“Gartner Listed - mobile application security guide”

February 16, 2017

Progress in mobile payment security

The past few years saw great progress in security due to mobile app security testing and development for banking and secure mobile payment processing, in part this is due to the evolving technology from semiconductor manufacturers and their software partners.

According to Sy Choudhury, Senior Direct Product Management at Qualcomm Technologies, “Mobile payments is driving so much of the technologies in security today … Hollywood, with its content protection, used to drive security requirements. But now it’s transactions and finance. Banks and traditional credit card processing companies, as well as the new ‘wallets’, are really pushing the security features of our silicon as well as the embedded software.”

The mobile app security in mobile payments apps is supported by an ecosystem of key players, some of which are well-known with other less so, who do their own mobile app security testing and development. These include banks, wireless communication carriers, credit card processors, E-Wallets and other products such as AliPay and WeChatPay.

Trustonic is providing Trusted Execution Environment (TEE) in about 800 million mobile devices, and Qualcomm believes that this is only the beginning for TEE. According to Choudhury, biometrics data, including retina scanning and fingerprints, has encouraged mobile payments to spread to all parts of the world. According to Choudhury, three things are considered when designing semiconductor and chipset technology for secure mobile payments on smartphones. Firstly, how to provide mobile app security to the payment app and how to support this with mobile app security testing and development. Secondly, how do you authenticate the user securely? And thirdly, how do you validate the device for its authenticity, and stop it being compromised?

2013 came as a turning point for mobile payment security by enabling host card emulation. With this, banks could put the secure element in the cloud with their own server and communicate with the customers remotely on their phones.

Many of these semiconductor technologies will roll out this year and will be tested to check if they can withstand the highly expert network of hackers. Though no technology can fully counter attacks, yet for the one that needs to progress, it has to increase the breach time for hackers to say the least, and at the same time decrease the value of what they achieve once they succeed in their breaching efforts.

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.