A “Freak” Attack That May Not Be So Rare; MasterCard Touts Mobile

In the ever-evolving world of payments, it would seem to always be the best of times and, well, not the worst of times, certainly, but let us say the most aware of times, in terms of needing to stay alert to the security challenges in a rapidly changing electronic environment.

Earlier this week, MasterCard CMO Raja Rajamannar was keynoting at the Mobile Media Summit in Barcelona. According to Pymnts.com, he described “the digital transformation towards mobile as ‘the biggest change in payments since the introduction of plastic.’ Not only does mobile technology make payments simpler, more convenient and more secure, it offers to consumers the somewhat intangible but always appealing ‘cool factor.’

“Rajamannar sees mobile technology as a fundamental asset in delivering value to consumers ‘before, during and after the payment transaction…in many unique ways.’”

And by “value,” he meant “Whether on mobile, tablet, TV, viewing live stream or offline, pausing in-between or watching a full view, consumers choose the way they want to watch and interact with media. Brands that design for mobile-first are missing the boat. Marketing strategies should be designed with consumer connectivity and mobility – not just mobile – in mind.”

Consumers, in other words, conduct their days — and their business — on multiple screens, moving from one to the other, for entertainment, work, and shopping. The trick is to be ready on each screen to deliver a shopping — and payment — system that engages those consumers, and of course, makes them feel secure about the transaction.

The latter was once again called into question by the most recent “hack” news to make headlines, this labeled a “FREAK” attack, not because of its rarity, but because that word is an acronym for “Factoring Attack on RSA-EXPORT Keys.”

What does it mean? Well according to Tech Times, it’s a  “new widespread vulnerability that has been found to be affecting millions upon millions of Google Android and Apple Safari users.”

“FREAK has made the users of these browsers vulnerable to interceptions in their electronic communications while visiting thousands of websites. For many users that trust the SSL “lock” icon that denotes a secure website, this means that the icon is not really as trustworthy as it should be.”

However, the “good news” here is that “launching attacks taking advantage of the FREAK vulnerability is not trivial, and fixes to the software affected are already on their way.”

Thematically-related site Science Times reports that “he flaw was the result of a former policy of the U.S. government that prevented the export of strong encryption and required that weaker ‘export-grade’ products be shipped to countries in other countries.  These restrictions were lifted in the late 1990s, but the weaker encryption became widely used in software around the world and eventually in the United States.”

Thus bringing us to the not-so-”freak” news of another weak link in the flow of digital information.

Science Times says reiterates that “the bug affects the SSL/TLS servers and clients, in particular OpenSSL browsers.  The default browser that shipped Android 4.4 KitKat, for example, is affected.  Apple’s Safari browser for both its desktop systems and its mobile devices are also affected by the flaw but Chrome, Internet Explorer and Firefox are not.”

As for those coming fixes, Apple’s patches should be among the first to arrive, perhaps as early as next week. “However, a fix for Android users could take some time, as Google must provide a fix to all its Android partners such as handset makers and even wireless carriers.  It will then be up to them to implement the patch in their software and push it out to their users.”

So if you’re using Android handsets to use, or accept MasterCards –or anything else! –make sure the experience for you and your customers is, first and foremost, secure. Contact your AVPS rep with any questions, and learn about how can help expand the payment options you offer customers, whether online or off,  in this era where value, choice, and security make it the best of times, and the most interesting of times, all at once.

Leave a Reply

Your email address will not be published. Required fields are marked *