkpoints and gate entrance to be scanned by staff. In addition to mobile boarding pass support, the app also now includes upcoming trip cards that display flight information such as boarding position, gate location and access to flight tools such mobile check-in from the home screen.

IT takes flight
An industry wide Airline IT Trends Survey shows that more than 90 percent of airlines are increasing their investment in mobile capabilities to ease the hassles of getting through the airport and improve the in-flight experience. American, Delta, Continental and United are the biggest adopters of e-boarding support, offering the service from at least 75 airports. Mobile boarding passes are the preferred method for frequent fliers, as business execs and the like are constantly engaged with their handhelds. Paper passes also become more likely to be lost or wrinkled.

Another advantage of the electronic offering is that some travelers may not have access to a printer, and so a mobile boarding pass relieves the frustration of waiting on line at a kiosk. Of course there are also obvious drawbacks that may hinder the proposed convenience factor, one being that a mobile device may malfunction or run out of battery, resulting in a delayed trip or even a missed flight.

Mobile passes may also present a challenge if multiple people are traveling under one reservation. U.S. Airways and Continental restrict the service to one person per reservation. Other airliners allow each group member to check in line and have a separate pass sent to appropriate phones. While certain cons defeat the purpose of going mobile for efficiency reasons, the benefits offer peace of mind as airline carriers continue to improve the technology.

The option helps deliver more personalized and relevant experiences to on-the-go consumers leveraging a unified customer profile to collect, own and act on data not only on mobile apps, but also across  kiosks and other platforms. This approach to mobile apps uniquely sets marketers free in terms of customization and delivery of the experience, and has delivered great results.

 

Posted in Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
29
2014
May 29th, 2014 by Elma Jane

A point-of-sale facial recognition system that uses NFC to help combat card fraud has been created during a recent company hack-a-thon, together with a group of engineers and designers from Logic PD. Hackathon was an opportunity for experts to explore the possibilities of useful solutions to today’s challenges, with the recent significant breaches in security at leading retailers, the need for this type of solution is particularly meaningful.

The solution, is a multi-modal security platform for card purchases, uses NFC authentication combined with camera imaging to protect users. When users make a mobile payment at the point of sale, the kiosk snaps a picture of the purchaser. This image can be incorporated via the cloud into the user’s digital transactional record, which was stored and distributed via SeeControl in this example, allowing users to identify who made each purchase, and easily identify those that are fraudulent even before banks and financial institutions.

Posted in Credit Card Security, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , ,

May
21
2014
May 21st, 2014 by Elma Jane

Mobile credit card processing is way cheaper than traditional point-of-sale (POS) systems. Accepting credit cards using mobile devices is stressful, not to mention a hassle to set up  and customers would never dare compromise security by saving or swiping their credit cards on a mobile device. Some of the many myths surrounding mobile payments, which allow merchants to process credit card payments using smartphones and tablets. Merchants process payments using a physical credit card reader attached to a mobile device or by scanning previously stored credit card information from a mobile app, as is the case with mobile wallets. Benefits include convenience, a streamlined POS system and access to a breadth of business opportunities based on collected consumer data. Nevertheless, mobile payments as a whole remains a hotly debated topic among retailers, customers and industry experts alike.

Although mobile payment adoption has been slow, consumers are steadily shifting their preferences as an increasing number of merchants implement mobile payment technologies (made easier and more accessible by major mobile payment players such as Square and PayPal). To stay competitive, it’s more important than ever for small businesses to stay current and understand where mobile payment technology is heading.

If you’re considering adopting mobile payments or are simply curious about the technology, here are mobile payment myths that you may have heard, but are completely untrue. 

All rates are conveniently the same. Thanks to the marketing of big players like Square and PayPal – which are not actually credit card processors, but aggregators rates can vary widely and significantly. For instance, consider that the average debit rate is 1.35 percent. Square’s is 2.75 percent and PayPal Here’s is 2.7 percent, so customers will have to pay an additional 1.41 percent and 1.35 percent, respectively, using these two services. Some cards also get charged well over 4 percent, such as foreign rewards cards. These companies profit & mobile customers lose. Always read the fine print.

