Meet the CMA 2016 Finalists: Payment Security

Payment securityThere is no payment without security. In this category, we are looking for the most convincing examples of smart security mechanisms used to secure transactions – from the use of crypto-currencies to biometrics. there are many out there to choose from but four companies stood out from the rest and we felt that the world should know more about them.

The four finalist in this increasingly important segment are;


2C2P’s One-Time-Card (OTC) enables businesses to manage complex payment transactions with multiple parties through its virtual card technology. The OTC customer has access to a dashboard which provides real-time monitoring of the whole payment process, from issuance of virtual card to card delivery and charging. The system monitors and manages the various payment processes with suppliers, agents, service providers or other business counterparties. This removes the need for cumbersome and costly wire-transfers. 2C2P built OTC as a unique virtual card that can be pre-loaded to match the exact required amount. The system issues a card in real-time whenever the customer has to pay a supplier, providing an efficient and secure automated solution for business payments. With OTC, customers can easily access a complete history of payments and export them to the company’s accounting systems. To support their operations, 2C2P runs an AWS architecture centralized in an Amazon Virtual Private Cloud in the Amazon Asia-Pacific (Singapore) region, with the Amazon United States West (Oregon) region used for disaster recovery. This allows 2C2P to control which components of its infrastructure are exposed to the Internet, adding an extra layer of security and reduces instances of disruption due to overloading.

In a relatively short period, Spire Payments has shipped large quantities of chip and PIN mPOS devices (India, UK, Germany, Poland, France, Belgium, Greece, Finland and more). Much focus is placed on the design of mPOS hardware, which is, of course, of paramount importance when it comes to security. However, it is the speed at which a user-friendly, feature-rich (yet secure) solution can be brought to market that is the true differentiator. The key to this capability is a powerful API (Application Programming Interface), such as that at the heart of Spire Payments’ mPOS proposition which is the focus of this award entry. The ability for a third party developer to write a payment application is essential. The issue is that most operating systems provide open access to restricted drivers and operating system functions. This in turn could; create security holes, negatively affect the portability of an application and put the application in the scope of the device (PCI-PTS) security evaluation, adding costs and delays on the development and update cycle. The inSpire mPOS API overcomes all of these issues, since any misuse (deliberate or not) by a developer does not affect security/stability/integrity or reveal sensitive information or functions to the application.

HYPR decentralizes the storage of biometric data to enable secure authentication across mobile, desktop and IoT systems. HYPR biometric tokenization secures payments by making military grade security available to desktop and mobile application providers, while offering end users a pristine UX across these platforms. Enterprises integrate HYPR into existing architectures to provide a password­-less experience for employees and customers. As a fully interoperable solution, users may choose from a variety of biometric authentication methods, by leveraging existing fingerprint sensors, cameras and microphones on mobile devices. HYPR is readily available as a cross­ platform SDK for BYOD deployment, or as a tamper­-proof security token for mission-­critical settings. The HYPR biometric security platform eliminates passwords, guaranteeing a pristine UX that is far more secure than a username/password scheme, or the same scheme aided by a second factor (2FA). HYPR­Secure application users have no need to create, remember, securely store, or reset passwords because there aren’t any passwords in use.

The Keypasco PKI Sign offers Internet Content Providers full support of PKI (Public Key Infrastructure) in a portable mobile device. Keypasco has invented, and patented, a new innovative way of using a user’s mobile device as a secure soft carrier of private keys. An end user’s private key is divided into two parts: a client part, and a server part. The client part is encrypted with a secret (PIN) and stored on the mobile device. The complete private key can only be recreated to sign a transaction when the correct mobile device and location has identified itself, and the right PIN is used to retrieve the client part of the private key. The feature does not require a Trusted Platform or a Secure Element. Traditionally PKI systems have been various forms of hardware, and dependent on the end user as the carrier of the sensitive private key. Keypasco’s PKI Sign solution is a versatile and customizable soft PKI option offered to the market of authentication. The PKI Sign is a part of the unique Keypasco solution, which is designed to be easy for mass enrolment over different mobile platforms.

You can find out who the lucky winner for the category will be by attending the awards ceremony that will be held on the 26th April in London. Tickets are still available and can be found by following the link here – but don’t delay as places are limited.

Tags: , , , , , ,

Categories: Contactless & Mobile Awards

CONNECT with Contactless Intelligence

Connect with us here

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: