Statistically every person in the world between 15 to 64 years old has a smartphone or tablet today. In the next 5 years for every baby born 10 smartphones will be sold1. Smartphones have literally changed our lives, from playing, working to everyday living. But what can we learn from app developers, who’ve made mobile devices so powerful?
Learning from app developers
With 102 billion mobile app downloads to date – averaging 22 apps per device2 – it’s clear that software developers know what they are doing.
As Richard Branson said “Business opportunities are like buses. There’s always another coming along.” Looking at the online piracy world, the latest bus is exploiting software media centers. And unfortunately, many consumers are being taken for a ride.
I’ve mentioned it before, online pirates are undoubtedly criminals. Yet they’re also entrepreneurs. The pirates are continually adapting. To effectively fight online piracy means keeping up to date with their latest activities.
APIs are everywhere in modern day life. We rely on them to access services on mobiles, tablets and laptops. Without them our day-to-day life wouldn’t be the same. Yet they are also increasing the attack surface. Are they really a friend to e-commerce or to cybercrime?
APIs are not new. They’ve been around a long time. APIs are key to building scalable web-based applications as they allow and manage the interaction between 2 online connected services.
True, a botanical metaphor about OTT piracy is unusual. But similarities can be drawn. In the housing market, the presence of Japanese knotweed can have a detrimental effect. If unchecked, online piracy is on track to do the same in the pay-media industry. What can be done to fight the weed?
What is Japanese knotweed?
Put simply, it’s a relentless plant that can grow 30cm a week. Its invasion can knock thousands off the value
In today’s OTT world, pay-media operators continually modify their business models to find the sweet spot; what resonates best with their consumers. Unfortunately, the same is true with cybercriminals. For them, the introduction of account generator sites is at the heart of this evolution.
No longer limited to the DarkNet
In an earlier blog, I explained how compromised account details are regularly being sold on the DarkNet. However, in the last few months the Irdeto cyber-services team has witnessed a change.
On a recent flight, I was sat next to a security auditor. He asked “can someone steal keys used to encrypt credit cards from the server memory?” It depends, was my reply. But his question left me wondering. Why hasn’t anyone built a server side white box implementation?
Why does it depend?
Like any implementation, some are more secure than others. If the server side code was using ‘standard cryptographic APIs’ and they were black box implementations then
The EU Payment Service Directive (PSD2) aims to enhance consumer security, increase competition and create a single EU-wide market for payments. No doubt this market disruptive initiative opens the door for innovation. But will PSD2 inadvertently introduce more vulnerability for the cybercriminals to exploit?
Achieving its aims all hinges on the banks sharing their customer data with anyone that holds the required license. This third party access to accounts (XS2A) ensures that banks cannot block the move to a new payment services market.
With the rise of OTT services, consumers are starting to analyze their monthly entertainment expenses. The good news is that many don’t want to lose their pay-TV operator service. The downside is they want to pay less for it.
Is it the same across the globe?
What’s clear from my customer meetings is that pay-TV services are not being eroded completely by OTT. They’re still important. But pressure is building on operators to drive down the cost of delivery. From Mexico to Malaysia this was a common goal.
Browser security isn’t a new problem. Apple, Google, Microsoft and Mozilla have put a huge amount of effort into enabling consumers to have a secure browsing experience. But who’s thinking about the web site operators and their secure browsing experience?
Internet trust is dependent on certification authorities; with TLS/SSL being the most commonly used technology for securing electronic commerce transactions online. It’s all about enabling the consumer to access web services and be reasonably confident they know who they are talking to.
There’s no doubt about it, cyber-attacks are increasing. A consequence of this is a rise in cybersecurity litigation. Interestingly, that litigation may not necessarily be directed against the cybercriminals. Instead, it is likely to be another threat that the breached company has to deal with.
Just as cyber-attacks are generating publicity, so too are the subsequent litigation activities. What makes them newsworthy seems to be the dollar amount.