Credit card information is stored on my mobile device after a transaction. Good mobile developers do not store any critical information on the device. That information should only be transferred through an encrypted, secure handshake between the application and the processor. No information should be stored or left hanging around following the transaction.

I already have a POS system – the hassle isn’t worth it. Mobile payments offer more flexibility to reach the customer than ever before. No longer are sales people tied to a cash register and counters to finish the sale. That flexibility can mean the difference between revenue and a lost sale. Mobile payments also have the latest technology to track sales, log revenue, fight chargebacks, and analyze performance quickly and easily.

If we build it, they will come. Many wallet providers believe that if you simply build a new mobile payment method into the phones, consumers will adopt it as their new wallet.   This includes proponents of NFC technology, QR codes, Bluetooth and other technologies, but given very few merchants have the POS systems to accept these new types of technologies, consumers have not adopted. Currently, only 6.6 percent of merchants can accept NFC, and even less for QR codes or BLE technology, hence the extremely slow adoption rate.  Simply put, the new solutions are NOT convenient, and do not replace consumers’ existing wallets, not even close.

It raises the risk of fraud. Fraud’s always a concern. However, since data isn’t stored on the device for Square and others, the data is stored on their servers, the risk is lessened. For example, there’s no need for you to fear one of your employees walking out with your tablet and downloading all of your customers’ info from the tablet. There’s also no heightened fraud risk for data loss if a tablet or mobile device is ever sold.

Mobile processing apps are error-free. Data corruption glitches do happen on wireless mobile devices. A merchant using mobile credit card processing apps needs to be more diligent to review their mobile processing transactions. Mobile technology is fantastic when it works.

Mobile wallets are about to happen. They aren’t about to happen, especially in developed markets like the U.S. It took 60 years to put in the banking infrastructure we have today and it will take years for mobile wallets to achieve critical mass here.

Setup is difficult and complicated. Setting up usually just involves downloading the vendor’s app and following the necessary steps to get the hardware and software up and running. The beauty of modern payment solutions is that like most mobile apps, they are built to be user-friendly and intuitive so merchants would have little trouble setting them up. Most mobile payment providers offer customer support as well, so you can always give them a call in the unlikely event that you have trouble setting up the system.

The biggest business opportunity in the mobile payments space is in developed markets. While most investments and activity in the Mobile Point of Sale space take place today in developed markets (North America and Western Europe), the largest opportunity is actually in emerging markets where most merchants are informal and by definition can’t get a merchant account to accept card payments. Credit and debit card penetration is higher in developed markets, but informal merchants account for the majority of payments volume in emerging markets and all those transactions are conducted in cash today.

Wireless devices are unreliable. Reliability is very often brought up as I think many businesses are wary of fully wireless setups. I think this is partly justified, but very easily mitigated, for example with a separate Wi-Fi network solely for point of sale and payments. With the right device, network equipment, software and card processor, reliability shouldn’t be an issue.

Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
15
2014
May 15th, 2014 by Elma Jane

Looking to buy a new business phone? Wait!!! A slew of hot new smartphones are set to launch in the coming months, 2014 has already seen its share of major releases. This spring, HTC unveiled the new HTC One M8, which packs a slick all-metal body and Samsung debuted the featured-packed Galaxy S5. Nokia also released the Lumia Icon, its new flagship Windows Phone. But some of the year’s biggest releases are still to come, including a new version of Apple’s iPhone and a follow-up to Samsung’s stylus-equipped Galaxy Note 3. Meanwhile, a new Android phone from startup OnePlus could make a splash. 

Galaxy Note 4

Samsung is expected to launch a follow-up to the Galaxy Note 3 this fall, one of the best business phones ever made, thanks  in part to the included S Pen stylus, which slides out from a slot on the phone’s chassis and turns the device into a note-taking machine. The phablet also boasts a stunning 5.7-inch display that’s big enough for real productivity tasks. Samsung hasn’t officially confirmed any details about the Note 3’s successor, but there are a few safe bets. For starters, fans can expect the line’s trademark stylus to return for the Galaxy Note 4. Its display meanwhile, should rival the Samsung’s newer Galaxy S5 in terms of brightness and picture quality. Finally, considering Samsung packed a fingerprint reader into the S5’s home button, it’s likely the company will do the same for the Note 4. A fingerprint reader can make your business phone more secure, since only you can unlock the device with a quick swipe of your finger.

iPhone 6

Apple’s iPhone 5s is a great phone, but its compact 4-inch display could be too small for some people. Reports indicate that Apple might deliver a much bigger device in the iPhone 6, which is expected to debut this fall in 4.7-inch and 5.5-inch variants. That’s a big deal for business users who depend on their smartphone to stay productive but prefer a larger display. Both models are also rumored to include a blazing-fast A8 processor, an upgrade over the speedy 64-bit A7 chip found in the iPhone 5s. The iPhone 6 is also expected to include the same fingerprint reader that debuted with the iPhone 5s. The reader is embedded in the phone’s home button, and lets you unlock the device simply by placing your finger on the button. And of course, the iPhone is the only smartphone that gives you access to Apple’s App Store, which features the biggest and arguably the best, library of business and productivity apps on any platform.

LG G3

LG is preparing to unveil a successor to its flagship phone, the LG G2 this spring. The so-called LG G3 could be one of the year’s most noteworthy business phones if it retains the G2’s superlong battery life. The phone ran for up to 11 hours in tests that involved continuous Web browsing, making it one of the longest-lasting smartphones ever made. In addition to longevity, the G2 boasts a snappy quad-core processor, a roomy 5.2-inch display and a handy multitasking feature called QSlide, which lets you run a second app in a floating window over your main app. That’s a plus for business users who need to juggle tasks such as responding to email while conducting research in a Web browser. LG hasn’t yet announced which features will get an upgrade for the LG G3, but fans won’t have to wait long to find out. The company is expected to show the device off at a special press event on May 27, though it’s not yet known when the phone will hit store shelves.

Lumia 635

Windows Phone fans saw the release of a new flagship device in the Nokia Lumia Icon this spring. Now, Nokia is following that up with the Lumia 635. A new midrange Windows Phone with a lower price point, that could make it worth a look for budget-minded business users, especially since the device runs on Windows Phone 8.1, a new version of Microsoft’s mobile operating system. One of the phone’s standout features is Cortana, a voice-activated personal digital assistant that can notify you of upcoming appointments, flight information, weather alerts and more. Also, new in Windows Phone 8.1 is the Action Center, which is similar to the notification hub found on both the Android and iOS operating systems. Just swipe down from the top of your phone’s display to view all of your alerts at a glance, and like every Windows Phone device. The Lumia 635 is fully integrated with the desktop version of Microsoft Office.

OnePlus One

The OnePlusOne set to launch this June, is a powerful new business phone with a unique set of features. The 5.5-inch Android device packs a huge display, a top-tier processor and a high-capacity battery. The phone also adds features you won’t find in many flagship phones, such as always-on voice commands. So instead of fiddling with menus and touch-screen controls, you can set an alarm, place an appointment in your calendar or access turn-by-turn directions by uttering a few words – even when the display is off. The OnePlus One also offers a few notable security features you won’t find in most other smartphones. For instance, the phone’s Privacy Guard setting lets you block individual apps from accessing personal information stored on your device. The OnePlus One also ships with built-in encryption for SMS text messages to ensure your private business communications remain private.

Posted in Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
09
2014
May 9th, 2014 by Elma Jane

Email is an indispensable part of running any business, it is so important. It’s often the best  and least intrusive way to communicate with employees, colleagues and collaborators. Not all email platforms are equal, it’s important to choose one with the right email service and  features your business need, also to avoid overpaying for features that you don’t need.

Factors to consider before settling on an email platform for your business.

