Smart Card & Identity News EMV Pin Pad Terminal (in ... June 2012.pdf · y News • Smart Card &...

Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Sm& Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card

y News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Iden• Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity NewCard & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Sma

& Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card

June 2012 Volume 21 • Number 6

Smart Card & Identity News Smart Cards, SIM, Payment, Biometrics, NFC and RFID

www.smartcard.co.uk

©2011 Smart Card News Ltd., Rustington, England. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, optical, recording or otherwise, without the prior permission of the publishers.

Continued on page 4….

I can’t remember how often we have discussed the security of POS terminals and have tried to convey that it is a non-trivial design and development task. And of course it is not just the hardware the software is arguably even more critical. I remember being part of a banking committee some 25 years ago where software integrity was the subject matter. We managed to define what it meant but never solved how you could consistently achieve it although we did make everybody around us appreciate that it was a significant problem with no silver bullets. I would argue it is a more difficult challenge today than it was then because of the way the modern terminals are configured and maintained. Perhaps it’s a teaser who knows but this month researchers at MWR InfoSecurity have claimed that cybercriminals using a rogue smart card which gets connected to a Point of Sale (POS) terminal can effectively gain access to another customer’s PIN and Primary Account Number (PAN – the number printed/embossed on the front of your financial card). They also claim that they can get access to the merchant’s IT network. The company plans to present its findings at the Black Hat security conference in Las Vegas July 21-26. It doesn’t seem to have a slot assigned so I guess it would need to be at the hustings.

9 • The rise of the Smartphonatic

6 • Could you bring your company to its knees?

16 • Why 2012 is the year of Public Key Infrastructure

12 • The rise of social commerce and the impact on the payments chain

EMV Pin Pad Terminal (in) Security – Again?

Smart Card & Identity News Published monthly by Smart Card News Ltd

Head Office: Smart Card Group, 12 Meadway, Rustington, BN16 2DD Telephone: +44 (0)1903 734677 Website: www.smartcard.co.uk Email: [email protected] Researcher– Patsy Everett Researcher – Patsy Everett

Technical Researcher – Dr David Everett Production Team – John Owen, Lesley Dann, Adam Noyce Contributors to this Issue – Dominic Saunders, Gareth Ellis, Sascha Breite Photographic Images – Dreamstime.com Printers – Hastings Printing Company Limited, UK ISSN – 1755-1021 Smart Card News Ltd shall not be liable for inaccuracies in its published text. We would like to make it clear that views expressed in the articles are those of the individual authors and in no way reflect our views on a particular issue. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means – including photocopying – without prior written permission from Smart Card News Ltd.

© Smart Card News Ltd

The really interesting thing about technology is just the rapid pace of change but perhaps even more is the appearance of things that you might once have thought impossible. This is often a topic of conversation at the family dinner table, what has been preached by the master of the wine is that if you can’t prove it’s impossible then by default it may be possible. When you start with that hypothesis you start to look at the world in a totally different way. We often sit and marvel at the iPhone and iPad, we’re not particularly an Apple house but what magnificent designs. Nobody can realistically suggest otherwise and of course it’s starting to change the way we live and work, one merges into the other. Now this is the problem, these devices are becoming totally integrated into our everyday activities. How many people do you know that carry around a diary, paper organiser or an address book? They’re all going onto the computer or increasingly onto the smart phone. Take Google calendar, are you happy for your diary to exist in the cloud on a web site where the owner has the dubious reputation of being the largest analyst of people’s behaviour. Forget Facebook, they may have lots of data but they’re not in the league of Google. Don’t forget those Google mapping cameras that also included a Wi-Fi listener to record all the unprotected networks they could discover. I think there is still litigation surrounding these intrusions into privacy. Now there is probably a good argument that says from a domestic point of view it doesn’t matter although you need to be aware that Google would be perfectly capable of mapping all the interactions within your calendar by email address. Personally I’m not sure I care. However extend this to the business calendar and suddenly the boundaries are not so clear. What happens when you extend this to the iPhone and iPad, is it alright to mix one’s business and domestic life? In the days of paper we would never consider doing that but in the electronic world it's all different. As we have mentioned in other articles the corporate IT department has a problem. Nobody wants to carry around two laptops or two iPads when one would do.

Our Comments

Dear Subscribers, Our lead article this month is about the security or lack of it for EMV terminals. What struck me was the comment in the article about people thinking that the idea of a rogue card making the terminal mal-function is not a practical proposition.

Editorial

Disclaimer

Patsy Everett

Smart Card & Identity News • June 2012

22

Regular Features

Lead Story . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Events Diary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

World News In Brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4, 7, 10, 13, 17

Industry Articles Could you bring your company to its knees?. . . . . . . . . . . . . . . . . . . . . . . . . . 6

The rise of the Smartphonatic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 The rise of social commerce and the impact on the payments chain . . . . . . 12 Why 2012 is the year of Public Key Infrastructure . . . . . . . . . . . . . . . . . . . . 16

Contents

I would now like to pose you a question, if you have one PC or iPad which lets imagine is partitioned into two areas, one domestic, one business. Could you prove that it is not possible for something in one partition to get access to the other? Remember in the old days the air gap, there should not be any physical connection between two separate networks. But when you put it all into one device what happens then? Well I’m sure you are all thinking about Java sand boxes and virtualization and I don’t know enough to get involved but could you make the case that it’s not possible to get from one box to the other. As I understand it this is quite a difficult job on proving the correctness of software and this seems so different to looking at a safe, you know what you’re facing. When you get stuck on security it always seems like a good idea to look at safety and David has always quoted aeroplanes as the ideal subject, it sort of concentrates the mind. How would you feel about one computer flying the plane? Well of course it might fail so best to have two but would you want them to share peripherals or would you want two independent systems. I’ll bet you would like to have separate systems and probably three so you can have the best of two. The moral of this story is that if you have a single processing device it is highly likely that it will malfunction either accidentally or due to deliberate attack and then there is nothing to either stop it or to tell you it is mal-functioning. Twin processor designs are becoming all the rage in the world of smart cards. Smart phones are at the other end of the spectrum and probably have a long way to go? How far would you be prepared to rely on the correctness of your smart mobile phone? Patsy.

Source: www.smartcard.co.uk/calendar/

June 2012

12-14 – Prepaid 2012- www.voicebiocon.com

20-21 – Contactless Cards and Payments - www.smi-online.co.uk/events/overview.asp?is=8&ref=3720

July 2012

02-04 – 1st Latin American High Security Printing Conference - www.cross-conferences.com/latinamerica

Events Diary


33

…. Continued from page 1

Ian Shaw the Managing Director of MWR has said that the security of Pin Pads is below that which a consumer might reasonably expect for financial transactions. He has further said that their investigations have shown that the range of vulnerabilities found in these devices could compromise consumer’s card details and Pin number. Just to put it all in perspective many have quoted the figures from the UK payment Cards Association where 852 million card payments were processes in the UK in the month of April using a Pin Pad terminal. We have often discussed the idea of getting malware into a POS terminal or even an extra bit of hardware and software. It seems so easy for a hacker to go around changing terminals in a POS environment replacing them with new terminals incorporating some extra fraudulent activity. It wasn’t that long ago when T-Max was attacked by hackers who just went around intercepting the wireless connections from POS terminals. People have learnt to encipher these connections in more recent years. We have also heard about the Cambridge University attacks on EMV terminals where the connection path between the terminal and the smart card was intercepted by some extra electronics hidden up the attacker’s sleeve to interfere with the need for Pin authentications (generally called wedge attacks). But here is something new, no extra electronics, no need to get inside the terminal or the merchants network to plant malware, you just need to submit a rogue smart card to the candidate POS terminal card reader. I’ve seen it already on the discussion boards, it’s impossible and anyway the terminals are tested under PCI (Payment Card Industry) tests to make sure they are secure. Oh dear if only it were that easy! Perhaps we just need to remember SQL injection, Buffer Overflows and Pathname attacks. The aim of these attacks is to get unauthorised access to sensitive data or even better to get the target device to execute rogue code or commands. Examples are rampant and buffer overflows in particular have even been successfully used even against smart cards. But here we are interested in attacking the terminal with no holds barred. So how can a rogue smart card cause problems? It is a slave device, you send it a command and it sends you a reply. However depending on the various implementations there are ways of putting the smart card into command mode so that it sends commands to the terminal for it to execute. This is prevalent in the world of smart phones. In any event data is being sent from the smart card to the terminal device. So where does it go? Well there is some software driver in the terminal that is managing the commands and replies between the terminal and the smart card. Here is the area of weakness, what happens if this software misbehaves if it is sent data that it is not expecting, too much (buffer overflow) or something in the data that causes the software to operate outside its envelope? Now I don’t know what MWR InfoSecurity is going to tell us at the end of July in Las Vegas but I’m expecting to hear something interesting. MWR claim that tens of thousands of Pin Pad terminals are affected. Oh and lest there be any doubt the selling of credit and debit card details is big business in the criminal world. By Dr David Everett


44

World News In Brief

Post Office Becomes the Biggest Accepter of Contactless Payment in Europe

Post Office Limited is leading the way in payment technology with the announcement that it is to roll out contactless payment terminals across 30,000 counter positions in its unrivalled network of over 11,500 branches.

The move makes the Post Office the biggest user of contactless acceptance technology in Europe allowing customers to pay for transactions using contactless cards and NFC equipped mobile phones. The roll out started on the 6th June in almost two hundred branches around the various Olympic sites and is expected to be completed by the end of October 2012.


55

It is the largest deployment of contactless technology in Europe and is expected to increase consumer awareness and usage and, through the Post Office network, put this technology within three miles of 99% of the UK population.

Lesley Sewell, Chief Information Officer, Post Office Limited, said: "We are delighted to be delivering cutting edge technology through the Post Office network. Contactless will bring huge benefits to our customers by increasing choice and reducing transaction times. Over the next few years, many Post Office branches will be transformed, becoming more customer focused, opening for longer and providing services in a convenient and efficient manner." Ericsson and Aconite Collaborate for Mobile Contactless Payments Ericsson announced its collaboration with Aconite to provide a service that securely delivers and remotely manages applications for consumer's NFC (Near Field Communications) enabled mobile phones. Banks wishing to issue contactless mobile payments applications are the service's primary market. Together, Ericsson and Aconite will offer application issuers a turnkey solution for distributing innovative mobile-based products to their customers and for refreshing those products whenever necessary to maintain a competitive edge. This solution is a fast track to the market and is based on the integration of the Aconite Mobile Application Manager with the Ericsson Trusted Service Manager (TSM) service, through GlobalPlatform standard interfaces. This collaborative solution enables an issuer to create a security domain within the secure element (of any type) in the NFC handset and to load, personalise, update or delete applets on that domain. All with very little impact on legacy banking systems. Develop Applications for the Next Generation of Business Mobility The BYOD (bring your own device) phenomenon has added to the confusion, complexity and cost of developing multiple versions of the same application for different operating systems. The new award-winning RhoMobile Suite from Motorola Solutions, Inc. is a true HTML5 cross-platform development framework that allows developers to write an application once and have it look and act the same on different mobile devices regardless of the current operating system (OS).

This new technology will reduce operating expenses by virtually future-proofing applications that will continue to run and perform on current and next generation enterprise and consumer devices.

How Fraudsters are Disguising PCs to Fool Device Fingerprinting Cybercriminals know that financial and ecommerce providers often use fraud detection systems that monitor for anomalous transactions and behaviours. In order to bypass these systems, they are continuously looking for ways to conceal behaviours that might be identified as potential fraud. Recently, Trusteer came across a tutorial published in underground forums that explains how to circumvent fraud detection systems that use device identification to track and detect anomalous transaction and access patterns. This approach collects a myriad of session attributes to "fingerprint" the endpoint device, including IP address and type and version of browser and operating system. Using this information, fraud detection systems can, for example, detect when a single device is being used to place multiple orders with different user credentials - a practice typically indicative of fraud.

The tutorial recommends that fraudsters use commercially available virtual private network (VPN) or Proxy services to hide the device IP address. It also offers guidelines on how to make sessions from a single computer appear as if they are originating from different computers with different browsers and operating systems.

This tutorial demonstrates that cybercriminals have achieved a sophisticated level of understanding of device fingerprinting techniques and are exploiting this knowledge to evade fraud prevention systems that rely on the browser's User-Agent header to detect cybercrime. It is also a call to action for merchants and financial institutions that use device fingerprinting. They should make sure their solutions are collecting device information from a tamper-proof source.


66

Could you bring your company to its knees? By Dominic Saunders, Senior Vice President of the

NETconsent business unit at Cryptzone

Dominic Saunders

There’s a saying ‘do as I say, not as I do’ which seems to resonate in the executive corridor of far too many organisations. In this cautionary tale, we use the saying to create a fictitious scenario. This is created to illustrate just how dangerous double standards can be. Our unfortunate protagonist is the managing director, who believes the rules don’t apply to them. The headlines said it all, Tom Smith’s company was splashed across the news and he knew someone in his company was in trouble.

As a call centre it wasn’t just his own database that was now hanging out to virtually dry, but also those of his 400+ clients, which contained some very personal information. He wasted no time, someone was to blame, and the root of the problem had to be dug up. Tom contacted his Chief Information Security Officer, Rob Banks. The instruction was simple, find the source of the leak, plug it and whoever was responsible was out. Rob wasted no time in trying to find who was to blame; Tom was more than happy for him to do so. Of course, being interviewed by Rob was weird, but his thoroughness demonstrated that he was taking the situation seriously. As they sat down, Tom reassured Rob that he should treat him as he would ‘any other suspect’ and forget their respective positions within the organisation. So Rob did. Rob’s first question caught Tom a little off guard. Yes, he’d seen, read and understood the policies and procedures surrounding information governance. In fact, he’d been instrumental in helping Rob write them! Moving quickly on to security policy and Tom began to feel like a suspect. He confessed he hadn’t changed his password recently even when the message flashed up prompting him to do so. Making up new complex passwords is not best done under pressure. Yes, in an ideal world, he would change it every four weeks but in reality who was actually doing that? The fact that everyone Rob had spoken to so far said they knew the rules, didn’t mean they actually were following them. And his comment that Tom was in violation of the security policy, was just churlish. Rob asked Tom if he was aware of the protective technologies the organisation had deployed to provide a formidable security blanket. Aware of them, Tom had to sit through endless presentations with Rob from various vendors touting them. The social engineering test that the penetration team had conducted was infamous with the stunts they’d pulled. Tom was quick to remind Rob that every highlighted area had been addressed, with no expense spared. Tom’s encryption habits were the next element Rob scrutinized. Tom had to admit he hadn’t upgraded the program on his PC yet as he was worried about compatibility problems opening older files. He’d started to do it, but he’d been under pressure and it was taking so long, so he’d had to abort it - it didn’t mean he wouldn’t. When he confessed he’d ‘switched off’ encryption on his laptop Rob became really agitated. In Tom’s defence, it had slowed down performance, admittedly not by a huge amount, and Rob had to realise that every second counts. Yes, Tom agreed, he knew this violated the security policy. Rob’s interrogation continued, this time asking how many other devices Tom used during the day. A little more bullish, Tom pulled out his corporate owned smartphone that he used for emails. Rob asked if there were any ‘personal’ devices Tom owned and, rather proudly, Tom pulled his shiny new iPhone 4S and laid it rather tenderly on the table. He didn’t use it for business so it was okay he’d not told anyone. Rob snatched it up and his horrified expression said it all as he accessed Tom’s personal hotmail account and started looking at the various messages, complete with attachments, Tom had forwarded to himself. ‘It’s got a better screen to see the graphs and charts on’ sounded a little hollow to even his own ears and Tom knew what was coming next. It was a clear violation of the security policy.


77

In for a penny, in for a pound, Tom decided to come clean about his iPad. He’d wanted to work on the train and the laptop was just so cumbersome to haul backwards and forwards so this was far more convenient. He’d transferred some documents to work on – the payroll, some R&D reports, a few tenders, and of course the latest board minutes. He’d never dream of moving a whole database to it! Rob then showed him how he could access the corporate SharePoint site and its Aladdin’s cave of information. If only Tom had known, he could have been so much more productive. Rob did warn that this too was a violation of the security policy. Rob moved on to examine Tom’s laptop computer and it didn’t take long to identify the malware skulking in its operating system, spewing passwords and login credentials across the ether. Rob had identified where the leak was and could plug it. The question was, did Tom still want the person responsible out? So, what does this scenario demonstrate? Even if an organisation is doing all the right things, if the people within it aren’t, then it’s all for nothing. It would seem that although security and governance issues are increasingly being discussed at board level, the perception remains that senior personnel believe that IT security policies and procedures apply to the general workforce, but they don’t necessarily practice what they preach. When data loss has become a daily news headline and regulators are hitting hard on organisations with lax attitudes towards data security, IT departments should be able to count on their board members and senior management teams to lead by example. To prevent falling into the same trap organisations need to take an enterprise approach to IT security awareness programs and take the following steps:

• Introduce policies and procedures that keep the organisation safe • Write them clearly so everyone can understand them • Think carefully when signing off policies and procedures about whether the measures outlined are

workable in daily practice. People will always find ways around rules that prevent them from doing their jobs effectively.

• Improve IT security education, so that every single person not only knows what they should be doing, but also why they’re doing it and the consequences of not following them.

• Differentiate IT security awareness programs, so people don't get bogged down with policies and procedures that don't apply to them. People are far more likely to remember and adhere to security rules that are applicable and relate to their job function.

• Regularly update policies and make sure everyone knows when this has happened • Important security practices and technologies should be enforced without the option to be overridden • Disciplinary action should be applied consistently across the organisation when an infringement occurs.

World News In Brief

NHS Trust Fined £325,000 Following Data Breach Brighton and Sussex University Hospitals NHS Trust has been served with a Civil Monetary Penalty (CMP) of £325,000 following a serious breach of the Data Protection Act (DPA). The fine is the highest issued by the ICO since it was granted the power to issue CMPs in April 2010. It follows the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff on hard drives sold on an Internet auction site in October and November 2010. The data included details of patients' medical conditions and treatment,

disability living allowance forms and children's reports. It also included documents containing staff details including National Insurance numbers, homeaddresses, ward and hospital IDs, and information referring to criminal convictions and suspected offences.

The data breach occurred when an individual engaged by the Trust's IT service provider, Sussex Health Informatics Service (HIS), was tasked to destroy approximately 1000 hard drives held in a room accessed by key code at Brighton General Hospital in September and October 2010.

A data recovery company bought four hard drives from a seller on an Internet auction site in December 2010, who had purchased them from the individual.


88

Although the ICO was assured in our initial investigation following this discovery that only these four hard drives were affected, a university contacted us in April 2011 to advise that one of their students had purchased hard drives via an Internet auction site. An examination of the drives established that they contained data which belonged to the Trust. SMARTRAC Supports FujiFilm Photo Printing Kiosks with its BullsEye NFC Inlays SMARTRAC N.V. announces that it supplies BullsEye NFC inlays for FujiFilm SmartPix kiosks in the United Kingdom. The "Tap 'n' Print" service is available on kiosks in selected supermarkets, retail outlets, pharmacies as well as camera shops. The new feature, developed by FujiFilm together with UK-based Near Field Solutions, makes it easy for consumers to transfer images from their NFC phone by selecting the pictures they want to print and touching their phone to the kiosk. The phone sends the photos via Bluetooth connection.

SmartPix kiosks act as a link between the consumer, FujiFilm's web server and a variety of output options. In addition to standard photo prints, consumers are able to print montages, photo books and other photo-based gift items using the kiosk. SMARTRAC BullsEye NFC inlays enable convenient and instant Bluetooth pairing with any electronic device using Bluetooth transfer protocol. In SmartPix kiosks' case, the pairing takes less than a second.

FujiFilm has run a trial with 10 to 15 NFC-enabled kiosks in the UK. The company expects to upgrade 9,000 more kiosks outside Europe with NFC modules by the end of this year. Small Cells and WiFi Solutions to Take Nearly 60% of Mobile Traffic Over Next 5 Years A new report from Juniper Research has found that while the level of data delivered to mobile devices is expected to continue to expand dramatically over the next five years, service providers will offload nearly 60% of traffic in that period. According to the report, service providers are increasingly seeking to reduce the strain on their network caused by the proliferation of connected smart devices by deploying their own WiFi hotspot networks and offering small cell solutions to end-users.

The report, Mobile Data Offload & Onload: WiFi & Small Cell Strategies 2012-2016, notes that while small cells were developed primarily to enhance network coverage, service providers are increasingly offering them as an offload solution and integrating them with WiFi technology within a single unit. Report author Nitin Bhas observed, the deployment of integrated cells offers further potential benefits to network operators beyond coverage improvement and congestion relief. "With WiFi integrated small cells, seamless data services can be extended to non-cellular devices as well, such as cameras and WiFi-only tablets, offering operators the opportunity to develop new revenue streams", he said. The 'Mobile Data Offload ~ Avoiding the Jam' whitepaper is available to download from the Juniper website together with further details of the full report. CARTES 2012 Examines Mobile Payments and Security in the Cloud CARTES 2012 Exhibition and Conference will take place in Paris (France) from 6 to 8 November 2012. The two main themes of the leading smart-technologies event will be mobile payments and security in the Cloud, with India as the special guest nation. "Mobile Payment and Security in the Cloud are two of the major challenges facing smart technologies, and authentication in particular, over the next five years. As CARTES is the industry's key event in terms of trends and innovative technological solutions, it was obvious to us that these fundamental developments had to take a central role," explains Isabelle Alfano, Director of the CARTES show.


99

The rise of the Smartphonatic Gareth Ellis, Lead Solutions Consultant, ACI Worldwide discusses the emergence of a new

type of mobile consumer. With approximately 5.9 billion mobile subscribers worldwide, mobile phone access is ubiquitous in many countries. Although feature phones still dominate the wireless landscape, smartphone adoption is surging. According to VisionMobile, smartphone adoption has reached more than 27 per cent around the world. Meanwhile smartphones are transitioning from luxury items to lifestyle staples and many financial institutions (FIs) have launched mobile banking services or are in the process of developing, deploying, or planning for mobile payment capabilities.

Gareth Ellis

FIs have many questions about consumers’ behaviours and attitudes regarding mobile services. Who will be the early adopters? What technology requirements will these consumers place on FIs? How should mobile services be marketed to consumers? Early adopters A recent study of mobile banking and payment adoption rates in 14 countries sought to lift the veil on this activity and has discovered a new category of consumer: The Smartphonatic. This person uses their smartphone enthusiastically when shopping for products and services as well as when they interact with their banks. Smartphonatics aggressively change how they shop for products and services and how they pay for goods and services. Their mobile payment and banking behaviours stand out from those of other consumers and as a result they are far more likely to have used a mobile device for banking. Smartphonatics are an emerging consumer force being credited for driving the adoption of mobile banking and payments across the globe and setting the bar for how financial institutions will have to respond over the next five years. Willing to try new technology if it will benefit them, the behaviour of Smartphonatics will provide the blueprint for how later adopters of the technology will behave. Globally, nearly 25 per cent of consumers can be classified as Smartphonatics, and as you would expect this segment trends toward youth, being made up of primarily Gen Yers (36 per cent) and Gen Xers (33 per cent). The number drops significantly among both Baby Boomers and Seniors with 18 and 6 per cent worldwide respectively. The U.K. sees an interesting but slight generational switch with more Gen Xers (46 per cent) than Gen Yers (41 per cent) but mirrors global trends among Baby Boomers (8 per cent) and seniors (5 per cent). As you would expect, Smartphonatics vary by region too. But did you expect there to be more of these types in India and China than in the U.S. and Europe? In fact, India has the highest percentage of Smartphonatics with 60 per cent, followed by South Africa (42 per cent), Brazil (37 per cent), the U.A.E. (34 per cent) and China (31 per cent). In the future, 75 per cent of Indians may be in the Smartphonatic category, along with 60 per cent of Americans. The current difference in size of the Smartphonatic segment across countries doesn’t reflect innate differences between nations – it reflects each country’s evolution in the maturity of the mobile channel. What’s holding consumers back? With the overall average mobile payment penetration at 14 per cent, the U.K. sits in 10th place, with 16 per cent of those polled meeting the Smartphonatic criteria ahead only of Sweden, Germany, France and Canada. In the U.K., 30 per cent of Smartphonatics who haven’t made mobile payments cite a lack of trust as their reason for not doing so. Among other U.K. consumers, however, having a mobile phone that isn’t set up to make mobile payments is the most prevalent reason. The pattern among German consumers was similar to the reasons cited by British respondents. More than half of French Smartphonatics haven’t made mobile payments because their banks don’t offer it. Other French consumers, on the other hand, pointed to the inability of their mobile phone to make mobile payments. For both Italian Smartphonatics and other Italian consumers, too, this reason was the most frequently cited factor for not making mobile payments. And in Sweden and South Africa, nearly four in 10 Smartphonatics said they don’t know how to make mobile payments.


1100

World News In Brief

People Stress More about Losing Their Phone than Their Wallet! The results of a survey released and sponsored by SecurEnvoy reveals that people would prefer to lose the contents of their wallets than their mobile phones! The study asked what people would most fear losing from their back pocket - 37% said their 'personal phone'; 20% their 'company phone'; 25% said '£50'; with just 18% citing 'credit cards'.

This is further confirmation that, as a nation, we're not only increasingly attached to our phones, but that we're also gripped by nomophobia - the fear of being out of mobile contact. Andy Kemshall, CTO and co-founder of SecurEnvoy explains, "The mobile phone really has revolutionised the way we keep in touch - both in our personal lives and business lives.

And this study really highlights just how high a value we place on them, especially with so many preferring to lose a relatively significant amount of money to their phone. As functionality increases on devices, so too will our dependence on them - we can already use them for so much more than talking. With that in mind, using a mobile phone as your authentication token seems a natural choice and far more convenient than carrying an old fashioned style hardware. A previous study we conducted in January found 46% do not use any protection at all. Perhaps it's time we showed these little devices just how much we love them and secure them." Adobe Recognises Universign as a Trusted Authority Cryptolog has announced that AdobeSystems Inc. recognises Universign, the online time stamping and electronic signature platform by Cryptolog, as a trusted authority as part of its Adobe Approved Trust List (AATL) program.

However, a shift away from the use of cash is evident among Smartphonatics in the main. In Sweden, for example, the percentage of Smartphonatics who prefer to use cash for lower-value goods dropped 40 percentage points, from 56 per cent three years ago to just 16 per cent today. In South Africa and the U.K., the corresponding percentage-point drop was roughly 20 points. In the other countries, the shift away from cash among other consumers was far less prevalent. How can FIs respond? It’s clear that consumers are increasingly expecting to shop and transact anywhere, at anytime, making mobile the hottest area of opportunity for financial institutions, processors and retailers today. These organisations will need to plan strategically for mobile as part of their overall channel strategy, alongside ATMs, POS, branch and online banking, and the most successful companies are leveraging their existing banking and payments systems to implement innovative mobile services. They would also do well to generate mobile payment interest and demand through marketing programs which clearly demonstrate the convenience and benefits of replacing cards with a mobile wallet. This is something the industry has not been great at doing in the past to promote uptake of new banking and financial services. Looking ahead, Smartphonatics will continue to lead the way in the adoption and use of mobile payments and mobile banking. Among consumers who have not already made mobile payments, a higher percentage of Smartphonatics than other consumers in all seven EMEA countries surveyed expect to make a mobile payment in the near future. In addition, an overwhelming majority of Smartphonatics will be using a mobile device for banking by 2013. The global rise of mobile payments will occur at different rates across countries. Mobile payments adoption will continue to rise or lag in unexpected places irrelevant of traditional economic or cultural boundaries. The United States, for instance, has a good shot at being among the developed economies where mobile payments arise first. Yet, neighboring Canada is set to be a serious laggard. In Europe, Italy shows far more promise than a Nordic country like Sweden―which has long been perceived at the cutting edge of all things mobile, including mobile banking―or any other major European economy such as Germany, France, and the U.K., for that matter. One thing is for certain, the rise of mobile payments and the Smartphonatic is set to upend the world map of electronic payment powers.


1111

The AATL program allows millions of users around the world to create digital signatures for PDF documents that are trusted whenever the signed documents are opened in Adobe Acrobat and Reader. By creating a global list of certificate-issuing authorities that enable the creation of trusted digital signatures, the AATL program provides the level of security that is needed for signing to be adopted on a massive scale. Thanks to this collaboration between Adobe and Cryptolog, Universign users and clients will be able to benefit from an exceptional user experience as they exchange contractual electronic documents. In just a few clicks, they will be able to timestamp, sign and have other people sign their PDF documents and send them on to third parties secure in the knowledge that their signatures are reliable, trustworthy and approved as soon as they are opened in Adobe Reader and Acrobat. M&S Bank to Launch in Summer 2012

This summer will mark the arrival of M&S Bank, bringing 50 M&S branches in store over the next two years. With the first branch scheduled to open in July at Marks & Spencer's flagship Marble Arch store.

Branches will be open twice as long as traditional high street banks; mirroring M&S store opening hours. A current account will be made available from autumn 2012 and customers can pre-register their interest in July, mortgages will be offered by the bank at a later date.

M&S Bank has the support of one of the world's most successful and financially strong banks - HSBC. Joe Garner, Head of HSBC in the UK, commented: "This is our most significant innovation in retail banking since we launched First Direct over 22 years ago."

Shipments of NFC-ready POS Terminals Doubled to 2.5 Million in 2011

According to a new research report from Berg Insight, the market for NFC-ready POS terminals grew fiercely in 2011 with annual shipments doubling to an estimated 2.5 million units worldwide.

The rapid growth was driven by a transition in the NFC-payments ecosystem from performing trials to accelerating the rollout of NFC-ready payment infrastructure, in preparation for the arrival of NFC-based mobile payment services. Berg Insight forecasts that the global installed base of NFC-ready POS terminals will grow at a compound annual growth rate (CAGR) of 49.4 percent from 3.9 million units in 2011 to 43.4 million units in 2017. This corresponds to an increase in the penetration rate from 8 percent in 2011 to 53 percent in 2017. If PayPal Offered a Mobile Wallet, 8 in 10 Consumers Would Use It Consumers who are interested in mobile wallets would consider using alternative players to their primary bank for mobile wallets and for banking. These consumers also expressed strong interest in using a wide variety of services in their mobile wallet, such as search & shop, loyalty programs and real-time incentives. These are two major findings from a mobile wallet study conducted by Carlisle & Gallagher Consulting Group. "The competitive threat from new entrants is real. Consumers are open to considering alternatives to their primary banks to provide mobile wallets and even core banking services," said Peter Olynick, CG's Card & Payments Practice Leader. "People have already slowed their use of cash and cheques in favour of credit and debit cards. Within five years, half of today's smart phone users will be using their phones and mobile wallets as their preferred method for payments. These customers will be using better tools to help them optimize transaction choices. Banks need to proactively consider how their products will stay 'top of wallet' in the new mobile wallet world."


1122

The rise of social commerce and the impact on the payments chain

By Sascha Breite, Head Portfolio & Positioning, SIX Payment Services

It wasn’t long ago that traditional high street retailers were feeling somewhat alarmed at the rise of electronic commerce – internet shops were increasingly taking business from the high streets, causing retailers, merchants and payments players alike to panic about the impact this would have on their businesses. In much the same way, the growing buzz around social commerce is causing a stir and the introduction of Facebook credits in 2009 and similar closed-loop payment schemes are leading some observers to question the dominance of key influencers within the payments industry. Sascha Breite

In recent years social networks have proven they are more than just a fad, having amassed vast numbers of users. Illustrating this popularity, Facebook alone boasts 900 million active users worldwide. Add to that the growing adoption of smartphones – a staggering 200 million Facebook members access the social networking site through their mobile phone every day – and you have an army of consumers that are connected 24/7 and interacting in real-time. As ever-more individuals use these online networks to engage with one another, a natural move from individuals interacting with friends to communicating with brands and retailers on these platforms has taken place. Whether it be ‘following’ your favourite high street shop on Twitter, or ‘liking’ a brand on Facebook, or ‘pining’ an image of a product from your favourite online retailer on Pinterest, social networks are increasingly aiding businesses in raising their profile and facilitating commerce. It is unsurprising then that social commerce is increasingly gaining traction amongst merchants looking to sell their products and services via this platform. Connecting businesses with customers It is certainly easy to see why social commerce is becoming an attractive proposition for merchants. Social media platforms deliver exposure to a much wider and willing customer base meaning retailers can easily, and at a relatively low cost, reach their target audience. Furthermore, the vast amounts of information that sites, like Facebook, hold on individuals can provide valuable behavioural insight for marketers. For example, if a brand has a Facebook page, it can easily see not just how many people have ‘liked’ their product, but also where they live and what other products and brands they ‘like’. Retailers have used this facility to their advantage, but other industries such as financial services, a sector that is not traditionally known for harvesting great customer relations, can use such networking tools to talk directly to their customers. For example, financial services provider can find out what customers like and what kind of services they would want. They could then make sure this feedback ties directly into new products and services before investing huge amounts of money on developing, bringing to market and advertising new offerings. These networks can also be used to monitor public opinion: is the public ready to trust contactless payments? Do customers really want to bank via their mobile phones? However, consumers’ use of social media platforms is going beyond expressing likes and dislikes. As social networks gain ever-more users, who spend increasing amounts of their time on these sites, naturally consumer confidence and trust in these channels is growing. There has long been debate around consumers’ readiness to entrust personal information to these sites, such as dates of birth and home addresses. As their willingness to part with data increases, this trust is extending to money. Consumers, especially of the younger generation, are now trusting social network sites enough to use them as a purchasing platform which creates opportunities for not just merchants but for social networking sites to shake up the traditional payments model. Facilitating micropayments Facebook, in particular, has been quite active in the payments space by launching its own currency.


1133

PYXmarkets Goes Live with PayWizard PYXmarkets, a new and innovative, digital options trading platform, has chosen the branded PayWizard e-wallet as its exclusive online payment mechanism. Launched on 11th June, PYXmarkets will offer retail and professional traders digital option trading opportunities on some of the world's most liquid assets, including: UK 100, Barclays, BP, Gold, OIL and USD/GBP.

