Retail and Point of Sale (PoS) Are Under Attack
Mobile Threat Defense Secures the Retail Experience
Retail Organizations Have Multiple Attack Points
Retail companies have a love/hate relationship with mobile technology. To avoid losses to “showrooming” by customers with mobile devices, who are comparing in-store prices with online prices and checking peer reviews, the retail industry is under constant pressure to innovate for omnichannel. Retailers must add value to the customer experience beyond simply competing on price.
Faster means of payment, ordering and returns, customer loyalty programs, better product advice, technical support, devices for in-store and field employees, home delivery and configuration apps, are just some of the mobile-enabled tools retailers are leveraging to acquire and retain customers. However, most of these growth-fueling initiatives come with a hidden security risk. Retail mobile apps and mobile devices are prime attack targets for hackers and cybercriminals.
A strong mobile threat defense posture is required for survival against monetary and reputational damage cyberattacks can cause any retail business.
"We evaluated both security detection capabilities as well as operational deployment ones. We conducted advanced testing and determined that Zimperium’s approach was the most comprehensive and best aligned with our needs. We were very impressed with Zimperium's technology and wonder how they do what none of their other competitors can do."
- Vice President of Enterprise Security, Global Technology Retailer
One thing you can be sure of: wherever money changes hands is a cybercriminal’s favorite haunt, and retail stores certainly fit that description. The modern snatch-and-grab attack surface of choice for retail hackers are the millions of smartphones carried by customers, point-of-sale (POS) devices and mobile retail apps used to transact with customers.
Cyber thieves are employing device, network and application (“DNA”) attacks to steal account and payment information, undermine customer privacy, and cause damage to retailers. These mobile threats include conventional cyberattacks such as email phishing, fake customer support phone calls and SMS messages with malware download links, as well as more advanced methods including Wi-Fi network spoofing, malware and “fake retail app” delivery, ransomware, and takeover of any devices (including IoT devices often found in retail) that are connected to the Internet.
Payment hijacking and retail malware
With mobile payments poised to reach $142 Billion in the US alone by 2019, PayPal, Samsung Pay, Apple Pay, Google Wallet, Amazon Pay and many others are competing with the major card services providers to handle retail POS transactions. Honoring mobile payment approaches in your own integrations can leave an insecure opening for cybercriminals if they can compromise a device in the payment chain.
To compete with online retailers and other stores, many companies are also delivering their own branded iPhone and Android apps to deliver a multichannel shopping and loyalty experience for customers. Apps themselves may be an attack surface for data theft and unwanted adware interference, enticing customers to download or log in to fake versions of retailer-branded apps, which can steal customer data and money.
All forms of mobile-based fraud are particularly damaging to retailers, as merchants are frequently held liable for security lapses, losing money and brand reputation due to cyberattacks.
Zimperium Protects Retail
Retailers can leverage Zimperium’s world-class Mobile Threat Defense platform to detect and resolve advanced cyberattacks at all of the exposed mobile touchpoints in the enterprise. With very little effort, retail security and development teams gain on-device and in-app protection from mobile attacks, with active visibility into the threat landscape that is impacting their customer base and store operations.
On-device protection made easy
With a simple download, Zimperium’s zIPS™ app provides real time self-service mobile threat detection and defense for Android, iOS and Chromebook devices against device-level intrusion, network-based (or MITM) attacks, and unwanted application installs and malware. Retail InfoSec or development teams can pre-install zIPS as a retail mobile security app on issued user devices, and BYOD users or authorized customers can simply download and install the app from trusted stores (Apple App Store or Google Play).
In-App threat protection SDK
Embed cyber security into the apps you deliver to customers and employees with zIAP™ (In-App Protection). This innovative SDK allows developers to immunize mobile apps with world-class security to help prevent data breaches and mobile payment fraud in minutes. zIAP is completely configurable by developers to detect and remediate threats to a device, including detection of suspicious user behaviors, network attacks and interference from other apps.
Self-protecting apps equipped with zIAP are alerted via API to take immediate action according to the policies set by the app publisher or developer. Enable your app to report fraudulent activity, observe if another app is making unauthorized requests or unwanted downloads, shut down a user session, run in read-only mode, delete cache or force a password reset to protect payment data when threats are detected.
Real-time threat detection engine
Whether the Zimperium MTD platform is running as a standalone Android or iOS security app, or embedded within the retailer’s app, the mobile device gains real-time awareness to known and unknown threat behaviors acting against it.. This approach keeps customer and employee data private and secure on the device without impacting performance.
"Several signs continue to indicate that mobile security issues are growing in both volume and importance:
• Nearly one out of five business and industry apps leaks personally identifiable information (PII).
• Every year, 42 million mobile malware attacks take place.
• 63% of grayware apps leak the device’s phone number.
Furthermore, enterprises believe mobile malware attacks occur more often than is reported. In a recent Gartner survey, 60% of respondents stated they believe mobile malware incidences are underreported. To the same question for desktop malware incidences, respondents stated they believe only 16% are underreported."
Market Guide for Mobile Threat Defense. Analyst(s): Dionisio Zumerle | John Girard, 30 October 2018