Here at Consult Hyperion, we are often involved in design implementation and testing of secure systems on devices such as smart cards and mobile phones for payments, banking and other applications where security is critical.
The biggest news in payments security in the last month concerns allegations that point of sale terminals supplied by PAX Technology have been subverted to have the capability of launching cyberattacks. Details of the allegations can be found at Krebs and Bloomberg; in response, PAX Technology has published a rebuttal.
Have you noticed that some of the best attended events at conferences recently are the investment panels, populated by canny investors talking about where they are currently placing their funds? And so this was the case with Consult Hyperion’s recent webinar The Role of Due Diligence in Investment Cycles, featuring Jonathan Luff Co-Founder of CyLon, Europe’s leading investor in pre-seed and seed stage cyber and security technology startups. Howard Hall, Managing Director of Consult Hyperion North America, and Gary Munro, Technical Director Consult Hyperion and Dave Birch our Global Ambassador, who moderated the discussion.
Victoria Saporta, BoE executive director for prudential supervision, has said recently that minimum resilience requirements should be required for the tech giants’ (and others’) hosting services, before they may process and store banking data. We strongly support these comments. We have identified this issue as one of a number of new risks arising from modern financial systems architecture, in recent Structured Risk Analyses that we have carried out for financial and retail organisations in North America, Asia-Pac and EMEA.
EMV is at the heart of global payment card processing. As a specification it governs the processing of billions of transactions globally, with the vast majority of those flowing through the international payment schemes. As a technology it has been incredibly successful, reducing fraud levels everywhere it’s been introduced and its extension into contactless payments is now the fastest growing area of face-to-face payments. The idea that EMV might soon be obsolescent seems far-fetched, to put it mildly, but there are reasons to believe that its hegemony is under threat.
We were delighted to get a lot of good feedback on Neil’s previous blog on Mondex Memories and CBDCs and its relevance to CBDCs and thought it would be interesting to respond to some of the more interesting – and difficult – points raised in a follow-up blog. Before addressing those I wanted to put the Mondex program into some historical context. They were very different days – we didn’t have an intranet until 1996, let alone internet access. There were no SDKs – although actually we did build a precursor to one of those – or APIs and the idea of remote payments was still in its infancy (although we did that too).