Securing Apple iPad for Mobile Payments.

Securing Apple iPad for mobile payments
Using mobile devices for payments is easier than ever and is becoming more popular. Many merchants are using mobile devices to accept payments, to beat the cost of expensive point of sale equipment. Square inc. offers a Mobile card reader that plugs into your iOS device or Android device. What does the proliferation of mobile payments mean to the security of you or your customer’s sensitive credit data? Square’s website says they have adhered to the Payment Card Industry Security Standards Council’s (PCI DSS) mobile payment best practices when they developed the software and hardware for the Square. PCI outlines the following on their website for mobile applications: https://www.pcisecuritystandards.org/pdfs/pr_120912_mobile_best_practices.pdf
• Isolate sensitive functions and data in trusted environments
• Implement secure coding best practices
• Eliminate unnecessary third-party access and privilege escalation
• Create the ability to remotely disable payment applications
• Create server-side controls and report unauthorized access

If company’s like Square follow these guidelines in development it is still only half of the equation. If you are a consumer or a merchant there is still much for you to do to secure mobile payment data.
There are many ways that data theft can occur. Following these instructions can help limit the threats to your sensitive data on your iPad.
Top 5 threats to iPad security and what to do about them.
Physical security – The physical theft of your device can be destructive to your business.
What to do? Keep your iPad under a desk or on a stand away from where a potential thief could grab it easily. Use encryption for stored data. Use a screen lock password. Use a remote wipe utility or one that will wipe automatically after a certain number of attempts to unlock.
App security – Incorrect code in an app could lead to you data being leaked or stolen.
What to do? Keep apps up to date and make sure to whitelist them until they have been proven secure. Never use an app that is in beta testing for sensitive data.
Network security – Either over cell carrier or WiFi iPad data is only as secure as your wireless network.
What to do? Ensure that data over public WiFi and over cell networks is encrypted. Turn on encryption on your WiFi router and disable SSID to make it more difficult for attackers to connect to your network and steal data.
OS vulnerabilities – Code even in Apple’s iOS isn’t perfect and could be exploited.
What to do? Alway patch and upate your iOS device’s software. Go to settings on your main page on your iPad and touch the general tab then touch software update to update your software.
Phishing and other scams – Links to attacker’s websites can come from emails and even SMS text messages.
What to do? Scrutinize every email link and text message and think before you click, or touch a link.

 

By: Adam Hellquist