SlideShare a Scribd company logo

Mobile payments: A history of [in]security

Download as PPTX, PDF
CanadianCIO (IT World Canada)
CanadianCIO (IT World Canada)

Using mobile devices to complete payment transactions in stores is on the brink of mass adoption in North America. What's not clear yet is what technology will be the most popular and how these methods of payment will be secured. So far, security seems to be an afterthought in some early attempts at a mass-market approach to mobile payments - including one particular app that happens to have 12 million users and a glaring loophole.

Mobile
1 of 19
Mobile Payments A brief history of [in]security
Mobile payments at the till QR codes/bar codes Bluetooth beacons NFC contactless
Mobile payments landscape in Canada • Mobile payments growing faster than card-based contactless payments • 22% of smartphone owners made a payment with mobile phone (most via online banking) • 4/10 of those mobile payers do more than one payment per month on their phone • Barriers to in-store payments: only 1 in 6 phones have NFC today. (But 1 in 2 by 2018). • Fragmented wallets: need a specific bank on a specific carrier Data from Technology Strategies International Inc. – Canadian Payments Forecast 2013
Canada at a tipping point Consumer adoption Technology enablement Merchant support Added value
Bar code / QR code payments • Starbucks introduced payments feature to app in Canada in November 2011 • Simply add a gift card or buy a new one, then display bar code to barrista to complete a transaction Benefits • Can work on any smartphone. You just need a display, not NFC. • Rely on existing gift card infrastructure. • Customers already familiar with using gift cards “get it.” • Ties in to loyalty program that awards gold stars. Popular option • Starbucks has 12 million mobile users in U.S. and Canada (July) • 15% of all U.S. sales made via the app
Double double down on mobile payments • Tim Hortons updated TimmyMe app to include mobile payments in December 2013 • Similar to Starbucks, bar codes are an option. Also, NFC payments on BlackBerry devices. • Trial period focused on several stores in St. Catherine’s area Security question: What’s in a bar code?...
Donut hole or loop hole? • TimmyMe app asks for the 16 digit number displayed on the back and the secret code behind the scratch-off part • But only the 16 digit number is encoded in the bar code • The bar code is a PDF 417 code that can be generated by Internet tools and mobile apps • A bar code bandit could read the 16-digit number, generate own bar code, wait for someone to load money to the account I buy a card in Toronto I tell the 16-digit number to Jude in Vineland Jude generates PDF 417 bar code with free app Jude buys crueler and coffee at Timmy’s, displays bar code Transaction approved. My Card is debited $2.59 Our vulnerability testing process
TimmyMe: secured • Low risk security vulnerability: you lose the $20 you are willing to store on a card • Low motivation for thieves to steal coffee and donuts; no access to credit card data • Principle of building trust for mobile device as a payments gateway • Tim Hortons did fix the problem when it publicly opened up payments across Canada by adding encryption to the bar code • It did not receive any reports of lost money due to the flaw The other guys? • “We are currently in a very small pilot market which helps control the exposure, unlike some of our competitors who are widely using this same technology throughout North America.”
‘Hands free’ payments • A Bluetooth low-energy beacon communicates with an app on your phone • Customer signs in on phone to authenticate, can stay signed-in • Cashier sees customer information on POS terminal and checks them out • Payments processed via PayPal account
Security issues with BLE transactions • Long-distance transmissions between mobile device and beacon could be intercepted. Could hackers use UUID for gain? • Denial of service attacks – overload POS terminals or mobile device with BLE signals and disrupt payments • Considered a card-not-present transaction
PayPal = incumbent
Conan on Apple Pay “Because the company I want to trust with my wallet is the same one that leaked my nude photos on iCloud.”
Apple’s patent for tokenization – 2009
Apple’s developer guide to Apple Pay - 2014
How could it be hacked?
Not impossible but… • Thief has to steal your device with token stored on it • Log into your account and access passbook • Successfully mould your fingerprint onto weird gel stuff • Use fake fingerprint at a checkout without drawing suspicion • Avoid having device disconnected from payments via “Lost my iPhone” app
Where’s Touch ID in this picture?
Thank you Have a coffee on me. 6086 9932 5718 3454* *Requires generating your own PDF 417 bar code. Be sure not to type spaces when inputting the number.

