INSIDE Secure releases new whitepaper; Securing Mobile Payments

inside-secureBy INSIDE Secure

Tokenization was portrayed as the solution to all the security challenges of Mobile Payment. It has now been realized that Tokenization on its own is not enough and the mobile application needs to be protected. This has resulted in “WhiteBox” being the latest buzzword when it comes to Mobile Payment security.

Anyone bringing a Mobile Payment product to market needs to take security seriously. Organizations offering payment services put themselves at risk of fraud and serious reputation damage. Equally, consumers will not use a financial service that they perceive to be insecure.

Providers of Mobile Payment services cannot rely on the security of mobile phones. Users may not mind (or even notice) their phone being used as a spambot or the occasional advertisement being inserted into an application, but they will object to their accounts being used for fraudulent transactions. Also, someone attacking a payment application can easily breakdown the defenses provided by phone operating systems. This means that the payment application needs to be more secure than the phone it is running on.

Securing Mobile Payments requires a different mindset from traditional card payments. The hardware based security models are no longer available to issuing banks; but they no longer need to be. Security models can be put in place that embraces the updateable nature of software.

Tokenization provides over the air update of payment credentials. WhiteBox provides a method for protecting cryptographic operations and data. These techniques are only part of the security model as on their own they are vulnerable to attack. A full solution will also require powerful software protection technologies, including anti-tamper, to defend the application, its WhiteBoxes and the Tokenization process. When combined together, a strong model is achieved for protecting Mobile Payments.

This new model is starting to become the industry standard so each bank does not need to reinvent it. If a bank implements the model correctly, then they can have confidence that their Mobile Payment product will achieve a comparable level of security to their card products with the improved user experience of mobile applications.

INSIDE Secure works closely with the major payment schemes to accelerate Issuer Bank’s integration to the schemes’ tokenization services. This has been demonstrated with both MasterCard through MDES engagements and by the company’s accreditation as a Visa VTS integration partner. This provides banks with a smooth route to utilize the aggregation ability of these token services to develop their own wallet product.

Couple this expertise with INSIDE Secure’s MatrixHCE technology, which provides HCE functionality based on the leading payment brand standards. It is targeted to allow Mo- bile Banking and Payment Application developers to speed up their development and time to market by combining HCE, Payment and Security as a packaged solution.

Securing Mobile Payment applications requires more than just data encryption. In addition, developers must secure the overall application code with all its vital logic & processes, data, and the cryptographic keys. MatrixHCE utilizes INSIDE Secure’s software protection tools to make it extremely difficult and time-consuming for attackers to understand how a payment application works in order to compromise it.

You can read more on this topic in our new whitepaper ‘Securing Mobile Payments‘, which can be downloaded here.

Tags: , , , ,

Categories: Mobile Payments

CONNECT with Contactless Intelligence

Connect with us here

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: