Payment security flaw hampering mobile POS systems

For merchants, one of the biggest challenges is payment security. With new options on the market and hype convincing retailers to start using mobile devices, some business owners are throwing caution to the wind and trying to be "hip."

The problem of jumping on a trend like this is that in many cases it is still in the beta phase and not as secure as it should be. This is what was found in a recent article from security website Dark Reading. The piece recapped the last month's App Sec USA conference, specifically a presentation given by Mike Park of Trustwave.

Park and his team had taken several mobile devices, and within 10 minutes were able to access the credit card information stored on the applications. This happened because many retailers rely on the encryption ability of the app and jailbreaking the device makes it possible to bypass these security measures.

"A lot of retailers are moving to 'i' devices because they want to look trendy, hip, and be a cool retail location. They don't want those bulky mobile PoS devices — they want the cool Apple devices," Park said. "The problem really is that it increases the attack surface and they don't realize it."

He went on to say that many organizations are milking mistakes at the beginning of a deployment that spirals into more complicated issues down the road. If a business can't handle simple credit card processing, what chance is there to install a more complicated system down the road?

Scroll to Top