Demand for contactless payments continues to surge as both consumers and merchants seek faster, more convenient, and safer methods to conduct transactions. E-commerce via mobile devices has grown into its own segment, M-Commerce. Software point of sale (SoftPOS) apps and technology advances have turned commercial off-the-shelf (COTS) phones and tablets into fully enabled, contactless mobile point-of-sale (mPOS) systems. These Contactless Payments on COTS (CPoC) applications accept payments using the near-field communication (NFC) interface in standard mobile devices, without requiring additional hardware. In addition to contactless payments using NFC, contactless payments via mobile apps have soared during recent years. This momentum has retailers constantly pushing new apps and new features, which often results in deprioritizing cybersecurity.
Guide: 5 Tips to Secure Your Retail App & Your Business
Meeting Compliance Requirements Related to Retail & Mobile Payment Processing
Due to the valuable nature of the data being processed, the European Commission and the Payment Card Industry (PCI) Security Standards Council defined compliance regulations. The European Commission’s Revised Payment Services Directive (also called “PSD 2”) establishes rules covering all types of electronic and non-cash payments including mobile and online payments. The rules include strict security requirements for data protection, secure communication, and device and software integrity, and require that PSPs have mechanisms in place to mitigate failure of the required security measures. The PCI Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.
Secure Mobile Transactions with the Leader in Mobile Security
Retailers and organizations using m-commerce can leverage Zimperium’s world-class solutions to detect and resolve advanced cyberattacks at all exposed mobile touchpoints in the transaction. With very little effort, security and development teams gain on-device security and in-app protection from mobile attacks, with active visibility into the threat landscape that is impacting their customer base and store operations.
Secure the Mobile Devices Used for mPOS
Protect mobile devices used for transactions against device-level intrusion, network-based (or MITM) attacks, and unwanted application installs and malware, helping you meet the mobile mandates of PCI DSS requirements.
Learn About Mobile Device Security
Protect Cryptographic Keys within your Mobile App
Leverage white-box cryptography to protect keys within your mobile application and support PCI-DSS specifications, including separation of payment card and PIN data. Your keys cannot be extracted—even if the device itself has been breached.
Learn About Cryptographic Key Protection
Prevent Mobile App Reverse Engineering & Tampering
Add tamper-resistance, anti-reverse engineering, and obfuscation characteristics to mobile apps, ensuring not just compliance with the CPoC Standard, but also strong application-level protection against many software attacks.
Learn About Application Shielding
Thwart Fraud with Runtime App Self-Protection (RASP)
Enable your mobile app to detect risks on users’ devices, such network attacks, interference from other apps, etc., and then take specific remediation, such as forcing a password reset, shutting down the app, etc., based on pre-configured settings.
Learn About RASP
“We evaluated both security detection capabilities as well as operational deployment ones. We conducted advanced testing and determined that Zimperium’s approach was the most comprehensive and best aligned with our needs. We were very impressed with Zimperium’s technology and wonder how they do what none of their other competitors can do.”
– Vice President of Enterprise Security, Global Technology Retailer