Post on 28-Mar-2015
European Consumer Summit 2014 On-line and mobile payments
Dr Florent FrederixTrust & Security Unit, DG CONNECT, European Commission
1th of April 2014A. BORSCHETTE CENTRE , Brussels
Content
• What is mobile payment?
• How big are cyber security risks?
• What is the European Commission doing about it?•
What is mobile payment?
• Some examples• 1. Contactless m-payment with NFC mobile• 2. PayPal / Pre-paid card wireless payment• 3. M-payments & ATM transactions using QR • 4. M-payments using electronic currencies• 5. M-payments using Near Sound Data Transfer and
other technologies
m-payment with NFC mobile
• Options:• Mobile + NFC card
- Security equal to security of another NFC credit/debit card
• Mobile + secure SIM- Security higher than the security of another NFC credit/debit card
• Mobile + secure element in the cloud/software- Android 4.4 (kitkat) can drive the NFC hardware on your mobile phone- Security data not yet available but probably lower than NFC card
Blog.tesco.com
PayPal / Pre-paid card payment• Similar to PayPal(1) from a web browser. • Difference is 2 factor identification based on phone number and
pin code. No secure element.• Trusted Service Manager is PayPal that ensures link between
credentials of mobile phone holder and linked credit/debit accounts.
(1)PayPal used as one example. Description not complete
(2) Google’s brilliant plan to get millions to adopt its e-money system: Gmail www.qz.com March 27, 2014
Google e-money
M-payments & ATM using QR codes
• (1) Text emulation • Fake payment requests?• Security measures?
• (2) Real mobile QR payments
M-payments with e-currencies
• Issues:• Legal base• Trusted service manager? (the network?)
• (Security?)
M-payment with NSDT & and ….• Characteristics:
• Side channel attacks?• Interoperability?
How big are cyber security risks?
• — Security Concern reason for 69% of non-users.• — Share of m-banking consumers that are unbanked is 11%
(1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014
Size of the market?(1)
Usage of different means of accessing banking services
How big are cyber security risks?
(1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014
Age profile(1)
Use of mobile banking in the past 12 months by age(%)
• How secure?(1)
• Survey results
How big are cyber security risks?
(1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014
What does the EU Commission?
• Data Protection directive/legislation• In place since 1995: Directive EC 95/46• New legislation under discussion with Parliament
to revise the directive into a refreshed legislation
• Network Information Security directive (NIS)• Initiative presented by EU commission• Directive under discussion in Parliament
• The Cyber Security Strategy• Complements the NIS directive• Links to H2020
Capabilities: Common NIS requirements at national level
NIS strategy and cooperation plan
NIS competent authority
Computer Emergency Response Team (CERT)
Proposal for a Directive on NISKey elements (1/3)
What does the EU Commission?
Cooperation: NIS competent authorities to cooperate within a network at EU level Early warnings and coordinated response
Capacity building
NIS exercises at EU level
ENISA to assist
Proposal for a Directive on NISKey elements (2/3)
What does the EU Commission?
• Risk management and incident reporting for:
Energy – electricity, gas and oil Credit institutions and stock exchanges Transport – air, maritime, rail Healthcare Internet enablers Public administrations
Proposal for a Directive on NISKey elements (3/3)
What does the EU Commission?
What does the EU Commission?• The Cyber Security Strategy
Thanks