MasterCard is bringing new security measures to digital payment, as part of its push towards cardless payment. The credit card company has confirmed its plan to roll out a new “Selfie Pay” feature to its mobile app this year, which will allow users to authenticate their payments by taking a selfie. The company says this facial recognition system will only be used in certain contexts when extra authentication is needed. Moreover, MasterCard revealed that it is also working on heartbeat-based authentication, which uses sensors to read a person’s electrocardiogram, the unique electrical signal produced by their heart, to identify users and confirm payments passively and more quickly than with a selfie.
What Brands Need To Do
MasterCard’s foray into biometric-based authentication is illustrative of the way mobile and wearable technologies are transforming the ways people pay. As the security measures for mobile payments continue to evolve and improve, brands need to start incorporating existing reward and loyalty programs into mobile payment solutions in order to offer customers a frictionless shopping experience.
Sources: The Verge
Just a week after Amazon announced its plan to stop its support for Flash ads starting September 1st, Google also decided on that same date as the day its Chrome browser will block auto-playing on all Flash content that isn’t “central to the webpage” – i.e. the Flash-based ads.
What Brands Should Do
Due to Flash’s long-standing security problems, Google’s AdWords network already automatically converts most Flash ads into the more secure HTML5 format. As the industry continues to move toward HTML5, brands would be wise to make the switch sooner than later, both for ads and for product demo videos.
Source: Ars Techica UK
In order to bypass an issue posed by a new privacy feature called App Transport Security (ATS) in iOS 9, Google has published a blog post suggesting iOS developers using its Google Mobile Ads SDK to add an exception in their coding to “allow HTTP requests to succeed and non-secure content to load successfully.” Essentially, Google is encouraging app owners to choose ad delivery over encryption.
What Brands Should Do
In light of this new information, brands that serve ads in their apps need to be mindful of the user data that may be sent unencrypted to ad exchanges, which neither Google nor Apple has control over. While the foregone revenue may hurt in the short run, reputational risk may be more important in the current environment.
Source: Google Ads Developer Blog
On Monday, Facebook announced that it has added support for PGP-encrypted emails, which will help encrypt the maintenance and notifications emails Facebook currently sends. This means that, theoretically, email services like Gmail and Yahoo won’t be able to scan those emails for data-collecting purposes. Moreover, the social network has also reportedly started testing Security Checkout, a new in-feed feature that will prompt users to check important security settings such as multi-device log-ins.
Similarly, Google unveiled a new ‘My Account’ page that aims to serve as the centralized hub for controlling all privacy settings across Google’s myriad of platforms and services. It also includes quick access to its Ad Settings tool , which allows users to easily customize or opt out of Google’s data collection for personalized ads.
Last October, we dissected the delicate balancing act of brands utilizing big data to add value without infringing privacy in a POV deck that centers on winning consumers’ trust. Therefore, it is heartening to see leading tech companies starting to respect user privacy with new services like these to provide better tools for security and self-management of personal data. All brands that collect data to gain insights about their audience need to take notes and act.
Read original story on: WSJ
Major credit card companies are finally stepping up their game in payment security: Visa is reportedly expanding tokenization to devices beyond iOS ones, and MasterCard plans to spend $20 million on developing biometrics and fingerprint matching to strengthen its mobile payment security.
As mobile payments begin to gain traction, mobile devices now reportedly make up a disproportionate share of up 21 percent of all fraud costs that merchants and card issuers suffered each year. Amid such high fraud concerns, it’s only sensible for credit card companies to beef up their security measures.
Read original article on: 9to5Mac
While the upcoming iOS 8.3 will soon bring wireless CarPlay, improved Google login, and new emojis to millions of iPhone users, Apple is already looking forward to iOS 9. The next iOS is reported to come with “huge improvements” on the stability and optimization of its operation system. After years of adding flashy new features and designs, this signals a maturity of Apple’s mobile system, as well as underscoring the heightened need for better security measures.
Nanny cams can be a handy tool for parents monitoring their children; however, they do have their drawbacks if proper precautions aren’t taken. In recent cases, these devices have been hacked, allowing uninvited guests to see into the house and even speak: professional nanny Ashley Stanley was startled when a man began making comments like “Oh, that’s a beautiful baby” and “That’s a really poopy diaper” as she cared for one-year old, Samantha.
But how are these hackers gaining access to these IP cameras that are protected by WiFi passwords? Not only does WiFi have its own security settings, but the router does too. It is important that passwords that are tough to crack are set up for both of these devices in order to ensure security and privacy.
Popular wireless IP camera, Foscam has received a lot of backlash for these technical incidents as they sell 50,000 to 60,000 cameras each month. However, security and privacy issues aren’t limited to cameras. For the connected device industry to really take off, manufacturers will need to address consumer concerns about security, and educate users about taking proper precautions.
Read original story on: BBC News
Cars, especially the fancy high-end ones, have always been target of thefts, and security measures have been constantly updated with the advance of technology. Lately, however, new types of security concerns has risen for car owners as new models of connected cars begin to infiltrate the market.
BMW has just patched a security flaw that reportedly left 2.2 million cars, including Rolls Royce and Mini models, open to hackers. The flaw affected models fitted with BMW’s ConnectedDrive software, which uses an on-board Sim card to operate door locks, air conditioning and traffic updates through internet and Bluetooth connectivity.
Read original story on: New York Times
The Federal Trade Commission (FTC) on Tuesday reported that Internet-connected devices presented “serious data security and privacy risks”, urging companies to make data protection a top priority. The announcement came just after Verizon’s supercookie—embedded unique user identifiers that are undeletable—made headlines last week for the privacy threats it poses for customers.
In both cases, the main security and privacy threats originate from non-consented access to and sale of personal data by third-party devices or apps. As estimated by Gartner Research, around 4.9 billion connected devices for consumers, enterprises, and utilities will be in use this year, generating a vast amount of personal and company data that need to be properly protected and regulated.
Update 1/30/2014: NYT reports that Verizon Wireless has decided to make a major revision to allow users to completely opt-out of its “supercookies”.
IBM has released a proof of concept for blockchain-powered Internet of Things devices called ADEPT, short for Autonomous Decentralized Peer-To-Peer Telemetry. The system design is fully distributed, secure, and open source. Primarily based on the blockchain, which is the protocol that underpins BitCoin and the other cryptocurrencies, ADEPT also incorporates Ethereum for smart contracts, TeleHash for fast, secure, peer-to-peer messaging, and BitTorrent for file sharing. The company is teaming up with Samsung, which will presumably help test and implement the system into their products.
“Imagine a world where a smart washer is able to detect a component failing, can check from the blockchain if the component is in warranty, place a service order with a contracted service provider, and the service provider can independently verify the warranty claim – again from the blockchain – and all this, autonomously.”
The distributed design allows IoT devices, which might have a useful life of ten years or more, to avoid using a cloud service with ongoing financial costs that would likely require selling user data to be sustainable. It also eliminates single points of failure—for example, a hacker would not be able to compromise a manufacturer’s update server to instruct every device to transfer cryptocurrency maliciously because there is no central server, and quarantining bad actors is built in.