Tim Hortons security loophole could lead to theft in mobile payments pilot

[qwertyaccount 15793]

[URL]http://www.itbusiness.ca/news/tim-hortons-security-loophole-could-lead-to-theft-in-mobile-payments-pilot[/URL]

[URL="http://www.timhortons.com/ca/en/"][COLOR=#0066cc]Tim Hortons Inc.â??s[/COLOR][/URL] new mobile app, TimmyMe, is prone to a security loophole that allows someone to create barcodes online to steal the money from customersâ?? gift cards.

Tim Hortons launched the TimmyMe mobile payments app in December 2013, which allows users to connect their gift cards to their app and then pay with the app at the cash register. As long as an attacker has a gift cardâ??s 16-digit number, he can generate barcodes for these gift cards, scan them at a Tim Hortons cash register, and charge gift cards bought by another person. The Android and iOS versions of the mobile payments app are currently in pilot mode, being accepted at only 55 Tim Hortons locations across southern Ontario.

When reached for comment, Tim Hortons had this to say in an email:
â??We are aware of this issue as this is something that affects almost all retailers currently accepting mobile barcode gift card payments. We are currently in a very small pilot market which helps control the exposure unlike some of our competitors who are widely using this same technology throughout North America. We are very pleased to let you know that we have developed a secure solution which will be in place in the very near future, prior to Tim Hortons full roll-out.â?

[URL="http://www.ibm.com/ca/en/"][COLOR=#0066cc]IBM Corp.[/COLOR][/URL], which developed the TimmyMe mobile app for Apple iOS and Google Android, also responded with a comment via email.

â??IBM has identified an approach that would allow Tim Hortons, during this pilot, to address the exposure. IBM continues to develop and invest in mobile solutions that will help our clients address this technology gap.â?