Statistics suggest mobile card readers can be security threats, as they are not built behind firewalls and are vulnerable to malware.
October 26, 2017 2 minute read
Nowadays, it seems like everything is shifting toward mobile. From fitness and food journal apps to shopping and coupon code capabilities, smartphones and other mobile devices offer an unprecedented degree of versatility and accessibility. It's no surprise, then, why mobile card readers have become such prominent tools for merchants, particularly those who accept payments on the go.
But are they really a secure option? Not so much, perhaps. Statistics shed some light on this topic.
A 2013 report by PCI DSS company SecurityMetrics addresses the growing interest in mobile processing, as well as its associated risks.
“Essentially, mobile devices were designed for convenience and ease of use, not necessarily for security," it concludes.
Why? Because standard POS (point of sale) systems are “typically placed behind a firewall in a controlled environment with limited access to the Internet, and therefore have limited attack vectors; whereas mobile devices are automatically connected to the Internet via cellular or unsecured public wireless,” explains the analysis.
The report details how 32 percent of 2012's mobile malware—dangerous software designed to damage mobile systems—were created to steal users' information. In fact, by the end of that year alone, 40,000 malware threats were unleashed.
Within just the first quarter of 2013, 22,000 threats were detected. Most of these specifically targeted Android devices, the most popular.
Mobile devices aren’t just vulnerable to malware, though.
An Intel Security, McAfee, Inc. report discussing this year's most likely threats to mobile devices, discovered that ransomware—software that retains people’s information “for ransom” until certain demands are met—is increasingly threatening the security of PC desktops, mobile devices, and other “smart” machinery.
The study mentions a specific January 2017 ransomware case called “Charger.”
“The malicious snooping app was briefly available on Google Play and targeted Android devices before being pulled," it explains. "‘Charger’ demanded 0.2 Bitcoins and threatened to sell the victim’s personal information on the black market if the ransom was not paid.”
To better secure mobile card readers, follow PCI DSS requirements.
The Payment Card Industry Data Security Standard (PCI DSS) help credit card processing solutions, whether mobile card readers or POS systems, protect consumer information and decrease the likelihood of malware, ransomware and other data breaches.
The PCI Security Standards Council offers merchants guidelines for accepting mobile payments. These are often revised over time, with the most recent updates made in February 2013.
Following these recommendations—which include disabling “unnecessary device functions” and ensuring “the security disposal of all devices”—will improve the security and effectiveness of the payment-acceptance experience.