A “Freak” Attack That May Not Be So Rare; MasterCard Touts Mobile
MasterCard Touts Mobile. In the ever-evolving world of payments, it would seem to always be the best of times and, well, not the worst of times, certainly, but let us say the most aware of times, in terms of needing to stay alert to the security challenges in a rapidly changing electronic environment.
MasterCard’s Perspective on Mobile
Earlier this week, MasterCard CMO Raja Rajamannar was keynoting at the Mobile Media Summit in Barcelona. According to Pymnts.com, he described “the digital transformation towards mobile as ‘the biggest change in payments since the introduction of plastic.’ Not only does mobile technology make payments simpler, more convenient and more secure, it offers to consumers the somewhat intangible but always appealing ‘cool factor.’
“Rajamannar sees mobile technology as a fundamental asset in delivering value to consumers ‘before, during and after the payment transaction…in many unique ways.’”
And by “value,” he meant “Whether on mobile, tablet, TV, viewing live stream or offline, pausing in-between or watching a full view, consumers choose the way they want to watch and interact with media. Brands that design for mobile-first are missing the boat.
Consumers, in other words, conduct their days — and their business — on multiple screens, moving from one to the other, for entertainment, work, and shopping. The trick is to be ready on each screen to deliver a shopping — and payment — system that engages those consumers, and of course, makes them feel secure about the transaction.
The “FREAK” Attack
The latter was once again called into question by the most recent “hack” news to make headlines, this labeled a “FREAK” attack, not because of its rarity, but because that word is an acronym for “Factoring Attack on RSA-EXPORT Keys.”
Vulnerabilities and Fixes
“FREAK has made the users of these browsers vulnerable to interceptions in their electronic communications while visiting thousands of websites. For many users that trust the SSL “lock” icon that denotes a secure website, this means that the icon is not really as trustworthy as it should be.”
However, the “good news” here is that “launching attacks taking advantage of the FREAK vulnerability is not trivial, and fixes to the software affected are already on their way.”
The Science Times, a website focused on related themes, states that a former U.S. government policy, which prohibited the export of robust encryption and mandated the distribution of less secure ‘export-grade’ products to other nations, led to the vulnerability. These limitations were removed in the late 1990s; however, the less secure encryption gained extensive utilization in global software and eventually within the United States.
Impact and Affected Browsers
Science Times reiterates that “the bug affects the SSL/TLS servers and clients, in particular OpenSSL browsers. The default browser that shipped Android 4.4 KitKat, for example, is affected. Apple’s Safari browser for both its desktop systems and its mobile devices are also affected by the flaw but Chrome, Internet Explorer and Firefox are not.”
Fixes and Timeline
As for those coming fixes, Apple’s patches should be among the first to arrive, perhaps as early as next week. “However, a fix for Android users could take some time, as Google must provide a fix to all its Android partners such as handset makers and even wireless carriers. It will then be up to them to implement the patch in their software and push it out to their users.”
Ensuring Secure Experiences
So if you’re using Android handsets to use, or accept MasterCards –or anything else! –make sure the experience for you and your customers is, first and foremost, secure. Contact your AVPS rep with any questions, and learn about how can help expand the payment options you offer customers, whether online or off, in this era where value, choice, and security make it the best of times, and the most interesting of times, all at once.