A Thing
The Green SheetGreen Sheet

Friday, February 24, 2017

IBM, Visa tackle IoT security

IBM Corp. and Visa Inc. introduced a cross-platform solution Feb. 16, 2017, designed to improve security on the Internet of Things (IoT) by aligning the global brands' patented technologies and capabilities. By integrating IBM's Watson IoT Platform and Visa's Token Service, the companies will enhance security in payment-enabled devices, including wearables, appliances and cars, the companies stated.

"The Internet of Things is not only driving a more connected world, it's changing the way we live, shop and pay, by moving data and the point of sale to wherever the consumer wants it to be," said Jim McCarthy, Visa's Executive Vice President, Innovation and Strategic Partnerships. "With the power of Watson's cognitive technologies and IBM's leadership in IoT and security, they are the ideal partner to help us deliver secure payments to 'virtually anywhere' and on the enormous scale of the IoT."

IoT's broad attack surface

Senior privacy and data governance advocate Marc-Roger Gagné, Principal at Ottawa, Canada-based Gagne Legal Services and board member of the Privacy and Access Council of Canada, stated the IoT represents a broader attack surface for cybercriminals, providing opportunities to exploit operating system weaknesses, infect connected devices with malware and spoof legitimate apps to steal login credentials.

"For security professionals, the difference between defending a corporate data structure from attack and defending that same structure once it's connected to the IoT is vast," he said. "Compare it to defending a bank and defending a country."

Indeed, Wired journalist Andy Greenberg reported Russian security firm Kaspersky found serious, distinct flaws in nine Android-connected car apps. In "Android Phone Hacks Could Unlock Millions of Cars," published Feb. 16, 2017, Greenberg also cited independent security professional Samy Kamkar, who planted sniffing devices in cars to hack their apps. These included the General Motors Corp. Onstar, Fiat Chrysler UConnect and Mercedes-Benz mbrace. Once inside the app, Kamkar could locate and unlock the cars, and sometimes start ignitions, Greenberg stated.

"Encrypting or hashing the credentials stored on the device, adding two-factor authentication or fingerprint authentication, or creating integrity checks that the apps would perform to see if they've been altered to include malicious code would all go a long way toward mediating the problem," Greenberg wrote.

Multifactor security schemes

A December 2016 report published by the Financial Services Information Sharing and Analysis Center, Retail Cyber Intelligence Sharing Center and United States Secret Service urged the retail community to mitigate cyberattack risks by adopting the following multifactor authentication methods:

  • End-to-end encryption: Encrypting the card account number and other data before it is temporally stored in the payment terminal protects cardholder data in transit; only the merchant acquirer or processor will be able to decrypt the sensitive data, rendering the data useless to criminals.

  • Stronger encryption: The National Institute of Standards and Technology recognizes TLS 1.2 as strong encryption. NIST is in the process of replacing Secure Hashing Algorithm One (SHA1) with SHA256 for stronger payment processing.

  • Tokenization of card account numbers: Merchants who need to store transaction information can replace account numbers with tokens that are of no value to anyone outside the merchant's protected data environment.

Multibrand, multifactor solution

Visa and IBM representatives stated the companies will leverage Visa's Token Service, which replaces sensitive account information found on payment cards with unique digital identifiers to process payments without exposing actual account details. The Visa Token Service, part of the Visa Ready partnership program, is used by third-party Visa-certified token service providers.

The companies additionally plan to roll out Visa payment services in the IBM Cloud, making Visa Tokens available to IBM's Watson IoT Platform customers, enabling merchants and consumers to connect to billions of devices, sensors and systems worldwide. The partners are confident the co-branded solution, combined with their immense global footprints, will help the solution rapidly scale.

Consumer technology experts have seen steady growth in connected cars and expect the trend to continue. The Watson IoT platform is designed to enhance connected cars by securing information in the cloud and alerting consumers when vehicles need updates and renewals. "With this information, the driver can order parts with the push of a button or schedule a service appointment at their preferred local garage," IBM representatives stated. "The driver could even pay for gas through a direct interaction between the car and the gas pump." end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Facebook
Twitter
LinkedIn
2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing