Gary BragliaGreyCastle Security

Rochester Security Summit

or The Last Days of the Plastic Rectangle

[video]

Troy, NY

Security Specialist A.S. B.S. M.S.I.S. (BMF)

Psychic...

3 months ago Jigga who?

Today “Apple is making wallets

obsolete!” – every news story

You Are D igiTAL

A Walle t…Credit Card

+

ID Cards

+

Cash

+

Mobile

=

Wallet

A Walle t… (Re)defined

Digital Wallet

• Loyalty Cards

• Points

• Digital Vouchers

• Coupons

• Receipts

• Transaction Tickets

(includes “intangibles”)

A Walle t… (Re)definedMobile Wallet

• All stored on a

mobile device

• Phone

• Fob

• Wearable

A Walle t… (Re)definedMobile Wallet

• No swipe

• No skimming

• No memory-scraping

malware

• Tokenization

• No CC numbers

FeA R…

“Security the Main Barrier to Digital Wallet Usage, Study Shows”

- September, 2014

…LoA th inG

Apple Pay• Functionality

• NFC hardware and Pay app

• Synched to your iTunes account

• In-app purchases

• Security

• PIN with Biometric authentication

• No CC information is exchanged

• New transaction number for each

purchase

• With “dynamic security code”

Google Wallet• Functionality

• NFC and app

• Synched to Google account

• All Android devices and iPhones

• Send money to individuals

• Security

• PIN required

• Android OS

• Secure Element

PayPal App• Functionality

• App-based payments synched to existing

PayPal account

• automatically shows merchants in vicinity

• ”check in” to store by sliding button

• Security

• PIN

• Photo identification by cashier

• Servers are "heavily guarded, both physically

and electronically"

Loop Wallet• Functionality

• FOB and charge case in conjunction with app

• Magnetic Secure Transmission (MST) technology

• Works at over 90% of POS terminals

Loop Wallet• Security

• User-defined time limit

• Password protected

• Data on fob is encrypted; dynamic data

Square Wallet

Square Wallet

Bitcoin-

- Decentralized electronic currency

- P2p payment networking

- Digital signatures

- Cryptographics to generate money

Bitcoin-

- Bitcoin Mobile Wallet

- App based

- Scan QR code to pay

- Security

- Up to you

- Secure your private key

- Backups

- Latest Software

MoBile Walle tS have I SSUES- No one-size-fits-all solution

- Some require hardware change

- Vulnerabilities Exist

MoBile Walle tS have I SSUES- No one-size-fits-all solution

- Some require hardware change

- Vulnerabilities Exist

MoBile Walle tS have I SSUES- Vulnerabilities Exist

- Apple

- Most stolen devices

- Bypass Biometrics

- Fingerprint scanner

- Only for newer iOS

MoBile Walle tS have I SSUES- Vulnerabilities Exist

- Google Wallet

- Hacked in 2012

(twice)

- Clear info in

settings

MoBile Walle tS have I SSUES- Vulnerabilities Exist

- PayPal

- Never suffered

major data breach

- BUT...

- June 2014

- Two-factor auth

vulnerability

MoBile Walle tS have I SSUES- Vulnerabilities Exist

- PayPal (indirectly)

- eBay

- Feb. 2014

- 233 million users

personal info

- StubHub

- July

- 1000 accounts

- Ilegal purchases

MoBile Walle tS have I SSUES- Vulnerabilities Exist

- PIN technology itself

Infrared Camera

for iPhone- Heat signature lingers

on PIN pad for approx. 1

minute

ThE fuTure...

ThE fuTure...• Cards are DANGEROUS…

ThE fuTure...• Wallets EXPLODE!!!…

ThE fuTure...• Revolution is coming

• Perfect storm

• We are digital

• Retailers• Cannot protect our information

• Industry is ripe for change• Requiring Chip & PIN by Oct 2015

• Apple• History speaks for itself

ThE fuTure...• Hybrid technologies

• Plastc Card• Reprogrammable

magnetic strip

• NFC

• Chip and PIN

• RFID

• Access

Cards

• Monitor transactions

• Lock your mobile device with a strong

password

• Consider your surroundings

• Wifi

• Review service agreement

• Ha!

Be secure

• Fraud Protection

• Use security features• Tracking

• Remote disable

• Instant notifications

• PINs

• change periodically

• confidential

Be secure

• Install security software. • Apps are available to:

• Locate your smartphone

• Lock your smartphone

• Wipe sensitive info and

credentials

• Make your smartphone

scream

Be secure

FinaL Though t

I like digital

wallets!!

...but you make the call

ThANKS

ThANKS