Increase in credit card leaks with high profile apps and sites

A new report reveals a continued rise in apps and mobile websites leaking credit card data, with several new cases from prominent brands, including the Hong Kong metro system.

Wandera has discovered a 17% increase (Q1 2016 vs Q4 2015) in apps and mobile websites leaking credit card data since announcing the discovery of the CardCrypt security flaw in December 2015. CardCrypt affected 16 global companies’ mobile websites and apps who were shown to be transmitting users’ credit card details, and in some cases passport information, unencrypted and ‘in the clear’.

credit card leaks

Exposure to malicious domains

Among the key findings of the report is the unusual and accelerated growth in malicious domains visited by users in Q1 2016. A massive 200% increase per month through the quarter was attributed to a concerning rise in ad frameworks used within apps and websites that are directing users to domains with a history of malicious activity.

While improved education seems to be helping users avoid visiting malicious websites through typical routes (phishing attacks or unwise browser use), users are nonetheless increasingly being exposed to malware through compromised adverts in the apps they are using.

Greater encryption of data

On a positive note, Wandera also discovered a noticeable trend towards greater browser and app encryption. The research identified that 70% of the data from apps is encrypted, an increase of 21% in the last 12 months. Encryption of data within browsers has not risen quite so starkly however – a less pronounced increase of 13%, and a total encryption level of only 52%.

Developers and brands are clearly recognizing the importance of encryption, hence the gradual rise in security measures being put in place. But the rate of improvement must continue, and even accelerate in order to support enterprise security. In the meantime, the onus remains on the enterprise itself to enforce its own monitoring, rules and education to counter the risks.

credit card leaks

Data usage in the enterprise

Wandera identified the top 10 apps by data usage on enterprise devices over the last three months. Unsurprisingly, email and Safari represent the majority of data usage – 34%. But five of the remaining eight apps are all non-work-related: Facebook (10%), Instagram (3%), Twitter (2%), WhatsApp Messenger, Spotify Music and Snapchat (all 1%) – showing a clear non-work-related usage trend on enterprise devices.

The research also found that employees are learning to reduce their data usage to conservative levels when roaming – video consumption drops from 14% of domestic data to 4% when roaming – indicating that employee education is working.

iPhones were also shown to be the biggest driver of increased data usage in the enterprise – compared with Samsung devices, whose users only consume 44% of the data used by the average iPhone user.