Tag: mobile security

Survey shows that retailers are becoming more interested in new payment technologies and services

Retailers in Europe and the Middle East are planning to invest in new payment technologies in the coming years, according to a survey from ACI Worldwide and Ovum. Many retailers are beginning to see a trend among consumers that involves the use of mobile devices to shop for and purchase products. As this trend become more powerful, retailers are beginning to feel the pressure to engage mobile consumers more effectively or risk being left behind by these consumers.

Retailers in Europe and the Middle East have plans to embrace mobile payments within the next 24 months

According to the survey, more than two thirds of European and Middle Eastern retailers have plans to invest in mobile payments technology within the next 18 to 24 months. These retailers are citing real-time clearing and settlement capabilities and the growing popularity of loyalty programs as the reasons behind these investments. QR codes, in particular, have shown great appeal to retailers that want to engage consumers in an effective manner, as these codes have become quite powerful mobile payments tools.

Security concerns are slowing the adoption of mobile payments in the retail industry

The survey suggests that unfounded security fears have slowed the adoption of mobile payments among retailers. Many companies are concerned with their ability to keep consumers information secure when using a mobile payments platform. Notably, however, a relatively small number of retailers have fallen prey to cyber attacks focused on the mobile sector. The survey suggests that retailers are more comfortable with relying on older, less secure payment platforms that have proven to have security issues in the past.

Retailers believe that consumers want more payment options

The survey shows that 93% of retailers believe that consumers want more options when it comes to paying for products. As such, mobile payments are becoming a more prominent focus for many companies. One of the challenges of embracing mobile payments, however, is the relatively high investment needed to purchase mobile point-of-sale systems and other mobile-centric platforms.

1,500 applications could be open to hackers as a result of outdated code that they continue to contain.

Analytics company, SourceDNA, has identified a mobile security bug that likely still exists in about 1,500 apps that could open up these iOS App Store applications to “man in the middle” attacks.

The problem exists in the way that the iOS apps create secure connections with servers.

The reason is that this connection that is established has a bug in it. This means that a mobile security exists in that anyone who intercepts the data being transmitted from an iPhone or iPad would be able to access the login names, passwords, and a number of other forms of private information that could be sent by way of the HTTPS protocol. When SourceDNA discovered the bug, it reported that among the companies that have kept the outdated code in at least one of their iOS apps were: Microsoft, Yahoo, Uber, and Citrix. This means that millions of Apple device users could have their privacy threatened if the wrong person should choose to attack.

This type of mobile security threat makes it possible for an attacker to take hold of data on the device.

This is because attacks through a “man in the middle” vulnerability opens the device up to a fake WiFi hotspot in order to be able to intercept data contained in devices that have connected to it. Typically, this sort of attack, which are also frequently called “coffee shop hacks”, isn’t possible because those artificial hotspots don’t have adequate security certificates. However, the bug that has been found in the iOS apps has stopped those applications for properly checking for those certificates.

The origin of the bug was in the AFNetworking open-source networking code which has been used in the development of thousands of different apps in order to allow them to connect to servers. The code’s 2.5.1 version was originally introduced in January and it had the bug within it which allowed the connections to occur without checking for HTTPS mobile security certificates. There has since been a corrected 2.5.2 code introduced, but there remain about 1,500 apps at the iOS App Store that have yet to update.