Elements of Cyber Security - (BCY402)

Course Coordinator:
Prof. Yogesh N
Assistant Professor
Dept. of CSD
ATMECE, Mysuru

YN Prof. Yogesh N, Dept. of CSD, ATMECE 1

 Module 2

Mobile and Digital Payments Security: Security Challenges and types of attacks
on Mobile devices, Security for Mobile Apps, Mobile Device Management tools and
techniques.

Digital payments Security: Banking Cards, Unified Payment Interface (UPI), e-

Wallets, Unstructured Supplementary Service Data (USSD), Aadhar enabled payments,
Digital payments related common frauds and preventive measures.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 2

 Session 2

Mobile and Digital Payments Security

• Security Challenges
• Types of attacks on Mobile devices

YN Prof. Yogesh N, Dept. of CSD, ATMECE 3

 Introduction

 Mobile and digital payment security faces challenges like malware, phishing
attacks, data breaches, weak passwords, and unauthorized access through
malicious apps.

 There is a requirement of robust security measures including strong authentication,

encryption, secure app development practices, and proper mobile device
management (MDM) tools to protect sensitive financial data on mobile devices.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 4

 Key Security Challenges for Mobile Payments
 Below are the key areas of mobile payment security issues:
1. Malware and Viruses
2. Lost or stolen devices
3. Phishing scams
4. Data Breaches
5. Weak passwords
6. Using Public Wifi
7. Unpatched Software
8. Human error

YN Prof. Yogesh N, Dept. of CSD, ATMECE 5

 Key Security Challenges for Mobile Payments
Malware and Viruses

Risks: Malware can steal sensitive payment data, install keyloggers, or hijack
transactions.

Protection:
 Use a reputable mobile security app.
 Avoid downloading apps from unknown sources.
 Regularly scan your device for malware.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 6

 Key Security Challenges for Mobile Payments
Lost or Stolen Devices

Risks: Unauthorized access to banking or payment apps if the device is unprotected.

Protection:
 Enable biometric authentication
(fingerprint/Face ID).
 Set up remote wipe capabilities (e.g., Find My
iPhone, Google Find My Device).
 Use strong screen lock passwords.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 7

 Key Security Challenges for Mobile Payments
Phishing Scams

Risks: Fraudulent emails, messages, or fake websites tricking users into revealing
payment details.

Protection:
 Avoid clicking on suspicious links in emails
or messages.
 Verify URLs before entering credentials.
 Enable two-factor authentication (2FA).

YN Prof. Yogesh N, Dept. of CSD, ATMECE 8

 Key Security Challenges for Mobile Payments
Data Breaches

Risks: Payment information can be leaked or stolen from merchants or service

providers.

Protection:
 Use virtual credit cards or tokenized
payments.
 Regularly monitor account statements for
suspicious transactions.
 Use reputable payment platforms with strong
security measures.
YN Prof. Yogesh N, Dept. of CSD, ATMECE 9
 Key Security Challenges for Mobile Payments

Weak Passwords

Risks: Easy-to-guess passwords can lead to unauthorized access.

Protection:
 Use complex, unique passwords for each
payment app.
 Enable multi-factor authentication (MFA).
 Use a password manager to generate and store
passwords securely.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 10

 Key Security Challenges for Mobile Payments

Using Public WiFi

Risks: Hackers can intercept payment data on unsecured networks.

Protection:
 Avoid making payments over public WiFi.
 Use a VPN when accessing financial services.
 Disable auto-connect to public networks.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 11

 Key Security Challenges for Mobile Payments

Unpatched Software

Risks: Security vulnerabilities in outdated apps and OS can be exploited.

Protection:
 Keep your phone’s OS and payment apps
updated.
 Enable automatic updates where possible.
 Avoid using outdated or unsupported devices
for mobile payments.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 12

 Key Security Challenges for Mobile Payments

Human Error

Risks: Accidental transactions, falling for scams, or misconfiguring security

settings.

Protection:
 Double-check transactions before confirming.
 Stay informed about common fraud tactics.
 Educate yourself on secure mobile payment practices.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 13

 Types of attacks on Mobile devices
 Wireless and mobile devices have become ubiquitous in today’s society, and with
this increased usage comes with the potential for security threats.

 Wireless and mobile device attacks are a growing concern for individuals,
businesses, and governments.

 Below are some of the most common types of Wireless and Mobile Device Attacks:
1. SMiShing
2. War driving
3. WEP attack
4. WPA attack
5. Bluejacking
6. Replay attacks
7. Bluesnarfing
8. RF Jamming

YN Prof. Yogesh N, Dept. of CSD, ATMECE 14

 Types of attacks on Mobile devices
SMiShing
 Smishing become common now as smartphones are widely used.

 A "Smishing" attack is a type of cyber attack where a scammer tricks users into
giving out personal information by sending malicious links through text messages,
essentially a phishing attack done via SMS.

 SMiShing uses Short Message Service (SMS) to send fraud text messages or links.

 The criminals cheat the user by calling. Victims may provide sensitive information
such as credit card information, account information, etc.

 Accessing a website might result in the user unknowingly downloading malware

that infects the device.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 15

 Types of attacks on Mobile devices
SMiShing

YN Prof. Yogesh N, Dept. of CSD, ATMECE 16

 Types of attacks on Mobile devices

War driving
 War driving is a way used by
attackers to find access points
wherever they can be.

 With the availability of free

Wi-Fi connection, they can
drive around and obtain a
very huge amount of
information over a very short
period of time.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 17

 Types of attacks on Mobile devices
WEP attack
 Wired Equivalent Privacy (WEP) is a security protocol that attempted to provide a
wireless local area network with the same level of security as a wired LAN.

 Since physical security steps help to protect a wired LAN, WEP attempts to provide
similar protection for data transmitted over WLAN with encryption.

 WEP uses a key for encryption. There is no provision for key management with
Wired Equivalent Privacy, so the number of people sharing the key will continually
grow.

 Since everyone is using the same key, the criminal has access to a large amount
of traffic for analytic attacks..

YN Prof. Yogesh N, Dept. of CSD, ATMECE 18

 Types of attacks on Mobile devices
WEP attack

YN Prof. Yogesh N, Dept. of CSD, ATMECE 19

 Types of attacks on Mobile devices

WPA attack
 Wi-Fi Protected Access (WPA) and then WPA2 came out as improved protocols to
replace WEP.

 WPA2 does not have the same encryption problems because an attacker cannot
recover the key by noticing traffic.

 WPA2 is susceptible to attack because cyber criminals can analyze the packets
going between the access point and an authorized user.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 20

 Types of attacks on Mobile devices

YN Prof. Yogesh N, Dept. of CSD, ATMECE 20

 Types of attacks on Mobile devices

Bluejacking
 Bluejacking is used for sending
unauthorized messages to
another Bluetooth device.

 Bluetooth is a high-speed but

very short-range wireless
technology for exchanging data
between desktop and mobile
computers and other devices.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 21

 Types of attacks on Mobile devices

Replay attacks
 In a Replay attack an attacker
spies on information being sent
between a sender and a receiver.

 Once the attacker has spied on

the information, he or she can
intercept it and retransmit it
again thus leading to some delay
in data transmission.

 It is also known as playback

attack.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 22

 Types of attacks on Mobile devices

Bluesnarfing
 It occurs when the attacker copies
the victim’s information from his
device.

 An attacker can access information

such as the user’s calendar, contact
list, e-mail and text messages
without leaving any evidence of the
attack.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 23

 Types of attacks on Mobile devices

RF Jamming
 Wireless signals are susceptible to
electromagnetic interference and
radio-frequency interference.

 Radio frequency (RF) jamming

distorts the transmission of a satellite
station so that the signal does not
reach the receiving station.

YN Prof. Yogesh N, Dept. of CSD, ATMECE 24

 Summary

• In today’s session, you all have gone through the following topics
• Mobile and Digital Payments Security
• Security Challenges
• Types of attacks on Mobile devices

YN Prof. Yogesh N, Dept. of CSD, ATMECE 25

 Discussion and Interaction

YN Prof. Yogesh N, Dept. of CSD, ATMECE 26

 Topics for Next Session

Mobile and Digital Payments Security:

• Security for Mobile Apps
• Mobile Device Management tools and techniques

YN Prof. Yogesh N, Dept. of CSD, ATMECE 27

YN Prof. Yogesh N, Dept. of CSD, ATMECE 28