Magazine article American Banker

A Big Threat in Small Devices: Fraudsters Flock to Mobile

Magazine article American Banker

A Big Threat in Small Devices: Fraudsters Flock to Mobile

Article excerpt

Byline: Kate Fitzgerald

LAS VEGAS a In merchants' eagerness to use mobile devices to attract new business, many are inadvertently creating new openings for credit and debit card fraud.

And fraudsters have noticed. Many hackers now favor the mobile versions of ecommerce sites, which have fewer protections than desktop sites, data-security experts said in a panel discussion at the Cartes in North America conference this week.

One of the biggest new categories of fraud tracked by Threatmetrix Inc. was fraud originating "not from a mobile device, but from fraudsters spoofing a mobile device from a real computer," said Peter Liske, vice president of product management at Threatmetrix, in a presentation. "Fraudsters have found a way around the protections through the mobile channels using other tools."

The problem stems from merchants that value speed to market over security when they create mobile versions of their e-commerce sites.

"A lot of merchants are not doing all the usual fraud screenings they do for general e-commerce and they're creating brand-new opportunities for fraudsters," he said.

This is a growing problem for merchants, said Walt Conway, a security consultant with San Francisco-based 403 Labs LLC, in a presentation.

"Clearly mobile is taking off and the retail industry is just going with it, but there are no standards," he said.

The Payment Card Industry security standards council, which manages the PCI data security standard, "is still studying it, but there is not a lot of guidance on what is a secure application," Conway said. "We don't know what all these devices are doing, storing data or how things are being transmitted."

Merchants tend to underestimate the various ways in which card and payment data is exposed through e-commerce and mobile sites, Conway said.

"Merchants are often the last ones to know all the places they are storing cardholder data," he said. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.