default banner

With the launch of new services such as mobile payments, cryptocurrencies and multi-factor authentication for online payments, the security of digital currencies is now a growing concern for consumers and businesses and needs to be addressed with cutting-edge cybersecurity solutions. Indeed, security is one of the three prerequisites to engender trust in these new technologies and to ensure the success of these advances in payment behaviors.

The Three Technical Challenges of Digital Payment Security

Mobile payment

There has been a growing interest for mobile payments in recent years, especially in the current health situation. But trust is needed to expand the use of this payment method. Not only does the device need to be protected in case of theft or physical attack, but confidential and personal data must also be secured during the transaction in order to avoid cyber-attacks. Secure-IC’s chip-to-cloud strategy to secure the connected devices both with both hardware solutions and software applications (a server in the cloud that can manage the security of the device remotely), is perfectly suited to this type of challenge.

Cryptocurrency

Cryptocurrencies have been introduced as a disruptive financial technology (Fintech), which would make global transactions easier, faster, and more secure, by putting control directly in the hands of the parties involved. The security of the cryptocurrencies relies on a promising and revolutionary technology called blockchain. It consists of a series of blocks that stores data in hash functions with timestamps so that the data cannot be changed or tampered with. As data cannot be overwritten, its manipulation is extremely impractical, thus securing the data and eliminating the centralized points that cybercriminals often target. While blockchain has several advantages over other systems, there are still some compliance, regulations, and enforcement challenges.

Biometric payment

The most notable factor about biometric identification is that it is a strong form and easy form of identification for the customer, saving nanoseconds in payment processing. We are probably all used to putting our finger on a sensor or on a payment terminal to authorize a payment, but what about just talking or looking at a device to trigger a transaction? This technology improves security and is a great way to improve the relationship between financial organizations and customers.

 

Conditions for Trust & Success

For each new payment technology, the 3 conditions to gain the trust of end-users are: ease of use, practicality and security.

Secure-IC also proceeds on the basis of this threefold strategy:

  • Security is our core business;
  • From a practical point of view, Secure-IC develops interconnected cyber elements linked to a server that ensures maximum security of the device and the data it contains or generates, throughout its lifecycle, that is Secure-IC’s chip-to-cloud strategy;
  • Secure-IC develops solutions for each end-user market, which brings ease of use for our customers.

Security Standards for Payment Systems

FIDO Alliance

Based on the free and open standards of the FIDO Alliance, FIDO Authentication replaces password-based logins with secure and fast biometric authentication-based login experiences on websites and applications. Secure-IC actively participates in the work of this alliance.

Common Criteria

The Common Criteria for Information Technology Security Evaluation (Common Criteria, CC) is an internationally recognized certification standard for the security of IT products and systems.

RISC-V

In order to protect the embedded devices that make up the IoT, security must go beyond software-based cybersecurity to hardware-based security with RISC-V. Globally with the advent of IoT, payment systems are facing risks of attacks from the network or locally through physical attacks. These attacks can provide malicious remote control and thus put the whole payment system at risk. Implementing RISC-V cybersecurity enhanced by Secure-IC’s Cyber Escort Unit provides real time detection of 0-day attacks to meet the challenge of Point-of-Sale IoT solutions.

EMVCo

EMVCo manages and evolves the EMV Specifications and supporting testing programs that are used to enable card-based payment products to work together seamlessly and securely worldwide.

Contact