Bonus Features

Once you’ve found an email service that covers all the basics, check for additional features that can boost your productivity. Some platforms such as Gmail and Outlook includes integrated video chat. That means you can use a single service for both exchanging messages and meeting remotely, making your day-to-day operations simpler and more efficient. Some email platforms also include instant messaging functionality. Instant messaging is better than email for real-time discussions, since you can exchange numerous short messages in rapid succession. Sending an instant message may be preferable to sending an email if the content of your message is not that important

Collaboration Tools

Good business email platform makes it easier for you to work together with your employees or colleagues. The best platforms include tools to help you collaborate. Services such as Gmail and Outlook include a built-in-calendar as part of your email inbox, in a few simple steps you can share your calendar with others so they can view and edit it on the fly. That can really help with planning and collaboration. Email threading is another feature that can help you work together with colleagues. Threaded emails make it easier to follow long exchanges because replies appear one after another in a single thread, instead of being spread throughout your inbox in the order they were received.

 Free or Paid??

One thing you can’t get with a free Web mail service is the ability to use your brand’s name as part of your email address. Registering for a free Gmail account gives you an email address like [username]@gmail.com; but by subscribing to Google Apps for Business, you can secure an email address that reads [username]@[yourbusiness].com. In most cases, you’ll need to already own your own Web domain in order to use it as part of your email address, but registering a domain can cost as little as $10 per year. Services such as Microsoft Office 365, give you your own domain name without the need to pay additional hosting fees.

Security

Whether you pay for email or use a free service, you’ll want tight security for your business inbox especially if running your business involves the exchange of private client data and other sensitive data can be attached to your email account, such as bank account numbers and tax returns. Even more than with your personal email, it’s important to keep cyber criminals out of your business account. Before settling on an email service, check for common-sense security measures such as spam and phishing filters. Support for two-factor authentication is also important. The feature helps keep outsiders out of your inbox by requiring users to have two pieces of information to sign in. The first is your regular password and the second is a freshly generated code sent to either your mobile phone or a second email address. Other security features to check for include built-in antivirus measures to keep malware off your computer, which is especially important if you download a lot of attachments. Whether or not it’s important for you (and any employees) to have a branded email address is ultimately up to you. An email address that includes your own domain name can potentially boost the perceived credibility of your business. On the other hand, a generic email address might be fine for the smallest businesses, especially if you are a sole proprietor.

Storage Space

A branded email address isn’t the only advantage of a paid email service. Paid platforms offer plenty of other perks, such as expanded cloud storage for email and other files. Many free email services offer limited storagespace, forcing you to delete messages when your inbox gets full. If you run a small business that relies heavily on email and you prefer to archive messages rather than delete them, your inbox can fill up in a hurry. By subscribing to a paid service, you can gain access to a much bigger inbox. There are a few other related concerns to consider. The maximum size of an email attachment varies widely between different services, with some services capping attachments at 10GB and others letting you send huge files up to 300GB or more, as long as the file is already uploaded to the cloud.

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May
08
2014
May 8th, 2014 by Elma Jane

The complexity derives from PCI’s Data Security Standards (DSS), which include up to 13 requirements that specify the framework for a secure payment environment for companies that process, store or transmit credit card transactions.

Make PCI DSS Assessment Easier  

Training and educating employees. Technical employees should obtain any certifications or training classes necessary so that they can operate and monitor the security control set in place. Non-technical employees must be trained on general security awareness practices such as password protection, spotting phishing attacks and recognizing social engineering. All the security controls and policies in the world will provide no protection if employees do not know how to operate the tools in a secure manner. Likewise, the strongest 42-character password with special characters, numbers, mixed case, etc. is utterly broken if an employee writes it on a sticky note attached to their monitor.

For an organization to effectively manage its own risk, it must complete a detailed risk analysis on its own environment. Risk analysis goal is to determine the threats and vulnerabilities to services performed and assets for the organization. As part of a risk assessment, organization should define critical assets including hardware, software, and sensitive information and then determine risk levels for those components. This in turn allows the organization to determine priorities for reducing risk. It is important to note that risks should be prioritized for systems that will be in-scope for PCI DSS and then other company systems and networks.

