Community

Join the Community

21,595
Expert opinions
43,733
Total members
390
New members (last 30 days)
147
New opinions (last 30 days)
28,567
Total comments
Join Sign in

There is a stranger in your car

Be the first to comment
Retired member
Unfollow

When you are on a crowded bus, you don't know who is standing next to you and what that person is up to. There are a lot of weird and obsessed people out there...

Now, imagine your own car - what would you feel if after a couple of hours on a motorway, driving at high speed, you turned around and saw a complete stranger in the backseat...

That's exactly where "software-only" solutions - such as HCE or app-based mobile payments - lead us to.

It was hard to miss the news re Target's security breach, including today's "update" of the damage to 70m cards. Although the (forensic) jury is still out, several credible sources suggest that the breach occurred on the terminal OS level. That is the same OS which was considered mega-safe and which was designed to allow access to/from the authorized parties only.

Why did the Target breach took everyone by (huge) surprise? It's all about zero-day attack - a "black swan" event that brings the proverbial 20/20 hindsight.

The industry keeps forgetting that any software is just that - a piece of code. Which can be manipulated and exploited with a malicious intent that would strike out of the blue.

How many "Target" situations do we need to live through to grasp the difference between secure and "almost safe"?.. The latter is like being "almost pregnant" - you either are or you aren't, there is no middle ground.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

4497

Share

1
 
 
 
 

Channels

/security
 

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Join group

1688 opinions 218 members

Comments: (1)

A Finextra member 

I agree 100% Alex. Payment industry players are too complacent in believing themselves and convincing others that their components and systems are very secure and then these things happen right under their noses. POS terminal is one classic example ... despite of the assurances it gets hacked inevitably

I firmly believe that the card Issuers should not trust POS devices nor even Acquirer systems ... thay must ensure that the cardholder data is ONLY KNOWN to their end systems along the payment rails (i.e. EMV or contactless compliant chip application of course and the Issuer Host). Nothing in between should be allowed to see the real PAN data, but the data that looks and feels like PAN, so that the Merchant and Acquirers systems still continue to function normally.

More expert opinions

Ruchi Rathor

Ruchi Rathor Founder at Payomatix Technologies

How Digital Payments are Driving Financial Inclusion in India

Jeffrey Wheatman

Jeffrey Wheatman SVP, Cyber Risk Strategist at Black Kite

Addressing the Complexities of Compliance in Financial Services

1

Elaine Mullan

Elaine Mullan Head of Marketing and Business Development at Corlytics

D.I.Y. or die trying - Build vs. Buy bias in regulatory technology

Shiv Nanda

Shiv Nanda Content Strategist at https://www.financialexpress.com/

Navigating the SaaS Startup Landscape: Critical Factors for Success

1

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,595
Expert opinions
43,733
Total members
390
New members (last 30 days)
147
New opinions (last 30 days)
28,567
Total comments
Join Sign in

Trending

Ruchi Rathor

Ruchi Rathor Founder at Payomatix Technologies

The Rise of Open Banking: How It’s Redefining Financial Services

Alexander Boehm

Alexander Boehm Chief Executive Officer at PayRate42

The US vs. Europe: How Stablecoin Issuers Face Different Regulatory Landscapes

Alexander Boehm

Alexander Boehm Chief Executive Officer at PayRate42

Stablecoin Issuers: Business Models, Regulation, and the Future of Digital Finance

Erica Andersen

Erica Andersen Marketing at smartR AI

From Visionary to Victory: How to Successfully Implement AI in Your Organization

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept