Courtesy: PC World
Caitlin McGarry Staff Writer, Macworld

In case you missed it, Google launched a new mobile payment service at its annual I/O developers conference Thursday. It’s called Android Pay. But didn’t Google already have a mobile payment service? Yes, yes, Google Wallet. That’s not going away—in fact, it’s getting a reboot as a peer-to-peer payment service—but Android Pay works a lot more like Apple Pay than Google’s last attempt.

That’s a good thing. Google Wallet required you to wake your phone, open the Wallet app, and enter a pin number if you decided to protect the app with a passcode, all before waving your phone near the payment terminal. That’s a lot of work.

Android Pay will work just like Apple Pay: Upload your card information to the app, and Google will create one-time account numbers to represent your actual card number, so merchants never see your information. Then hold your Android phone near a payment terminal and watch the screen come to life with your cards already stored inside. Tap the card you want to use, and authenticate your purchase with your fingerprint (a feature like Touch ID that’s new to Android M).

Sounds more than a little familiar.

Google gets serious about security—sort of
But Google was years ahead of Apple when it came to NFC payments, you say? Well, yes, but it certainly didn’t perfect them. First, Google lacked support from three of the four big carriers, which were backing their own mobile payment service called Softcard, whichrecently folded into Google. The company also found a rival in Visa, which was also developing its own NFC payment option. And at last count just a few months ago, Google Wallet had support from just over 300,000 retail locations, a far cry from the 700,000-plus that are on board with Android Pay, plus the 1,000 apps that support Android Pay purchases.

Then there’s the not-so-small issue of security, which Apple went to great lengths to perfect. Android Pay uses tokenization to create virtual representations of your real card numbers, just like Apple Pay. The big difference between the two services is that Apple uses a Secure Element, a physical chip inside your phone, to store your encrypted financial data. Android Pay, like Google Wallet before it, uses Host Card Emulation, storing your encrypted data in the cloud.

That can be off-putting. Google Wallet also stored all of your transaction information, including time, date, and geolocation, within the Wallet app. So helpful! And so creepy. Android Pay is now far more secure than its predecessor, thanks to tokenization and fingerprint authentication, though it sounds like the service still stores information on what you bought and when—you’ll be able to see “transaction details right on your phone,” Google said in a blog post announcing the new service.

No fingerprint? No problem
Google’s biggest Android issue is fragmentation—the fact that not everyone can install the latest version of its OS at the same time—so it made Android Pay backward compatible to devices running KitKat and up (two OS versions ago). But only the latest version of Android supports fingerprint authentication for purchases, and not all Android phones have fingerprint sensors. If a phone lacks a fingerprint sensor, or if the phone isn’t on Android M, then Android Pay reverts to a passcode or pattern unlocking mechanism, losing the security inherent in fingerprint authentication to begin with—and basically making the new feature new in name only.

Apple has the advantage of being able to push out software upgrades instantly, which means every iPhone owner with compatible hardware (6, 6 Plus, or Apple Watch) could immediately start using Apple Pay on launch day. And while it would be great if Apple fans with older iPhones could use Apple Pay, too, the security features just aren’t in place (unless you have an iPhone 5, 5s, or 5c and an Apple Watch). Don’t have a fingerprint sensor in your iPhone? Sorry, no Apple Pay for you. Better safe than sorry.

But Google beefing up its mobile payment service to compete with Apple is good news, because it forces both companies to improve. For instance, Android Pay works with your rewards cards and loyalty programs, which Apple is reportedly planning to add to Apple Pay. Once retailers finally move to NFC payment terminals, paying for stuff with your phone instead of a physical card will at long last become the norm.

Source: 
http://www.pcworld.com/article/2927428/how-google-took-a-page-from-apple-to-secure-android-pay.html

Courtesy Quartz Publication
FRAPPUCCINO FRAUD

Any time you link an app to your bank account or credit card, you better use a good password. That seems to be the takeaway from a recent spate of thefts suffered by people using the Starbucks app, which lets you pay for coffee using your smartphone.

As reported by journalist Bob Sullivan and CNN, victims noticed that their accounts had illicitly been used to buy Starbucks gift cards worth hundreds of dollars, which can then be sold on the black market.

An Orlando woman named Maria Nistri told Sullivan that someone accessed her Starbucks app account and changed the username and password. The thief used the existing $34 balance to buy a gift card, waited for the app’s “auto-fill” function to withdraw more money from her bank account, and then stole another $100 within a few minutes.

Jean Obando of Sugar Land, Texas had $550 stolen via his Starbucks app, which was linked to his PayPal account, he told CNN.

Starbucks’ gift cards and smartphone apps are hugely popular, and constitute their own currency of sorts. One in seven Americans received one of its gift cards last year, and users load billions of dollars onto them every year. The company’s smartphone app, which is also available for the Apple Watch, accounts for about one in every six transactions at its US outlets.

The company was quick to dismiss any suggestion that its own systems had been hacked, and pointed the finger at users who chose insecure passwords to protect their accounts. It said in a statement:

Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.

