Sep 20, 2013
Visa Security Summit 2013 - Mobile Payments Security Requires a Little More Effort
Guest blog by Brad Caldwell, CEO, SecurityMetrics
Mobile point-of-sale (mPOS) has the potential to forever change the interaction between business and consumer. Because of the low entry barrier to obtain a smartphone or tablet device, many companies now offer mobile as a way for consumers to process their card payment.
Mobile devices were initially developed for communication and convenience, not necessarily security. Now that devices organize the important details of business and private lives on wireless data networks, security is high on the consumer wish list and requires a bit of extra work to achieve.
Many businesses are enthusiastic and ready to implement mPOS. Although seemingly technologically advanced, smartphones and tablets aren't created with the typical security features that have evolved in computers over decades of development.
As more and more merchants across the world use mobile devices to process customer payment transactions, hackers will continue to adapt their strategies to gain the most sensitive and profitable information from mobile devices.
Unless security precautions are taken, credit card numbers, personal information, and passwords entered, texted, or saved into personal and business mobile devices may be at risk.
Don’t despair. Though mobile security is in its infancy, there are proven methods to securely process via mobile devices. Here are five tips to help your mobile processing strategies stay one step ahead of hackers.
- Use an encrypt-at-swipe piece of hardware that attaches to your smartphone or tablet to securely process payment cards. Perform due-diligence when selecting mobile POS hardware to ensure it supports encrypt-at-swipe.
- Minimize manual key entry of customer’s credit card data, even if a card stubbornly refuses to be swiped! While your hardware card reader may encrypt sensitive information at-swipe, your phone does not have that secure capability. Manually-typed data is not encrypted, and a rogue app could be recording those card numbers.
- Always update both OS and app software so any discovered security holes can quickly be patched.
- Use discretion when downloading apps. Many pieces of malicious software infect mobile devices by acting as a Trojan horse inside an app. Even some apps that look legitimate may be infected.
- Use a mobile vulnerability scanner. A mobile vulnerability scanner, such as SecurityMetrics MobileScan, can check a device for security holes that may grant access to hackers.
As an industry leader in securing payments, SecurityMetrics is on the security front lines providing the technology needed to protect mobile devices. Visit them at www.securitymetrics.com/mobilescan for more information.
SecurityMetrics is a sponsor of the 2013 Visa Global Security Summit. Visit them at the SecurityMetrics booth during the event on October 2. For additional information on mPOS acceptance, Visa has published a list of mobile acceptance best practices, which can be accessed here or visit our website for additional information.
Posted by: Brad Caldwell, CEO, SecurityMetrics on September 20, 2013 at 11:14 am
Sep 17, 2013
Visa Security Summit 2013 - Crowd-Sourcing a New Solution to Consumer Education
Did you know that consumers spend more than two hours a day in mobile apps? That's nearly as much time as people spend watching television. Mobile devices are transforming how consumers learn and engage. When it comes to security, an engaged consumer is a more protected consumer. There are countless studies that have shown consumers who check their accounts online or take steps to monitor their credit report are less likely to be victimized by fraud and identity theft.
As consumer adoption of new technologies evolves, we are evolving our strategies and practices to ensure we're reaching consumers in relevant ways. And that includes our efforts to educate consumers about payment security.
In April, Visa became a first-time sponsor of TechCrunch Disrupt NY, one of the nation's top hackathon contests, which attracts more than 700 developers from around the world. Developers were given 24 hours to create an app that would help consumers learn payment security basics. The event generated a number of creative ideas and lots of interest from developers.
Now Visa is showcasing this fresh thinking at our flagship security event, the Visa Global Security Summit. Two standout teams from Disrupt will showcase their ideas on stage at this year's event. Attendees will then vote on which app will win the $5,000 Developers Challenge Award. You can preview information on both teams here.
With consumers being inundated with more information today than ever before, it is critical that we continue to find new and innovative ways to reach them with important security information. We're excited to be tapping into the talent of the independent developer community to help expand our thinking on how to reach consumers via mobile.
We're looking forward to seeing the demos showcased on October 2...and may the best team win!
Posted By: Jennifer Fischer, Head of Americas Payment System Security on September 17, 2013 at 11:16 am
Sep 9, 2013
Visa Security Summit 2013: Focus on Responsible Innovation
Connecting the world's commerce would be daunting without technology. It's what generates purchase authorizations in about the time it takes you to blink. It's what identifies fraudulent transactions in that same blink of an eye. And now it's changing the way commerce is conducted.
Mobile devices and social networks are creating an always-on society where people can connect with each other and do business anytime, anywhere. We call this the "new normal." Unfortunately, the solutions that make it easier for us to connect with each other also make it easier for criminals to connect with us.
Can we use the capabilities of the new technologies to deliver a payment system that is safer than ever before? Or will these technologies bring opportunities to criminals that will challenge our security teams as never before? This is the crossroads we stand at today.
At Visa, we call the road ahead "responsible innovation." It's a two-part idea.
First, we must stay true to the principles that have made us successful, ensuring that every innovation comes with the same level of security that our stakeholders have come to expect. Our imperative must be to build security into every solution from the ground up, not after the fact. Otherwise, we risk losing the trust on which our business depends – trust that's been built over decades.
Second, we must consider how new technologies are changing consumer behavior. Consumers are using the mobile and social world to open their private lives to friends and family in new ways. In so doing, they are also opening their personal details to others with darker intentions. Clearly, our second imperative must be to adopt security approaches that work in a world where nothing is certain to be private.
At this year's Visa Security Summit, to be held on October 2 in Washington, D.C., we will bring together a range of speakers – elected officials, entrepreneurs, technologists, journalists and global development experts – to talk about this unique intersection of technology and security.
Please join us for one of the most important conversations on payment security! And thank you to our sponsors, including Trustwave, SecurityMetrics and Kaspersky Lab, for helping make this dialogue possible.
Posted by: Ellen Richey, Chief Enterprise Risk Officer on September 9, 2013 at 9:00 am
Aug 21, 2013
Visa Continues to Support Aspiring Cyber Pros
In an effort to help inspire and train future cybersecurity professionals, for the second straight year Visa partnered with San Jose State University and the Bay Area Council to host the 2013 U.S. Cyber Challenge Northern California Cybersecurity Summer Boot Camp. Held August 4-9 at San Jose State University, the camp's mission is to give aspiring cyber security professionals hands-on training with workshops and presentations focusing on intrusion, detection, penetration and forensics. Students also had the opportunity to attend a job fair as well as talk with representatives from major San Francisco Bay Area technology companies and the federal government about how to prepare for a career in the cyber field.
I was thrilled to be invited to share my experiences in the field, hear directly from students at the executive roundtable discussion, and also watch them put their skills in action during the camp's capture-the-flag competition.
When it comes to protecting the payments system from cyber threats and attacks, it starts with hiring and training the most talented cyber security professionals. That's why we need to ensure we have the brightest minds and most effective tools available to meet the nation's growing needs in the ongoing battle against cybercrime. As The Office of the Comptroller of the Currency warned in its spring 2013 Semiannual Risk Perspective report, "cyber-threats continue to increase in sophistication and require heightened awareness and appropriate resources to identify and mitigate the associated risks."
Demonstrating our continued leadership and commitment to this issue, on October 2, 2013 in Washington, DC, Visa will be convening executives from business, government, academia and law enforcement at the Visa Global Security Summit. This year's theme will be "Responsible Innovation: Building Trust in a Connected World" and will feature keynotes by RSA Executive Chairman Arthur Coviello, who also joined on site at the San Jose State cyber camp, as well as Senator Kirsten Gillibrand (D-NY).
Space is limited so for more information and to register, visit: http://www.visasecuritysummit.com/. Visa will also be sharing more details on its website as they become available as well as through @VisaSecurity, hashtag #PaymentSecurity and on LinkedIn.
Posted by: Gary Warzala, Head of Global Information Security on August 21, 2013 at 9:00 am