Presented by Amal Saha, CISO, Mahindra Comviva at CISO Platform Annual Summit, 2013. Amal is responsible for providing IT Strategy, Enterprise Architecture, leading Application Architecture, spearheading Information Security in Mobile Finance Solutions Product developed by the unit .
ciso-platform-annual-summit-2013-Future of secure mobile payments amal saha
1. Future of Secure Mobile Payments
From Zero-Effort-Payment to Mobile Trusted Module (MTM)
Amal Saha, Ph.D., C|CISO
Chief Application & Information Security Architect,
Mobile Finance Solutions, Mahindra Comviva
Profile: in.linkedin.com/pub/amal-saha-ph-d/b/57/364
email: amal.saha@mahindracomviva.com ,
Mobile: +91-9818004327
12-Nov-2013
1
2. Evolution of Secure Mobile Payment Method
Payment Method
Gen
Pros & Cons
USSD
1st
Limited by GSM network
security, app based encryption
possible, but not widely adopted
SMS-STK
2nd
closed
Mobile Browser
2nd
Small UI form factor and malware
are issues
Contactless
Mobile
3rd
Google Wallet, MC PayPass, Visa
PayWave – TSM as complex 3rd-pty
& Telecom carrier controlling SE &
NFC-enabled POS terminal
availability are issues
Cloud Wallet
3rd
Google Wallet, PayPal – online
payment
Encryption and other
crypto operations possible
2
3. [cont] Evolution of Secure Mobile Payment Method
Payment Method
Gen Pros & Cons
Zero-Effort-Payment
(ZEP)
3rd
prepaid closed-loop
Host Card Emulation
(HCE)
3rd
No SE needed for
proximity payment
in store - seamless customer
identification (SCI) thru BLE based
customer mobile device detection
and face recognition
one-time token or virtual-card from
issuer to the secure card-holder app
on mobile device
(cloud based SE)
Network connection issue.
Support by Visa, MC
critical for success
Could use trusted
computing for higher level
of security
3
4. [cont] Evolution of Secure Mobile Payment Method
Payment Method
Gen Pros & Cons
Mobile Trusted Module
(MTM)
4th
and Trusted Network Connect (NAC)
from TCG – hardware root-of-trust
thru a component in system-on-chip
Secure app free from
malware, ubiquitous
secure computing and
networking
4