Thales Blog

Dedicated Security For Mobile Issuance

November 11, 2011

Next week I will be speaking at Cartes 2011 on dedicated security for mobile issuance together with Tim Richards from Aconite. If you’re at the show do come along to our session.

Mobile payments will soon become an important part of our daily lives. There are now more people with mobile phones than there are with bank accounts and that makes mobile phones a natural vehicle for payments. Juniper Research, a European based provider of business intelligence, released a study forecasting that mobile contactless payment transactions are expected to reach nearly $50 billion worldwide in 2014 and NFC solutions will be launched in 20 countries within the next 18 months.

But how are all the operators of payment services going to deliver payment applications securely to the mobile? This new payment eco-system will present an array of new security challenges for issuers and service providers. Discover how to overcome these challenges from the real-life experiences of a payment application developer.

Security starts even before the issuing process and for mobile payment environments that typically means establishing a secure infrastructure linking all the stakeholders. This involves many parties and has the potential to increase the risk profile, and yet consumers expect mobile payments to be at least as secure as using a credit card.

Among the questions that need to be asked, and we will start to answer are:

  • What procedures and technology can be deployed to ensure that an appropriate degree of security surrounds the mobile payments eco-system?
  • How do standards in the world of payment cards such those from EMVCo and GlobalPlatform apply to mobile payments?
  • How do different approaches to locating secure elements in phone hardware affect the security regime; are multiple approaches needed?
  • How can applications be loaded ‘over-the-air’ on to a user’s phone or SIM with personalised account data in a simple yet secure manner, and how are the payments applications protected?
  • What part do Trusted Service Managers have to play and what ‘trusted services’ do they need to provide?

If a business wants to take advantage of the huge growth in mobile-based payments but also minimise risk, security needs to be built into the foundations.

Cartes 2011, 15-17 November, Paris

Dedicated security for mobile issuance – Thursday 17 November, 3.00-3.30pm

Steve Brunswick, Thales and Tim Richards, Aconite

C15 – Mobile Payment and Financial Services (NFC and Contactless – Part 3)