MADISON, Wis. (11/14/14)--While merchants may not be held to strict enough data protection standards, consumers can take several logical steps to safeguard this sensitive information on their own.
They can start by investing a little more time in picking out passwords, according to a new report from Javelin Strategy and Nok Nok Labs.
Mobile users are 25% more likely to use the same password to access more than one online account, and more than 41% of Android users take advantage of one-time passwords with their financial accounts. Mobile malware can intercept this information, putting mobile users at higher risk of their information being compromised.
Removing the password entirely may be the next step. Biometric authentication, such as fingerprint scanning, is preferred by mobile users. "Recent moves by Apple and Samsung to expand fingerprint-based authentication is likely to be well-received and will subsequently bolster the preference for this modality," Javelin noted.
Reducing the reliance on passwords is part of a new authentication standard being developed by MasterCard and Visa for online payments.
Instead of static passwords, authentication challenges would include one-time passwords, token-based prompts, fingerprint biometrics, or vocal and facial recognition.
"All of us want a payment experience that is safe as well as simple, not one or the other," said Ajay Bhalla, president of enterprise security solutions, MasterCard. "We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses."
Consumers aren't the only ones who need to be aware of their online behavior. The Financial Services Information Sharing and Analysis Center (FS-ISAC), the U.S. Secret Service and the Retail Cyber Intelligence Sharing Center recently released best practices for merchants heading into the holiday season.
For their protection--and that of their customers--retailers should prepare their point-of-sale (POS) systems for the holiday season when the flow of money and personally identifiable information ratchets up.
Common cybersecurity tactics, techniques and procedures consistently used and leveraged by attackers include:
FS-ISAC noted merchants should be aware that attackers hone in on third-party relationships with providers of heating, ventilation and air conditioning, power or other environmental and physical security controls. These vendors usually have login access to a network that can be exploited to gain access to payment information.
The advisory added that computers that run the POS services must be secured like any other computer on a merchant's network.
Just this week, the Credit Union National Association sent a letter to U.S. Senate and House leadership emphasizing that retailers need to take responsibility for their data breaches and adopt the same data standards as financial institutions.