Once the risk assessment has been completed the organization should have a much clearer view of its security threats and risks and can begin determining the security posture of the organization. Policies and procedures form the foundation of any security program and comprise a large percentage of the PCI DSS requirements. Business leaders and department heads should be armed with the PCI DSS requirements and the results of the risk analysis to establish detailed security policies and procedures that address the requirements but are tailored to business processes and security controls within the organization.

Building upon the foundation of security policies, the committee of business leaders and department heads should now review the PCI DSS requirements in detail and discuss any potential compliance gaps and establish a remediation plan for closing those gaps. This is where it is important to have the full support of business leaders who can authorize necessary funds and manpower to implement any remediation activities.

This is also the time to schedule the required annual penetration testing. These are typically performed by third parties, but is not required to be performed by third parties, and can take some time to schedule, perform, and remediate (if necessary). The results of a PCI DSS assessment will be delayed until the penetration test is completed so now is the time to schedule the test.

At this point the organization is ready for a full-scale PCI DSS assessment and can now enter a maintenance mode where periodic internal audits occur and regular committee meetings are held to perform risk assessments and update policies, procedures, and security controls as necessary to respond to an ever changing threat landscape. PCI DSS must become integrated into the everyday operation of the organization so that the organization remains secure and to ease the burden of the annual assessments.

Payment Card Industry (PCI) compliance assessment is a major task for any size organization, but you can make it easier.

 

Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

May
06
2014
May 6th, 2014 by Elma Jane

MasterPass in-app payments is this latest offering from MasterCard to address the specific needs of the digital ecosystem. With MasterPass in-app payments, MasterCard is creating great experiences for consumers across all channels and all devices, and enabling merchants to reach new consumers in ways not possible in the pre-digital world.

MasterPass an in-app payments enabling consumers to make secure purchases within a mobile app has been announced by Mastercard. MasterPass in-app payments eliminate the need to store payment card credentials across numerous mobile apps, providing consumers with a fast and simple payment experience.

MasterCard is also developing a framework to make all payments using MasterPass as or more secure than anything, ensuring that consumers can benefit from the highest possible levels of security.

MasterPass in-app payments extend the capabilities of the current browser-based MasterPass digital service into the mobile app environment, and provide consumers with one secure direct relationship with their bank. Apps with MasterPass embedded in them enable consumers to complete a purchase with as few as one click or touch on their favorite connected device without leaving the app environment. MasterPass in-app payments will be made available to developers and merchants beginning in Q2 of this year.

Posted in Best Practices for Merchants, Digital Wallet Privacy, EMV EuroPay MasterCard Visa, Financial Services, Mobile Payments, Payment Card Industry PCI Security, Smartphone, Visa MasterCard American Express Tagged with: , , , , , , , , , ,

May
05
2014
May 5th, 2014 by Elma Jane

The Payment Card Industry (PCI) Data Security Standard (DSS) has come under criticism as high profile data breaches continue to expose flaws in retailers’ data security systems. But telecommunications firm Verizon Wireless concluded that the PCI DSS is working.

Some Responses to Criticisms  

Nilson Report research from August 2013 that said card fraud cost the global payments market over $11 billion in 2012. Verizon added that the frequency of fraud schemes that the PCI DSS was designed to avoid is in fact growing. And yet most businesses are not fully compliant at the time of assessment. Only 51.1 percent of the companies it had audited had passed seven of the 12 requirements of the PCI DSS and only 11.1 percent of said companies had passed all 12.

Verizon addressed some of the criticisms leveled at the PCI DSS. One concern is that the standard promotes compliance as a test to be passed and forgotten, which distracts companies from focusing on improving security. Verizon responded by stating that breached businesses were less likely to be PCI DSS compliant than unaffected companies. It also said businesses improve their chances of not being breached by having the standard in place, and of minimizing the damage of a breach should one occur.

