Mobile Payment Security

Are Mobile Payments Really Secure? 

Global mobile payments are projected to surpass $1.3 trillion in the coming years, creating a vast opportunity for exploitation by gangs of cybercriminals motivated by the innate weaknesses in the mobile device marketplace, according to the Anti-Phishing Working Group (APWG). “On one hand we can see just one example of a major European bank that in early 2012 had 100,000 mobile banking users, and by April 2013, 4 million,” says APWG’s Jart Armin. “In contrast, there were around 50 generally known samples of mobile malware in 2010, rising in 2013 to some 30,000 samples.” APWG is urging a global, coordinated response to the mobile malware threat and the criminal underground encouraged by the expansion in mobile payments and banking. The organization has released a white paper defining the malware markets and showing the methodology of an emergent underground economy. Malware and attack techniques being analyzed include Trojans, spyware, worms, phishing direct attacks, apps delivered via malware, pocket botnets, and blended attacks, many of which are created to steal users’ money.

How does Metro Mobile Payments relate?

We designed Metro Mobile Payments to take advantage of all the weaknesses presented in other mobile payment providers, such as Square.  Unlike many other providers, Metro Mobile Payments processes payments through a secure application and secure mobile device linked to a real merchant account. Here at Metro, we take mobile payment security seriously. Our mobile application has been tested again and again and is updated frequently to thwart any new attacks.

The facts about Square

  • Square has been hacked not once, but twice!
  • Aperture Labs has confirmed security flaws in the device and  has been able to capture card information and use it to produce fraudulent cloned cards.
  • Verifone Inc. has confirmed that Square’s mobile reader doesn’t bother to encrypt transaction data.
  • Square has recognized it’s flaws and plans to offer an encrypted mobile device, yet still hasn’t done so.
  • Square has ZERO direct technical support. Good luck getting a hold of customer service, they only accept email complaints!
  • Squares funding schedule is not guaranteed and times are only “approximate”.
  • Square will hold your funds if you process more then their set amount of keyed transactions in a rolling period.
  • Square is NOT a payment processor, they are an aggregator. A payment aggregator establishes a merchant account and then lets other businesses accept credit card payments and bank transfers on the aggregators account. The payment aggregator facilitates the credit card transaction or bank transfer on behalf of the business. The business is then paid by the aggregator for the completed transactions.
  • The money you process through Square is NOT your money. As a customer, say you process a payment through Square. Square will first get the money from the customer’s credit card (issuing bank). At this point, the funds collected from customer’s credit card transactions or bank transfers are the property of Square. Per their terms of service, Square then makes a payment, equal to the total received from all the transactions, back to you the customer. In some cases, this could be upwards of 30+ days. Less fees of course. Now, if for whatever reason, you don’t get your money, given that Square currently is an UNREGULATED MONEY TRANSFER ENTITY, you have no recourse other than to sue them in Civil court for damages.

When it comes down to it mobile payments can be secure but why is it that the largest mobile payment provider is the most vulnerable? Don’t be square, contact Metro Merchant Services to learn how you can begin accepting payment with our secure service.