I have recently made a research among top 7 banks regarding the POS terminal security. I’ve sent each bank two questions:
1. Regarding the wireless POS devices – that use a GPRS / EDGE connection – is there any security involved in sending data (is a secure data transfer between the device and bank)? If so, can you give me one example of a secure protocol you use?
2. What’s the mobile provider used by your devices?
Results can only worry you:
- for the first question, all of the banks replied saying that they can’t provide such information due to it’s confidential classification.
- for the second question, all of them just told me the operator used.
Why their reply came as a surprise to me is because I consider that the second question is something that the banks should not disclose at all. If someone finds a vulnerability in the mobile network of an operator, then it’s just a matter of seconds until you know the target. Not answering about if there is any security involved during the payment process makes you think if your payment is really secure. And it’s not even something confidential because PCI (Payment Card Industry) compliance is mandatory for merchants.
Considering that the GPRS is now broken, do you feel safe paying with your credit card since the bank has no interest in letting their customers know that payment is secure?