POS malware threats on the rise
A recent report by the FBI offered more details about the extent of the security breach at retail giant Target.
According to the report the cyber-thieves were able to plant malware on tills and collected payment card data over the holidays. The thieves were able to gather personal data including card data on about 70 million customers.
The software used, sort of a virus code, is widely available on undergrounds markets and can be found for as little as $6,000. The FBI reports that more than 20 cases have been reported where similar malware was used to steal credit card data. The code was inserted on to credit and debit card swiping-machines, cash registers and other point-of-sale (POS) equipment without retailer’s knowledge and ran unnoticed for over 19 days.
The attack which is believed to have been one of the largest attacks in history in terms of duration and number of customer impacted clearly shows how primitive and vulnerable is the existing payment infrastructure.
Beacons as an authentication device
One alternative is the use wireless beacons during the payment transaction.
These beacons can be used as a method to conduct a contactless payment transaction where all credit card and financial information is only exchanged between the merchant and the payment gateway in the cloud. Hence, all personal information is protected from tampering as the payment transaction takes place in the payment network and no customer data is collected at the POS from the user.
A beacon for example can be used in very close proximity “whisper mode” where the smartphone must be within inches to trigger a payment. An additional form of authentication such as PIN, screen touch gesture or voice biometrics can be used to authorize the transaction on the cloud.
mBeacon2Pay – A gateway-agnostic mobile payment solution
Netclearance Systems, Inc. mBeacon2Pay is a patent-pending beacon based and gateway-agnostic mobile payment solution that can be used to incorporate an extra layer of security in payment transactions that could make these types of attacks a thing of the past.
The mBeacon2Pay solution’s interoperability extends into software, too, as it can easily integrate with mobile apps thanks to Netclearance’s SDKs and REST-based server APIs. Meanwhile, mBeacon2Pay is by default compatible with a variety of PCI-compliant gateways, including PayPal, Stripe and Braintree, to name a few. This allows customers the flexibility to choose the network that best fits their needs without being locked into a single mobile payment app or provider.
For more information on our contactless payment solution please contact us for a consultation.