1 / 3100%
Padgette-Bealec Inc.c (PBI)c offersc anc extensivec listc ofc servicesc forc itsc
valuedc customersc toc enjoyc whilec theyc takec theirc stayc atc anyc ofc itsc
distinguishedc locations.c Fromc Golf-Lessonsc toc localc Tourc Guides,c
therec seemsc toc neverc bec anc endc toc thec servicesc PBIc providesc itsc
guests,c butc underneathc thosec servicesc loomsc ac greatc threatc toc
customerc privacyc andc PBIsc security.c Thesec servicesc requirec ac
customerc toc providec paymentc ofc course,c however,c thosec paymentsc
arec notc madec throughc Padgette-Bealesc prebuiltc infrastructure.c
Customersc arec oftenc payingc forc thesec servicesc throughc third-partyc
mobilec applications;c thisc opensc ac distinctc vectorc forc threatc actorsc toc
gainc accessc toc customerc information,c andc reflectc thec blamec againstc
PBI.
Whatc exactlyc isc ac mobilec payment?c “Mobilec paymentsc arec regulatedc
transactionsc thatc takec placec digitallyc throughc yourc mobilec device”c
(Square,c 2017.)c Whetherc itc isc purchasingc somethingc onlinec whilec youc
arec atc thec beach,c payingc forc yourc guitarc lessons,c orc tippingc thec pizzac
deliveryc driver;c everyc wayc moneyc wouldc bec exchangedc physicallyc hasc
beenc overtakenc byc digitalc collection.c Makingc paymentsc hasc neverc
comec easierc thanc whatc itc isc atc today.c Customersc canc makec paymentsc
withc thec simplec openingc ofc anc application,c andc ac click!c “Mobilec
paymentsc arec anc increasinglyc popularc wayc toc acceptc in-personc
payments…”c (Square,c 2017.)c Thec popularityc ofc creditc cardsc andc
mobilec paymentsc hasc pavedc thec wayc forc thec establishmentc ofc thec
Paymentc Cardc Industryc Datac Securityc Standardc (PCI-DSS.)c PCI-DSSc isc
ac standardc thatc wasc establishedc byc ac groupc ofc financialc companiesc inc
orderc toc setc ac standardc forc protectingc customerc informationc inc thec
agec ofc creditc cardsc andc digitalc payments.c “Thec PCIc DSSc dealsc withc
paymentc cardc datac andc cardholderc information...”c (Wills,c 2019.)c Thec
entiretyc ofc PCI-DSSc isc notc necessarilyc law,c butc thec standardc doesc
applyc ac formc ofc contractc betweenc ac vendorc andc ac creditc cardc
company;c aditionallyc therec havec beenc somec statesc thatc havec chosenc
toc writec portionsc ofc PCI-DSSc intoc theirc statec laws.
Whilec itc isc certainlyc wonderfulc thatc PBIc offersc ac plethorac ofc servicesc
toc itsc guests,c thesec servicesc providec anc uncheckedc methodc ofc accessc
toc guestsc information.c Itc isc withoutc ac doubtc thatc allc ofc PBIsc
integratedc servicesc complyc withc PCI-DSS,c andc PBIc worksc toc thec bestc
ofc itsc abilitiesc toc makec surec ac customersc informationc remainsc securec
withinc thec companiesc boundaries.c Thesec outsidec servicesc collectc
paymentsc throughc resourcesc thatc arec outsidec ofc PBIsc reach.c Ac golfc
tutorc mightc usec thec creditc cardc processingc servicec suchc asc Squarec orc
ApplePay;c whilec thesec servicesc arec generallyc trustedc byc thec public,c
PBIc maintainsc ac relationshipc betweenc thec servicec providerc andc theirc
methodc ofc paymentc collection.c Shouldc ac problemc arisec withc anyc ofc
thec servicec vendorsc orc thec applicationc theyc usec toc processc customerc
PII,c PBIc isc atc riskc ofc beingc involvedc asc wec arec thec trustedc sourcec thatc
providedc accessc forc ourc guestsc toc thesec vulnerablec services.
