Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Mobile wallet security issues trouble users

In the US, he says, Isis – an m-payment initiative that AT&T, T-Mobile and Verizon started last November – has announced plans to launch a pilot service some time next year, under which they will create a payment network that allows customers to pay, redeem coupons and store merchant loyalty cards, all with the tap of their phone.

More recently, a joint venture between all four of the UK's legacy cellcos – O2, Everything Everywhere (Orange and T-Mobile) and Vodafone – has set up shop, planning to offer a similar range of services.

And, says Brunswick, back in May of this year, the industry saw Google launch its platform, which turns Android smartphones into digital wallets.

The Vodafone, Everything Everywhere and O2 offering, he explains, will take the form of a SIM-based wallet, meaning that it can be used regardless of which mobile device that the owner is using.

But what, he says in his latest security posting, does this mean in terms of security, and how exactly do you get the wallet on to the SIM card in a secure manner?

The challenges, says Brunswick, include the provisioning of the m-wallet over the air, but the good news, he adds, are that the standards for integrating payment mechanisms on to cellular SIM cards is now starting to shape up.

Building the data needed to issue a payment application - and to create the secure messages required to personalise the mobile phone over-the-air – however, can be a lengthy and inefficient process requiring multi-core cryptographic functions which may expose sensitive data.

“The activity around mobile wallets has only really just begun and it will be interesting to see which players prove the most successful, but the fact remains that the security of mobile payments is one of the customer’s main concerns”, he noted, adding that the availability of a more efficient and secure means to enable issuers to provision wallets over the air to mobiles will undoubtedly pay dividends in the long run.

Infosecurity will have more on mobile wallet security tomorrow, detailing an interview with Steve Brunswick on new on-SIM card security technology that Thales has developed.