Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

Securing mobile phones for the rise in m-payments.

30 October, 2007
With mobile payments using near field communications set to boom during the next five years, much stronger endpoint security is required in order to provide users with the confidence to accept the technology.
Juniper Research has issued a report today forecasting that RFID or near-field communications (NFC) technology will be deployed in around 12% of mobile phone users by 2011 for making payments for physical goods. M-payment, as it is known, is a contactless payment made by placing the telephone or token near a signal receiver where the transaction will occur.

Clearly, given the rampant levels of phone theft in some communities, particularly amongst teenagers, both telephone access and transaction security is going to have to be correspondingly higher as the value of mobile phones reaches the equivalent of a debit card.

The security structure for m-payments falls effectively into three areas, on-board telephone authentication which needs to be rather more robust than the default 4-digit power-up PIN, secure data transmission and validation at the receiving terminal. Although there are other factors to be considered for network payments using WAP or SMS, the use of NFC is broadly similar to using other RFID methods such as payment tokens.

The main security issue concerning the user is that of the telephone itself and the ability to deny access or authorisation by someone who steals the telephone. It is widely recognised that single SIM telephones are unsuitable in terms of security for performing financial transactions as more security needs to be built into them.

SIM and telephone tracking technology is available at reasonable cost for individual users which can help telephone recovery and access blocking but the most effective method is secure endpoint access control. Standard password and PIN authentication is a starting point which can be improved on by single use passwords which require a secondary device and therefore fails to come up to the usability requirements that fast payment methods will require.

An answer could lie with biometrics technology with marketable products already in existence for biometric face recognition using telephones with built-in cameras. In anticipation of the boom in m-payments predicted for the next 5 years, the biometrics industry is already performing extensive testing with varieties of camera quality, miniaturising infra red cameras for deployment in phones specifically for authentication purposes which are independent of light levels, camera angle and, most importantly, reducing the false acceptance rate to insignificant levels.
Bookmark and Share