Recommended

Mobile Payments: An IBM Point of View
Mobile Payments: An IBM Point of ViewMobile Payments: An IBM Point of View
Mobile Payments: An IBM Point of View
Mark Sherman
 
Mobile Payments revolution
Mobile Payments revolutionMobile Payments revolution
Mobile Payments revolution
Pragati Rai
 
Overview of Mobile Payment Systems
Overview of Mobile Payment SystemsOverview of Mobile Payment Systems
Overview of Mobile Payment Systems
Amit Naik
 
Mobile Payments
Mobile PaymentsMobile Payments
Mobile Payments
Mike Batton
 
Mobile Payments Framework
Mobile Payments FrameworkMobile Payments Framework
Mobile Payments Framework
Lakshmana Kattula
 
Future of mobile payment and mobile commerce may 2013
Future of mobile payment and mobile commerce may 2013Future of mobile payment and mobile commerce may 2013
Future of mobile payment and mobile commerce may 2013Tarang Shah
 
Secure mobile payment
Secure mobile paymentSecure mobile payment
Secure mobile payment
Ahmed Kamel Taha
 
Peer to-peer mobile payments
Peer to-peer mobile paymentsPeer to-peer mobile payments
Peer to-peer mobile paymentsIshraq Al Fataftah
 

Recommended

Mobile Payments: An IBM Point of View
Mobile Payments: An IBM Point of ViewMobile Payments: An IBM Point of View
Mobile Payments: An IBM Point of View
Mark Sherman
 
Mobile Payments revolution
Mobile Payments revolutionMobile Payments revolution
Mobile Payments revolution
Pragati Rai
 
Overview of Mobile Payment Systems
Overview of Mobile Payment SystemsOverview of Mobile Payment Systems
Overview of Mobile Payment Systems
Amit Naik
 
Mobile Payments
Mobile PaymentsMobile Payments
Mobile Payments
Mike Batton
 
Mobile Payments Framework
Mobile Payments FrameworkMobile Payments Framework
Mobile Payments Framework
Lakshmana Kattula
 
Future of mobile payment and mobile commerce may 2013
Future of mobile payment and mobile commerce may 2013Future of mobile payment and mobile commerce may 2013
Future of mobile payment and mobile commerce may 2013Tarang Shah
 
Secure mobile payment
Secure mobile paymentSecure mobile payment
Secure mobile payment
Ahmed Kamel Taha
 
Peer to-peer mobile payments
Peer to-peer mobile paymentsPeer to-peer mobile payments
Peer to-peer mobile paymentsIshraq Al Fataftah
 
Mobile payment
Mobile paymentMobile payment
Mobile payment
Software Park Thailand
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessment
Stefano Maria De' Rossi
 
Mobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpointMobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpoint
AJAVON Samuel
 
Mobile payment technology 8.11.2014 final
Mobile payment technology 8.11.2014 finalMobile payment technology 8.11.2014 final
Mobile payment technology 8.11.2014 final
Audrey M Lehr SCPM, CSM, MS Information Systems
 
Mobile payments, e-money and mobile credit in Japan
Mobile payments, e-money and mobile credit in JapanMobile payments, e-money and mobile credit in Japan
Mobile payments, e-money and mobile credit in Japan
Gerhard Fasol
 
Ewallet
EwalletEwallet
Ewallet
Laxminarayan Sharma
 
The Future of Mobile Payments
The Future of Mobile PaymentsThe Future of Mobile Payments
The Future of Mobile Payments
Jonathan LeBlanc
 
