Comments on: Will mobile payments usher in a new era of crime? http://blogs.parc.com/blog/2009/10/will-mobile-payments-usher-in-a-new-era-of-crime/ perspectives, trends, discussions Sun, 20 Nov 2011 06:03:50 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Markus Jakobsson http://blogs.parc.com/blog/2009/10/will-mobile-payments-usher-in-a-new-era-of-crime/comment-page-1/#comment-967 Markus Jakobsson Thu, 15 Oct 2009 22:52:10 +0000 http://blogs.parc.com/?p=1633#comment-967 Andy, that is an excellent point: A common risk reducer is certainly to block shipping to new locations. This is not always practical (e.g., sites where a large portion of merchandise are gifts) and does not apply to any electronic or virtual goods. However, these pose other constrains in terms of criminal monetization. My main point is, though, that with heuristic protection (which is what we rely on), any new vulnerability is the reason for concern. And with the likely future development in m-commerce, there is reason for concern. It has been estimated that there will be more smartphones than PCs in 2-3 years, and that Symbian will have close to 40% of the market. Will malware authors move from Windows to Symbian? Many people fear that they will. Andy, that is an excellent point: A common risk reducer is certainly to block shipping to new locations. This is not always practical (e.g., sites where a large portion of merchandise are gifts) and does not apply to any electronic or virtual goods. However, these pose other constrains in terms of criminal monetization.

My main point is, though, that with heuristic protection (which is what we rely on), any new vulnerability is the reason for concern. And with the likely future development in m-commerce, there is reason for concern. It has been estimated that there will be more smartphones than PCs in 2-3 years, and that Symbian will have close to 40% of the market. Will malware authors move from Windows to Symbian? Many people fear that they will.

]]> By: Andy Steingruebl http://blogs.parc.com/blog/2009/10/will-mobile-payments-usher-in-a-new-era-of-crime/comment-page-1/#comment-965 Andy Steingruebl Thu, 15 Oct 2009 15:54:27 +0000 http://blogs.parc.com/?p=1633#comment-965 Worth noting, Markus, is that with many of these payment/checkout methods extra authentication is required if you want to do things like change the shipping address. This reduces the risk as the attacker can make a bunch of purchases, but they can't monetize them because the goods are shipped to the account holder, not the criminal. Now, saved passwords etc. make this risk bigger of course, and there are of course ways to address that. Worth noting, Markus, is that with many of these payment/checkout methods extra authentication is required if you want to do things like change the shipping address. This reduces the risk as the attacker can make a bunch of purchases, but they can’t monetize them because the goods are shipped to the account holder, not the criminal.

Now, saved passwords etc. make this risk bigger of course, and there are of course ways to address that.

]]>