In This Section


Category: Authentication

March 17, 2016
On the Wire Podcast: David Dewey
Apple has been touting its Apple Pay app as a secure, convenient alternative to other payment systems. It has been adopted by a number of major retailers and card issuers, but David Dewey, research director at Pindrop Labs, ran several experiments on the system’s card enrollment and authentication flow and found some serious problems. Using social engineering…
Read More →
March 15, 2016
Amazon Plans Move to Facial Recognition for Purchases
Amazon is planning to join a growing list of major companies that are working to make facial recognition the authentication method of choice. The retailer has filed a patent claim for a method it hopes will enable customers to complete purchases using their faces rather than passwords. The Amazon application shows that the company is working…
Read More →
March 11, 2016
More Android Malware Bypassing Mobile Banking 2FA
The kind of features that once were reserved solely for top-shelf malware is becoming standard equipment for mobile malware. The latest must-have feature is the ability to bypass two-factor authentication and it is showing up in more and more malicious apps, especially those that impersonate banking apps. A couple months ago a new version of…
Read More →
March 9, 2016
Home Depot Pays $19.5 Million to Settle Data Breach Suits
The Home Depot has agreed to pay more than $19 million to settle a massive lass-action lawsuit stemming from its 2014 data breach, one of the larger incidents in United States history. The settlement brings to a close what has been a long and ugly tale. The data breach came to light in late 2014…
Read More →
March 8, 2016
FTC Demands Info From PCI Auditors
The Federal Trade Commission has sent an order to nine of the larger companies that do PCI DSS assessments, demanding that the organizations turn over detailed information on how they conduct those audits, how often they actually declare a company non-compliant, and many other details. The PCI standard was created by the major payment card…
Read More →
March 7, 2016
Facebook Fixes Account-Takeover Bug
Facebook has fixed a simple yet potentially dangerous bug in its beta platform that could allow an attacker to take over another user’s account by brute-forcing the passcode that Facebook sends to users who forget their passwords. When a Facebook user forgets her password, she is directed to a form to enter either an email…
Read More →
March 7, 2016
On the Wire Podcast: RSA Conference Roundtable
In this episode of the podcast, Dennis Fisher is joined by a large cast of characters live at last week’s RSA Conference, including Jessy Irwin of 1Password, Chris Gonsales of IANS, Mike Mimosa of Threatpost, Fahmida Rashid of InfoWorld, and Chris Brook of Threatpost. The discussion touches on good and bad RSA talks, what we’ve…
Read More →
March 7, 2016
Bypassing Phone Fingerprint Sensors With an Inkjet Printer
Researchers at Michigan State University have developed a clever hack that allows them to scan and then print a target user’s fingerprint and then use it to unlock a mobile phone via the fingerprint sensor. The method uses an off-the-shelf inkjet printer equipped with some special cartridges with conductive ink to print the fingerprint image…
Read More →
March 1, 2016
Sidestepping Apple Pay Enrollment Authentication
SAN FRANCISCO–Apple has touted its Apple Pay system as a convenient, simple, and secure alternative to using physical debit or credit cards. But researchers have identified some weaknesses in the enrollment and authentication flow of the system that could have allowed attackers to add stolen cards to their own Apple Pay accounts and use them…
Read More →
February 23, 2016
The Selfie is the New Payment Biometric
Banks, credit card companies, and other financial companies are turning over every rock in an effort to fight fraud, including trying out novel authentication techniques. The latest move in this area is toward facial recognition via smartphones as a way to ensure the person making a purchase is who he claims to be. After decades…
Read More →
Pindrop® Panorama: Beating the Balancing Act of Security and Customer Service