3. About me
Suraj Pratap.
Work as information security Analyst
Bounty hunter ,Got lucky with Google,
Microsoft, PayPal, Yahoo etc.
surajraghuvanshi@gmail.com
4. Some Statistics
India has 375 million Internet users in
October 2015.
IN share world population 17.50%
IN shares of world internet user 6.63
%
Online e-commerce users 3.8 %
Mobile wallet user 0.57
7. Mobile wallet
Mobile Application: Financial Tool.
Designed to free users from traditional wallet.
Replace ATM’s and credit cards
Faster
Merchant benefits:
Brands to offer a wider variety of payment
Easy-to-use payment interface development
Bank and financial institution benefits to offer a
consistent payment interface to consumer and
merchants
12. InBuild Protection
Client Side
Data encryption at client side- most of them
Browser sand-boxing - only 3
Encryption and Hashing used AES256/ SHA2 : most
of them . please don't ask key ;-)
Propriety protocols
13. InBuild Protection
Server Side
Cloud base Platform (Excepts banks wallet)
VPC - virtual private cloud
PCI certified : Trust
Fraud detection team
Data encrypted : yes they all claim
14. InBuild Protection
In Middle
Most of them are on TLS 1.1 and 1.2 only
SSL Pinning not implemented by all
Encrypt data inside SSL : Yes people implemented
MITM : Yes its possible.
15. Main Security Concerns
If someone steals my phone, they have access to all
my information
I will not be able to pay for purchase if my phone lost
/ stolen
Someone might be able to steal my info when it is
sent wirelessly
My "mobile wallet" provider will share my info with
other companies
Too much personal spending info in one place on
Smartphone
16. How to address them
Wipe it remotely.
Sophisticated, high-tech security
Replace immediately
Two way authentication
Install app from trusted location
Review contract terms and conditions