13762970893_1c8a3711bf_z

Confidence in Mobile Payments Takes a Blow with Heartbleed

April 25, 2024         By: Michael Foster

While Heartbleed highlighted the security risks that still exist online, banking and payments services remained largely unaffected. Most banks’ websites and apps weren’t affected by the Heartbleed bug that exposed vulnerabilities across the web, according to the American Banking Association.

However, the bug has a lot of users worried, because it impacted a number of popular sites, like Twitter, Gmail, OkCupid, and Flickr.

In these cases, mobile apps were just as vulnerable, since they connect to servers to process data requests encrypted through OpenSSL, meaning that a user who sticks just to mobile was equally at risk.

Google apps were widely affected, including Google’s in-app payment system, which has left a lot of users worried that online transactions, particularly mobile payments, are substantially less secure than they really are.

Smaller apps that process mobile payments were also affected, according to Trendmicro.com, which found 39 online payment-related, 10 shopping-related, and 15 bank-related apps that were vulnerable to Heartbleed.

TrendLabs recommended that people “lay off the in-app purchases or any financial transactions for a while (including banking activities)” until developers fix the problem.

While this may seem excessive to mobile payment professionals who know that the vast majority of mobile payment apps and web services were not affected by the bug, the problem is a serious headwind for the mobile payment movement.

In a move to prevent a Heartbleed Part II from ever happening, more than a dozen leading tech companies including Google, Microsoft, and Facebook are bank rolling the Core Infrastructure Initiative, a non-profit dedicated to bettering the web at large.

The Core Infrastructure Initiative will first focus on OpenSSL, in hopes of improving a critical part of online security.