A new white paper that looks in-depth at Trusted Execution Environment (TEE) technology, the architecture and principles underpinning its operation and how it can be used to secure a variety of mobile wallet and IoT applications is now available to download free of charge from the NFC World Knowledge Centre... More
GlobalPlatform secures biometric authentication and enriches trusted user interaction — GlobalPlatform — “These new APIs enable trusted applications to leverage the device’s biometric sensors, while staying fully isolated from the device OS… Service providers and application developers now have a direct path to provide users with a richer and safer authentication experience and, importantly, to offer trusted biometric authentication that is secured in the hardware of the device’s Trusted Execution Environment (TEE).”
Emirates NBD leads banking sector in cheque security by successfully rolling out ‘Cheque Chain’ at scale — Emirates NBD — “Cheque Chain enables a unique QR (Quick Response) code to be printed on every leaf of newly issued cheque books. The unique code registers each cheque on the bank’s blockchain platform, ensuring that once the cheque is received and cleared under the bank’s ICCS technology, bank staff can validate the cheque’s authenticity and have access to its source at all times. In doing so, this significantly reduces the risk of fraud by making cheque forgery much more difficult.”
Bitcoin under the skin – Why people are using subdermal microchip wallets — CCN — “Dutchman Martijn Wismeijer is very cautious when it comes to storing Bitcoin so much so that in 2014, he had two NFC (near field communication) chips surgically implanted into each hand to store his encrypted Bitcoin keys. Wismeijer stated a number of reasons for the drastic method of storing crypto, saying he had lost the majority of his Bitcoin over the years to exchange failure, hacking, and theft… Wismeijer says he uses his chips every day to make purchases — the process involves scanning the chips with his smartphone to receive and then decrypt the keys in order to make a transaction.”
Alipay is stepping up data protection after PBOC fine — Yicai Global — “Alipay, the fintech platform run by Ant Financial Services Group, is looking to improve its data collection processes after China’s central bank fined it for breaching data protection regulations… Alipay published misleading video campaigns and its collection of personal financial information failed to meet minimum security requirements, the regulator said, adding that the firm also used data inappropriately.”
Adding backdoors at the chip level — Schneier on Security — “In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level… we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques.”
PARTNER NEWS: Crédit Agricole has added support for Visa cards to its HCE mobile payments service, enabling both Mastercard and Visa cardholders to make use of its Ma Carte application and Paylib, the French interbank payment brand, for the first time... More
NXP ushers in new era of eSIM-enabled devices for 5G and IoT with industry’s first single NFC and secure element monolithic chip — NXP — PARTNER NEWS — “The new NXP SN100U is the world’s first single-die chipset featuring an embedded secure element (SE), near field communications (NFC), and eSIM for added advanced functionality, cellular connectivity, and security. The company also introduced the SU070 standalone eSIM solution, which offers the industry’s smallest footprint and is ideal for smartphones, tablets, laptops, and other IoT devices that require cellular connectivity with low power consumption.”
Built for the way we communicate today: Samsung Galaxy S9 and S9+ — Samsung — “The Galaxy S9 and S9+ support three different biometric authentication options — iris, fingerprint, and facial recognition — so users can choose the way they want to protect their device and applications. The devices feature Intelligent Scan, a new verification that intelligently uses the collective strength of iris scanning and facial recognition technology to quickly and conveniently unlock a user’s phone in various situations. The Galaxy S9 and S9+ also introduce Dedicated Fingerprint, giving users the option to use a different fingerprint to access Secure Folder than the one used to unlock the phone.”
Tokenization has the potential to increase the security of a wide range of applications beyond payments, from healthcare to social security, logical access control and blockchain applications, Rambus explains in a new ebook which is now available to download from the NFC World Knowledge Centre... More
The increasing diversity of devices, services and players in the mobile payments ecosystem has led to the need for standards and certification to manage fragmentation, prevent fraud and ensure consistent user experience, GlobalPlatform’s Gil Bernabeu explains in a new paper now available to download from the NFC World Knowledge Centre... More
IBM Future of Identity study: Millennials poised to disrupt authentication landscape — IBM — “Security was vastly ranked as the top priority for banking, investing, and budgeting apps — for these categories on average 70% selected security as the top priority, with 16% selecting privacy, and 14% selecting convenience… 44% ranked fingerprint biometrics as one of the most secure methods of authentication; passwords and PINs were seen as less secure (27% and 12% respectively).”
Radius Bank launches innovative card control app to give customers greater financial peace of mind — Radius Bank — “The Radius Card app provides a number of money management benefits, including: On/off switch allows customers to quickly turn off their debit card should it become misplaced and back on again once it has been recovered; Location-based restrictions prevent transactions outside a specific area determined by the user; Real-time alerts whenever the card is used or when a transaction has been attempted and declined; Spending caps and activity limits to help users budget expenses better.”
Quick take: Mobile payment fraud rises in China, report finds — Caixin — “A China UnionPay survey of 105,000 people found that 60% had been exposed to some kind of mobile payment security threat, including information leaks, fraud or malicious attacks… Nearly 30% of users reporting mobile payment fraud said QR codes were involved, up from 15% last year.”
iOS Security — Apple — “When you set up Apple Pay Cash, the same information as when you add a credit or debit card may be shared with our partner bank Green Dot Bank and with Apple Payments Inc, a wholly owned subsidiary created to protect your privacy by storing and processing information separately from the rest of Apple and in a way that the rest of Apple doesn’t know.”
Bank Hapoalim, IAI team on blockchain for cybersecurity — Globes — “The joint research undertaken by the two companies will examine how blockchain, the technology at the basis of cryptocurrencies such as Bitcoin, could be used for developing innovative cybersecurity solutions, such as secure transmission of information between services and supply chains, user authentication, critical devices and elements that run with no human intervention and additional solutions for the cyber challenges in a hyper-connected world.”
China begins regulating QR code payments — The Verge — “The regulations will initially cap payments by traditional QR codes to 500 yuan, or about US$76. When additional security measures are applied, the cap can raise to 5,000 yuan, or around U$765. At an even higher security level, banks and payment processors are given discretion over the cap.”
Visa survey reveals consumers are ready to say goodbye to passwords — Visa — “Seventy percent of respondents find biometrics easier than passwords and 61% consider it faster. Fewer than a third of consumers use unique passwords for each of their accounts. Fifty percent of consumers responded that the top benefit of using biometrics is eliminating the need to remember multiple passwords or PINs, followed by 46% who said that biometrics is more secure than passwords or PINs for verifying identity.”
Thales and Gemalto create a world leader in digital security — Gemalto — “Thales and Gemalto announce today that they have reached an agreement on a recommended all-cash offer for all issued and outstanding ordinary shares of Gemalto… The Gemalto board has decided to unanimously support the transaction and recommend that Gemalto’s shareholders accept the offer and vote in favour of the resolutions relating to the offer at the upcoming extraordinary general meeting.”
Gemalto rejects unsolicited and conditional proposal by Atos — Gemalto — “Gemalto is well advanced in its transition from traditional banking and telecom smartcard markets to fast-growing government, enterprise and cybersecurity and machine-to-machine markets… The board of directors considers that the proposal significantly undervalues the company.”