As Millions of Consumers Make the Shift to the Newest iPhone, They Must be Aware of Privacy Concerns and Fraud Shifting to Online Channels
San Jose, CA – September 17, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the security pros and cons associated with some of the newest features of the iPhone 6 and the iPhone 6 Plus, both hitting shelves today.
“The most recent iPhone has received a ton of buzz, especially regarding some of its latest features such as Apple Pay, which has the potential to revolutionize the way consumers and retailers alike do business,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “However, the fact remains that these features may also potentially make Apple the new prime target for cybercriminals all over the world, as the iPhone 6 increasingly becomes the remote control of its owners life.”
With 25 million iPhone users planning to upgrade their devices by the end of 2014, there are a multitude of security pros and cons associated with the features of the latest iPhones that those making the switch should be aware of prior to purchasing. These include:
- Apple Pay a Safer Way– Passbook isn’t an entirely new feature of the iPhone, which previously enabled users to store purchased tickets and other virtual goods that they could then present on their iPhones in place of its physical counterpart. Now, Passbook enables users to register credit cards at the click of a button and access them for secure, one-touch transactions using the iTouch fingerprint reader. The Passbook does not store credit card details on the actual device or in iCloud. Instead it stores a token on a Secure Element. This means that any malware attempting to intercept a transaction will not be able to get access to the real credit card number. This is a net positive for transaction security.
- Fraud Pushed from Banks to Online Merchants – With Apple supporting Near Field Communications (NFC) technology, this prevents store employees from taking copies of card data. In addition, when EMV payment systems become mandatory in the U.S. in October 2015, criminal gangs will shift more attention to online channels. Modern card terminals typically support both EMV payment systems and NFC, and the new Apple Pay functionality will further drive adoption of these new readers in stores. Unlike in-store purchases that are covered by banks, online merchants have to cover the costs of inadvertently accepting fraudulent transactions. The other major impact will be a significant increase in online credit card origination theft. If it’s more difficult to breach data in store and create counterfeit cards due to EMV payment systems and Apple Pay, then criminals will focus more efforts online.
- Increased Account Compromise Risk – iCloud is like a remote control for users’ lives. If a hacker gains access to a username and password, which is often shared across sites, they can use the Find My Phone feature to not only disable Apple Pay purchasing from your device, but also get access to backup photos and remotely delete and reset your password as well. “Consumers have the opportunity to upgrade to two-factor authentication for better online protection as account compromise risks increase,” said Julie Conroy, research director at Aite Group. “However, very few consumers will do so due to inconvenience and added effort of such security measures.”
- Privacy Concerns – Apple has stated that it does not track Apple Pay purchases, and that health data collected by HealthKit will remain encrypted on the phone and not stored on Apple’s servers, however there may be future business pressure to better monetize Apples iAd network. HealthKit App Developers need consent to access health data, but consumers do not have good ways of ensuring their data remains protected once data is stored off their phone.
- Selling and Gifting Older Models – Many consumers will want to get rid of their older iPhone models and this can lead to multiple security risks, such as previously jailbroken devices, devices that have pre-stored malware and unwiped devices that still have personal information stored on them. Before selling or gifting older models, consumers must make sure that you have deleted all content (Settings > General > Reset > Erase All Content and Settings) and remove the devices from their iCloud accounts.
“The newest iPhone has the potential to be one of the most groundbreaking models to date,” said Faulkner. “However, consumers making the switch should be aware of the pros and cons of doing so, especially if they are in the first round of buyers. Consumers need to be mindful that the data they sync to iCloud is now likely only protected by a weak username and password combination.”
In the wake of the new potential threats to consumers’ sensitive information and privacy with the widespread adoption of the iPhone 6, businesses such as Apple need a way to protect their customers beyond simple username and password combinations with a collective, global network. The ThreatMetrix® Global Trust Intelligence Network analyzes more than 500 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.
- Share this news on Twitter: Making the switch to an iPhone 6? @ThreatMetrix wants you to be aware of the associated cybersecurity risks. http://goo.gl/TpbjR7
- Infographic: iPhone 6 and iPhone 6 Plus: Cybersecurity Pros and Cons
- Press release: EMV Global Standard Chip Card Adoption Increases Likelihood of Online Fraud
- Register today for the ThreatMetrix Cybercrime Prevention Summit 2014
- BizJournals: 5 cyber risks that can affect your mobile phone, tablet
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.