Summer solstice will be here before we can even get next week’s blog post up! So even though temperatures here in AVPS’ neighborhood are already hitting triple digits, let’s officially welcome the season of beach-going, travel adventures, and more.
All that movement usually means more payments-on-the-go, whether by phone and mobile payments, or with the plastic in your wallet — or the nylon pocket of your swim trunks.
But if you’re going to pay via an app on a Samsung Galaxy phone, you may want to doublecheck its security. CNN Money, among other sources, is reporting “Every Samsung Galaxy device — from the S3 to the latest S6 — has a significant flaw that lets in hackers, researchers have discovered.”
And unfortunately “the vulnerability lives in the phones’ keyboard software, which can’t be deleted,” potentially allowing “hackers to spy on anyone using a Samsung Galaxy phone. You can be exposed by using public or insecure Wi-Fi. But some researchers think users are exposed even on cell phone networks.”
Evidently the flaw was discovered last November, but due to what seemed a slow response by Samsung, researchers decided to go public with it. On the upside, it’s not an easy, or cheap, hack to pull off, so most phones won’t necessarily be affected — but once they are, especially if one is owned by a “sensitive target” (i.e., business executive or government official) they can be thoroughly compromised.
As for countering the rather endless flow of news about hacks and breaches, you may heartened — or at least cheered somewhat — to find that emojis, those smiling-faced successors to ASCII art, are being used as a more secure alternative to regular pin numbers.
According to a Guardian article, reporting on the new security protocols offered by a UK start-up, emojis really are more secure than pin numbers. Why? “ A traditional four-digit pin is an absurdly weak authentication system, offering just 10,000 variations (even fewer when you account for the fact that certain common combinations, such as 9999, aren’t allowed by most banks). That’s why ATMs eat your bank card if you guess the pin wrong too many times..even a slow typist could access a stolen card in less than a day.
The emoji codes, on the other hand, “offer a choice of 44 emoji, and four slots, offering 3.8 million different passcodes (because 444 = 3,748,096). It’s not quite the 480 times more secure that the company promised, because they assume that you won’t use the same emoji or digit twice in any one passcode, but it’s still a significant improvement.”
No word yet on whether banks will be rushing to embrace the change. But this does remind us to remind you: Have you changed or updated the passwords around your own business yet?
And finally, though it may be less “fun” than an emoji, the transition to EMV cards is of course coming this fall, which should make card transactions more secure.
AP is running a series of tips for small business owners on making the transition as easy as possible.
—Companies whose credit card payment systems are combined with inventory management and other systems might want to separate the payment part. That would make their computers less vulnerable to hackers, who have been able to gain access to customer and other information at companies like Target by invading another part of an integrated computer system.
—Your payment processor or bank should be able to answer questions about the transition and what you’ll need to do
Hey! Payment processor! That’s us! And yes, we’ll be happy to answer any questions you have, even if you’re calling us from the beach. On a Samsung phone!
Meanwhile, goodbye to spring — see you in summer!