Cost and Features to Develop e-wallet Mobile App
Cost and Features to Develop e-wallet Mobile AppCost and Features to Develop e-wallet Mobile App
Cost and Features to Develop e-wallet Mobile App
Tarun Nagar
 
E wallet.ppt
E wallet.pptE wallet.ppt
E wallet.ppt
Mohamed Enayet
 
E wallet
E walletE wallet
E wallet
smitha monisha
 
Future of Payments - Wallets (April 2014)
Future of Payments - Wallets (April 2014)Future of Payments - Wallets (April 2014)
Future of Payments - Wallets (April 2014)
Peter Gonzalez
 
E wallet nfc service payment
E wallet nfc service paymentE wallet nfc service payment
E wallet nfc service paymentigede tirtanata
 
Mobile Payment Trends 2014
Mobile Payment Trends 2014Mobile Payment Trends 2014
Mobile Payment Trends 2014
Martin Gutberlet
 
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet
 
E wallet
E walletE wallet
E wallet
VC Infotech
 
Introduction To E- Wallet
Introduction To E- WalletIntroduction To E- Wallet
Introduction To E- Wallet
Milind Prajapat
 
Mobile Wallet functions
Mobile Wallet functionsMobile Wallet functions
Mobile Wallet functions
Mikhail Miroshnichenko
 
Mobile Payment Value chain and Business Models
Mobile Payment Value chain and Business ModelsMobile Payment Value chain and Business Models
Mobile Payment Value chain and Business Models
Stomar
 
Mobile Financial Services
Mobile Financial ServicesMobile Financial Services
Mobile Financial Services
mgopik
 
Digital wallet
Digital walletDigital wallet
Digital walletSohil Gupta
 
Mobile payment
Mobile paymentMobile payment
Mobile payment
Savvycom Savvycom
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
CSCJournals
 

More Related Content

What's hot

Mobile payment
Mobile paymentMobile payment
Mobile payment
Software Park Thailand
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessment
Stefano Maria De' Rossi
 
Mobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpointMobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpoint
AJAVON Samuel
 
Mobile payment technology 8.11.2014 final
Mobile payment technology 8.11.2014 finalMobile payment technology 8.11.2014 final
Mobile payment technology 8.11.2014 final
Audrey M Lehr SCPM, CSM, MS Information Systems
 
Mobile payments, e-money and mobile credit in Japan
Mobile payments, e-money and mobile credit in JapanMobile payments, e-money and mobile credit in Japan
Mobile payments, e-money and mobile credit in Japan
Gerhard Fasol
 
Ewallet
EwalletEwallet
Ewallet
Laxminarayan Sharma
 
The Future of Mobile Payments
The Future of Mobile PaymentsThe Future of Mobile Payments
The Future of Mobile Payments
Jonathan LeBlanc
 
Cost and Features to Develop e-wallet Mobile App
Cost and Features to Develop e-wallet Mobile AppCost and Features to Develop e-wallet Mobile App
Cost and Features to Develop e-wallet Mobile App
Tarun Nagar
 
E wallet.ppt
E wallet.pptE wallet.ppt
E wallet.ppt
Mohamed Enayet
 
E wallet
E walletE wallet
E wallet
smitha monisha
 
Future of Payments - Wallets (April 2014)
Future of Payments - Wallets (April 2014)Future of Payments - Wallets (April 2014)
Future of Payments - Wallets (April 2014)
Peter Gonzalez
 
E wallet nfc service payment
E wallet nfc service paymentE wallet nfc service payment
E wallet nfc service paymentigede tirtanata
 
Mobile Payment Trends 2014
Mobile Payment Trends 2014Mobile Payment Trends 2014
Mobile Payment Trends 2014
Martin Gutberlet
 
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet
 
E wallet
E walletE wallet
E wallet
VC Infotech
 
Introduction To E- Wallet
Introduction To E- WalletIntroduction To E- Wallet
Introduction To E- Wallet
Milind Prajapat
 
Mobile Wallet functions
Mobile Wallet functionsMobile Wallet functions
Mobile Wallet functions
Mikhail Miroshnichenko
 