 

In a separate incident in January, Starbucks came under fire for a security vulnerability that might allow app passwords to be stolen, but the company quickly issued an update that fixed the issue.

http://qz.com/404746/hackers-have-been-using-the-starbucks-app-to-steal-money-from-latte-drinkers/

Courtesy PCWorld.com
Zach Miners
IDG News Service

Microsoft is adjusting how it ranks Bing search results for mobile users, prioritizing sites that display better on smaller screens to accommodate the increased use of mobile search.

The changes, announced Thursday, come less than a month after Google started prioritizing mobile-optimized sites in its search results. Both companies are looking to attract more users by providing a better search experience on smartphones and tablets.

Microsoft said it expects to roll out the changes in the coming months. Sites that display well on smaller screens will also be flagged with a new “mobile friendly” tag.

In the U.S. last year, Bing had roughly 6 percent of the mobile search market, compared with Google’s 83 percent, according to figures from StatCounter.

The changes don’t mean mobile-optimized sites will necessarily appear at the top of results. “You can always expect to see the most relevant results for a search query ranked higher, even if some of them are not mobile friendly,” Microsoft said.

It considers a variety of elements to decide which sites display best on smartphones and tablets. For example, sites with large navigational elements that are spaced well apart will be prioritized, as well as sites that don’t require a lot of zooming and lateral scrolling. Bing will also favor sites with mobile-compatible content. That means pages with Flash content, which doesn’t work well on iOS devices, might get demoted.

Microsoft highlighted Fandango’s mobile site as one that will be prioritized under the changes, more so than Movies.com.

The company has also developed a tool to help webmasters assess the mobile friendliness of their sites. It will be made available in a few weeks

http://www.pcworld.com/article/2922812/bing-joins-google-in-favoring-mobilefriendly-sites.html

Courtesy , PCWorld.com
Jeremy Kirk
IDG News Service

Those using Magento’s e-commerce platform should ensure they’re using its latest software, as attackers are increasingly exploiting a flaw patched two months ago, security companies warned.

The vulnerability can allow an attacker to gain complete control over a store with administrator access, potentially allowing credit card theft, wrote Netanel Rubin of Check Point’s Malware and Vulnerability Research Group. As many as 200,000 websites use Magento, which is owned by eBay.

Check Point, which found the flaw, reported it to Magento, which issued a patch (SUPEE-5344) on Feb. 9. Since Check Point revealed the flaw earlier this week, it appears attackers have picked up on it and are trying to find unpatched applications.

Analysts with Sucuri Security wrote on Thursday they’ve seen indications that attackers using two Russia-based IP addresses are trying to exploit unpatched Magento applications.

The attacks so far appeared aimed at just first creating a fake administrator user in a Magento database, wrote David Cid, CTO and founder of Sucuri. But it’s likely the attackers will use that foothold to take over a site later, he wrote.

The exploit code Sucuri analyzed is a SQL injection attack, which inserts a new “admin_user” into a database. Cid wrote the exploit uses the usernames “vpwq” and “defaultmanager.” The presence of those names on a system could indicate a successful attack.

Check Point posted a video on its blog that showed how the flaw could be used to reduce the price of a US$100,000 watch on an e-commerce site they created for demonstration purposes.

Rubin wrote the vulnerability in Magento is composed of several flaws which allow an unauthenticated hacker to run PHP code on a web server. The flaws are within Magento’s core code and affects default installations of Magento’s Community 1.9.1.0 and Enterprise 1.14.1.0 editions, he wrote.

http://www.pcworld.com/article/2914512/hackers-exploit-magento-ecommerce-vulnerability.html

Team Android discovered the image near the town of Rawalpindi, Pakistan. See it for yourself here. Whether it’s the work of someone at Google or a merry prankster abusing tools like Map Maker is unknown, but smart money’s on the latter. While this easter egg’s sure to be a hit with Android aficionados, I’d be shocked if it stays up now that it’s in the public eye and thrust into Google’s face, so be sure to check it out sooner rather than later if you’re interested.

Image and article provided courtesy of :
PCWORLD >> http://www.pcworld.com/article/2914169/yep-thats-the-android-mascot-peeing-on-apple-in-google-maps.html

Love this guy!
Courtesy, Scott Galloway
Clinical Professor of Marketing, NYU Stern. L2 Inc.

The Apple Watch is this week’s winner, selling out in less than six hours. Although nobody believes the watch was really out of stock, the brand is becoming especially adept at maintaining the illusion of scarcity. Already, the brand is beating Android, selling more in 24 hours than Android has in an entire year. Does that mean wearables are still alive? No. The Apple Watch is an wrist-size iPhone, meaning no other digital wristband has a chance.

Another winner in the wearables game: Nike. They realized they didn’t have the technology, and had the courage to exit while ahead.

Loser: Tidal. A more expensive Spotify built on the premise that listeners should pay more to support already-rich musicians.

Under Armour wins, but at the declining sport of golf. The brand – which has had no presence in golf world three years ago – signed Jordan Speith that expires in 2025. However, golf has been a sport in decline as its main consumer base is old white people.