ThreatMetrix Explores the Pros and Cons of iPhone 6 as They Relate to Privacy and Cyberfrauds’ Shift to Online Channels
When it comes to security, do the “I”s have it? ThreatMetrix takes a hard look at iPhone 6 and iPhone 6 Plus, exploring whether some of their newest features will be making their owners more secure or bigger cybercrime targets. (For a quick overview, ThreatMetrix prepared the following infographic on iPhone 6 and iPhone 6 Plus cybersecurity pros and cons.)
“The most recent iPhone has received a ton of buzz, especially regarding some of its latest features such as Apple Pay, which has the potential to revolutionize the way consumers and retailers alike do business,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “However, the fact remains that these features may also potentially make Apple the new prime target for cybercriminals all over the world, as the iPhone 6 increasingly becomes the remote control of its owners’ life.”
By the end of 2014, some 25 million iPhone users will have upgraded their devices. Following ThreatMetrix security experts critique the newest features and how they affect security.
- Apple Pay a Safer Way– Passbook isn’t an entirely new feature of the iPhone, which previously enabled users to store purchased tickets and other virtual goods. These could then be presented on their iPhones in lieu of tickets, etc. Now, Passbook enables users to register credit cards at the click of a button and access them for secure, one-touch transactions using the iTouch fingerprint reader. The Passbook does not store credit-card details on the actual device or in iCloud. Instead it stores a token on a Secure Element. This means that any malware attempting to intercept a transaction will not be able to get access to the real credit card number. This is a net positive for transaction security.
- Fraud Pushed from Banks to Online Merchants –Apple supports Near Field Communications (NFC) technology, which prevents store employees from taking copies of card data. In October 2015, EMV payment systems become mandatory in the U.S. and will cause criminal gangs to shift more of their attention to online channels. Modern card terminals typically support both EMV payment systems and NFC, and the new Apple Pay functionality will further drive adoption of these new readers in stores. Now, unlike in-store purchases that are covered by banks, online merchants have to cover the costs of inadvertently accepting fraudulent transactions. The other major impact will be a significant increase in online credit card origination theft. If it’s more difficult to breach data in-store and create counterfeit cards because of EMV payment systems and Apple Pay, criminals will focus more of their efforts online.
- Increased Account Compromise Risk – iCloud is like a remote control for users’ lives. If hackers gain access to a username and password, which is often shared across sites, they can use the Find My Phone feature to not only disable Apple Pay purchasing from your device, but also get access to backup photos and remotely delete and reset your password as well.“Consumers have the opportunity to upgrade to two-factor authentication for better online protection as account compromise risks increase,” said Julie Conroy, research director at Aite Group. “However, very few consumers will do so due to inconvenience and added effort of such security measures.”
- Privacy Concerns – Apple has stated that it does not track Apple Pay purchases, and that health data collected by HealthKit will remain encrypted on the phone and not stored on Apple’s servers. However there may be future business pressure to better monetize Apple’s iAd network. While HealthKit App Developers require an iPhone owner’s consent to access health data, consumers do not have good ways of ensuring their data remains protected once it is stored off their phones.
- Selling and Gifting Older Models – Many consumers will want to get rid of their older iPhone models and this can lead to multiple security risks, such as previously jailbroken devices, devices that have pre-stored malware and unwiped devices that still have personal information stored on them. Before selling or gifting older models, consumers must make sure that they have deleted all content (Settings > General > Reset > Erase All Content and Settings) and remove the devices from their iCloud accounts.
“The newest iPhone has the potential to be one of the most groundbreaking models to date,” said Faulkner. “However, consumers making the switch should be aware of the pros and cons of doing so, especially if they are in the first round of buyers. Consumers need to be mindful that the data they sync to iCloud is now likely only protected by a weak username and password combination.”
The widespread adoption of the iPhone 6 means there will be new threats to consumers’ sensitive information and privacy. Businesses such as Apple need a way to protect their customers beyond simple username and password combinations. They need a collective, global network. The ThreatMetrix® Global Trust Intelligence Network analyzes more than 850 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.