Mobile Payments Applications and Challenges Jose Diaz Director, Business Development & Technical Alliances Thales e-security

Similar documents
Data Protection and Mobile Payments. Jose Diaz - Business Development & Technical Alliances Ted Heiman Key Account Manager Thales e-security

CANADA VS THE USA - THE CONTRAST AND LESSONS FOR MOBILE PAYMENTS

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

Building Trust in a Digital World. Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.

How To Protect Your Restaurant From A Data Security Breach

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

Apple Pay & The New Environment for Mobile Payment Apps

OVERVIEW OF MOBILE PAYMENT LANDSCAPE

OVERVIEW OF MOBILE PAYMENT LANDSCAPE Marianne Crowe Federal Reserve Bank of Boston NEACH September 10, 2014

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

permitting close proximity communication between devices in this case a phone and a terminal.

How To Protect Your Network From Threats From Your Network (For A Mobile) And From Your Customers (For An Enterprise)

Practically Thinking: What Small Merchants Should Know about EMV

EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.

White Paper PCI-Validated Point-to-Point Encryption

HCE and SIM Secure Element:

MPOS: RISK AND SECURITY

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

Chris Boykin VP of Professional Services

Payments Security White Paper

mobile payment acceptance Solutions Visa security best practices version 3.0

The Canadian Migration to EMV. Prepared By:

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

A HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY. 2016, Vantiv, LLC. All rights reserved.

Mobile Device Security and Privacy. Discussion - Planning Considerations for a Successful Mobile Device Program

Best practices for choosing and integrating a mobile payments platform. A GlobalOnePay White Paper

The future of contactless mobile payment: with or without Secure Element?

The State of Pay. A mobile revolution. semble.co.nz

Bringing Mobile Payments to Market for an International Retailer

Preparing for EMV chip card acceptance

NFC Application Mobile Payments

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

rguest Pay Gateway: A Solution Review

Bringing Security & Interoperability to Mobile Transactions. Critical Considerations

Android pay. Frequently asked questions

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association

Beginner s Guide to Point of Sale

What Merchants Need to Know About EMV

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

PCI Security Standards Council

C23: NFC Mobile Payment Ecosystem & Business Model. Jane Cloninger Director

Enterprise Mobile Security Survey

Payment Security Update

PCI PA-DSS Requirements. For hardware vendors

Global Encryption and Key Management Trends Study

The Explosion of Mobile Technology; What s the Impact on the Financial Services Industry?

PCI and EMV Compliance Checkup

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

A Brand New Checkout Experience

A Brand New Checkout Experience

A Solution to the Mobile Wallet Conundrum

Best Practices in Mobile Device Management (MDM) Assoc. Prof. Dr. Thanachart Numnonda Executive Director IMC Institute

SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS

Mobile Payment Solutions: Best Practices and Guidelines

Evolving Mobile Payments Industry Landscape

White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure. By Christopher Kronenthal, Chief Technology Officer

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors.

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility

Why Encryption is Essential to the Safety of Your Business

All Things Payments & EMV. /

OpenEdge Research & Development Group April 2015

DATA SECURITY: EVERYTHING YOU NEED TO KNOW

Thoughts on PCI DSS 3.0. September, 2014

EMV-TT. Now available on Android. White Paper by

PREVENTING PAYMENT CARD DATA BREACHES

Less is More: Streamlining Commerce for the Campus Advantage

Creating a trust infrastructure to support mobile payments

U.S. Mobile Payments Landscape NCSL Legislative Summit 2013

EMV and Small Merchants:

Mobile Near-Field Communications (NFC) Payments

PCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015

My CEO wants an ipad now what? Mobile Security for the Enterprise

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

Corbin Del Carlo Director, National Leader PCI Services. October 5, 2015

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1

Apple Pay & The New Environment for Mobile Payment Apps

Twelve Transformational Digital Retail Technologies Explained (Part 1)

"Secure insight, anytime, anywhere."

welcome to liber8:payment

Card Acceptance Best Practices to Manage Rates and Minimize Risk

A RE T HE U.S. CHIP RULES ENOUGH?

EMV mobile Point of Sale (mpos) Initial Considerations

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

Evolution of Payments. Ottawa 2013

EMV Delivery of Mobile, Parking and Unattended Payments. Elavon

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

Ensuring the security of your mobile business intelligence

How Secure are Contactless Payment Systems?

Protecting against Mobile Attacks

4 Steps to Effective Mobile Application Security

RETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015

Mobile Device Strategy

That Point of Sale is a PoS

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE.

Credential Management for Cloud Computing

Transcription:

www.thales-esecurity.com Mobile Payments Applications and Challenges Jose Diaz Director, Business Development & Technical Alliances Thales e-security

2 / Verizon Data Breach Report

3 / Victim Industry Source: Verizon 2013 Data Breach Investigations Report

4 / Compromised Data Source: Verizon 2013 Data Breach Investigations Report

5 / Mobile Threats Global Overview 5.6 million potentially malicious files reported on Android, of which 1.3 million are confirmed malicious by multiple AV vendors Source: APWG White Paper: Mobile Fraud, May 2013

