Microsoft Wallet Enters The Mobile Payments Risk

With Windows officially announcing it is entering the mobile payments arena, Mark Noctor, VP of EMEA at Arxan Technologies, commented below on the increasing risks that come with more payment apps.

 Mark Noctor, VP of EMEA at Arxan Technologies:

“Although only available to a limited initial user-base, the launch of Windows Wallet is yet another case for the inexorable rise of mobile payments. The launch announcement comes the day after Mastercard predicted the end of cash within 20 years.

“As a cloud-based solution, Windows Wallet will be more flexible and easier to update, but is also exposed to greater risk if cryptographic keys or binary code are not sufficiently secure. In fact, the most prevalent security vulnerability discovered among mobile payment apps in our 2016 State of Application Security Reportwas a lack of binary protections, potentially enabling cybercriminals to tamper with the app to steal personal data or launch other malicious activity.

“The inclusion of reward and membership cards is a potentially interesting feature for users, but also exposes a wider scope of personal information, enabling hackers to build a more complete picture of people for use in fraud activity.

“It is fundamentally important that Wallets and other mobile payment apps are adequately prepared for the cybercriminals that will already be looking for vulnerabilities in the app and the way it communicates with the cloud server and other systems. While we are aware of a handful of organizations that are taking best practices approaches to mitigate risks to their apps, the reality is that the majority of payment apps remain exposed and vulnerable.”