Proximity (NFC) Mobile Payment Technology - Security Whitepaper

The opportunities offered by the advent of proximity mobile payments are clear; differentiated payment services, increased transaction volumes, faster transactions, increased customer convenience, operational efficiencies and the ability to increase customer loyalty through targeted gift and loyalty programs. With implementations already in place in Europe and Japan, strong consumer interest and the ability to leverage the contactless POS infrastructure already in place, NFC-enabled proximity mobile payments show much promise. But how will security be managed in an ecosystem with so many stakeholders, each managing their own unique aspect of the process? The news is good.

Both the financial and mobile industries have made much progress in defining how NFC-enabled mobile payments will take place and how financial information will be secured. Security is bolstered by the use of industry standards and by the technology supporting proximity mobile payments. Industry organizations have defined standards based approaches to ensuring that payment account information is delivered securely to the mobile phone and stored securely in the phone's secure element.

The NFC-enabled mobile phone leverages the existing ISO/IEC 14443 standard for communicating payment information from the phone to the merchant's POS terminal. Appropriate risk analysis of an operational model for proximity mobile payments can identify where there is potential for fraud or misuse, develop mitigation measures and assign responsibility. From the consumer's perspective, the proximity mobile phone payment looks just like a contactless credit or debit card transaction.

Mobile phones can also leverage two-factor authentication technology to secure the payment application and information. Requiring a passcode or a fingerprint to initiate or respond to the terminal's attempt to initiate or validate a transaction can provide the consumer with additional comfort and a sense of control over a transaction.

While implementations may vary, industry players are moving in a consistent direction. Industry organizations are working to increase ease of access, global interoperability and security of mobile payment technology to consumers. Pilot studies in the United States and implementations worldwide have tested both the technology and the mobile payments process. Proximity mobile payments technology is solid, and will serve this exciting new payment frontier well. Industry stakeholders can leverage the proven technology and a merchant infrastructure that is ready to go to take advantage of consumers' ever-growing love of mobile technology.

Download whitepaper

Recent Entries

CUPPS: The Platform of the Future (Airline Kiosk)
CUPPS has been architected as the platform of the future, able to accommodate many things even beyond the agent-facing applications…
EMV takes aim at U.S.
Nice article on SecureIDnews covering EMV. by Andy Williams, Associate Editor, Avisian PublicationsLike a massive tidal wave, EMV continues to roll…
Tokenization and Enterprise Security
Nice article on tokenization which also highlights lack of formal standards for tokenization at this time. Credit Card Tokenization: Put All…
Wal-Mart's Kiosk Trial Raises Serious PCI, Data Ownership Issues
Wal-Mart this month became the latest major retailer to experiment with self-service kiosks, selling space in 77 stores for units…
Proximity (NFC) Mobile Payment Technology - Security Whitepaper
The opportunities offered by the advent of proximity mobile payments are clear; differentiated payment services, increased transaction volumes, faster transactions,…
Look Beyond Hospitality Touch Screen Solutions
Whether you realize it or not, touch technology quickly is becoming the intuitive input delivery method of choice. Look no…
Level 4: The small-merchant PCI challenge
While sensational data breaches experienced by big-box retailers and processors fill the headlines, 85 percent of reported data compromises involve…
ATM Card Skimming and Pin Capture
ATM Card Skimming is a method used by criminals to capture data from the magnetic stripe on the back of…
Background - Use of Electronic Health Records in U.S. Hospitals
Report from New England Journal of Medicine on Electronic Health Records. Concludes - very low levels of adoption in U.S.…
PCI DSS in real life -- Requirement 1 Firewall
Excerpt: Critical to the selection was choosing a vendor that best met PCI DSS (Payment Card Industry Data Security Standard)…
User Interface & Content - Can I Use My Website?
Web sites, self-service can play nicely together according to Jim Kruper of Kioware.  With the increasing number of devices that…
Resource Link - Understanding credit card transaction fees
Merchants accounts, gateways and rates. Having your kiosk process credits cards swiped locally (card present) come with regulatory standard considerations…
Whitepaper - Introduction to CFM or Customer Flow Management
CFM or Customer Flow Management systems are found in more verticals/markets than any other application. Here is a technical document…
Compliance Resource: ETA and Electronic Transaction Compliance
Worth noting Heartland Payment Systems and RBS Worldpay have been removed from Visa Inc.'s list of PCI compliant service providers and…
Going beyond current PCI security standards
Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior…
ADA Requirements - Changes in California
In late 2008 the California legislature passed a stronger version of ADA which was Senate Bill 1608. This bill became…
Opinion - Why is Redbox Afraid of the iPhone?
Over the last few years, Redbox has been able to build an impressive DVD rental network by being innovative and…
Research Report - Touchscreen Check-In: Kiosks Speed Hospital Registration
March 2009 -- Patient self-service kiosks are being used with growing frequency in hospital ambulatory settings and emergency departments. These interactive…
Cloud Computing - What is it?
Cloud computing resources question was raised by a member of Health Infomatics group we participate in. Health technology right now…
Heartland Put on Probation for Security Breach
Heartland Payment Systems (HPY), one of the largest credit card processors in North America, is finally being called to the…



  |