800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
Beyond Passwords and PINs

Beyond Passwords and PINs

Apple Pay and biometric authentication offer alternatives to password and PIN security. How secure are they? Read to learn what risks your clients may face.

Friday, November 07, 2014/Categories: cyber-risk

From an IT perspective, a password or PIN is not a hallmark of security – it's a necessary evil. Ideally, there'd be a more secure way of encrypting and transferring data, but as it is, we're stuck with these options. But that might be changing.

Following Apple Pay's debut, a number of companies are trying to find new approaches to payment security. Advisen reports that MasterCard and Zwipe are currently testing a pilot program that uses a customer's biometric data to secure a transaction.

Just like a password or PIN, biometric data – fingerprints, heartbeats, etc. – can be used to authenticate a transaction. To use this new type of MasterCard, customers press their finger on the card's sensor, activating the card's ability to pay. By tapping the card to a reader at the cash register, they're able to pay instantly.

As an IT consultant, you might have to guide your clients as they transition to "contactless payments" (i.e., payment systems where you press a phone, card, or fob to a sensor). Taking advantage of these new systems can offer your clients a better way to secure client data, but this new technology still has its risks.

Let's go over some of the biggest questions remaining for Apple Pay and other contactless payment systems:

  • Why are some stores opting out of Apple Pay?
  • How does contactless payment security compare to a traditional POS system?

Apple Pay Rejected: Why CVS and Rite Aid Turned to a Rival

The New York Times reports that Apple got some disappointing news when popular pharmacies CVS and Rite Aid announced they would no longer be accepting Apple Pay. Why the change of heart?

CVS and Rite Aid are members of a retailer group called Merchant Customer Exchange, or MCX, which is preparing to launch its own contactless payment system.

Maybe that's because Apple Pay's system…

  • Doesn't collect data about a user's purchases.
  • Doesn't track purchasing tendencies of their customers.
  • Allows greater privacy for customers.

Retailers want customer data to use for their marketing. Tech analysts speculate that when the MCX merchants roll out their contactless payment system, they will be able to track the customer purchases and won't have to follow Apple's privacy protocol.

Security in Contactless Mobile Payments and Other POS Alternatives

The flurry of recent retailer hacks reveals the weaknesses of modern day POS systems. Home Depot, Target, and other big name retailers have all had credit card data stolen by relatively simple malware attacks.

Biometric data will probably make transactions more secure, but digital financial transactions will always have unforeseen security flaws. Cases of human error can also lead to data breaches.

It wasn't long after Apple started to use a fingerprint reader on iPhones that hackers figured out how to lift a person's fingerprints from the screen and imitate them for the scanner.

While the security flaws in Apple Pay or MasterCard's biometrically secure card are still unknown, a hacker somewhere will likely figure out how to break in.

IT Takeaways: What to Tell Your Clients about Contactless Payments

New mobile payments will change the way merchants handle customer data (and limit their cyber risk exposure), but these changes will be incremental and still involve risk and tradeoffs.

If you're tasked with helping clients upgrade a POS system, keep these three things in mind:

  1. No payment system is 100 percent secure.
  2. New contactless payments can improve security.
  3. When choosing between new payment systems, make a choice about tradeoffs for user privacy and the amount of data you can collect.

To learn more about mobile payments and IT risk, see our report about the new iPhone 6: "Will There Be Unforeseen Security Issues with Apple Pay?"

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews

Categories

The Small Business Insurance Leader