Gary BragliaGreyCastle Security
Rochester Security Summit
or The Last Days of the Plastic Rectangle
[video]
Troy, NY
Security Specialist A.S. B.S. M.S.I.S. (BMF)
Psychic...
3 months ago Jigga who?
Today “Apple is making wallets
obsolete!” – every news story
You Are D igiTAL
A Walle t…Credit Card
+
ID Cards
+
Cash
+
Mobile
=
Wallet
A Walle t… (Re)defined
Digital Wallet
• Loyalty Cards
• Points
• Digital Vouchers
• Coupons
• Receipts
• Transaction Tickets
(includes “intangibles”)
A Walle t… (Re)definedMobile Wallet
• All stored on a
mobile device
• Phone
• Fob
• Wearable
A Walle t… (Re)definedMobile Wallet
• No swipe
• No skimming
• No memory-scraping
malware
• Tokenization
• No CC numbers
FeA R…
“Security the Main Barrier to Digital Wallet Usage, Study Shows”
- September, 2014
…LoA th inG
Apple Pay• Functionality
• NFC hardware and Pay app
• Synched to your iTunes account
• In-app purchases
• Security
• PIN with Biometric authentication
• No CC information is exchanged
• New transaction number for each
purchase
• With “dynamic security code”
Google Wallet• Functionality
• NFC and app
• Synched to Google account
• All Android devices and iPhones
• Send money to individuals
• Security
• PIN required
• Android OS
• Secure Element
PayPal App• Functionality
• App-based payments synched to existing
PayPal account
• automatically shows merchants in vicinity
• ”check in” to store by sliding button
• Security
• PIN
• Photo identification by cashier
• Servers are "heavily guarded, both physically
and electronically"
Loop Wallet• Functionality
• FOB and charge case in conjunction with app
• Magnetic Secure Transmission (MST) technology
• Works at over 90% of POS terminals
Loop Wallet• Security
• User-defined time limit
• Password protected
• Data on fob is encrypted; dynamic data
Square Wallet
Square Wallet
Bitcoin-
- Decentralized electronic currency
- P2p payment networking
- Digital signatures
- Cryptographics to generate money
Bitcoin-
- Bitcoin Mobile Wallet
- App based
- Scan QR code to pay
- Security
- Up to you
- Secure your private key
- Backups
- Latest Software
MoBile Walle tS have I SSUES- No one-size-fits-all solution
- Some require hardware change
- Vulnerabilities Exist
MoBile Walle tS have I SSUES- No one-size-fits-all solution
- Some require hardware change
- Vulnerabilities Exist
MoBile Walle tS have I SSUES- Vulnerabilities Exist
- Apple
- Most stolen devices
- Bypass Biometrics
- Fingerprint scanner
- Only for newer iOS
MoBile Walle tS have I SSUES- Vulnerabilities Exist
- Google Wallet
- Hacked in 2012
(twice)
- Clear info in
settings
MoBile Walle tS have I SSUES- Vulnerabilities Exist
- PayPal
- Never suffered
major data breach
- BUT...
- June 2014
- Two-factor auth
vulnerability
MoBile Walle tS have I SSUES- Vulnerabilities Exist
- PayPal (indirectly)
- eBay
- Feb. 2014
- 233 million users
personal info
- StubHub
- July
- 1000 accounts
- Ilegal purchases
MoBile Walle tS have I SSUES- Vulnerabilities Exist
- PIN technology itself
Infrared Camera
for iPhone- Heat signature lingers
on PIN pad for approx. 1
minute
ThE fuTure...
ThE fuTure...• Cards are DANGEROUS…
ThE fuTure...• Wallets EXPLODE!!!…
ThE fuTure...• Revolution is coming
• Perfect storm
• We are digital
• Retailers• Cannot protect our information
• Industry is ripe for change• Requiring Chip & PIN by Oct 2015
• Apple• History speaks for itself
ThE fuTure...• Hybrid technologies
• Plastc Card• Reprogrammable
magnetic strip
• NFC
• Chip and PIN
• RFID
• Access
Cards
• Monitor transactions
• Lock your mobile device with a strong
password
• Consider your surroundings
• Wifi
• Review service agreement
• Ha!
Be secure
• Fraud Protection
• Use security features• Tracking
• Remote disable
• Instant notifications
• PINs
• change periodically
• confidential
Be secure
• Install security software. • Apps are available to:
• Locate your smartphone
• Lock your smartphone
• Wipe sensitive info and
credentials
• Make your smartphone
scream
Be secure
FinaL Though t
I like digital
wallets!!
...but you make the call
ThANKS
ThANKS