hyperion drm training | hyperion drm training online | hyperion drm course
Trust, biometrics and mobile payments · 10/13/2014 · Consult Hyperion has helped some of the...
Transcript of Trust, biometrics and mobile payments · 10/13/2014 · Consult Hyperion has helped some of the...
Trust, biometrics and mobile payments
Dave Birch
Global Ambassador,
Consult Hyperion
Mobey Day
Barcelona, October 2014
1 Attribution-ShareAlike 3.0Version 2, 13-Oct-14
It’s the convenience, stupid
Fingerprints can not lie,
but liars can make
fingerprints.
B. Geller et al.
“A chronological Review
of Fingerprint Forgery” in
J. Forensic Sciences
44(5), p.953 (1999)
Who are Consult Hyperion?
Practical and independent expertise
Please copy and distribute
Mobile paymentsDeep involvement in mobile payment programmes
around the world
Payment schemesTechnical authoring and consultancy on EMV payment
specifications, strategy, training & certification requirements.
TfL Future Ticketing StrategyEnabling open-loop payments in London
transport
Mobile POSEnabling card payment acceptance within a new
category of Merchants
.
From technology roadmap to business plan
We have the handsets
■ High smartphone penetration
We have the schemes
■ Visa, MC, Amex all on board
We have the terminals
■ mPowa, iZettle, Zinc
We have the technologies
■ HCE, HFC, BLE
We have new infrastructure
■ FPS, Bitcoin
But we don’t have mobile payments…
3 Please copy and distributeVersion 1, 10/13/2014
But mobile payments work…
They work, they really do
4 Please copy and distributeVersion 1, 10/13/2014
…and NFC, HCE and BLE work…
Apple, Google, MCX and the end of the phoney war (yuk yuk)
5 In commercial confidenceVersion 1, 13-Oct-14
…and mobile biometrics work…
“It’s not about payment. It’s about identity”
Jack Dorsey, Founder of Square and Twitter (New York Times, 22nd December 2013)
6 Please copy and distributeVersion 1, 10/13/2014
…but don’t have an ecosystem
Hhhmmmm….
7 Please copy and distributeVersion 1, 10/13/2014
Hello 1997
No voice-based authentication on my train pleeeeezzz
8 Please copy and distributeVersion 1, 10/13/2014
TouchID (September 2013)
Do you know fingerprints can be faked? I heard about a Japanese guy who
did it with jelly babies or something?
■ Yes, I know.
Your fingerprints are all over your phone, people could easily steal them.
■ Yes, I know.
Criminals might be able to find a way to make a fake finger and use it to buy
songs on iTunes
■ Yes, I know.
Researchers were able to reconstruct useable 3D models of fingers by
accessing stored templates
■ Yes, I know.
Person: So would you use the new Apple TouchID on your next iPhone?
■ Me: Of course.
9 Please copy and distributeVersion 1, 10/13/2014
ApplePay
In-store will soon be in-app (NFC is not the disruptive technology)
10 Please copy and distributeVersion 1, 10/13/2014
Raising the bar
In-store will soon be in-app (NFC is not the disruptive technology)
11 Please copy and distributeVersion 1, 10/13/2014
Mobile biometrics in the mass market
S5 with FIDO in TEE and fingerprint authentication
12 Please copy and distributeVersion 1, 10/13/2014
Conclusions
Mass market biometrics are about convenience, not security
Security is provided by a combination of factors, no reliance on any
single factor
We have used very structured risk analysis with our clients to find
the right combination of factors
Apple’s solution is of the type that we have consistently
recommended:
■ Biometric authentication (not identification)
■ Against a revocable security token (using standards)
■ Held in tamper-resistant storage (owned by the customer)
Convenience trumps trust every time. Every time.
13 Please copy and distributeVersion 1, 10/13/2014
So the mobile payments roadmap is clear?
Perhaps people are more prepared to consider alternatives to the “conventional”
money and payment systems
14 Please copy and distributeVersion 1, 10/13/2014
Tomorrow’s Transactions:
thought leadership from Consult Hyperion
Read www.chyp.com/media/blog
Listen www.chyp.com/media/podcasts
Visit www.chyp.com
Contact [email protected]
Follow @chyppings
Thank You
Consult Hyperion has helped some of the world’s leading organisations to make the
right technical and commercial choices within and around smart, mobile, contactless
transactions, including retail payments, identity management and transit ticketing.
Consult Hyperion is a trusted advisor adding product strategy, technical, regulatory,
compliance and information security expertise into project teams within
organisations considering deploying innovative new payment or identity services.
15 Version 1, 13-Oct-14 Please copy and distribute
In January 2013, David Birch was ranked Europe’s most influential commentator on
emerging payments and in August 2013 Wired magazine named him one of their global
top 15 sources of finance and business information.
One more thing…
“Identity is the New Money” (LPP: 24th April 2014)
144pp paperback / ISBN 978-1-907994-12-8
16 Please copy and distributeVersion 1, 10/13/2014
Birch doesn't claim to have all the answers. What he has
done is produce a bold, forward thinking book that grapples
with weighty issues in a concise and accessible way. Retail
Systems (May 2014).