Mobile Payment Value chain and Business Models
Mobile Payment Value chain and Business ModelsMobile Payment Value chain and Business Models
Mobile Payment Value chain and Business Models
Stomar
 
Mobile Financial Services
Mobile Financial ServicesMobile Financial Services
Mobile Financial Services
mgopik
 

What's hot (20)

Mobile payment
Mobile paymentMobile payment
Mobile payment
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessment
 
Mobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpointMobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpoint
 
Mobile payment technology 8.11.2014 final
Mobile payment technology 8.11.2014 finalMobile payment technology 8.11.2014 final
Mobile payment technology 8.11.2014 final
 
Mobile payments, e-money and mobile credit in Japan
Mobile payments, e-money and mobile credit in JapanMobile payments, e-money and mobile credit in Japan
Mobile payments, e-money and mobile credit in Japan
 
Ewallet
EwalletEwallet
Ewallet
 
The Future of Mobile Payments
The Future of Mobile PaymentsThe Future of Mobile Payments
The Future of Mobile Payments
 
Cost and Features to Develop e-wallet Mobile App
Cost and Features to Develop e-wallet Mobile AppCost and Features to Develop e-wallet Mobile App
Cost and Features to Develop e-wallet Mobile App
 
E wallet.ppt
E wallet.pptE wallet.ppt
E wallet.ppt
 
E wallet
E walletE wallet
E wallet
 
Future of Payments - Wallets (April 2014)
Future of Payments - Wallets (April 2014)Future of Payments - Wallets (April 2014)
Future of Payments - Wallets (April 2014)
 
E wallet nfc service payment
E wallet nfc service paymentE wallet nfc service payment
E wallet nfc service payment
 
Mobile Payment Trends 2014
Mobile Payment Trends 2014Mobile Payment Trends 2014
Mobile Payment Trends 2014
 
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
 
E wallet
E walletE wallet
E wallet
 
Introduction To E- Wallet
Introduction To E- WalletIntroduction To E- Wallet
Introduction To E- Wallet
 
Mobile Wallet functions
Mobile Wallet functionsMobile Wallet functions
Mobile Wallet functions
 
Mobile Payment Value chain and Business Models
Mobile Payment Value chain and Business ModelsMobile Payment Value chain and Business Models
Mobile Payment Value chain and Business Models
 
Mobile Financial Services
Mobile Financial ServicesMobile Financial Services
Mobile Financial Services
 
Digital wallet
Digital walletDigital wallet
Digital wallet
 

Viewers also liked

Mobile payment
Mobile paymentMobile payment
Mobile payment
Savvycom Savvycom
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
CSCJournals
 
Mobile Payment Security Trends for the Future
Mobile Payment Security Trends for the FutureMobile Payment Security Trends for the Future
Mobile Payment Security Trends for the Future
First American Payment Systems
 
The Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments FraudThe Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments FraudVivastream
 
Security issues in_mobile_payment
Security issues in_mobile_paymentSecurity issues in_mobile_payment
Security issues in_mobile_payment
Prof. Dr. K. Adisesha
 
Mobile Payments - How is it done?
Mobile Payments - How is it done?Mobile Payments - How is it done?
Mobile Payments - How is it done?
Parag Arjunwadkar
 

Viewers also liked (6)

Mobile payment
Mobile paymentMobile payment
Mobile payment
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
 
Mobile Payment Security Trends for the Future
Mobile Payment Security Trends for the FutureMobile Payment Security Trends for the Future
Mobile Payment Security Trends for the Future
 
The Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments FraudThe Top Issues in Mobile Payments Fraud
The Top Issues in Mobile Payments Fraud
 
Security issues in_mobile_payment
Security issues in_mobile_paymentSecurity issues in_mobile_payment
Security issues in_mobile_payment
 
Mobile Payments - How is it done?
Mobile Payments - How is it done?Mobile Payments - How is it done?
Mobile Payments - How is it done?
 

