Mobile Point-of-Sale Vulnerabilities Expose Customer Credit Card Data

Security researchers have discovered vulnerabilities in mobile point-of-sale systems, allowing theft of customer data.

According to ZDNet, researchers at the Black Hat conference in Las Vegas last week uncovered in mobile point-of-sale systems such as Square and PayPal. The vulnerabilities discovered would allow man-in-the-middle attacks to make changes to payment requests including changing the amount, as well as forcing a customer to use different, less secure forms of payment, including magstripe instead of chip. Attackers could also steal customer information such as credit card numbers, posing problems far past a simple hijacked sale.

Identity-linked payments systems pose inherent risks

While security of point-of-sale terminals and software is a constant issue, this problem is exacerbated by the nature of traditional banking-tied payment solutions. Charges can be applied to a card or an account without the direct consent of the customer, allowing a man-in-the-middle attack to simply redirect a charge and increase the amount. Additionally, when customer payment data is acquired, charges can be placed on the account without the customer’s knowledge, which later must be disputed. This presents a security problem where both customer and merchant are inherently at risk due to the involuntary nature of transactions.

Dash-powered point-of-sale systems offer significantly reduced risk

While no payment solution is perfect, and hacking and thefts can theoretically affect any payment processor, using a cryptocurrency such as Dash significantly mitigates this risk. To begin with, transactions do not require the exposure of private keys, meaning that payments are simply one-way. While an attacker could swap out addresses to steal a single payment, doing so does not compromise a customer’s wallet, merely that sole payment. Additionally, payments are user-initiated, meaning that a payment processor or outside party cannot extract funds, but rather generates a request that the user must confirm. Ultimately, the user initiates every payment, and has the power to check amounts, addresses, etc., significantly reducing the risk of fraud and theft.

Dash aims to be a fast and cheap payment service, however its standout attribute compared to traditional payment systems is security and autonomy. As methods of compromising identity and point-of-sale systems advance, the demand for more secure payments systems may increase accordingly.