Facebook Credits is a virtual currency that members can use to buy virtual goods in any games or apps on the Facebook platform. Users can purchase Facebook Credits directly from within an app using their credit card, PayPal or mobile phone. Highly successful games, such as Farmville, can only survive when combined with people using their credit cards and PayPal accounts to pay for credits or ‘gifts’. Given that in the first quarter of 2011 Farmville had over 236 million monthly active users, it is clear that individuals are increasingly happy to spend money on Facebook. Furthermore, during the same period, Zynga, the group behind the likes of Farmville, generated $235 million in revenue. Given that advertisement revenue in the quarter was just $9.9 million, the majority of revenue came from virtual goods sales, illustrating that Facebook Credits can offer a viable and affordable form of micropayment acceptance. A social commerce future? Nevertheless, there are weaknesses in this social commerce model. The roll out of Facebook Credits into the real world and developing into an established payments system would require the establishment of a currency conversion system, not to mention a more stringent risk and security management process. These are not core competencies for these social networking sites and it is fair to say that Facebook, Twitter and Pinterest all lack the established payments experience required to truly challenge the traditional payments players on this front. In recognition of its limitations and the challenges developers face, Facebook recently made a dramatic u-turn by announcing the decision to abandon its Credits virtual currency platform in favour of a system which allows developers to be paid in a local currency of their choosing. From July 2012, developers will be able to accept local currencies for in-app payments - as well as take subscriptions - with Facebook Credits being phased out completely by the end of the year. By removing Credits from the equation, Facebook has streamlined the payments process and provides more stable options for developer pricing, with Facebook continuing to rake in a 30% cut on all sales. However, even with such a bold move, Facebook and their kind have yet to suggest that payments servicing is an area they are interested in moving into. At the moment, especially for Facebook, the bulk of revenue comes from advertising space. Furthermore, given the vast amount of data Facebook holds on individuals, and how attractive such information is to retailers wishing to tailor their marketing campaigns, commerce is more of a nice-to-have rather than a must-have for social networking sites. Facebook commerce – maybe one day... Despite vast network sizes and the revenue potential, it seems unlikely that Facebook will take their alternative payment system into the real world any time soon. That is not to say that traditional payments players should take their eye off the ball. On the contrary, they will still need to keep a close eye on social networks and their growing influence on commerce and buyer behaviour. For as long as consumers are spending time on social networks, retailers will want to have a presence and encourage them to take up their goods via this platform. Therefore a future where this virtual communication between consumer and merchant evolves into a monetary exchange could become a reality sooner than envisaged.

World News In Brief

PYXmarkets chose to enter into an exclusive relationship with PayWizard because the e-wallet provides traders with a secure, flexible, 'one-click', digital payment mechanism while PayWizard's management information dashboards gives PYXmarkets the ability to view traders' transaction behaviour in real-time. This provides PYXmarkets with a valuable tool for targeting traders immediately with relevant information and promotions, to improve customer loyalty and optimise ARPU (average revenue per user).


1144

Individuals wishing to make a trade simply visit the PYXmarkets website, create a PayWizard account online, top up their PayWizard e-wallet from their credit/debit card and then start trading. The PayWizard e-wallet holds digital versions of a consumer's credit/debit cards, the current balance, and various personal data. It also facilitates continual card authorisation for true 'one-click' purchases. PayPal Launches the PayPal Access Prepaid MasterCard PayPal UK has launched a new payment card that lets customers spend and withdraw money from their PayPal account on the high street and everywhere that MasterCard is accepted around the world. A PayPal Access Prepaid MasterCard holder who receives a PayPal payment can spend or withdraw the money straight away with the card - there's no need to transfer it to a bank account. The card holder has direct access to their available balance and can manage their card online via a simple single sign-in process. Customers can also make instant 'tap and go' payments of up to £ without entering a PIN, with the new MasterCard PayPass technology. The PayPal Access Card is being offered to selected PayPal UK customers. No Cash, No Wallet - No Worries Cards could soon be a thing of the past as the Royal Bank of Scotland's (RBS') new mobile app enables people to withdraw money from the ATM using their smartphone. The new app enables RBS and NatWest customers to withdraw up to £100 from thousands of cash machines. After selecting the amount to withdraw on the app customers are given a six-digit code which is tapped into the ATM to withdraw the cash. Ben Green, head of mobile at RBS and NatWest said, "It is a really simple and secure way to help our customers get cash whenever and wherever they need it." This latest app follows NCR's announcement which allows people to scan a barcode on their smartphone at an ATM, see Tuesday 12th June’s SCN Daily News.

Android Smartphone Activations Reach 331 Million in Q1 2012 MarketResearch.com has announced the addition of the new report "Android Devices Database: Activations by Vendor, Handset Model & Region Q1 2012," to their collection of Wireless market reports. While Android growth is slowing down, the Google backed operating system still maintained triple figure Year-on-Year (YoY) growth of + 126 % in Q1'2012. With nearly 85 million shipments in Q1'2012, Android Smartphones maintained market domination within the Smartphone segment of the market, with a global market share of 59 % and increasing the installed base of legitimate Android device (handset) activations to 331 Million, up from 250 million in Q4'2011. For more information visit http://www.marketresearch.com Samsung Mobile Puts All the Pieces in Place to Bring NFC to the Masses Samsung Telecommunications America (Samsung Mobile) is helping consumers realise the potential of NFC technology today with the creation of Samsung TecTiles and the TecTile programming application. With the largest user base of NFC-enabled devices in the United States and TecTiles available in all four major carrier stores and at major online retailers at the launch of the Galaxy S III, Samsung is ensuring NFC becomes a part of daily life. With a simple tap of an NFC-enabled phone to a TecTile, consumers are able to automate everyday functions of a smartphone. TecTiles will transform how businesses large and small engage with consumers. Off-premise, businesses can use TecTiles as a way to market to and engage with consumers by enabling reward programs and to download discount offers or content. "With millions of NFC-enabled Samsung Galaxy smartphones currently in the market and the arrival of our flagship device Galaxy S III, Samsung saw an opportunity to expand the value of NFC beyond mobile payments," said Dale Sohn, president of Samsung Telecommunications America.


1155

Fujitsu Laboratories, NICT and Kyushu University Achieve World Record Cryptanalysis of Next-Generation Pairing-based Cryptography Fujitsu Laboratories Limited, National Institute of Information and Communications Technology and Kyushu University jointly broke a world cryptography record with the successful cryptanalysis of a 278-digit (923-bit)-long pairing-based cryptography, which is now becoming the next generation cryptography standard. Until now, cryptanalysis of pairing-based cryptography of this length was thought impossible as it was estimated to take several hundred thousand years to break. Indeed, despite numerous efforts to use and spread this cryptography at the development stage, it wasn't until this new way of approaching the problem was applied that it was proven that pairing-based cryptography of this length was fragile and could actually be broken in 148.2 days. This result is used as the basis of selecting secure encryption technology, and is proving useful in the standardization of next-generation cryptography in electronic government systems in Japan and international standardization organisations. Many cryptography systems are used from the viewpoint of information security on a modern information system. Recently, much attention has been paid to the new "pairing-based" cryptography system, which is being standardized as a next-generation encryption system. The technology is attractive as it can be used for various useful applications such as "Identity-based encryption", "keyword searchable encryption", and "functional encryption", which were impossible using previous public key cryptography. As for a security evaluation of cryptographies, we succeeded with the cryptanalysis of the pairing-based cryptography of 278 digits (923 bits) by using 21 personal computers (252 cores) in 148.2 days. The cryptanalysis is the equivalent to spoofing the authority of the information system administrator. As a result, for the first time in the world we proved that the cryptography of the parameter was vulnerable and could be broken in a realistic amount of time. This was an extremely challenging problem as it required several hundred times computational power compared with the previous world record of 204 digits (676 bits).

Rival to Quantum Cryptography Researcher, Laszlo Kish at Texas A&M University have shown a new safe way to transmit information, which they claim guarantees complete security. The idea is based on the second law of thermodynamics, at either end of the wire there are two resistors of different values, there correspond to 0 and 1. The message is constructed and sent by connecting the resistors in turn in the appropriate order. The recipient connects resistors to the wire at random, giving a random fluctuation of current in the wire. However, because the recipient knows the resistors he connected, he can decode the message from the random noise. GlobalPlatform and the TCG Form Work Group to Drive Mobile Security Standards and Solutions GlobalPlatform and the Trusted Computing Group (TCG) announced the creation of a joint work group that will allow sharing of expertise and collaboration around mobile device industry standards. The joint work group will coordinate activity, such as technical requirements, technical specifications and use cases, between the two groups. The focus of the work group will be placed on security topics. This includes the TCG Trusted Platform Module Mobile (TPM Mobile) - a TCG-specified security component for mobile devices that supports secure boot, and secures root secrets and immutable data, and GlobalPlatform's Trusted Execution Environment (TEE) - a secure area that resides in the main processor of a smartphone and ensures that sensitive data is stored, processed and protected in a trusted environment. "Both GlobalPlatform and the TCG feel it is important to have a collective understanding and insight into the work that is being undertaken," comments Gil Bernabeu, Technical Director at GlobalPlatform. "Through these discussions, it will be possible to outline a technical roadmap for deploying security on mobile devices, ensuring long-term technical interoperability and innovation across multiple sectors." GlobalPlatform and the TCG aim to conclude phase one analysis of their respective technologies, which will identify areas for future collaboration, in the first quarter of 2013. Member companies that participate in both industry associations will be eligible to contribute to the work group.


1166

Why 2012 is the year of Public Key Infrastructure

Comodo, Sony, RSA Security and many more have been badly breached recently - but does that mean the death toll for PKI? Calum MacLeod, Venafi EMEA director, cautions on

ringing that bell yet

Recently, the IT security world was shaken to its very core. Established and trusted organizations fell from grace as they became victims of hacking. In the case of Comodo and StartSSL the resultant outcry has seen many quick to declare that public key infrastructure (PKI) is dead or dying. However, I believe it is the best we’ve got and it will not be replaced any time soon – to argue otherwise is a waste of energy. In fact, I actually think the reverse and that 2012 is the year of PKI.

Calum MacLeod

I could spend ages telling you about the various hacks and what went wrong but - as many others have already done that – including myself. Let’s assume however you either know or have read about it elsewhere. Instead, let’s focus on the critical role certificates and PKI play in securing data and authenticating systems across all types of organizations. And think of all the systems that now leverage (and very effectively I might add)PKI, including the traditional IT data center infrastructure, public and private clouds, and an exploding number of mobile devices that require authentication, to name just a few. Within a PKI, a certificate authority assigns each system or user a unique identity - a digital certificate - that allows the certificate holder to work within the protected environment. This allows organizations to let customers, partners, and employees to authenticate to systems and users. I would argue, perhaps controversially, that PKI delivers a virtually seamless experience for users while providing trusted security. And it is the word trusted that many of you will scoff at. How can they be trusted? To pretend that they’re infallible is churlish. Instead, what needs to be recognized is that the world we live in is imperfect and, a bit like a car, we need more than one security feature if we’re to prevent ourselves flying through the windscreen. Let’s use the car analogy to illustrate the point. Cars have brakes to stop them in an emergency. Yet, all too often, there are accidents. Has anyone pointed the finger at the braking system and declared it dead? Of course not. Instead, the designers have worked tirelessly to improve the overall safety of vehicles, installing impact bars and roll cages, seatbelts, and an airbag just to make sure. An organizations security should be approached in much the same way. To do this, we need to first understand the challenges faced. Depending on the IT environment where keys and certificates are being deployed, some or all of these risks may apply:

• Certificates that are not renewed and replaced before they expire can cause serious unplanned downtime and costly outages

• Private keys used with certificates must be kept secure or unauthorized individuals can intercept confidential communications or gain unauthorized access to critical systems

• Regulations and requirements (like PCI-DSS) require much more stringent security and management of cryptographic keys, and auditors are increasingly reviewing the management controls and processes in use

• The average certificate and private key require four hours per year to manage, taking administrators away from more important tasks and cost hundreds of thousands of dollars per year for many organizations


1177

World News In Brief

Microsoft Announces Surface: New Family of PCs for Windows

At an event in Hollywood, Microsoft unveiled Surface: PCs built to be the ultimate stage for Windows. Company executives showed two Windows tablets and accessories that feature significant advances in industrial design and attention to detail. Surface is designed to seamlessly transition between consumption and creation, without compromise. It delivers the power of amazing software with Windows and the feel of premium hardware in one exciting experience. University Advance Intelligent Biometric Security Researchers in the Biometric Technologies Laboratory at the university have developed a way for security systems to combine different biometric measurements - such as eye colour,

• If a certificate authority (CA) is compromised or an encryption algorithm is broken, organizations must be prepared to replace all of their certificates and keys in a matter of hours

• The rollout of new projects and business applications are hindered because of the inability to deploy and manage encryption to support the security requirements of those projects

Manage Certificates Properly As this highlights, certificate and encryption or private key management can be complicated. The fact that there are typically several people involved in the management of certificates and private keys makes the probability of error even higher. By clearly defining roles and responsibilities so that everybody knows what they’re responsible for can significantly decrease the likelihood of failure and make it easier to work out how to improve processes when something does go wrong. In some areas, system administrators will manually enroll for and install certificates. In others, a central system may be used for automated installation. The last thing you want as an organization is to be running around trying to figure out who is responsible for a key or certificate when an issue arises. Compile a list of responsible groups and/or individuals for each key and certificate in your inventory and develop a method for keeping the information current. Prepare for it If you act on the principle that you’re going to be hacked – it’s just a matter of time – then at least you’ll be prepared should happens. Just like brakes in a car, encrypt everything. Ensure that your encryption systems provide the security they are designed to deliver while simultaneously reducing operational risk and administrative workload. Finally, know where everything is. PKI and SLL are sensible platforms for certificate management. Abolishing them and putting something else in their place is not feasible – the vehicle already exists and it is not going away anytime soon. Instead, organizations need to recognize the challenge of using them and decide how they’re going to handle the coming explosion in certificates.

face shape or fingerprints - and create a learning system that simulates the brain in making decisions about information from different sources. Professor Marina Gavrilova, the founding head of the lab - among the first in the research community to introduce and study neural network based models for information fusion - says they have developed a biometric security system that simulates learning patterns and cognitive processes of the brain. "Our goal is to improve accuracy and as a result improve the recognition process," says Gavrilova. "We looked at it not just as a mathematical algorithm, but as an intelligent decision making process and the way a person will make a decision."