Another common complaint leveled at the standard is that it is too cumbersome and slow moving in relation to the quickly evolving threat landscape and nimble fraudsters ready to try new tactics. Verizon countered that the PCI DSS is meant to be a set of baseline security protocols. Achieving compliance with any standard is simply not enough, organizations must take responsibility for protecting both their reputation and their customers. Most attacks on networks are of the simple variety, with 78 percent of hacking techniques considered low or very low in sophistication. Data Breach Investigations Report (DBIR)  research shows that while perpetrators are upping the ante, trying new techniques and leveraging far greater resources, less than 1 percent of the breaches use tactics rated as high on the VERIS (Verizon’s Data breach Analysis Database) difficulty scale for initial compromise.

Recommendations

There’s an initial dip in compliance whenever a major update to the standard is released, so organizations will have to put in additional effort to prepare for achieving compliance with DSS 3.0.

The newest version of the standard, PCI DSS 3.0, went into effect Jan. 1, 2014. Businesses have until Jan. 1, 2015, to implement it. The updated standard has new requirements and clarifications to version 2.0 that will take time for businesses to understand and implement, and this will result in more organizations being out of compliance.

To help businesses deal with their PCI DSS compliance obligations the firm offered five approaches:

Don’t leave compliance to information technology security teams, but enlist application developers, system administrators, executives and other staff in helping further along the process.

Embed compliance in everyday business practices so that it is sustainable.

Integrate compliance programs into enterprise-wide governance, risk and compliance strategies.

Learn how to reduce the scope of organizations’ compliance responsibilities, chiefly by figuring out how to store less data on fewer systems.

Think of compliance as an opportunity to improve overall business processes, rather than as a burden.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Mar
17
2014
March 17th, 2014 by Elma Jane

Young people and Londoners are leading the way in adopting cashless payments in the U.K., The U.K.-based market research firm also found that non-bank electronic payment methods such as PayPal are trusted more than contactless and mobile card payments.

According to research, 38 percent of British people are interested in being able to make mobile payments and an enthusiastic 8 percent claim they would apply for mobile payment services straight away. Eighteen percent of U.K. Internet users say they would prefer to be able to stop using cash altogether.

Support for a cashless society is strongest in London, with 30 percent prepared to stop using cash. And it is the nation’s youth who are leading the way in new payment forms. Twenty-two percent of those aged 25 to 34 have used Barclays’ Pingit peer-to-peer mobile payment system, compared to 5 percent of those aged 45-54. About 17 percent of 25- to 34-year-olds have used the virtual currency Bitcoin at least once.

However, consumers are more concerned about the security of mobile payments than card payments. Sixty-five percent of consumers showed some concern about mobile payment security and 61 percent showed some concern about contactless cards, compared with 34 percent who were concerned about using debit cards and the 33 percent who were concerned about credit cards.

Consumers were notably less concerned about using non-bank payment services such as PayPal, which protect users’ financial data from being seen by third parties. Only 27 percent of Internet users are concerned about using non-bank payment services such as PayPal.

Posted in Credit card Processing, Credit Card Security, Digital Wallet Privacy, Electronic Payments, EMV EuroPay MasterCard Visa, Mobile Payments, Mobile Point of Sale, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , , , , , ,

Mar
17
2014
March 17th, 2014 by Elma Jane

Lots of talk has gone on since the recent spate of merchant data breaches on ways to potentially prevent hackers from gaining access to stored payment card data. Use of biometric information, such as a fingerprint, to access stored credentials is among the solutions often bandied about.

The prospects of using individuals’ biometric information for credentialing is fairly scary.  Security may be what biometrics is trying to achieve, but it’s also its biggest flaw. Imagine having your fingerprint information stored at Target this holiday season, that information would now be in the hands of lots of people not intended to have access to it. Unlike a password, someone can’t change his or her fingerprint. So once someone has the print, they have it forever. So even if something is biometric based, it also has to have a lot of other security measures, and that could  include GPS-based location services tied to an individual’s smartphone.

Biometrics alone won’t work. It’s very scary that that information could be stored in a way that someone could figure out how to get it. Even if encrypted, that’s a huge security concern. You can’t change your fingerprint.

Posted in Credit card Processing, Credit Card Security, Electronic Payments, Payment Card Industry PCI Security, Smartphone Tagged with: , , , , , , , , , , , , ,

← Previous Article
Next Articles »