0 évaluation0% ont trouvé ce document utile (0 vote)
42 vues5 pages
The document discusses preventative measures and security threats related to mobile wallet applications and transactions. It outlines several artificial intelligence-driven security measures used by banks to detect fraudulent transactions and advise users to uninstall rogue apps. Additionally, it discusses setting app passwords for wallets, only accepting payments via QR codes, not keeping too much money in wallets, and not saving card info when recharging wallets. The document then lists potential security threats like phishing attacks, social engineering, malware installation, and reverse engineering of mobile wallet apps. It concludes with possible security measures apps can take like secure coding practices and source code protections.
The document discusses preventative measures and security threats related to mobile wallet applications and transactions. It outlines several artificial intelligence-driven security measures used by banks to detect fraudulent transactions and advise users to uninstall rogue apps. Additionally, it discusses setting app passwords for wallets, only accepting payments via QR codes, not keeping too much money in wallets, and not saving card info when recharging wallets. The document then lists potential security threats like phishing attacks, social engineering, malware installation, and reverse engineering of mobile wallet apps. It concludes with possible security measures apps can take like secure coding practices and source code protections.
The document discusses preventative measures and security threats related to mobile wallet applications and transactions. It outlines several artificial intelligence-driven security measures used by banks to detect fraudulent transactions and advise users to uninstall rogue apps. Additionally, it discusses setting app passwords for wallets, only accepting payments via QR codes, not keeping too much money in wallets, and not saving card info when recharging wallets. The document then lists potential security threats like phishing attacks, social engineering, malware installation, and reverse engineering of mobile wallet apps. It concludes with possible security measures apps can take like secure coding practices and source code protections.
1)Artificial Intelligence(AI)-driven security measures to safeguard users from fraudsters and protect their transactions.
One of the new features analyses 'rogue' apps on
user devices which might trigger fraudulent transactions and advises users to uninstall them.
The bank is also leveraging AI to instantly detect
suspicious transactions. Depending on the identified threat level of a transaction, the AI either slows it down or completely blocks the payment from getting completed, the company said in a statement. No transactions will be possible until the user uninstalls that fraudulent app. 2. Use app password: Paytm recently rolled out an app password feature for Paytm wallet. The features ensures that the money in wallet stays safe even if one loses or misplaces the phone. To set up the password, first set the Phone's default Android security password. Go to Phone's Settings > Security > Screen Lock > Choose Screen Loc/ Pin/ Password/ Pattern or Fingerprint to protect the phone. Now open the Paytm app & click on "Pay" or "Passbook". You will be prompted to enable this optional feature. Now click on Add Security Feature. User will be asked to reconfirm your Phone's Pin/Password/Pattern/Fingerprint depending on what is selected as the default protection. Once confirmed, the new App Password is now set. 3. If you are accepting a Paytm payment, do so through QR code. Quick Response Codes or QR codes are unique and encrypted. 4. Don't keep too much money in your wallet. There's no such thing as unhackable. Every information you put on web is linked to one another and hacking your Paytm wallet is no rocket science. 5. Don't save your card while recharging wallet: although little inconvenient it is always better not to save the card info while a transaction. SECURITY THREATS Phishing attacks: Mobiles have personal and corporate information of customer which may to carry out sophisticated attacks. These attacks user by phishing emails. It is an attempt to trap a user to disclose the information. Social engineering: In social engineering, user data available in the public domain and the attackers can steal it from there. This information monetized or sold in underground market forums or used for fraudulent payments. Sometimes attackers use this theft information as their identity. Unintentional installation of rogue and malware applications: Attackers will install malware by malicious attachment, Redirecting the user to a malicious URL, insecure WiFi hotspots, a network spoofing attack, fake access point with same network, fake website, etc. Then use user information for mobile wallet payment. Mobile Operating System Access Permissions: Users give certain permission to OS access, that can be use by attackers to access sensitive data and harm the mobile application Mobile Wallet Applications Threats Reverse engineering: Reverse engineering offers to attack on hardcoded passwords and encryption keys like data. For that attackers have high level of understanding of mobile wallet payment applications. Tampering with the mobile payment application and the use of rootkits: An attacker may choose to backdoor a mobile payment application to capture login details and send these to an attacker controlled server. By this attacker can downloading and uploading any data from user application. This is a very realistic threat on mobile devices. Installation of rootkits/malware: Discussed in mobile device threats. Mobile Operating System Access Permissions: Discussed in mobile application user threats. The Possible Vulnerabilities of Mobile Wallet Apps are: Hardcoded secrets as private keys. Missing to disable code debugging routines. Unsigned production binaries. Credit card provisioning weaknesses like stolen credit cards to affect sensitive data. Weaknesses in biometric identification for initial authorization of transactions . S/W vulnerabilities and weaknesses in third party applications that provide access to mobile wallets. Weaknesses in payment authorization provisioning with mobile paired smartwatch device. Credit/debit card not stored encrypted in Secure Element or processed in Trusted Execution Environment. Weak PINs exposing them to brute force attacks. Insecure communication channels with Point of Sale (POS) contactless terminals. Insecure tokens used in Magnetic Secure Transmission (MST) connections. Poor signal strength for MST processing. Possible Security Measures of Mobile Wallet Applications Adopt secure coding practices and secure code reviews manual and automated via tools. Source code complication an untrusted code detection. Anti-debug and Integrity source code protections. White-box cryptography. Secure application provisioning through trusted application stores. Takedown rogue applications from unauthorized application stores.