Mobile payments, whether on the receiving or paying end, is taking up a major chunk of how payments are made. With that, there has also been a huge increase in mobile payment fraud.
Prakash Ranganathan, Director of Cybersecurity at University of North Dakota noted hackers are finding a “lucrative target” in cheap card readers that attach to smartphones or tablets because it’s fairly easy to exploit their vulnerabilities. Therefore, it’s best to invest in higher-quality, more costly card readers.
Mobile phones are just like a laptop or PC, they are running on various hard and software systems.
I’m sure we all know someone who is still using an older device, which would be considered obsolete.
From a personal use standpoint, no big deal. From a business standpoint? DANGEROUS.
Why is it so “dangerous”?
The older devices are not able to support the latest security technology, leaving you wide open for hackers and fraud. According to a survey, the total percentage of mobile payment crimes has reached 71% in 2019. This percentage will only continue to climb higher and higher. As a responsible business owners, we need to revamp how we handle our mobile payments. Since I am a wannabe security expert (hell bent angry consumer) I want others to be safe; merchants, and the customers.
Unlocked, or rooted phone?
You may think that having an unlocked, or rooted phone is cool. If you think that dismantling the entire Operating System and leaving yourself wide open for malware or viruses,...then cool story bro. The rest of us who are informed and aware of the risks won’t be about that life.
According to Tim Armstrong, a security specialist at Boston-based Threat Stack "A lot of people don't realize what they're doing," he said. "When you launch the jailbreak, you're defeating the security of the phone. Once you do that, every application has full access to the phone and you put trust in the people who create the apps."
There is no longer any antivirus software available for the Apple iOS, and the few products that did exist were limited in their abilities. "That's because Apple locked down the operating system," Armstrong said. "But if you jailbreak your iPhone, it's buyer beware."
Long story short; if you jailbreak your iPhone, or root your Android, you're on your own. There's no program that can protect you from infection, other than Jailbroken apps, which are not always supported in new versions of the Apple iOS, and each system update pushed out by Apple usually will erase jailbroken apps that depend on them. You'll have to jailbreak the device again, reinstall the unauthorized apps and hope they all still work.
Do Customers even notice or think about security?
A study by Auriemma Consulting Group revealed about one-third of customers who make purchases via mobile payments were worried about security. Customers (myself, and anyone I associate with) won’t use a payment reader that looks outdated, on the mall wi-fi or showing any hint of being unsecured. If your customers see things as sketchy, you've not only lost a sale, but also on future sales, and maybe even referrals.
How to stay safe with mobile payments
It is paramount to be even more careful with mobile payments than the typical POS (Point of Sale). A POS is safer because it is running behind a firewall. Smartphones are not classified as a dedicated hardware for payments because they were not designed with that in mind.
A very scary reality is that older and outdated card readers are still in circulation and processing payments successfully. A customer is not going to know whether the reader is up to date and PCI compliant or not.
You should REQUIRE the following information for any mobile or over the phone payments;
Complete card number
Security code / CVV code
Billing zip code
Key Practices for phone / mobile payments.
1. On the signature line of the printed receipt for the order, instruct your staff members to write “Phone order.”
2. Keep the paper receipt filed with the rest of your receipts and invoices.
3. Do not use a payment option that allows for PIN entry directly into the device, it should only happen with an encrypted PIN pad.
4. Second bank account for mobile payment events, less risk, keeps the rest of the customers safe.
5.Make sure that you are using a password and not auto signing in
6. Phones are very prone to ransomware, from downloads or web pages visited. Business doesn't mix with pleasure right? This is NOT ant different.
7. Set up phone with the ability to wipe it clean remotely in the chance of loss or theft.
8. Disable auto fill so you are not storing customer information.
9. Don’t even consider using a public wi-fi connection.
If you take one thing away from this blog post, take the fact that doing any and all software updates are paramount for security.
In the year that I have been with Platinum Payments, I have spoken with many many business owners, attended events and learned to see a plethora of red flags, warning signs and where business owners are lacking. I have witnessed first hand (ahem, farmers market) how many merchants are doing the opposite of what safe is. It is incredible to me to see business owners taking so much risk, when it is so simple to be compliant and secure.
One issue that is prevalent with our competitors is they are trying to saturate the market and push for sales, Platinum Payments is taking the time to make sure the security is a top priority. We look out for EVERYONE, not just “our” customers. Even if you don’t like what I have to offer, I would bet that you at least learned something you didn’t know before and ways to implement that new education you just got schooled with.
If one phone call could ensure your business is still standing to see another fiscal year, isn’t that worth the time it would take to talk to someone who does this full time? One call could help you save everything in it's entirety due to PCI, customer retention, ways to increase revenue, account monitoring, custom built plans, phenomenal customer support, and then maybe even save some money. You do you, let me do the rest.