6 / Trustwave 2013 Global Security Report Key points on mobile device security Android platform continues to be the focus of malware In 2012, Trustwave s malware collection for Android grew 400%, from 50,000 to over 200,000 samples Malware also appeared in the Apple itunes Store All malware discovered was quickly removed Most notable being Find and Call - malware would upload a copy of the user s address book and send SMS spam to all contacts Several new variants of Zeus family targeting BlackBerry devices, primarily in Germany, Italy and Spain Windows 8 for mobile, released late October 2012. Not much seen in way of malware or exploits directed at this operating system, so far

7 / Does Anybody Care? Source: Advanced Payments Report 2013 Edgar, Dunn & Company, Sponsored by First Data

8 / MOBILE PAYMENTS

9 / Mobile Banking Mobile Banking Mobile Payments It is a direct relationship between you and your bank You can view your account balances You can pay bills but: Mostly, these are only to accounts you registered to pay directly (electric, phone, etc.) You can transfer money between your accounts Interac e-transfer enables you to send money to someone with an account in Canada You may be able to make a deposit by taking a picture of a check you want to deposit You cannot walk into a store and pay for purchases with a mobile banking application

10 / Why is Mobile Payments Interesting? CNN Money Mobile payments are expected to hit $214 billion by 2015. Transactions made by scanning a mobile phone at the register are forecast to reach $22 billion -- up from "practically none" last year.

11 / The Future Trend for Payments Source: RSR research, March 2013

12 / Who is Leading the Way? retailers are taking their leads from innovators PayPal and Google, whose success is driven not by service providers, but by consumers themselves Source: RSR research, March 2013

13 / The Traditional Payments View Traditional Four Corner Model defines a tightly controlled ecosystem Consumer s Cards Merchant s Systems Network Consumer s Bank Merchant s Bank

14 / Mobile Acceptance Expands the Model Traditional Four Corner Model defines a tightly controlled ecosystem Consumer s Cards Network Consumer s Bank Merchant s Bank

15 / Mobile Acceptance (mpos) EMV Magnetic Stripe

16 / PCI s View on Mobile Payments

17 / Benefit of PCI P2PE Acquirer Domain Payments network POI (at the Merchant) Payment Gateway / P2PE Solution Provider Acquirer Switch Issuer P2PE Secure Link Data protected by payments network Reduces pain of audit compliance for merchant Eliminates card data from merchant environment Protects data from acceptance device to Gateway or Acquirer

18 / What About Mobile Acceptance (mpos) and P2PE? Smart Phone Or Tablet Acquirer Domain Payments network PCI-approved Secure Card Reader POI (at the Merchant) Payment Gateway / P2PE Solution Provider Acquirer Switch Issuer P2PE Secure Link Data protected by payments network Enables transaction data security for mpos Eliminates card data from mobile device and merchant environment P2PE used to protect the data An important component for mpos transactions!

19 / MOBILE PAYMENTS

20 / Paying with Mobile Brings New Challenges Traditional Four Corner Model defines a tightly controlled ecosystem Consumer s Cards Merchant s Systems Everything stays the same - but Phones are insecure They are consumer controlled Network They can t be read in stores Consumer s Bank Merchant s Bank

21 / New Technologies to the Rescue Readability Near Field Communications (NFC) Standardized Format Mobile Wallets (apps that host payment credentials) Security Secure Elements (micro-hsms for phones)

22 / So Why Hasn t it Happened Yet? 1 st NFC phone Nokia 6131 (Feb 2006) Just unlucky or ill conceived? NFC is just a protocol not an experience Apple s iphone was launched only a year later (June 07) NFC requires POS terminals to be upgraded but few merchants were motivated (other than taxis and subways) Expected penetration from 8% in 2011 to 53% in 2017

23 / Expanded Ecosystem Several Cooks in the Kitchen Trusted Service Managers Mobile Wallet (TSM) Providers Mobile App Developers Handset Manufacturers Mobile Network Operators (MNO) The payments industry is no longer a private club Merchant s Systems Mobile Technology Providers Network Consumer s Bank Merchant s Bank

24 / Paying with Mobile in Canada CIBC and Rogers RBC and Bell Other Banks have announced they will offer NFC payments

25 / EXPANDING SECURITY OPTIONS IN MOBILE DEVICE

26 / Trusted Execution Environment (TEE) Separate execution environment running alongside OS to provide security services to Rich OS Higher level of security than a Rich OS Not as secure as a Secure Element (SE), but lower cost Offers layer of security between a Rich OS and a SE Addresses use cases with lower security requirements Security framework within the device Isolates access to its hardware and software security resources from the Rich OS and its applications Enforces protection, confidentiality, integrity, and access rights to the resources and data belonging to Trusted Applications Trusted Applications independent of each other, cannot perform unauthorized access to security resources from other Trusted Application Source: Global Platform s White Paper The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market

27 / Architecture of the TEE Source: Global Platform s White Paper The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market

28 / Rich OS, TEE and SE Positioning Rich OS, TEE and SE Positioning Security positioning for TEE compared to Rich OS or a SE Source: Global Platform s White Paper The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market

29 / Summary Risk of data compromise is still high in the market Protection of payment card data is important Mobile devices are also targets for malware No question mobile is area of interest for payments mpos has been primary driver for mobile use Has caused disruption in the payments environment Whether acceptance uses traditional terminal or mobile device, there is need for protecting data Actually, even more important for a mobile device Use of P2PE helps protect payment data Payment with mobile devices brings challenges Banks in Canada have deployed NFC payment options Global Platform has introduced more security options Security is an essential part of deployments to ensure customer confidence Customers expect it!

30 / Any Questions?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information