Similar to Mobile payments: A history of [in]security

Contactless payments
Contactless paymentsContactless payments
Contactless payments
Nikunj Gundaniya
 
Mobile wallets Analysis
Mobile wallets AnalysisMobile wallets Analysis
Mobile wallets Analysis
Ramraj Mulasa
 
Pitch Deck
Pitch DeckPitch Deck
Pitch Deck
Anik C
 
Google wallet
Google walletGoogle wallet
Google wallet
Sumedh Thool
 
Mobile Payments Glossary
Mobile Payments GlossaryMobile Payments Glossary
Mobile Payments Glossary
First American Payment Systems
 
Google wallet
Google walletGoogle wallet
Google wallet
Njoro Kitindi
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)Krishna Kumar
 
Bitcoin ideas
Bitcoin ideasBitcoin ideas
Bitcoin ideas
Abdullah Khan Zehady
 
Mobile Consumer
Mobile ConsumerMobile Consumer
Mobile Consumerbazookapps
 
Mobile Wallet Platform 2015
Mobile Wallet Platform 2015Mobile Wallet Platform 2015
Mobile Wallet Platform 2015
Mikhail Miroshnichenko
 
Technology Trends in Finance 2016
Technology Trends in Finance 2016Technology Trends in Finance 2016
Technology Trends in Finance 2016
Reynaldo (Rey) Lugtu
 
NFC Presentation [Compatibility Mode]
NFC Presentation [Compatibility Mode]NFC Presentation [Compatibility Mode]
NFC Presentation [Compatibility Mode]Khaled Hasan
 
Mobile payments - Short overview
Mobile payments - Short overviewMobile payments - Short overview
Mobile payments - Short overview
Volgamatics
 
Circle plus payments slide deck
Circle plus payments slide deckCircle plus payments slide deck
Circle plus payments slide deck
Nitish Kannan
 
E wallet
E wallet E wallet
E wallet
Mauryasuraj98
 
The basics of mobile payments
The basics of mobile paymentsThe basics of mobile payments
The basics of mobile payments
Pragati Rai
 
Your Digital Dollars
Your Digital DollarsYour Digital Dollars
Your Digital Dollars
- Mark - Fullbright
 
CNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile paymentsCNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile payments
Sam Bowne
 

Similar to Mobile payments: A history of [in]security (20)

Google wallet
Google walletGoogle wallet
Google wallet
 
Contactless payments
Contactless paymentsContactless payments
Contactless payments
 
Mobile wallets Analysis
Mobile wallets AnalysisMobile wallets Analysis
Mobile wallets Analysis
 
Pitch Deck
Pitch DeckPitch Deck
Pitch Deck
 
Google wallet
Google walletGoogle wallet
Google wallet
 
Mobile Payments Glossary
Mobile Payments GlossaryMobile Payments Glossary
Mobile Payments Glossary
 
Google wallet
Google walletGoogle wallet
Google wallet
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)
 
Bitcoin ideas
Bitcoin ideasBitcoin ideas
Bitcoin ideas
 
Mobile Consumer
Mobile ConsumerMobile Consumer
Mobile Consumer
 
Mobile Wallet Platform 2015
Mobile Wallet Platform 2015Mobile Wallet Platform 2015
Mobile Wallet Platform 2015
 
Technology Trends in Finance 2016
Technology Trends in Finance 2016Technology Trends in Finance 2016
Technology Trends in Finance 2016
 
NFC Presentation [Compatibility Mode]
NFC Presentation [Compatibility Mode]NFC Presentation [Compatibility Mode]
NFC Presentation [Compatibility Mode]
 
Mobile payments - Short overview
Mobile payments - Short overviewMobile payments - Short overview
Mobile payments - Short overview
 
Circle plus payments slide deck
Circle plus payments slide deckCircle plus payments slide deck
Circle plus payments slide deck
 
