Securing Mobile Payments
In a world where your mobile phone is as much of a necessity as your wallet, it would only make sense that, eventually, the two would become one. But are mobile payments finally clicking for consumers? A huge market barrier for mobile payments is consumers’ concerns about security, but in many cases a mobile phone can be as secure as a credit card.
James Bruce, lead mobile strategist at microprocessor developer ARM Holdings, www.arm.com, says consumers need to be reminded of the great protection they are already getting from credit cards and online banking. “With credit cards, your fraud and liability is limited to $50 worst case,” he says. “Just because you are moving to a new form of payment—be it the smartphone—that protection won’t change.”
Bruce says consumers also don’t realize that what makes their magnetic-strip card “secure” is all the backend software that credit card providers use to monitor their usage. “If you look at the credit card you have today, it’s actually incredibly easy to forge,” he says. “Fundamentally, it really isn’t all that secure.”
Jeff Miles, vice president and general manager of mobile transactions product line at NXP Semiconductor, www.nxp.com, agrees. “When you go into a restaurant and you hand over your card today, you are essentially handing all of your credentials over that are very easy to replicate,” he says.
In general, Miles says chip-based payment technologies like NFC (near-field communication) are the most secure option for large-scale purchases because they can’t really be “hacked” unless someone actually has the device in hand, and even then, Miles says the odds are stacked against the thief. “It’s a protected vehicle,” he notes. “If that phone is stolen, you have PIN codes to protect access to your phone and also to the wallet function. Unless you have the decryption device on the other side, you can’t get in.”
In addition, consumers who lose their phone or have it stolen can deactivate the chip. “It just doesn’t make a lot of criminal sense to be able to individually take off with a device, go in, get the PIN code before it’s been deleted or before that chip has been canceled,” Miles says. “I think when consumers understand what a smartphone and chip technology in your phone can do to protect your privacy and your credentials, I think (they) will demand it.”
However, that’s not to say there doesn’t need to be some development in the area of mobile payment security. Trustonic, an alliance between security technology leaders ARM, Giesecke & Devrient (G+D), www.gi-de.com, and Trusted Logic Mobililty (TLM), www.trustonic.com, has developed a technology it claims brings a whole new level of security directly into the connected devices.
Called a Trusted Execution Environment, the technology is a small piece of software that sits inside the apps processor of a device. “It’s like baking the trust into the devices from the beginning,” explains Rob Brown, vice president of market development at Trustonic. “It lets service providers like banks protect highly sensitive security critical assets away from a rich operating system that could be running programs the user may have inadvertently downloaded and that are trying to hack their device.”
According to Brown, Trustonic’s solution solves one of the main challenges developers have with the security chips used in most of today’s mobile devices. “Most of these wallet chips are small islands of security inside the device itself, but they don’t have direct connections to some of the critical functions of a smartphone, such as the key pad or the display,” he explains. “It’s very difficult for that small island of security to be able to secure something like capturing a user’s pin or displaying a transaction value of who you are paying on the screen without making sure it hasn’t been modified.”
So far, Brown says more than 100 million smartphones have been shipped with Trustonic’s technology built into them, and is being used to protect things like content as it gets streamed on a device.
Want to tweet about this article? Use hashtags #mobile #payment