PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Events
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Events
No Result
View All Result
PaymentsJournal
No Result
View All Result

Flaws in 4 Major Mobile PoS Devices on Display at Black Hat

Tim Sloane by Tim Sloane
August 15, 2018
in Analysts Coverage
0
hacker

hacker

10
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

This Dark Reading article discusses hacks that were attempted at Black Hat to test POS devices from Square, iZettle, PayPal, and SumUp. The hacks discovered some vulnerabilities such as susceptibility to arbitrary commands and amount tampering via remote code execution, but generally discovered that broader risk management procedures such as onboarding precautions, device protection, and transactional risk monitoring were adequate:

“It’s important, Galloway and Yunusov said, to remember that the MPOS devices are part of an overall financial ecosystem, and that different companies protect devices and transactions in different ways. “We did find some really good examples of anti-fraud protection,” Galloway said in the interview. “Some vendors were carrying out very sophisticated anti-fraud detection using forms of correlation to identify bad devices and readers,” she explained. The researchers also found a wide variety of anti-fraud activities taking place during the device and merchant enrollment process, with some vetting potential merchants much more heavily than others.

In the test results, Galloway and Yunusov found that Square and PayPal had the most active anti-fraud and security checks during the transaction process, with iZettle monitoring less actively. They also found that the Miura devices used in some instances by Square and PayPal were susceptible to arbitrary commands and amount tampering via remote code execution.

In general, though, ‘We were impressed by the level of physical security mechanisms in place generally,’ Galloway said. ‘Most of the readers that we looked at have good internal protection from tampering. It was very good for a product that retails at that price and we were surprised by that, actually.’ ”

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

 

Tags: iZettlemPOSPayPalSecuritySquareSumUp
10
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily
    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    eBay’s Upgraded Approach to Payment Processing Meets the Demands of Modern Consumers

    eBay’s Upgraded Approach to Payment Processing Meets the Demands of Modern Consumers

    January 22, 2021
    It’s Time for Retailers to Offer the Best Gift of All In-Store: Digital Gift Cards

    It’s Time for Retailers to Offer the Best Gift of All In-Store: Digital Gift Cards

    January 21, 2021
    Building C-Store Customer Loyalty Programs With Relevant Rewards

    Building C-Store Customer Loyalty Programs With Relevant Rewards

    January 20, 2021
    How PayPal Achieves High Authorization Rates

    How PayPal Achieves High Authorization Rates

    January 19, 2021
    Explaining the Bill Payment Ecosystem

    Explaining the Bill Payment Ecosystem

    January 15, 2021
    QSRs Can Address Loyalty Program Shortcomings by Serving Up Better Offers

    QSRs Can Address Loyalty Program Shortcomings by Serving Up Better Offers

    January 14, 2021
    How Merchants Can Prevent Account Takeovers—and Why Failing to Do So Amplifies Operational Expenses

    How Merchants Can Prevent Account Takeovers—and Why Failing to Do So Amplifies Operational Expenses

    January 13, 2021
    How Banks Can Leverage Tech Partnerships to Enable Innovation for Commercial Clients

    How Banks Can Leverage Tech Partnerships to Enable Innovation for Commercial Clients

    January 11, 2021

    Connect With Us

    • Advertise With Us
    • About Us
    • Terms of Use
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • COVID-19
    • News
    • Events

    © 2021 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result
    ×

    Login

    Forgotten Password?

    Lost your password?
    | Back to Login

      Subscribe!

      Thank you for visiting PaymentsJournal! Please subscribe to our newsletter to receive consumer data insights and daily analysis from Mercator analysts and industry experts.

      ×

      How will COVID-19 Effect the Payments Industry?

      Check out our latest:

      – Consumer Data – Complimentary Reports
      – Podcasts – Mercator Analyst Commentary
      – Industry Opinions

      ×

      WEBINAR:
      How Digital Acceleration Will Affect Payment Industry

      Please join us for this panel discussion on addressing the challenges to pave the way to payments innovation and profitability and gain insights on the key trends and challenges impacting the payments landscape in North America.

      REGISTER