INETCO: Certain Types of Mobile Payments Security Threats on the Rise

March 25, 2020         By: Steven Anderson

The rise of mobile payments has come amid some very deep—and deeply entrenched—concerns about the security offered on this platform. While advances in security have been nothing to sneeze at, the efforts of fraudsters and other bad actors have tended to keep pace, if only approximately. Recently, INETCO sent word our way about some of the biggest security threats being seen in the real-time payments arena, and by extension, mobile payments as well.

The biggest part of the INETCO study is that certain breeds of security issue are starting to crop up more often than others. In fact, 10 alerts in particular came up most often. One of the biggest was a disconnect between back-end transaction links and front-end links, which suggested the possibility of “man-in-the-middle” attacks.

Transaction attacks also came up routinely, including a growth in transaction decline rates, a rise in transaction clearing rates—to the point of excess—unexpected “anomalies” in the transaction, a rise in failed transactions overall and anomalous “transaction status codes”. These represented a variety of potential threats to end users, and had different responses accordingly.

Some attacks looked a bit more familiar, like frequent terminal use that may suggest an issue, as well as “implausible transacting scenarios” that resembled an attack with a certain level of coordination. This includes transactions with a high-dollar value being used repeatedly at key points.

Finally, the issue of cards themselves came into play, including the use of cards that were reported stolen previously, or being used in unlikely locations.

All of these are serious issues, though admittedly, some much more likely to impact the common user than others. Still, knowing what threats are most likely to crop up allows a better way to identify what threats are most necessary to address. Sure, other threats will likely emerge at some point, and low-priority threats today could become high-priority threats tomorrow, but it’s always a good starting point to shut down the most frequently-used threats.

INETCO’s study here will likely prove valuable going forward, and given security managers a chance to spot some of the most likely threats up front. The safer mobile payments, or any other real-time payments systems, are to use, the better the end result for the field will likely be.