The algorithm can learn new biometric patterns and associate data from different data sets, allowing system to combine information, such as fingerprint, voice, gait or facial features, instead of relying on a single set of measurements.


1188

The existing methods of human identification such as identification documents and PIN are not able to cope with the growing demand for stringent security, which gives a high growth opportunity for the use of biometric technology. This technology is very popular also because biometric characters like face, fingerprint, hand, etc. cannot be lost, stolen, or easily forged. As the level of security breaches and transaction fraud increases, the need for highly secure identification and personal verification technologies is becoming apparent.

For more information on the biometric technology market visit http://www.companiesandmarkets.com HID Global Debuts One of The Smallest RFID Glass Tags

HID Global has announced its Glass Tag Mini 1.4 x 8 mm, a new radio frequency identification (RFID) glass tag that can be easily implanted in very small animals and used for other industry and logistics applications. The new Glass Tag Mini delivers exceptional read range for its size.

HID Global's breakthrough chip-handling capability enables the company to process micro-sized chips that are less than 0.3 square millimetres -comparable to a grain of rice and up to 75 percent smaller than previous generations. This, in conjunction with HID's direct-bonding technology allows the company to mount antennas to the smallest integrated low-frequency chips available, such as EM4200 from EM Microelectronic and Hitag u from NXP Semiconductor, and has led to the development of products such as the Glass Tag Mini. This, in conjunction with HID's direct-bonding technology allows the company to mount antennas to the smallest integrated low-frequency chips available, such as EM4200 from EM Microelectronic and Hitag u from NXP Semiconductor, and has led to the development of products such as the Glass Tag Mini.

New Cloud POS Solution from NCR Silver Launched by NCR Corporation, NCR Silver is a simple and affordable cloud-based point-of-sale (POS) software platform that enables small business owners and entrepreneurs to take payments and manage their entire business with one POS solution,

The key is in the ability to combine features from multiple sources of information, prioritise them by identifying more important/prevalent features to learn and adapt the decision-making to changing conditions such as bad quality data samples, sensor errors or an absence of one of the biometrics.

The research has been published in several journals, including Visual Computer and International Journal of Information Technology and Management, as well as being presented in 2011 at the CyberWorlds and International Conference on Cognitive Informatics & Cognitive Computing in Banff. Global Card Market Reaches $17 Billion in 2011, Up Nearly 14% from 2010

The global card market reached $17 billion in 2011, jumping almost 14% from 2010, according to the 2011 International Card Manufacturers Association (ICMA) Global Card Market Statistics Report. Higher value chip-based cards used in mobile phones and other electronic transactions as well as expanded production in the Asia-Pacific region led market growth as more than 30 billion cards were manufactured worldwide in 2011.

However, the report points out, the global card market will experience somewhat slower growth through 2015 and traditional magnetic cards will continue to be replaced by chip while smartphone apps and NFC technology will impact growth beyond 2015.

"The global plastic card market remains very strong in the mobile phone, financial, government/health and gift card market segments and we can expect continued growth in these segments for the next few years," says Al Vrancart, ICMA Industry Advisor and Founder Emeritus.

The report is available to ICMA members on the ICMA website at www.icma.com

Biometric Technology Market to Reach $13.89 Billion by 2017 The global biometric technology market is expected to reach $13.89 billion by 2017, at an estimated CAGR of 18.7%.

North America is the biometric technology market leader; followed by Europe and APAC. In ROW, Middle East and Africa are the largest contributors according to a new report from Companies and Markets.

changing the way small business owners manage their business. It operates on Apple devices like the iPad, iPhone and iPod Touch. Already in use around metro Atlanta, NCR Silver is transforming pilot customers' businesses, freeing up their time, allowing them to run their businesses more efficiently and paying for itself in increased sales. "NCR Silver takes the best of big-business technology and brings it to small business in an affordable package that's easy to use; enabling them to focus all of their attention on running their business, not their technology," said Christian Nahas, NCR vice president of small business. Orange Launches Nationwide Deployment of NFC SIM Cards with Gemalto Solution in France Orange and Gemalto announce the first large-scale rollout of a SIM-based NFC solution to enable NFC-readiness for mass deployment of mobile contactless services. Orange is the first operator in Europe to deploy latest-generation NFC SIM cards to its customers in France at a national scale. With this deployment, Orange is pursuing the implementation of a NFC infrastructure on a national level that enables service providers to come onboard and massively deploy mobile contactless services.

The UpTeq NFC high-end SIM is first on the market to offer the same security level as chip-based payment or smart cards. The solution will allow any service provider to dynamically manage its own security domain in the card and to load, personalise and update its related NFC applications remotely over time. Service providers will be offered a secure space on the SIM card, to manage and update their end customers' personal data, as within a vault.


1199

Orange subscribers will be able to download, activate and use NFC services on their phone and in an entirely protected environment.They will be able to access an easily expandable wallet of new NFC applications for payments, transportation, ticketing and loyalty programs. ImageWare Acquires Four Wireless Technology Patents to Enhance its Biometric Security Solutions ImageWare Systems, Inc. has acquired from a private company four U.S. patents related to wireless technology. These patents, combined with ImageWare Systems' existing foundational patents in the areas of biometric identification, verification, enrolment and fusion, provide a unique and protected foundation on which to build interactive mobile applications that are secured using biometrics. The patents cover a method for exchanging content-rich interactive messages via wireless devices. ImageWare's payment for the four patents involved a cashless transaction combined with potential future cash royalty payments. The cashless portion involved the issuance of 150,000 warrants to purchase ImageWare common stock, exercisable at $0.80 per share. Under the terms of the purchase agreement, the warrants cannot be exercised until or unless ImageWare realises a minimum of $500,000 in revenue from the patents. The warrants have a term of three years. The royaltypayment to the seller would equal 7.5% of any revenue ImageWare derives from the sale or license of products involving the patents, with the payment of such contingent royalties capped at $10 million. Smartcard News Subscription Smart Card & Identity News is an independent international newsletter. Our Key industry topics are smartcards, biometrics, cryptography, identity management, RFID, Mobile and payments. Within these industries we cover technological advances, security breaches, new products, personnel changes, contracts and company take-overs. We also include opinion pieces and technical tutorials from the industry’s leading experts. To subscribe please contact us on +44 (0)1903 734677 or email [email protected], subscription can also be purchased on Amazon by searching for “Smart Card & Identity News”

Smart Card & Identity News EMV Pin Pad Terminal (in ... June 2012.pdf · y News • Smart Card &...

Documents

Transcript of Smart Card & Identity News EMV Pin Pad Terminal (in ... June 2012.pdf · y News • Smart Card &...