E wallet
E wallet E wallet
E wallet
 
The basics of mobile payments
The basics of mobile paymentsThe basics of mobile payments
The basics of mobile payments
 
mWallet
mWalletmWallet
mWallet
 
Your Digital Dollars
Your Digital DollarsYour Digital Dollars
Your Digital Dollars
 
CNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile paymentsCNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile payments
 

Mobile payments: A history of [in]security

  • 1. Mobile Payments A brief history of [in]security
  • 2. Mobile payments at the till QR codes/bar codes Bluetooth beacons NFC contactless
  • 3. Mobile payments landscape in Canada • Mobile payments growing faster than card-based contactless payments • 22% of smartphone owners made a payment with mobile phone (most via online banking) • 4/10 of those mobile payers do more than one payment per month on their phone • Barriers to in-store payments: only 1 in 6 phones have NFC today. (But 1 in 2 by 2018). • Fragmented wallets: need a specific bank on a specific carrier Data from Technology Strategies International Inc. – Canadian Payments Forecast 2013
  • 4. Canada at a tipping point Consumer adoption Technology enablement Merchant support Added value
  • 5. Bar code / QR code payments • Starbucks introduced payments feature to app in Canada in November 2011 • Simply add a gift card or buy a new one, then display bar code to barrista to complete a transaction Benefits • Can work on any smartphone. You just need a display, not NFC. • Rely on existing gift card infrastructure. • Customers already familiar with using gift cards “get it.” • Ties in to loyalty program that awards gold stars. Popular option • Starbucks has 12 million mobile users in U.S. and Canada (July) • 15% of all U.S. sales made via the app
  • 6. Double double down on mobile payments • Tim Hortons updated TimmyMe app to include mobile payments in December 2013 • Similar to Starbucks, bar codes are an option. Also, NFC payments on BlackBerry devices. • Trial period focused on several stores in St. Catherine’s area Security question: What’s in a bar code?...
  • 7. Donut hole or loop hole? • TimmyMe app asks for the 16 digit number displayed on the back and the secret code behind the scratch-off part • But only the 16 digit number is encoded in the bar code • The bar code is a PDF 417 code that can be generated by Internet tools and mobile apps • A bar code bandit could read the 16-digit number, generate own bar code, wait for someone to load money to the account I buy a card in Toronto I tell the 16-digit number to Jude in Vineland Jude generates PDF 417 bar code with free app Jude buys crueler and coffee at Timmy’s, displays bar code Transaction approved. My Card is debited $2.59 Our vulnerability testing process
  • 8. TimmyMe: secured • Low risk security vulnerability: you lose the $20 you are willing to store on a card • Low motivation for thieves to steal coffee and donuts; no access to credit card data • Principle of building trust for mobile device as a payments gateway • Tim Hortons did fix the problem when it publicly opened up payments across Canada by adding encryption to the bar code • It did not receive any reports of lost money due to the flaw The other guys? • “We are currently in a very small pilot market which helps control the exposure, unlike some of our competitors who are widely using this same technology throughout North America.”
  • 9. ‘Hands free’ payments • A Bluetooth low-energy beacon communicates with an app on your phone • Customer signs in on phone to authenticate, can stay signed-in • Cashier sees customer information on POS terminal and checks them out • Payments processed via PayPal account
  • 10. Security issues with BLE transactions • Long-distance transmissions between mobile device and beacon could be intercepted. Could hackers use UUID for gain? • Denial of service attacks – overload POS terminals or mobile device with BLE signals and disrupt payments • Considered a card-not-present transaction
  • 12.
  • 13. Conan on Apple Pay “Because the company I want to trust with my wallet is the same one that leaked my nude photos on iCloud.”
  • 14. Apple’s patent for tokenization – 2009
  • 15. Apple’s developer guide to Apple Pay - 2014
  • 16. How could it be hacked?
  • 17. Not impossible but… • Thief has to steal your device with token stored on it • Log into your account and access passbook • Successfully mould your fingerprint onto weird gel stuff • Use fake fingerprint at a checkout without drawing suspicion • Avoid having device disconnected from payments via “Lost my iPhone” app
  • 18. Where’s Touch ID in this picture?
  • 19. Thank you Have a coffee on me. 6086 9932 5718 3454* *Requires generating your own PDF 417 bar code. Be sure not to type spaces when inputting the number.

