PayPal Closes Security Hole, But Now How Can It Get iPhone Users To Upgrade?

Written by Frank Hayes
November 11th, 2010

Success in mobile commerce depends on getting millions of copies of smartphone apps to customers—which is great if you get the details just right. But last Thursday (Nov. 4), PayPal had to rush out a new version of its mobile payments iPhone app. The old version—which has been downloaded more than four million times since its April release—turned out to have a security hole that could let a thief trick a user through a “man in the middle” attack. PayPal says it will cover any customer losses from fraud due to the security flaw.

That’s great for PayPal users. For PayPal, it’s a problem. The success of its iPhone app means there are millions of users at risk. And PayPal’s promise to reimburse any fraud loss related to that risk means there’s nothing to motivate users to upgrade from the old version that, to users, seems to be working just fine. Result: All the risk is on PayPal—and the only way to get out from under that risk is to irritate its customers.

The security problem with the iPhone app was easy enough for PayPal to repair. The app neglected to confirm that it was actually connected to the PayPal Web site before doing any business. The app should have done that by checking the PayPal site’s digital certificate. The failure was spotted by security research firm viaForensics, which announced the problem the same day PayPal rolled out its fix and said the Android app and PayPal Web site don’t share the problem.

That failure to check the certificate creates the risk of a “man in the middle” attack, in which a thief sets up a public Wi-Fi hotspot that includes a phony PayPal Web site in a place where users might connect to it—say, an airport, train station or shopping mall—and then waits for victims to discover the hotspot and log in. It would be a low-percentage attack, and PayPal says it hasn’t detected any fraud. But it’s a real risk, especially with a recent wave of hacking software for public Wi-Fi networks that are designed for almost anyone to use.

Now PayPal’s challenge is to get users to download the new app. That may not be easy. The new version doesn’t have any compelling new features. Except for the quickly patched security hole, it’s exactly the same as the old version. There’s nothing to encourage users to upgrade—a process that requires time and bandwidth for users, and always comes with the nagging fear that something will go wrong. With a cost that users care about and no benefit they can see, why should users upgrade? That’s the problem PayPal faces four million times over.


One Comment | Read PayPal Closes Security Hole, But Now How Can It Get iPhone Users To Upgrade?

  1. Fabien Tiburce Says:

    And there lies the inherent problems with “apps”. The whole point of the internet was to provide functionality and make it universally available from anywhere and anytime. The internet essentially fixed the software distribution problems that have plagued the industry since its early days. In order to differentiate itself (and to mask the fact that it is not a “cloud” company like Google but rather a “hardware” company liked Dell), Apple has pushed the idea of mobile apps onto us. Customers don’t care and ran with Apple who, truth be told, has traditionally offered superior usability and an “integrated” (some say closed…) ecosystem. BUT…the model is inherently flawed. Mobile apps are flawed and are, for all intents and purposes, a giant step back in the evolution of computing and convenience. I hope we collectively move towards HTML5 mobile apps which will have the same use and feel as native apps (in the majority of cases) but are “always up to date” and have the distribution advantages of web applications.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.