Card Catastrophe: Why Mobile Processing Should Scare You

Have your begun processing payments with a smartphone or tablet yet? Maybe they're seriously considering implementing a processing strategy like many other businesses and micro-merchants. That's wonderful. But here's the bad news. Though mobile payments are growing exponentially, the portion of processing credit cards via mobile devices has seriously been neglected.

Get up to speed with the issues

Mobile processing (e.g., Square, GoPayment) is a double-edged sword. On one hand, it allows more processing flexibility, but it also has the potential to dramatically increase fraud and business liability. The problem with mobile devices is that they weren't made for security or payment processing. Hackers know that, and they are after customers' profitable payment data.

How could a device so innovative and technologically advanced not securely process a credit card?

Mobile devices are exposed to the same threats as computers (e.g., malware, viruses) but the and software is created with significantly fewer security fortifications. Unlike typical (POS) systems, even new mobile devices don't include firewalls or other safeguards, and are automatically connected to the Internet.

Bad apps

One of the security drawbacks with a mobile device is that it's difficult to guarantee an app is malware-free as it enters an app store. Thousands of malicious apps are downloaded through official software stores daily, putting smartphones and tablets at risk for payment card theft.

Hackers repackage apps, or create their own malicious apps, to be downloaded by unsuspecting mobile users. For example, malicious code could be embedded in a popular flashlight application. Those bad apps have the power to steal credit card information, listen to text and audio conversations, read data from other applications, or even control the actions of the entire device.

Lack of security policies

In addition to bad apps, many organizations fail to implement procedures that dictate the proper use and storage of mobile devices. Loss, theft, and employee misuse are all security issues that are easily prevented through franchise security policies.

Fines and penalties for compromise

If hackers steal customer data by accessing a franchise's mobile POS system, the business could be held liable by card brands like Visa, MasterCard, and American Express as per the Payment Card Industry Data Security Standards (PCI DSS). Fines and penalties may follow, which may include forensic investigations and customer notification costs. Research shows that 80 percent of all small businesses that experience a data breach either go bankrupt or have severe financial difficulties within two years of the breach*.

Even if you manage to avoid the forensic fines, auditing costs, and card brand penalties, your brand may still face consumer doubt and criticism.

Security checkup

Because your brand is at increased risk per mobile-device POS user, you have the right to regulate device Mobile device vulnerability scanning is a great way of identifying which franchises follow mobile best practice guidelines. I suggest regular testing through a security scanning app. When selecting a mobile vulnerability scanner, check if it also includes a mobile device management (MDM) to allow you to remotely wipe devices or check in on multiple locations' security.

5 best practices to protect franchises

Though mobile security is in its infancy, there are methods to securely process via mobile devices.

  1. Use an encrypt-at-swipe piece of hardware that attaches to a smartphone or tablet to securely process payment cards. Perform due-diligence when selecting mobile POS hardware to ensure it supports encrypt-at-swipe.
  2. Don't manually key customer's credit card data, even if a card stubbornly refuses to be swiped! While your hardware card reader may encrypt sensitive information at-swipe, your phone does not have that secure capability. Manually-typed data is not encrypted, and a rogue app could be recording those card numbers.
  3. Always update both OS and app software so any discovered security holes can quickly be patched.
  4. Read up on the PCI Mobile Payment Acceptance Security Guidelines for Merchants and follow all the instructions. Ensure your employees are also familiar with the mobile security standard.
  5. Use mobile scanning apps to ensure devices are tested for mobile processing security. Don't forget to promptly remediate any discovered vulnerabilities.

Not a serious problem...yet

Luckily for all of us, mobile payments are thinly spread among small merchants and its likely hackers are more concerned with obtaining credit cards from known, high-transaction areas. However, as the trend of mobile device payments increases, so will attacks on businesses via mobile devices, resulting in reputation loss and possible fines from card brands.

John ClarkJon Clark is the Marketing Director for SecurityMetrics, and can be reached at jonc@securitymetrics.com or 801-995-6858. SecurityMetrics is a data security and compliance company that offers mobile vulnerability scanning products and PCI services for businesses worldwide.

Social Reach:

Viewer Response:

comments powered by Disqus
 

Hot Opportunities

Bricks 4 Kidz Franchise Opportunity

Bricks 4 Kidz
Bricks 4 Kidz provides project-based programs designed to teach principles...

Add
Doc Popcorn Franchise Opportunity

Doc Popcorn
Doc Popcorn is revolutionizing the way people snack in high-traffic...

Add
Oxi Fresh Franchise Opportunity

Oxi Fresh
OXI FRESH is a GREEN Carpet Cleaning Franchise and one of Entrepreneur's...

Add
Jimmy John's Gourmet Sandwich Shops Franchise Opportunity

Jimmy John's Gourmet Sandwich Shops
Jimmy John's franchise success is built upon an unyielding commitment to...

Add
Papa Murphy's Take 'N' Bake Pizza Franchise Opportunity

Papa Murphy's Take 'N' Bake Pizza
The world's largest, fastest growing Take 'N' Bake pizza franchise is...

Add
FASTSIGNS Franchise Opportunity

FASTSIGNS
Signage has never been more important. Right now, businesses are looking...

Add
Pump It Up Franchise Opportunity

Pump It Up
If you love the idea of owning a small business and you enjoy the thought...

Request Information
Hardee's Franchise Opportunity

Hardee's
At Hardee's®, our next success story is you. We consistently out-deliver...

Request Information


The Franchise Buzz:


A Franchise Update Media Group Production Franchise Update Media Group | P.O. Box 20547 // San Jose, CA 95160 // PH. (408) 402-5681
Copyright © 2001 - 2014. All Rights Reserved. Site Hosting Provided By: wishVPS on FUMG3
0
Your Request List:
No Opportunities Saved