Using mobile devices to complete payment transactions in stores is on the brink of mass adoption in North America. What's not clear yet is what technology will be the most popular and how these methods of payment will be secured. So far, security seems to be an afterthought in some early attempts at a mass-market approach to mobile payments - including one particular app that happens to have 12 million users and a glaring loophole.
Overview of the Different Mobile Payment systems
- NFC based Platforms such as Google Wallet and ISIS
- Systems like Square, VeriFone, Card.io Naratte Zoosh and other exciting and disruptive startups in this space.
Overview of the Different Mobile Payment systems
- NFC based Platforms such as Google Wallet and ISIS
- Systems like Square, VeriFone, Card.io Naratte Zoosh and other exciting and disruptive startups in this space.
Mobile Payment Technology Analysis - Technology Leaders, Other Stakeholders....the current state of the market as of 8.2014. See www.audreymlehr.com or www.linkedin.com/in/audreymlehr for associated excel spreadsheet grid
Mobile devices are becoming a central point for the future of hardware and technology that is enabling commerce in the online and offline world. Being the enabler between body monitoring identification systems, wearable pairing, and merchant-based hardware and software, mobile hardware is becoming the most important central piece of technology towards the future of commerce.
As we look into the technology that is enabling this next stage of mobile commerce growth, we’ll explore the identification systems, hardware prototypes, digital currencies, and open technology that is becoming an accessory to this new mobile payments world.
Cost and Features to Develop e-wallet Mobile AppTarun Nagar
Today the businesses are widely using the e wallet mobile app and replacing the need of carrying the cash. If you own a retail business, It is advised to contact mobile app development company, but always keep the trio of effort, risk and cost at perfect balance.
Know More: https://devtechnosys.com/ewallet-app-development.php
Mobile Wallet and payment applications are poised to change the way consumers pay. This is driving substantial investment in the space with over $700 million flowing into private companies over the past three years and an estimated $1 billion into corporate initiatives and JVs like ISIS, MCX, Google Wallet, and PayPal mobile.
This report takes an in-depth look at how the industry landscape is evolving and some of the key trends driving innovation.
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...BlueHornet
Presented by BlueHornet’s Director of Product Management, Manny Ju, this webinar will introduce you to the concept of the mobile wallet and how it’s affecting email marketing programs, including:
- Emerging trends in the mobile/digital wallet space
- Why early adoption of the digital wallet is a strong indicator of brand loyalty
- How wallets, like Apple’s Passbook, mean incremental revenue for email marketers
This pdf file contains information about the e-wallet. An ewallet is a convenient, secure place to store data related to your online identities. Once you start using one, you will wonder how you ever managed without it.
A hardware and software platform, which turns a smartphone into a powerful payment, loyalty and identification tool:
- All-in-one,
- Simple authentication & authorization,
- P2P transfers,
- Pay by QR code,
- Pay by NFC,
- Pay by cards linked to an account,
- Mobile acquiring,
- Invoices,
- Loans,
- E-policies,
- Consolidation of loyalty programs,
- Discounts and promotions,
- Ticketing.
White Label - under Your Brand in 2-3 months!
With the ubiquity of the mobile phone, there is lot of interest in using this medium to deliver financial services. This document is a white paper on this field and tries to give the reader, a general understanding of the topic
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
Mobile Payment Technology Analysis - Technology Leaders, Other Stakeholders....the current state of the market as of 8.2014. See www.audreymlehr.com or www.linkedin.com/in/audreymlehr for associated excel spreadsheet grid
Mobile devices are becoming a central point for the future of hardware and technology that is enabling commerce in the online and offline world. Being the enabler between body monitoring identification systems, wearable pairing, and merchant-based hardware and software, mobile hardware is becoming the most important central piece of technology towards the future of commerce.
As we look into the technology that is enabling this next stage of mobile commerce growth, we’ll explore the identification systems, hardware prototypes, digital currencies, and open technology that is becoming an accessory to this new mobile payments world.
Cost and Features to Develop e-wallet Mobile AppTarun Nagar
Today the businesses are widely using the e wallet mobile app and replacing the need of carrying the cash. If you own a retail business, It is advised to contact mobile app development company, but always keep the trio of effort, risk and cost at perfect balance.
Know More: https://devtechnosys.com/ewallet-app-development.php
Mobile Wallet and payment applications are poised to change the way consumers pay. This is driving substantial investment in the space with over $700 million flowing into private companies over the past three years and an estimated $1 billion into corporate initiatives and JVs like ISIS, MCX, Google Wallet, and PayPal mobile.
This report takes an in-depth look at how the industry landscape is evolving and some of the key trends driving innovation.
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...BlueHornet
Presented by BlueHornet’s Director of Product Management, Manny Ju, this webinar will introduce you to the concept of the mobile wallet and how it’s affecting email marketing programs, including:
- Emerging trends in the mobile/digital wallet space
- Why early adoption of the digital wallet is a strong indicator of brand loyalty
- How wallets, like Apple’s Passbook, mean incremental revenue for email marketers
This pdf file contains information about the e-wallet. An ewallet is a convenient, secure place to store data related to your online identities. Once you start using one, you will wonder how you ever managed without it.
A hardware and software platform, which turns a smartphone into a powerful payment, loyalty and identification tool:
- All-in-one,
- Simple authentication & authorization,
- P2P transfers,
- Pay by QR code,
- Pay by NFC,
- Pay by cards linked to an account,
- Mobile acquiring,
- Invoices,
- Loans,
- E-policies,
- Consolidation of loyalty programs,
- Discounts and promotions,
- Ticketing.
White Label - under Your Brand in 2-3 months!
With the ubiquity of the mobile phone, there is lot of interest in using this medium to deliver financial services. This document is a white paper on this field and tries to give the reader, a general understanding of the topic
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
Different Types of Mobile payments
Payment Models
- SMS/USSD-based transactional payments
- Direct mobile billing
- Mobile web payments (WAP)
- QR Code Payments
- Contactless Near Field Communication
- Cloud-based mobile payments (Please elaborate applepay, google, paypal and others)
- Audio signal-based payments
- Direct carrier/bank co-operation
Even before the COVID-19 pandemic inflicted a massive health and econsomic catastrophe, contactless payments were already a widely used payment method. However, once the businesses reopened, they had to keep in mind the germ-conscious customers and adapt to the new normal of social distancing.
Hardware-software complex to manage accounts, e-wallets, payment and loyalty cards in single application.
A mobile platform turning a smartphone into a powerful payment and loyalty tool.
- All-in-one,
- Simple authentication & authorization,
- P2P transfers,
- Pay by QR code,
- Pay by NFC,
- Pay by cards linked to an account,
- Mobile acquiring,
- Invoices,
- Loans,
- E-policies,
- Consolidation of loyalty programs,
- Discounts and promotions,
- Ticketing.
www.mwallet.pro
www.m-processing.com
A short summary of trends and technology in mobile payments. A brief look into the past, present and future of mobile payments. We will have detailed sessions on each in the coming versions.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Similar to Mobile payments: A history of [in]security (20)
2. Mobile payments at the till
QR codes/bar codes
Bluetooth beacons
NFC contactless
3. Mobile payments landscape in Canada
• Mobile payments growing faster than card-based
contactless payments
• 22% of smartphone owners made a payment
with mobile phone (most via online banking)
• 4/10 of those mobile payers do more than one
payment per month on their phone
• Barriers to in-store payments: only 1 in 6 phones
have NFC today. (But 1 in 2 by 2018).
• Fragmented wallets: need a specific bank on a
specific carrier
Data from Technology Strategies International Inc. – Canadian Payments Forecast 2013
4. Canada at a tipping point
Consumer
adoption
Technology
enablement
Merchant
support
Added
value
5. Bar code / QR code payments
• Starbucks introduced payments feature to app in Canada in
November 2011
• Simply add a gift card or buy a new one, then display bar code to
barrista to complete a transaction
Benefits
• Can work on any smartphone. You just need a
display, not NFC.
• Rely on existing gift card infrastructure.
• Customers already familiar with using gift cards
“get it.”
• Ties in to loyalty program that awards gold stars.
Popular option
• Starbucks has 12 million mobile users in U.S. and Canada (July)
• 15% of all U.S. sales made via the app
6. Double double down on
mobile payments
• Tim Hortons updated TimmyMe app to include mobile
payments in December 2013
• Similar to Starbucks, bar codes are an option. Also, NFC
payments on BlackBerry devices.
• Trial period focused on several stores in St. Catherine’s area
Security question: What’s in a bar code?...
7. Donut hole or loop hole?
• TimmyMe app asks for the 16 digit number
displayed on the back and the secret code
behind the scratch-off part
• But only the 16 digit number is encoded in
the bar code
• The bar code is a PDF 417 code that can be
generated by Internet tools and mobile apps
• A bar code bandit could read the 16-digit
number, generate own bar code, wait for
someone to load money to the account
I buy a card in Toronto
I tell the 16-digit
number to Jude in
Vineland
Jude generates PDF
417 bar code with
free app
Jude buys crueler and
coffee at Timmy’s,
displays bar code
Transaction approved.
My Card is debited
$2.59
Our vulnerability testing process
8. TimmyMe: secured
• Low risk security vulnerability: you lose the $20 you are willing to store on a card
• Low motivation for thieves to steal coffee and donuts; no access to credit card data
• Principle of building trust for mobile device as a payments gateway
• Tim Hortons did fix the problem when it publicly opened up payments across
Canada by adding encryption to the bar code
• It did not receive any reports of lost money due to the flaw
The other guys?
• “We are currently in a very small pilot market which
helps control the exposure, unlike some of our
competitors who are widely using this same
technology throughout North America.”
9. ‘Hands free’ payments
• A Bluetooth low-energy beacon communicates
with an app on your phone
• Customer signs in on phone to authenticate, can
stay signed-in
• Cashier sees customer
information on POS
terminal and checks
them out
• Payments processed via
PayPal account
10. Security issues with BLE transactions
• Long-distance transmissions between mobile
device and beacon could be intercepted.
Could hackers use UUID for gain?
• Denial of service attacks – overload POS
terminals or mobile device with BLE signals
and disrupt payments
• Considered a card-not-present transaction
17. Not impossible but…
• Thief has to steal your device with token
stored on it
• Log into your account and access passbook
• Successfully mould your fingerprint onto
weird gel stuff
• Use fake fingerprint at a checkout without
drawing suspicion
• Avoid having device disconnected from
payments via “Lost my iPhone” app
19. Thank you
Have a coffee on me.
6086 9932 5718 3454*
*Requires generating your own PDF 417 bar code. Be sure not to type spaces when inputting the number.
Editor's Notes
Opener: conduct an in-room survey of people who have used mobile payments by show of hands:
Who has used a contactless payment via NFC chip with an app offered by a bank?
Who has used PayPal to check-in-to-pay with their phone?
Who has used a bar code display payment at a Tim Hortons?
Who has used a bar code display payment at a Starbucks?
Who has used another app I haven’t mentioned here yet?
I’m a fascinated by mobile payments. On my phone I have Starbucks, Tim Hortons, SmoothPay, and PayPal.
Almost all growth in mobile payments are e-commerce sales and online bill paying through banking apps
It’s expected that by 2017 there will be 3 million regular mobile payment users in Canada
By 2018 half of smartphone users will be able to make contactless payments with their smartphone
Examples of mobile wallets in Canada today include: Rogers Suretap, which also requires a prepaid MasterCard account. Rogers also partnered with CIBC for its mobile payment app. CIBC later also added Telus to its carriers that support its mobile wallet. TD Bank offers its tap-to-pay app on Bell, Rogers and Telus networks, but requires a TD Bank Visa card. RBC offers its mobile payments app on the Bell network.
Since the carrier must verify the identity to the mobile wallet owner because account information is embedded onto a device’s SIM card. The carrier must be involved to provision the card.
Canadians must have phones that can make payments (often NFC enabled)
Merchants must accept payments with the right POS systems
Digital wallets must offer value you wouldn’t get from your normal wallet
Once that friction is removed, consumer adoption is more likely
Think of security as the glue that holds it all together. If merchants or consumers feel mobile payments aren’t secure, they will never adopt it.
Show of hands again for users of Starbucks app? Who pays with it?
Starbucks is regularly pointed to as the best example of executing mobile payments in the market
Trial period started in Southern Ontario with displaying bar codes. Although the app was updated for everyone that had it installed and if you asked at other Tim Hortons you could sometimes use it.
The security question at hand: if the method of payment is to display a bar code at the cash, how is that bar code generated?
Darryl Burke, a security consultant based in Newmarket, Ont. that runs Burke Consulting tipped us off to this loop hole
Like Starbucks, the TimmyMe app had the same apparent security measure of requiring an extra code behind scratch-off material to add a gift card to the app. But that information isn’t required to generating a working bar code in another app that generates PDF 417 bar codes.
At the time of the breach, Tim Hortons issued this interesting statement to us at ITBusiness.ca
Tim Hortons wasn’t the only one to struggle with this gift card conundrum. But we’ll come back to that later.
PayPal processed $180 billion in transactions in 2013.
$27 billion were mobile transactions, mostly ecommerce related.
Just this week PayPal announced it’d be splitting away from parent company eBay next year. The reason is to focus on the mobile payments market.
- PayPal sought to defend its position in the mobile payments market by poking fun at Apple for the iCloud hacking incident.
They weren’t the only ones to make the connection between offering a digital wallet and the recent security breach.
Speculation was that Apple might use its own BLE technology, iBeacon to enable mobile payments. This technology was included in iPhone models starting with the iPhone 5. But by using NFC and SE method, Apple can have “card present” transactions and a lower rate.
So whereas PayPal relies on cloud technology to store payments information, Apple’s system does not.
The thing is, your financial data isn’t being stored in the cloud with Apple Pay.
No credit card data stored on Apple servers or sent to third-party
Tokenization used to store cryptographic sequence that authenticates payment card information with payment processor
Token is stored on secure element separate from rest of phone’s system
TouchID required on iPhone 6 to complete payment – biometric authentication