Bloomberg Businessweek (North America) - - Focus On/Security -

field has at­tracted thou­sands of thinly cap­i­tal­ized star­tups. “There’s a lot of two en­gi­neers and a goat,” says Richard Crone, chief ex­ec­u­tive of­fi­cer of Crone Con­sult­ing, which ad­vises the in­dus­try. Crone pre­dicts the num­ber of dig­i­tal wal­lets that can be used in stores will dou­ble within the next 12 to 18 months and the num­ber of mo­bile Web or in-app pay­ment ser­vices will triple over the same pe­riod. “We have a lot of peo­ple com­pet­ing to de­liver the same ser­vice,” says Michael Bel­ton, vice pres­i­dent for ap­plied re­search at Op­tiv Se­cu­rity. He says that in the rush to get their prod­uct out, many de­vel­op­ers are cut­ting cor­ners.

Mo­bile app se­cu­rity provider Blue­box found vul­ner­a­bil­i­ties in all the roughly 10 un­named U.S. mo­bile pay­ment apps it ex­am­ined last year. “Most of the time, the apps them­selves aren’t us­ing any kind of en­cryp­tion to pro­tect the data on the phone or to pro­tect the data in tran­sit,” says An­drew Blaich, Blue­box’s lead se­cu­rity an­a­lyst.

On March 2 the Con­sumer Fi­nan­cial Pro­tec­tion Bureau levied a $100,000 fine on Dwolla, a ser­vice that al­lows peo­ple and busi­nesses to make and re­ceive pay­ments via a web­site or mo­bile app. The agency said Dwolla mis­led users by claim­ing that its data se­cu­rity prac­tices “ex­ceed in­dus­try stan­dards,” while in a num­ber of in­stances it stored and trans­mit­ted So­cial Se­cu­rity num­bers and other sen­si­tive in­for­ma­tion with­out en­crypt­ing the data. In a state­ment, the Des Moines-based com­pany said “the CFPB has not found that Dwolla caused any con­sumer harm.”

The Fed­eral Trade Com­mis­sion, which reg­u­lates non­bank fi­nan­cial-ser­vices com­pa­nies, won’t dis­close whether it’s in­ves­ti­gat­ing any mo­bile-pay­ments-re­lated cases, but “it’s some­thing that we are look­ing closely at,” says Duane Pozza, an act­ing as­sis­tant di­rec­tor at the com­mis­sion’s divi­sion of fi­nan­cial prac­tices.

Cur­rent laws may need to be up­dated to de­ter­mine who’s li­able in in­stances of fraud. The Elec­tronic Fund Trans­fer Act doesn’t cover ser­vices not of­fered through tra­di­tional fi­nan­cial en­ti­ties, such as banks and credit unions. Hughes, the pro­fes­sor, ad­vises app users to read the fine print and con­sider whether they’re “sat­is­fied with the level of pri­vacy and se­cu­rity that provider is of­fer­ing.” �Olga Kharif

mil­lion Num­ber of peo­ple world­wide who will use their mo­bile phone to make an in-store pur­chase in 2016 The bot­tom line. Mo­bile pay­ments tech­nol­ogy is evolv­ing faster than regulation, leav­ing some users ex­posed to fraud.

theft. “Jeff’s work pro­vides a unique in­te­gra­tion of cy­ber, crim­i­nal, com­pet­i­tive, and eco­nomic threat in­tel­li­gence and an­a­lyt­ics that hasn’t been done be­fore,” says Bob Rose, an in­de­pen­dent cy­ber­se­cu­rity ex­pert who ad­vises sev­eral govern­ment agen­cies and cor­po­ra­tions. “It gives se­nior de­ci­sion­mak­ers a tailored view of the risks, find­ings, and rec­om­men­da­tions.”

John­son has spent the past nine months pre­sent­ing his model and find­ings to govern­ment agen­cies, in­clud­ing the FBI. The U.S. govern­ment has new tools it can use against hack­ing, in­clud­ing a sanc­tions pro­gram cre­ated by ex­ec­u­tive or­der last year. He hopes his cy­ber-eco­nomic model can help build ev­i­dence for such cases, and ul­ti­mately in­crease the cost of hack­ing to China. �Dune Lawrence

The bot­tom line Squir­rel­w­erkz says com­pa­nies in­ves­ti­gat­ing hacks put too much em­pha­sis on tech­nol­ogy and too lit­tle on busi­ness anal­y­sis.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.