Thales Blog

Paym, Secure’em

April 29, 2014

Paym, a new payment service enabling bank customers to send money to other people using just a mobile phone number launched today. This is further proof that the payment industry has the potential to undergo dramatic change. As in any industry, when there is change, we must be prepared to break free from the shackles of traditional best practice. Not everything – including security – will always be managed the way it has been.

The majority of mobile payment security conversation to date has focused on the fact that mobile devices and their applications raise numerous security concerns. This is true, but in a vast and complicated ecosystem, such as that of banking and payments we need to keep an eye on the big picture. What real threats does the system face? What is at stake?

The world of e-commerce and home banking, as well as some of the more innovative approaches to mobile payments have already taken us out of the traditionally regulated environment. When we give up control of the physical environment, the focus must be on the data. There is no one single answer – a whole universe of security technologies work together to secure these systems. Security techniques have evolved beyond a simple ‘yes or no’ to include high level analytics, user profiling and behavioural analytics. This becomes even more relevant in the context of peer to peer money exchanges.

We can’t lose sight of the technology in these-high scale systems. The recent Heartbleed vulnerability demonstrated the speed with which security flaws can propagate, and the overwhelming challenge to remediate the situation. The integrity of phone based apps and authentication mechanisms needs to be constantly scrutinised - technologies such as codesigning provide mechanisms for establishing this confidence in system integrity. Put simply, if you can’t control the device, you need to put broader security systems in place, and very often, change the way we think.