Editor's Notes

  1. Opener: conduct an in-room survey of people who have used mobile payments by show of hands: Who has used a contactless payment via NFC chip with an app offered by a bank? Who has used PayPal to check-in-to-pay with their phone? Who has used a bar code display payment at a Tim Hortons? Who has used a bar code display payment at a Starbucks? Who has used another app I haven’t mentioned here yet? I’m a fascinated by mobile payments. On my phone I have Starbucks, Tim Hortons, SmoothPay, and PayPal.
  2. Almost all growth in mobile payments are e-commerce sales and online bill paying through banking apps It’s expected that by 2017 there will be 3 million regular mobile payment users in Canada By 2018 half of smartphone users will be able to make contactless payments with their smartphone Examples of mobile wallets in Canada today include: Rogers Suretap, which also requires a prepaid MasterCard account. Rogers also partnered with CIBC for its mobile payment app. CIBC later also added Telus to its carriers that support its mobile wallet. TD Bank offers its tap-to-pay app on Bell, Rogers and Telus networks, but requires a TD Bank Visa card. RBC offers its mobile payments app on the Bell network. Since the carrier must verify the identity to the mobile wallet owner because account information is embedded onto a device’s SIM card. The carrier must be involved to provision the card.
  3. Canadians must have phones that can make payments (often NFC enabled) Merchants must accept payments with the right POS systems Digital wallets must offer value you wouldn’t get from your normal wallet Once that friction is removed, consumer adoption is more likely Think of security as the glue that holds it all together. If merchants or consumers feel mobile payments aren’t secure, they will never adopt it.
  4. Show of hands again for users of Starbucks app? Who pays with it? Starbucks is regularly pointed to as the best example of executing mobile payments in the market
  5. Trial period started in Southern Ontario with displaying bar codes. Although the app was updated for everyone that had it installed and if you asked at other Tim Hortons you could sometimes use it. The security question at hand: if the method of payment is to display a bar code at the cash, how is that bar code generated?
  6. Darryl Burke, a security consultant based in Newmarket, Ont. that runs Burke Consulting tipped us off to this loop hole Like Starbucks, the TimmyMe app had the same apparent security measure of requiring an extra code behind scratch-off material to add a gift card to the app. But that information isn’t required to generating a working bar code in another app that generates PDF 417 bar codes.
  7. At the time of the breach, Tim Hortons issued this interesting statement to us at ITBusiness.ca Tim Hortons wasn’t the only one to struggle with this gift card conundrum. But we’ll come back to that later.
  8. PayPal processed $180 billion in transactions in 2013. $27 billion were mobile transactions, mostly ecommerce related. Just this week PayPal announced it’d be splitting away from parent company eBay next year. The reason is to focus on the mobile payments market.
  9. - PayPal sought to defend its position in the mobile payments market by poking fun at Apple for the iCloud hacking incident.
  10. They weren’t the only ones to make the connection between offering a digital wallet and the recent security breach. Speculation was that Apple might use its own BLE technology, iBeacon to enable mobile payments. This technology was included in iPhone models starting with the iPhone 5. But by using NFC and SE method, Apple can have “card present” transactions and a lower rate. So whereas PayPal relies on cloud technology to store payments information, Apple’s system does not.
  11. The thing is, your financial data isn’t being stored in the cloud with Apple Pay. No credit card data stored on Apple servers or sent to third-party Tokenization used to store cryptographic sequence that authenticates payment card information with payment processor
  12. Token is stored on secure element separate from rest of phone’s system TouchID required on iPhone 6 to complete payment – biometric authentication