Smart Card & Identity News A New Flavour for eCash
Smart Card & Identity News A New Flavour for eCash
Smart Card & Identity News A New Flavour for eCash
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Making Money on the Move More Secure<br />
Ian Hermon<br />
Introduction<br />
While different mobile payment methods jostle <strong>for</strong> top position,<br />
a similar contest is underway concerning the security of these<br />
new cashless services. Ian Hermon, Product Marketing<br />
Manager, Thales e-Security, takes a look at the challenges in<br />
establishing a solid foundation <strong>for</strong> secure payments on the<br />
move.<br />
With mobile phones set to become as indispensable as a wallet <strong>for</strong> buying goods and services, mobile payment<br />
developments are rapidly gathering pace and different service providers are competing <strong>for</strong> their slice of the pie.<br />
Last year, <strong>for</strong> example, saw the arrival of Master<strong>Card</strong>’s PayPass scheme in the US while Google launched its<br />
Android-based eWallet scheme and Starbucks trialled its Quick Tap PayPass service.<br />
A recent study from Juniper Research <strong>for</strong>ecasts that mobile contactless payment transactions are expected to<br />
reach nearly $50 billion worldwide in 2014 and NFC solutions will be launched in 20 countries within the next<br />
18 months.<br />
But be<strong>for</strong>e adoption begins to accelerate towards these levels, not only is there much debate to be had around<br />
which type of scheme works best in practice but also about which mobile payments security method is the most<br />
robust.<br />
Standardisation<br />
As with traditional payments, standardisation is essential to bring about the time and resource benefits to the<br />
industry. Several successful standards are already gathering momentum in providing a secure mobile payments<br />
ecosystem:<br />
• Managing Mobile NFC Services – The Trusted Service Manager (TSM) acts as an intermediary between<br />
Mobile Network Operators (MNOs) and any third party service provider that wishes to add a service to<br />
a mobile phone. GlobalPlat<strong>for</strong>m’s ‘System Messaging Specification <strong>for</strong> Management of Mobile-NFC<br />
Services’, defines the messaging between each of the three parties to ensure secure ‘provisioning’ of<br />
services to the phone.<br />
• The SIM Alliance Open Mobile API – Apps which use the Secure Element (the cryptographically<br />
protected piece of hardware on newer mobile phones) to secure their critical operations such as<br />
banking, payments or transport tickets, can have a component running in the phone’s operating system<br />
so that the user can securely interact with the keyboard/touch screen and enjoy a rich graphical user<br />
experience. The SIM Alliance Open Mobile API enables apps developers to use the additional security<br />
of the Secure Element more easily, be this in a UICC SIM, a dedicated Secure Element built into the<br />
phone, or a secure SD card, by providing a common means of interfacing with it.<br />
• Trusted Execution Environment (TEE) – The Secure Element looks after critical data on the mobile<br />
handset but it cannot easily host apps with a highly developed or cutting edge user interface. Apps that<br />
require complex user interactions must run on the phone’s main processor. The Trusted Execution<br />
Environment is designed to secure these apps and GlobalPlat<strong>for</strong>m is leading the standardisation and<br />
interoperability in this area to ensure that data and apps are adequately protected. For example, payment<br />
apps that run their user interface in TEE and their transaction security in the Secure Element would<br />
have an extremely high level of security.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong><strong>New</strong>s</strong> • March 2012<br />
10