Mobile Wallet security

•Download as PPTX, PDF•

1 like•578 views

Suraj Pratap

Mobile wallet security

Technology

Agenda
Mobile Wallet intro
Statistics
Basic feature
Build with security
Possible security issue

About me
Suraj Pratap.
Work as information security Analyst
Bounty hunter ,Got lucky with Google,
Microsoft, PayPal, Yahoo etc.
surajraghuvanshi@gmail.com

Some Statistics
India has 375 million Internet users in
October 2015.
IN share world population 17.50%
IN shares of world internet user 6.63
%
Online e-commerce users 3.8 %
Mobile wallet user 0.57

Statics
Wallet user
 Age group percentage
18-29 37
30-44 36
45-59 17
60-abv 10

Brands
Paytm
Freecharge
Mobikwik
Airtel money
Google pay
Apple pay
Vodafone M-pesa
Chillr
Oxigen Wallet
Citrus Pay
PayUMoney

Mobile wallet
Mobile Application: Financial Tool.
Designed to free users from traditional wallet.
Replace ATM’s and credit cards
Faster
Merchant benefits:
Brands to offer a wider variety of payment
Easy-to-use payment interface development
Bank and financial institution benefits to offer a
consistent payment interface to consumer and
merchants

Key features
Bill payment services
M-brokerage services
Mobile money transfers
Mobile micro-payments
Money spend analyser et

InBuild Protection
Client Side
Data encryption at client side- most of them
Browser sand-boxing - only 3
Encryption and Hashing used AES256/ SHA2 : most
of them . please don't ask key ;-)
Propriety protocols

InBuild Protection
Server Side
Cloud base Platform (Excepts banks wallet)
VPC - virtual private cloud
PCI certified : Trust
Fraud detection team
Data encrypted : yes they all claim

InBuild Protection
In Middle
Most of them are on TLS 1.1 and 1.2 only
SSL Pinning not implemented by all
Encrypt data inside SSL : Yes people implemented
MITM : Yes its possible.

Main Security Concerns
If someone steals my phone, they have access to all
my information
I will not be able to pay for purchase if my phone lost
/ stolen
Someone might be able to steal my info when it is
sent wirelessly
My "mobile wallet" provider will share my info with
other companies
Too much personal spending info in one place on
Smartphone

How to address them
Wipe it remotely.
Sophisticated, high-tech security
Replace immediately
Two way authentication
Install app from trusted location
Review contract terms and conditions

How to address them
Trust :-) / :-(
Cloud

Who got Bug
Paytm
Freecharge
Oxigen Wallet
Citrus Pay
Mobikwik
Airtel money
Google pay

who got affected
Users : Only 2 cases which i found
Service providers : All of them

What's hot

Digital walletSohil Gupta

E walletDebashis Mondal

BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...BlueHornet

Digital walletSohil Gupta

Mobile wallets Analysis - Evolution, Scope & Future in IndiaRohit Namboodiri

Mobile walletsKairavi Vyas

E walletMrunmayee Joshi

Mobile walletSomyadarshna

Digital walletLokesh Jajoo

E wallet by aminaminpathan11

Digital WalleteTailing India

Digital wallet(p)Gyana Ranjan Swain

Future of Payment and Startup v2CY Choon Yan Tan

India Stack - Social Impact at ScaleAmit Ranjan

Introduction To E- WalletMilind Prajapat

FinX Digital Wallet PlatformAnurag Rastogi

Cost and Features to Develop e-wallet Mobile AppTarun Nagar

Mobile wallets AnalysisRamraj Mulasa

Digital wallet awarenessAnkit Agarwal

Mobile payments, e-money and mobile credit in JapanGerhard Fasol

What's hot (20)

Digital wallet

E wallet

BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...

Digital wallet

Mobile wallets Analysis - Evolution, Scope & Future in India

Mobile wallets

E wallet

Mobile wallet

Digital wallet

E wallet by amin

Digital Wallet

Digital wallet(p)

Future of Payment and Startup v2

India Stack - Social Impact at Scale

Introduction To E- Wallet

FinX Digital Wallet Platform

Cost and Features to Develop e-wallet Mobile App

Mobile wallets Analysis

Digital wallet awareness

Mobile payments, e-money and mobile credit in Japan

Similar to Mobile Wallet security

Managing & Securing the Online and Mobile banking - Chew Chee SengKnowledge Group

Digital Wallet App Development Guide 2023.pdfSuccessiveDigital

The Future of Digital Payment Apps_ Trends and Predictions.pdfSafeDeposit

httpssquareup.comusentownsquaremobile-paymentshttpswwwLizbethQuinonez813

Digital cash, near feild communication and ultra cashRohit Singh

All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex

Pwc.pptxSandhya Singh

Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics

27 sep today's manager mobile payments_life is more secure in the cloudBridget Kow

Pay-Cloak:Biometricijtsrd

All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesMEDICI admin

Trylogic- Cyber security by Vikalp Sharma- FDP Presentation July 9 2020Vikalp Sharma

A Comprehensive guide to understanding Digital Wallets.pdfPay10

How AI is impacting digital identity security.pdfVLink Inc

SECURED BANKING TRANSACTION USING VIRTUAL PASSWORDInternational Journal of Technical Research & Application

mwalletVinit Shah

A Novel Approach for E-Payment Using Virtual Password Systemijcisjournal

Are Mobile Banking Apps Safe?VISTA InfoSec

Top 5 digital wallet app.pdfVLink Inc

Enforcing Set and SSL Protocols in E-PaymentAIRCC Publishing Corporation

Similar to Mobile Wallet security (20)

Managing & Securing the Online and Mobile banking - Chew Chee Seng

Digital Wallet App Development Guide 2023.pdf

The Future of Digital Payment Apps_ Trends and Predictions.pdf

httpssquareup.comusentownsquaremobile-paymentshttpswww

Digital cash, near feild communication and ultra cash

All You Wanted To Know About Top Online Payment Security Methods.pptx

Pwc.pptx

Overcome Security Threats Affecting Mobile Financial Solutions 2020

27 sep today's manager mobile payments_life is more secure in the cloud

Pay-Cloak:Biometric

All the 12 Payment Enabling Technologies & 54 Illustrative Companies

Trylogic- Cyber security by Vikalp Sharma- FDP Presentation July 9 2020

A Comprehensive guide to understanding Digital Wallets.pdf

How AI is impacting digital identity security.pdf

SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD

mwallet

A Novel Approach for E-Payment Using Virtual Password System

Are Mobile Banking Apps Safe?

Top 5 digital wallet app.pdf

Enforcing Set and SSL Protocols in E-Payment

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski

SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j

Vulnerability_Management_GRC_by Sohang Sengupta.pptxnull - The Open Security Community

APIForce Zurich 5 April Automation LPDGMarianaLemus7

Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55

Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar

Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm

Artificial intelligence in the post-deep learning eraDeakin University

Bluetooth Controlled Car with Arduino.pdfngoud9212

Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community

CloudStudio User manual (basic edition):comworks

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106

My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

Vulnerability_Management_GRC_by Sohang Sengupta.pptx

APIForce Zurich 5 April Automation LPDG

Advanced Test Driven-Development @ php[tek] 2024

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...

Unleash Your Potential - Namagunga Girls Coding Club

Streamlining Python Development: A Guide to a Modern Project Setup

Artificial intelligence in the post-deep learning era

Bluetooth Controlled Car with Arduino.pdf

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx

CloudStudio User manual (basic edition):

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics

My Hashitalk Indonesia April 2024 Presentation

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

Designing IA for AI - Information Architecture Conference 2024

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Mobile Wallet security

1. NULL BANGALORE SURAJ PRATAP Mobile Wallet Security

2. Agenda Mobile Wallet intro Statistics Basic feature Build with security Possible security issue

3. About me Suraj Pratap. Work as information security Analyst Bounty hunter ,Got lucky with Google, Microsoft, PayPal, Yahoo etc. surajraghuvanshi@gmail.com

4. Some Statistics India has 375 million Internet users in October 2015. IN share world population 17.50% IN shares of world internet user 6.63 % Online e-commerce users 3.8 % Mobile wallet user 0.57

5. Statics Wallet user  Age group percentage 18-29 37 30-44 36 45-59 17 60-abv 10

6. Brands Paytm Freecharge Mobikwik Airtel money Google pay Apple pay Vodafone M-pesa Chillr Oxigen Wallet Citrus Pay PayUMoney

7. Mobile wallet Mobile Application: Financial Tool. Designed to free users from traditional wallet. Replace ATM’s and credit cards Faster Merchant benefits: Brands to offer a wider variety of payment Easy-to-use payment interface development Bank and financial institution benefits to offer a consistent payment interface to consumer and merchants

8. Why mobile wallet Reference : NTTDATA

9. Key features Bill payment services M-brokerage services Mobile money transfers Mobile micro-payments Money spend analyser et

10. But Wait

11. Reference: sqs.com

12. InBuild Protection Client Side Data encryption at client side- most of them Browser sand-boxing - only 3 Encryption and Hashing used AES256/ SHA2 : most of them . please don't ask key ;-) Propriety protocols

13. InBuild Protection Server Side Cloud base Platform (Excepts banks wallet) VPC - virtual private cloud PCI certified : Trust Fraud detection team Data encrypted : yes they all claim

14. InBuild Protection In Middle Most of them are on TLS 1.1 and 1.2 only SSL Pinning not implemented by all Encrypt data inside SSL : Yes people implemented MITM : Yes its possible.

15. Main Security Concerns If someone steals my phone, they have access to all my information I will not be able to pay for purchase if my phone lost / stolen Someone might be able to steal my info when it is sent wirelessly My "mobile wallet" provider will share my info with other companies Too much personal spending info in one place on Smartphone

16. How to address them Wipe it remotely. Sophisticated, high-tech security Replace immediately Two way authentication Install app from trusted location Review contract terms and conditions

17. How to address them Trust :-) / :-( Cloud

18. Who got Bug Paytm Freecharge Oxigen Wallet Citrus Pay Mobikwik Airtel money Google pay

19. who got affected Users : Only 2 cases which i found Service providers : All of them

20. By business logic flaws

21. Conclusion Should we adopt it / don't

22. wallet security Just “lock" it

23. Questions