Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1UL and the UL logo are trademarks of UL LLC © 2015
Making Cloud-Based Payments a reality
Arman AygenRegional Sales Manager
30 September 2015
2
Agenda
Mobile Payment StrategyScope and DevelopmentTesting and CertificationSecurity and Risk Assessment About UL
Current landscapeVision Strategy
3
5
Car
d P
rese
nt
Car
d N
ot
Pre
sent
Non
-Car
d P
aym
ents
Tokenization is necessary but not sufficient
Go Digital
6
Current landscape
Proximity paymentsPOS – mPOSFragmented Mobile ecosystem Remote payments Peer to peerValue added services
7
Assessing the impact
• Provisioning / Card profile
• Card Management System
• Authorization host
• UI / app / wallet
• Customer care / support etc.
8
9
Agenda
Mobile Payment StrategyScope and DevelopmentTesting and CertificationSecurity and Risk AssessmentAbout UL
Design & specificationsVendor vs In-houseDevelopment
10
What is ‘cloud-based mobile payments’?
SE in the phoneReceives a secret onceand keeps the secret safe for 3 years!
10010101011001110010010110011100101
SE in the cloudGenerates a secret prior to every transaction & uploads it to the phone
Different concept…
..same user experience
‘Tap and Go’: same user experience for cloud and non-cloud based NFC payments
11
Strategic choices
Backend integration•The issuer should integrate their backend to the xDES•Real time data handling and responses
Enrollment and Card provisioning•All processes and action for pre-digitization•Build internal support for pre-digitization and activation
Payment Transactions•Business as usual, receiving original PAN•Authorize transactions without crypto validation
Key decisions before implementating a mobile solution
12The battle between Legacy & Innovation is also being fought “under the water”
Infrastructure Space
Core banking sys.
MDES / VTS
Tokenization
APIs
Biometrics
HCE
Device fingerprint
White-box crypto
Product SpaceApple Pay
Google Hands Free
Android Pay
13
Agenda
Mobile Payment StrategyScope and DevelopmentTesting and CertificationSecurity and Risk Assessment About UL
14
Testing each components in the product System under test
Payment Network
Aquirer
Cloud Based System Issuer
Internet
Merchant POS
Mobile Device
Issuance
Transaction
Cloud-based solution
HCE MPA
• MPA • Cloud based system
• Issuer (Card management system)• Issuer (Authorization system)• Issuer (Card profile)
Systems Under Test
15
Ensuring interoperability on different levels
Objective 3• Ensure all functionalities of the
different mobile payment solution works correctly within one handset
16
Agenda
Mobile Payment StrategyScope and DevelopmentTesting and CertificationSecurity and Risk AssessmentHow can UL help?
17
PublicNetwork
Cloud Platform
Issuer Processing
Host S
ystem
Personalization backend
Application
Refreshment / Updatebackend
Mobile App Assets
CLF
Routingtable
SE
UI
Secure
OS
Rich OS
Application
HCECloud Assets
Cloud-based Payments.Security Evaluation – System Under Test.
Required bySchemes
Don’t forget the cloud
Provisioning, Account management. Life Cycle management
End User perspective
attacks
O.S. Attacks
U.I. Attacks
Pen -Testing
17
18
Listen to your customers...
19
Ensuring payment securityis one of highest priorities and security
in cloud-based payments is no exception
Since 2014, UL is a Visa, MasterCard and AmericanExpressCloud-based Mobile Payment Security Evaluation Laboratory
20
Agenda
Mobile Payment StrategyScope and DevelopmentTesting and CertificationSecurity and Risk AssessmentAbout UL
21
Safeguarding Security, Compliance and Global Interoperability
21
22
23
THANK YOU.UL – Innovation Seminar : Payment industry vs Silicon Valley
SF – Sept 9th 2015 Singapore – Sept 18th 2015Leiden – Sept 25th 2015 Sydney – Sept 15th 2015
UL – Security SeminarShenzhen - Oct 20th, 2015 San Jose - Oct 21st, 2015Atlanta - Oct 23rd, 2015 Leiden - Oct 27th, 2015Dubai - Oct 29th, 2015
UL – Mobile Payment MasterClassLeiden – Sept 21st, 2015 Barcelona – Oct 13th, 2015Zurich – Oct 19th, 2015 Croatia – Nov 10th, 2015Dubai – Nov 17th, 2015 Singapore – Dec 9th, 2015Sao Paulo– Dec 9th, 2015