Integrating NFC with Cloud-based Solutions Challenges Payment Security
London – 13 February 2013 – The mobile (m)-payments market is taking a new step towards simpler and cost-effective solutions. Recently introduced payment options using mobile phones integrate near-field communication (NFC) technology with a cloud-based system. With this approach, cardholders' account details will no longer be stored on a secure element within a mobile phone, but will instead be maintained in the cloud. Frost & Sullivan believes that successful combinations of NFC and cloud will require solutions to help mitigate the security risks involved in data transmission.
"M-payments that use contactless technologies, such as NFC, are an emerging global trend," says Frost & Sullivan Research Analyst Shuba Ramkumar. "Important market players like Google, Isis and Microsoft have created some of the currently available mobile wallet apps using NFC technology."
Security infrastructure for NFC payments is multi-layered. The customer's account and card details are stored in a secure element within the device used for the payment. The secure element might be directly embedded by the mobile device manufacturer or offered by a payment service provider as a removable Secure Digital (SD) card. The use of a physical secure element, as is the current industry trend, is vital because in its absence the exposure to risk is much higher. Nevertheless, security solution providers including ARM, Gemalto, and Giesecke & Devrient, are also working on the development of the trusted execution environment (TEE) as a security standard.
"Implementing additional security – for instance, a personal identification number (PIN) for access – can help mitigate financial losses. An easy-to-use mechanism for deactivating NFC services on a misplaced or stolen device and reactivating them on another will also enhance security," adds Ramkumar.
A cloud-based m-payment solution involves the use of a mobile app, such as PayPal, that requires an individual's authentication prior to connecting with the account details stored in a cloud to process the transaction. The biggest advantage of using this payment solution over NFC is that the transaction can be carried out using any device with network connectivity. Further, in a cloud-based solution, data is stored virtually and is not easy to access or track— assuming the cloud provider offers appropriate protection.
"Despite constant monitoring and authentication checks that make the cloud itself secure, transmitting data over the air carries an element of risk," cautions Ramkumar. "Payment information for many individuals is stored in the cloud, and it is mapped individually to a person logging into an m-payment app. Therefore, data transferred between the cloud and the device initiating the transaction occurs over the air, putting the data at risk to exposure to parties capable of reading it during transmission."
A hybrid approach that combines NFC and cloud for m-payments, hence removing the need for the physical secure element on a mobile phone, will make the application of NFC services simpler and cheaper. However, integrating NFC with cloud-based systems will still require additional solutions to mitigate the security risks involved in data transmission. "This should be done in respect of international payment standards such as PCI DSS in order to protect personal data during data transfer. At the moment, the security used for cloud based solutions is mostly the same as the one for e-commerce, so digital certificates features. This is probably a first step to accelerate cloud based payment solutions, but at the end, a higher level of security will probably be needed," summarises Ramkumar.
This article summarises first findings from the upcoming Frost & Sullivan's report on Payment Privacy Protection in Europe (9A68-67). If you would like to receive more information on the payment security market, please contact Joanna Lewandowska, Corporate Communications, at email@example.com. Please include your full contact details in the query.
About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today's market participants.
Our "Growth Partnership" supports clients by addressing these opportunities and incorporating two key elements driving visionary innovation: The Integrated Value Proposition and The Partnership Infrastructure.
- The Integrated Value Proposition provides support to our clients throughout all phases of their journey to visionary innovation including: research, analysis, strategy, vision, innovation and implementation.
- The Partnership Infrastructure is entirely unique as it constructs the foundation upon which visionary innovation becomes possible. This includes our 360 degree research, comprehensive industry coverage, career best practices as well as our global footprint of more than 40 offices.
For more than 50 years, we have been developing growth strategies for the global 1000, emerging businesses, the public sector and the investment community. Is your organisation prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and emerging economies?