Rugged Mobile Business Solution - Top 10 Trend in Supply Chain TechnologyIntermec Asia
It's easy to name "mobility" and "wireless" as trends, but it's less clear exactly what direction these developments are taking and how they can be used to improve business, particularly in the supply chain area. This comprehensive white paper will give you good overview of the possibilities and what's to come
Rugged Mobile Business Solution - Top 10 Trend in Supply Chain TechnologyIntermec Asia
It's easy to name "mobility" and "wireless" as trends, but it's less clear exactly what direction these developments are taking and how they can be used to improve business, particularly in the supply chain area. This comprehensive white paper will give you good overview of the possibilities and what's to come
2013 TAIWAN ICT ROADSHOW IN Thailand Date: 22 August 2013 (Thursday)
Time: 10:00am-4:30pm
Venue: Queen’s Park 3 On 2nd Floor, The Imperial Queen’s Park Hotel
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesMEDICI admin
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
Near Field Communication (NFC): NFC is in its most common avatar is a Tap & Pay solution that can be used for retail
offline payments, transit, entertainment and numerous other touch points. Any unattended payment situation such
as a parking lot presents huge opportunity. For e.g., clipper card or any cashless cards being used today for public
transport can be integrated into the ubiquitous phones itself thereby making the public transport payments easier
Mind the Gap!
you have perfect cables, perfect pcb design, best SMA connectors but there has been a gap in your path within the test socket. Now you have the solution to close this gap.
INTRO-
In the ubiquitous network society, where individuals can easily
access their information any time and anywhere, people are also faced with the risk that
others can easily access the same information anytime and anywhere. Because of this
risk, personal identification technology is used which includes Passwords, personal
identification numbers and identification cards.
However, cards can be stolen and passwords and numbers can be guessed or forgotten. To
solve these problems, Fujitsu developed four methods:fingerprints, faces, voice prints and
palm veins. Among these, because of its high accuracy, contact less palm vein
authentication technology is being incorporated into various financial solution products
for use in public places. This paper palm vein authentication technologies and some
examples of its application to financial solutions.
ISSA-UK - Securing the Internet of Things - CIO Seminar 13 May 2014Adrian Wright
Embracing & Securing the Internet of Things
A briefing for CIOs at the CIO Dialogue 9 Oxford. May 2014
Presenter: Adrian Wright
VP of Research - Information Systems Security Association
CEO of Secoda Risk Management
2013 TAIWAN ICT ROADSHOW IN Thailand Date: 22 August 2013 (Thursday)
Time: 10:00am-4:30pm
Venue: Queen’s Park 3 On 2nd Floor, The Imperial Queen’s Park Hotel
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesMEDICI admin
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
Near Field Communication (NFC): NFC is in its most common avatar is a Tap & Pay solution that can be used for retail
offline payments, transit, entertainment and numerous other touch points. Any unattended payment situation such
as a parking lot presents huge opportunity. For e.g., clipper card or any cashless cards being used today for public
transport can be integrated into the ubiquitous phones itself thereby making the public transport payments easier
Mind the Gap!
you have perfect cables, perfect pcb design, best SMA connectors but there has been a gap in your path within the test socket. Now you have the solution to close this gap.
INTRO-
In the ubiquitous network society, where individuals can easily
access their information any time and anywhere, people are also faced with the risk that
others can easily access the same information anytime and anywhere. Because of this
risk, personal identification technology is used which includes Passwords, personal
identification numbers and identification cards.
However, cards can be stolen and passwords and numbers can be guessed or forgotten. To
solve these problems, Fujitsu developed four methods:fingerprints, faces, voice prints and
palm veins. Among these, because of its high accuracy, contact less palm vein
authentication technology is being incorporated into various financial solution products
for use in public places. This paper palm vein authentication technologies and some
examples of its application to financial solutions.
ISSA-UK - Securing the Internet of Things - CIO Seminar 13 May 2014Adrian Wright
Embracing & Securing the Internet of Things
A briefing for CIOs at the CIO Dialogue 9 Oxford. May 2014
Presenter: Adrian Wright
VP of Research - Information Systems Security Association
CEO of Secoda Risk Management
Stop Fake Products. The Ultimate Solution for Manufacturers to protect their Goods from being counterfeited. Protects the Brand, Enforces Consumer confidence and built in Analytics allows Manufacturers to keep in touch with their customers across the globe.
Retail Stores and Wireless Security—RecommendationsAirTight Networks
Wireless computer networks are rapidly becoming universal. As a consumer-driven technology,
wireless was developed to be simple to install, configure and use. It is that very
simplicity, however, that has made it an easy attack vector. More than 95 percent of all
laptop computers have wireless built-in; consumers use wireless routers at home to attach
to their DSL or cable modems; cell phones and digital cameras are getting Wi-Fi enabled.
For a retailer, this means that even if you are not deploying wireless LANs in your establishments,
you have a wireless problem and you need a wireless security policy.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Mobile payments v1 1
1. Securing Mobile
Payments
v1.1
Witham Laboratories
1/842 High Street
East Kew 3102
Melbourne
Australia
Ph: +61 3 9846 2751
Witham Laboratories
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 1 Building Confidence in Payment Systems
2. Defining Mobile Payments
• What is “mobile”?
– Paying on a phone? Paying with a phone?
Accepting payments with a phone?
– What about other mobile devices:
• Tablets, laptops, e-readers, PMDs?
Witham Laboratories
1/842 High Street
East Kew 3102
– What about internet banking on a phone?
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
• ‘Mobile’ is often defined by the vendor
Rambla de Catalunya
38, 8 planta
08007 Barcelona
– Be aware that there are different meanings
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
– Let’s look at some examples …
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 2 Building Confidence in Payment Systems
3. Defining Mobile Payments
Mobile payment examples
Witham Laboratories
1/842 High Street
East Kew 3102
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 3 Building Confidence in Payment Systems
4. Defining Mobile Payments
• Contactless / NFC often used for mobile
– NFC = Near Field Communications
– Contactless NFC != RFID
– Provides processing on card
• RFID is just a contactless bar-code
Witham Laboratories
1/842 High Street
East Kew 3102
– Cards require ‘active’ EM field to operate
• Draw power from the field itself
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya • Limits range of independent access to card(s)
38, 8 planta
– Collision resistance and time-delays built in
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
to prevent accidental purchases
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 4 Building Confidence in Payment Systems
5. Why is Mobile Different
• Aspires to be everything to everyone
– Card, bank, cash, Point of Sale register
• Mobile presents new sets of problems
– Different operating systems and vulns
• 400% increase in mobile virii since 2010*
Witham Laboratories
1/842 High Street – Zeus and Spyeye specifically target financial data
East Kew 3102
Melbourne
Australia
Ph: +61 3 9846 2751
• Keyboard auto-complete caches and location
Fax: +61 3 9857 0350
logging a potential for compromise
Rambla de Catalunya
38, 8 planta
08007 Barcelona • Rapid OS development and lack of knowledge
Spain
Ph: +34 93 184 27 88
/ visibility to approval bodies
Email: lab@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
* Android platform, “Malicious Mobile Threats Report 2010/2011” , Juniper Witham Laboratories
Slide No. 5 Building Confidence in Payment Systems
6. Why is Mobile Different
• Introduces new market players
– Google, Apple, Square, Intel
• New market dynamics
– Is security still a main customer concern?
• Mobile often seen as a cash replacement
• ‘As good as cash’ for security may be enough, if
Witham Laboratories
1/842 High Street
East Kew 3102
Melbourne
Australia
Ph: +61 3 9846 2751
coupled with increased convenience
– Customer interface changes
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
• Does the customer interface to the issuer or
Email: lab@withamlabs.com
the phone company? Who is the issuer?
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 6 Building Confidence in Payment Systems
7. Why is Mobile Different
• Card data stored in ‘Secure Element’
– But how is the data transmitted?
Mobile Network Modem Payment
Network Network
User Interface
Witham Laboratories
1/842 High Street
East Kew 3102
Application
Melbourne
Australia
Ph: +61 3 9846 2751
Operating System
Fax: +61 3 9857 0350 Perso /
Rambla de Catalunya Update Secure Element
38, 8 planta POS /
08007 Barcelona Server POI
Spain
Ph: +34 93 184 27 88
NFC Controller
Email: lab@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 7 Building Confidence in Payment Systems
8. PCI SSC and Mobile
• PCI taking a three pronged approach to
mobile payments
– PCI PTS approved add-on devices
• Must be approved to SRED requirements
• Can accept MSR and/or ICC, with/without PIN
Witham Laboratories
1/842 High Street
– PA DSS approved applications on certain
East Kew 3102
Melbourne
Australia
types of mobile devices
Ph: +61 3 9846 2751
– Working with mobile vendors for further
Fax: +61 3 9857 0350
Rambla de Catalunya
solutions around mobile payments
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com • Expect more from PCI on mobile in the future
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 8 Building Confidence in Payment Systems
9. PCI PTS v3 - SRED
• PCI PIN Transaction Security program
– Secure Reading and Exchange of Data
(SRED) module introduced in v3
– Non-PIN device class approvals in v3.1
• Secure Card Reader (SCR), non-PED
Witham Laboratories
1/842 High Street
East Kew 3102
• Allows for secure mobile transactions
– Approval of physically & logically secure
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
encrypting card acceptance devices
– PIN / Chip / Stripe acceptance supported
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
with external hardware devices
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 9 Building Confidence in Payment Systems
10. PA DSS and Mobile
• PCI SSC is cautious about approval of
mobile applications
– Three types of mobile apps defined
– PA DSS approval only for two types
– Work on-going regarding type 3
Witham Laboratories
1/842 High Street
East Kew 3102
Melbourne
Australia Category 1 Category 2 Category 3
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350 PCI PTS Device Dedicated All other mobile
Rambla de Catalunya Payment Device payment software
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Can be approved to PA DSS Cannot currently be
Email: lab@withamlabs.com
approved to PA DSS
PCI PTS PCI PIN PCI DSS PA-DSS Witham Laboratories
Building Confidence in Payment Systems
Slide No. 10
11. Mobile Payments Stats
Witham Laboratories
1/842 High Street
East Kew 3102
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 11 Building Confidence in Payment Systems
12. Mobile Events 2011
• Visa invest in Square (April)
• Visa release mobile best practice (April)
• PCI define 3 types of mobile apps (June)
• Google Wallet released in conjunction
Witham Laboratories
with MasterCard (Sept)
1/842 High Street
• PCI release PCI PTS v3.1 as a facilitator
East Kew 3102
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
to secure mobile add-on devices (Sept)
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
• MasterCard / Intel co-operation (Nov)
• GSMA support for SIM based NFC (Nov)
Email: lab@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 12 Building Confidence in Payment Systems
13. Visa Mobile Best Practices
• Provide secure code loading & updates
– Using known chain of trust
• Use secure coding best practices
• Protect encryption keys
Witham Laboratories
– PCI PTS and PA DSS referenced
1/842 High Street
East Kew 3102
Melbourne
Australia
• Allow for remote disablement
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
– Reduce risk & threat of stolen device(s)
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
• Log and track sensitive operations
Email: lab@withamlabs.com
– Store remotely where possible
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 13 Building Confidence in Payment Systems
14. Visa Mobile Best Practices
• Encrypt all public transmissions of data
• Protect account data from other apps
– Encrypting reader recommended (SRED)
• Provide truncation and/or tokenisation
Witham Laboratories
– Minimize storage of account data
1/842 High Street
East Kew 3102
Melbourne
Australia
• Protect stored PAN and sensitive
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
account data
– By using encryption
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
– Only store SAD prior to authorisation
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 14 Building Confidence in Payment Systems
15. Contactless Security
Lots of press on ‘Contactless pickpockets’
Witham Laboratories
1/842 High Street
East Kew 3102
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
Is this a problem?
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 15 Building Confidence in Payment Systems
16. Contactless Security
• CVV3 / CVC3 is used to dislocate data
on contactless card with MSR / ICC data
– Provides a unique value per transaction
– Uses information from the terminal
• Prevents replay attacks
Witham Laboratories
1/842 High Street
East Kew 3102
– Uses unique secret keys in card
• Mitigates card cloning
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
• Contactless data can be intercepted,
08007 Barcelona
Spain
Ph: +34 93 184 27 88 but PAN/expiry only provides little value
Email: lab@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 16 Building Confidence in Payment Systems
17. Security without CVM
• But there’s no PIN / signature!
– Contactless floor limits prevent large-scale
fraud using stolen card
– Scheme rules reduce cardholder liability
– Reduction in PIN use and CVV3/CVC3
Witham Laboratories
1/842 High Street
reduces incentives for skimming
East Kew 3102
Melbourne
Australia
Ph: +61 3 9846 2751
– Other scheme incentives reduce value of
PAN / expiry only data
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
• Documented fraud on contactless cards
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
in Australia very low
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 17 Building Confidence in Payment Systems
18. Mobile Payments Security
• ‘Secure element’ used in phones
– To protect the cryptographic keys and data
– Current approvals to requirements such as
MasterCard CAST / EMV chip security
– Protects against side channel and physical
Witham Laboratories
1/842 High Street
attacks
East Kew 3102
• Secure element like a physical card chip
Melbourne
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Rambla de Catalunya
38, 8 planta
on your phone
08007 Barcelona
Spain
Ph: +34 93 184 27 88 – Integration may expose new vulns
– Understand risks when assessing mobile
Email: lab@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 18 Building Confidence in Payment Systems
19. What’s the Future for Mobile?
• Mobile payments will not disappear
– An area of growth, not a fad
• Contactless / NFC will play a big part
– Co-existence of other wireless interfaces
possible for the short term
• Mobile payments likely to push secure
Witham Laboratories
1/842 High Street
East Kew 3102
Melbourne
elements into phones
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
– Lead to other possible uses
Rambla de Catalunya
38, 8 planta
08007 Barcelona
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
– Certification requirements may expand
PCI PTS PCI PIN PCI DSS PA-DSS
beyond current CAST / EMV chip
Witham Laboratories
Slide No. 19 Building Confidence in Payment Systems
20. What’s the Future for Mobile?
• Understand what ‘mobile’ means to
your business
– Payment, banking, acceptance, other (?)
– Risk mitigations are different
• Look past the hype for the real story
Witham Laboratories
1/842 High Street
East Kew 3102
Melbourne
– Both in benefits and risks
Australia
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350 • Be aware of emerging standards
Rambla de Catalunya
38, 8 planta
08007 Barcelona
Spain
– OK today may not be OK tomorrow
Ph: +34 93 184 27 88
Email: lab@withamlabs.com • Ensure CHD remains protected …
PCI PTS PCI PIN PCI DSS PA-DSS
Witham Laboratories
Slide No. 20 Building Confidence in Payment Systems
21. Questions?
Witham Laboratories
1/842 High Street
For further information please contact
East Kew 3102
Melbourne
Australia
Andrew Jamieson
Ph: +61 3 9846 2751
Fax: +61 3 9857 0350
Technical Manager
Rambla de Catalunya
38, 8 planta
08007 Barcelona Witham Laboratories
Spain
Ph: +34 93 184 27 88
Email: lab@withamlabs.com
Email: andrew.jamieson@withamlabs.com
PCI PTS PCI PIN PCI DSS PA-DSS
Phone: +61 3 9846 2751
Witham Laboratories
Slide No. 21 Building Confidence in Payment Systems
