Abstract
New Research from Mercator Advisory Group Explores Emerging Threats to
Mobile Payment Ecosystem
Boston, MA - October 10, 2012 -- Mobile payments have arrived. Driving this
revolution is a large collection of technologies, some of which are immature
and not fully secure. Nascent solutions are a gilded invitation for criminals
to attack at various points within the mobile payments ecosystem. Operating
system (OS) developers, payment networks, banks, and even users need to be
involved in keeping this evolving environment secure.
The two greatest threats to the mobile payments industry are malware and data
breaches. The data breach is well understood and is a universal issue for the
payments industry. Standards like PCI have gone a long way toward combating
the problem. The malware problem, however, is more focused, initially
affecting OS and applications developers, with the effects eventually
spreading to the rest of the mobile payments community.
Mercator Advisory Group's new report, Mobile Payment Security, Fraud, and
Risk: Breaches, Malware, and the OS Linchpin , examines these threats,
explores ways in which fraudsters might exploit them, and indicates how the
mobile industry should prepare and respond.
"Criminals are highly motivated to attack mobile payments because they are
such a rich target. Historically, these hackers have been loosely organized
but effective. They take advantage of the lag between the introduction of a
payment technology and its general acceptance by the public. This period
provides ample opportunity for the perpetrators to discover vulnerabilities
and prepare attack strategies," David Fish, senior analyst in Mercator
Advisory Group's Fraud, Risk, and Analytics Advisory Service and author
of the report, comments. "Our research has indicated that OS developers are in
the best position to limit the spread of mobile malware. They control the OS,
they control their own applications, and they are in a position to control the
offerings of third-party application vendors."
Highlights of this report include:
Discussion of the two approaches to mobile payments and analysis of the
security threats facing them.
Review of traditional forms of payment fraud and explanation of how these
forms are evolving as mobile enters the payments ecosystem.
Examination of the methods and vectors that fraudsters use to obtain payment
card information and the schemes they exploit to capitalize on stolen data.
Analysis of the drivers of insecurity in the mobile arena, including OS
application review processes, time-to-market pressures, vulnerabilities to
phishing, WiFi hacks, man-in-the-middle attacks, and others.
Recommendations for tighter mobile payment security for OS developers,
corporate and individual mobile users, application developers, and mobile
carriers.
One of 10 exhibits in this report:
This report is 27 pages long and has 10 exhibits.
Companies mentioned in this report include: American Express; Apple; Dwolla;
First Data; F-Secure; Gemalto; Global Payments; Google; Isis; LevelUp;
MasterCard; Microsoft; PayPal; Research In Motion; Starbucks; Symantec;
Symbian; Visa; and WebMoney.
Table of Contents
Executive Summary
Introduction
- Mobile Security
- Vulnerabilities in OSs and Apps
- The Mobile (Payment) Future
Emerging Threats: Mobile Payment Fraud
- Mobile Payment Approaches
Payment Fraud
- Traditional Payment Card Fraud
- Modern Payment Card Fraud
- Data Breaches
- Malware
- The Outcome: Identity Theft
Mobile Operating Systems and Applications: Leading the Way to Payment Fraud
- Competition Drives Fast-Paced Software Development (and Bugs)
- Third-Party Applications as an Entry Point
Mobile Phishing: The Berkeley Reports
WiFi Hacks
NFC and Device-Based Security Threats
- Lost/Stolen Devices and Walk-offs
- Ghost and Leech Attacks
- Other Forms of Potential Compromise
Conclusion and Recommendations
- For OS Developers
- For Corporations and Individuals
- For Application Developers (Merchants, Issuers, Corporations)
- For MNOs
- Copyright Notice
- Endnotes
Mobile Payment Security, Fraud, and Risk: Breaches, Malware, and the OS Linchpin published by Mercator Advisory Group, Inc. in November 20, 2012. This report consists of 27 Pages and the price starts from US $ 2950.
