Imagine that there was a better way to help crooks steal more money . . .
Well, now there is a new way to do just that. Apple developed a new way to pay for things by using the iPhone and a new payment system called Apple Pay. The idea is that when a person goes into a store, instead of using a credit card, they can pay, using their iPhone, however there is a problem with this.
Brian Krebs, a touted authority on security in today’s online world says “Apple Pay makes it possible for cyber thieves to buy high-priced merchandise from brick-and-mortar stores using stolen credit and debit card numbers that were heretofore only useful for online fraud.” (cite) The banks that Apple has partnered with are now feeling this increase in fraud (6% and growing) and the pressure is on Apple to fix this though the problem is not really their’s to fix. To be fair, the real real weak point in security is the bank since what is really happening is stolen credit cards are being put into Apple Pay and the banks are not catching this. Remember all of those stolen credit cards from the Target credit card heist? Apple Pay allows theives to use this stolen information in a new way (cite). Avivah Litan (a fraud analyst with Gartner Inc.) believes that this problem will only become worse:
. . . This problem is only going to get worse as Samsung/LoopPay and the MCX/CurrentC (supported by Walmart, BestBuy and many other major retailers) release their mobile payment systems, without the customer data advantages Apple has in their relatively closed environment.
Samsung has wooed the same bank partners Apple did to start a mobile payment service (Samsung Pay), they have released the Galaxy 6 phone as being a means to conduct mobile payments (it is a nice phone too) and they released a security layer for Android called Knox, which enables the user to securely pay for things with their smartphone (preferably their Galaxy phone). Samsung’s Knox was even certified as being safe and secure by a part of the American Government (the guys that want backdoors into everything). Knox had been compromised, however Samsung is working to address this problem and has made progress, Samsung wants their cyberpayment software to use a magnetic card reader, which is not encouraging since credit cards with magnetic strips are known enablers of credit card fraud. (cite and cite) Samsung will also waive fees for using their mobile payment system, which does encourage use.
Business does make for unusual alliances, and so Blackberry and IBM have come together with Samsung to create SecuTablet – a modified Samsung Galaxy Tab S 10.5 bundled with security management software and a hardware encryption module, however the normally 500.00 USD Samsung phone becomes a 2,250.00 USD device called SecuTablet! (cite) This sort of device is not for the casual user that wants to buy something though, rather it is intended to be for environments that require better security (government, etc.).
Though Apple and Samsung may eventually perfect secure devices, the banks are still the biggest source of security worries, especially when they continue to use cards with magnetic strips or a chip and PIN system that has been hacked. Even now, the Korean banking industry is finally getting around to blocking the use of mag-stripe plastic cards, in all Korean ATMs, from May. (cite) There are still reports of credit card information being stolen by infected POP systems in business. One place that has seen a rise in credit card fraud is Aspen, Colorado, since Aspen has so many holiday visitors from everywhere. As one Aspen police detective notes:
A lot of these network intrusions are coming from the Ukraine, Russia, North Korea and China . . . It all comes down to the information stored on credit cards. Once a card is scanned at a business that information is sent to a server. If it’s infected with malware, that server sends the credit card information to criminals.
Considering how more and more large businesses are having their fee processing system infected with malware and how inept banks are at dealing with credit card fraud, companies like Apple and Samsung may eventually become more trustworthy than banks, especially if they don’t gouge their customers with processing fees and are more secure than banks are now in their transactions.