Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Security infrastructure of m-payments

Frost And Sullivan : 14 February, 2013  (Technical Article)
Frost and Sullivan examines the security requirements surrounding the implementation of m-payment solutions using near field communications
Security infrastructure of m-payments

The mobile (m)-payments market is taking a new step towards simpler and cost-effective solutions. Recently introduced payment options using mobile phones integrate near-field communication (NFC) technology with a cloud-based system. With this approach, cardholders’ account details will no longer be stored on a secure element within a mobile phone, but will instead be maintained in the cloud. Frost & Sullivan believes that successful combinations of NFC and cloud will require solutions to help mitigate the security risks involved in data transmission.

“M-payments that use contactless technologies, such as
NFC, are an emerging global trend,” says Frost & Sullivan Research Analyst Shuba Ramkumar. “Important market players like Google, Isis and Microsoft have created some of the currently available mobile wallet apps using NFC technology.”

Security infrastructure for
NFC payments is multi-layered. The customer’s account and card details are stored in a secure element within the device used for the payment. The secure element might be directly embedded by the mobile device manufacturer or offered by a payment service provider as a removable Secure Digital (SD) card. The use of a physical secure element, as is the current industry trend, is vital because in its absence the exposure to risk is much higher. Nevertheless, security solution providers including ARM, Gemalto, and Giesecke & Devrient, are also working on the development of the trusted execution environment (TEE) as a security standard.

“Implementing additional security – for instance, a personal identification number (PIN) for access – can help mitigate financial losses. An easy-to-use mechanism for deactivating
NFC services on a misplaced or stolen device and reactivating them on another will also enhance security,” adds Ramkumar.

A cloud-based m-payment solution involves the use of a mobile app, such as PayPal, that requires an individual’s authentication prior to connecting with the account details stored in a cloud to process the transaction. The biggest advantage of using this payment solution over
NFC is that the transaction can be carried out using any device with network connectivity. Further, in a cloud-based solution, data is stored virtually and is not easy to access or track — assuming the cloud provider offers appropriate protection.

“Despite constant monitoring and authentication checks that make the cloud itself secure, transmitting data over the air carries an element of risk,” cautions Ramkumar. “Payment information for many individuals is stored in the cloud, and it is mapped individually to a person logging into an m-payment app. Therefore, data transferred between the cloud and the device initiating the transaction occurs over the air, putting the data at risk to exposure to parties capable of reading it during transmission.”

A hybrid approach that combines
NFC and cloud for m-payments, hence removing the need for the physical secure element on a mobile phone, will make the application of NFC services simpler and cheaper. However, integrating NFC with cloud-based systems will still require additional solutions to mitigate the security risks involved in data transmission. “This should be done in respect of international payment standards such as PCI DSS in order to protect personal data during data transfer. At the moment, the security used for cloud based solutions is mostly the same as the one for e-commerce, so digital certificates features. This is probably a first step to accelerate cloud based payment solutions, but at the end, a higher level of security will probably be needed,” summarises Ramkumar.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo