Top 5 Stories


Mobile wallet security issues trouble users

16 August 2011

The last few months have seen a number of companies and groups launching their mobile wallets but, says Steve Brunswick, a strategy manager with Thales e-security, security remains is a major concern for users.

In the US, he says, Isis – an m-payment initiative that AT&T, T-Mobile and Verizon started last November – has announced plans to launch a pilot service some time next year, under which they will create a payment network that allows customers to pay, redeem coupons and store merchant loyalty cards, all with the tap of their phone.

More recently, a joint venture between all four of the UK's legacy cellcos – O2, Everything Everywhere (Orange and T-Mobile) and Vodafone – has set up shop, planning to offer a similar range of services.

And, says Brunswick, back in May of this year, the industry saw Google launch its platform, which turns Android smartphones into digital wallets.

The Vodafone, Everything Everywhere and O2 offering, he explains, will take the form of a SIM-based wallet, meaning that it can be used regardless of which mobile device that the owner is using.

But what, he says in his latest security posting, does this mean in terms of security, and how exactly do you get the wallet on to the SIM card in a secure manner?

The challenges, says Brunswick, include the provisioning of the m-wallet over the air, but the good news, he adds, are that the standards for integrating payment mechanisms on to cellular SIM cards is now starting to shape up.

Building the data needed to issue a payment application - and to create the secure messages required to personalise the mobile phone over-the-air – however, can be a lengthy and inefficient process requiring multi-core cryptographic functions which may expose sensitive data.

“The activity around mobile wallets has only really just begun and it will be interesting to see which players prove the most successful, but the fact remains that the security of mobile payments is one of the customer’s main concerns”, he noted, adding that the availability of a more efficient and secure means to enable issuers to provision wallets over the air to mobiles will undoubtedly pay dividends in the long run.

Infosecurity will have more on mobile wallet security tomorrow, detailing an interview with Steve Brunswick on new on-SIM card security technology that Thales has developed.

This article is featured in:
Compliance and Policy


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×