Page 1 - GS131001
P. 1
October 14, 2013 • Issue 13:10:01
Mobile security
and the rule of thumb
he payments industry is on the verge of a dra-
matic change in how mobile payments are Contributed articles inside by:
secured. Experts agree that cardholder authen-
T tication via user name and PIN or pass code is Chris Bucolo .......................................................... 28
a broken system. It is safe to say that some type of indi- Cliff Teston ............................................................ 32
vidually unique biometric marker – be it a fingerprint, Dale S. Laszig ....................................................... 42
the veins of the iris or the inflections of a voice – will take
its place. But what the preferred biometric will be, and Michael Gavin ...................................................... 46
how it will interact with payment systems, is still in the Michelle Thompson ................................................ 48
proof of concept stage. TOC on page 3
A glimpse into the future was provided at the 2013 NFC
Solutions Summit held in May 2013 in Burlingame, Calif.
In one discussion, Dr. Siva Narendra, co–founder and The 280 million passwords reportedly breached in the
Chief Executive Officer of mobile security firm Tyfone United States over the last 18 months represent only a
Inc., reinforced what is increasingly apparent: digital tip of the iceberg, Narendra said. He cited FBI data that
identities and sensitive financial data are secured with concluded 94 percent of all breaches go unreported. With
weak and cumbersome passwords and easily hackable more and more people paying for purchases via mobile
four-digit PINs. phones, it makes sense to take advantage of technology
added to those devices to improve security.
Narendra doesn't believe centrally stored identity
authentication should be abandoned. "It just needs to be
augmented," he said. "And we need to augment it with
ID stored in secured hardware locally in the consumer's
hand." Tyfone's Connected Smart Card technology is a
"bring your own body" (BYOB) solution, an example of
which is incorporating a digital copy of a thumbprint into
a plastic card, microSD processing chip or mobile device.
A thumbprint has the advantage of being physically part
of the individual and does not have to be remembered,
like a password, Narendra said. But he noted that because
the biometric is unique to the individual and represents
highly sensitive data, it is even more vulnerable than a
password if it is centrally stored in the cloud; a password
can be changed following a hack, but once a one-of-a-kind
thumbprint is stolen, it is gone for good.
Dongle ID
In March 2013, Jerome Svigals – the self-proclaimed "Father
of the Magstripe" for his pioneering work with IBM in
the 1960s in developing the magnetic stripe technology
that underscores all physical bankcard transactions in the
United States today – patented a near field communication
(NFC) -based application called SPARC, short for Secure
See Mobile Security on page 38