Whilec mobilec paymentsc arec certainlyc convenient,c therec isc ac goodc listc
ofc issuesc thatc canc arisec withc them.c “Inc 2011,c Sony’sc PlayStationc
networkc wasc hacked…c Theyc gainedc accessc toc customerc databasesc
andc compromisedc overc 70c millionc customers”c (Dwyer,c 2019.)c Ac
breachc inc customerc datac isc neverc ac goodc thingc whetherc itc isc fromc thec
customerc ofc businessc pointc ofc view.c Whenc addressingc mobilec
paymentsc therec arec ac fewc thingsc toc watchc outc for.
PIIc –c Mobilec applicationsc intakec ac lotc ofc customerc informationc suchc
asc billingc addresses,c andc fullc names.c Thisc isc ac goldminec forc threatc
actors,c andc ac goodc targetc toc takec advantagec of.
Stolenc Cardc Infoc –c Regardlessc ofc howc muchc securityc mobilec
paymentsc alreadyc contain,c itc isc estimatedc thatc therec arec morec thanc
76c millionc creditc cardsc forc salec onc thec darkc sidec ofc thec internet.c
(Ladika,c 2021.)
Scamc Likelyc –c Withc thec anonymityc ofc makingc mobilec payments,c scamc
artistsc havec anc evenc broaderc fieldc toc makec theirc tradec known.c
Paymentsc toc non-trustedc servicesc canc leadc intoc ac completec wastec ofc
money,c andc reflectc poorlyc onc PBIsc recommendedc services.
Noc Revenuec –c Thirdc partyc servicesc aren’tc guaranteed,c andc whilec PBIc
canc goc outc ofc itsc wayc toc recommendc thesec services,c itc isc notc alwaysc
ac givenc thatc theyc willc splitc theirc endc ofc thec deal.
Lackc ofc recordsc –c Shouldc ac formc ofc financialc problem,c audit,c orc
inquiryc arise,c somec ofc thec independentc vendorsc mayc notc maintainc
recordsc toc thec samec parc whichc PBIc does.c Thisc canc causec ac realc issuec
asc PBIc standsc inc betweenc thec customerc andc vendorc whomc collectedc
thec servicec payment.
Inc conclusionc therec isc ac lotc toc thec worldc ofc makingc convenientc mobilec
payments,c andc PBIc shouldc doc itsc bestc toc garunteec itsc ownc internalc
security.c Mobilec paymentsc providec ac lotc ofc problemsc suchc asc ac lackc
ofc accountability,c andc anc undesirablec splitc ofc revenue.c Thec issuec
standsc thatc whilec therec arec manyc securityc featuresc implementedc intoc
standardc mobilec securityc practices,c thesec securityc practicesc arec notc
entirelyc secure.c Itc isc withinc PBIsc bestc interestc toc addressc thec issuec ofc
thec outsidec servicesc itc provides,c inc orderc toc ensurec properc businessc
securityc inc itsc future.
References
Square.c (2017,c Aprilc 24).c Whatc arec mobilec payments?c andc howc toc usec
them.c Square.c Retrievedc Mayc 2,c 2022,c fromc
https://squareup.com/us/en/townsquare/mobile-payments
Wills,c L.c (2019,c Januaryc 3).c Americanbar.org.c Retrievedc Mayc 2,c 2022,c
fromc
https://www.americanbar.org/groups/litigation/committees/minority-
trial-lawyer/practice/2019/c the-payment-card-industry-data-security-
standard/
Dwyer,c B.c (2019,c Novemberc 7).c PCIc compliancec forc smartphonesc andc
mobilec devices.c CardFellowc Creditc Cardc Processingc Blog.c Retrievedc
Mayc 2,c 2022,c fromc https://www.cardfellow.com/blog/pci-compliance-
for-mobile-devices/
Ladika,c S.c (2021,c Novemberc 16).c
Creditc Cardc Securityc Guide
.c
CreditCards.com.c Retrievedc Mayc 2,c 2022,c fromc
https://www.creditcards.com/statistics/credit-card-security-guide/
Students also viewed