It may not be much of a surprise to see a store clerk accept payment via smartphone, but recently, mPOS solutions are seeing increased implementation, beyond their traditional use by brick-and-mortar businesses. The flexibility, portability and business management features have seemingly made mPOS solutions attractive to a variety of industries.
As a result, mPOS solutions have taken to the skies with Air Serbia to assist in the airline’s in-flight retail. Meanwhile, in Malaysia, the devices are being put to use to sell intangibles — namely, insurance plans.
In the October Mobile Point of Sale Tracker, PYMNTS charts the latest innovations in the space, and how researchers are working to identify threats against the solutions.
Around the mPOS World
As POS systems become more popular, they’re also increasingly being targeted by cybercriminals in new attacks.
In one such instance, IBM X-Force IRIS researchers discovered a malware campaign targeting POS systems that researchers said appears to be the work of FIN6. The cybercriminal group — which first surfaced in 2016 when they stole data of 10 million credit cards — seems to have made its return, researchers claim.
Meanwhile, researchers from Booz Allen Hamilton identified a separate malware attack, one designed to infiltrate POS systems and steal credit card numbers.
However, the company’s report noted that the malware is relatively primitive. So far, the malware only captures the credit card data, but does not exfiltrate it or take other action, which indicates it may be in its early stages or intended to work in tandem with other malware.
Perhaps more concerning, however, are indications that as more attacks mount, businesses aren’t keeping up their defenses.
A new report from Verizon found that the share of businesses that were fully compliant with the Payment Card Industry Data Security Standard (PCI DSS) dropped between 2016 and 2017 — marking the first decline in six years. Hospitality companies performed the worst.
PCI SCC on Paying Via Merchant’s Mobile Devices — Securely
But, fully compliant or not, merchants know the power of PCI – and know that following its standards will guide them toward a reasonable level of security and assuage consumers’ fears. As a result, merchants interested in using smartphones or tablets to accept software-based PIN entry and contactless payments turned to PCI for help.
In this month’s feature story, Troy Leach, CTO of the PCI Security Standards Council, explains the challenges involved in protecting payment information entered into merchants’ off-the-shelf (COTS) devices, like smartphones.
The smartphones merchants use vary widely across models and brands – and, thanks to apps merchants may have installed, they could be in communication with any number of third parties. In his conversation with PYMNTS, Leach explained what it took to create the PCI SSC’s new software-based PIN entry on COTS device standard, and what the in-development standard for contactless on COTS may look like.
Find the full story in the Tracker.
About the Tracker
The mPOS Tracker™ is your go-to resource for staying up-to-date on a month-by-month basis. The Tracker highlights the contributions of different stakeholders, including institutions and technology coming together to make this happen.