Defending secure applications against Jedi mind tricks

man people woman connection

Here at Consult Hyperion, we are often involved in design implementation and testing of secure systems on devices such as smart cards and mobile phones for payments, banking and other applications where security is critical.

Payments are hard. That’s why the world’s leading payment organisations come to us.

On Mondex and CBDCs (again)

Introduction

We were delighted to get a lot of good feedback on Neil’s previous blog on Mondex Memories and CBDCs and its relevance to CBDCs and thought it would be interesting to respond to some of the more interesting – and difficult – points raised in a follow-up blog. Before addressing those I wanted to put the Mondex program into some historical context. They were very different days – we didn’t have an intranet until 1996, let alone internet access. There were no SDKs – although actually we did build a precursor to one of those – or APIs and the idea of remote payments was still in its infancy (although we did that too).

Black Friday, Cyber Christmas, and a Contact-Free New Year

paper bags near wall

For most of us 2020 isn’t going to be a year to linger fondly in the memory. It’s been a monumental slog in the face of grim news and little cheer but from a payments perspective we’ve seen an unsurprising surge in interest in all things payment related.

People have moved from cash to electronic payments – contactless transaction numbers have soared. People moved from face to face purchases to online. And, there’s been a ton of stress on payment systems as people have demanded refunds for holidays and flights they couldn’t take due to various travel restrictions. It’s been a year like never before.

We can expect this to be exacerbated over what will likely be an extended Black Friday and Christmas holiday shopping period. Online payments are expected to grow even though economies are in recession. For us in Europe it’s the last hurrah before PSD2 requirements on strong customer authentication come into force on January 1st. Merchants and payment companies will be well staffed on News Year Eve as they wait and see how the systems will hold up, and what sort of abandonment figures they’ll see as puzzled customers are presented with confusing authentication screens. We can probably expect a flood of concerned calls about phishing which are actually Strong Customer Authentication requests.

Contact-free public transport (Part 3)

person holding smartphone

This is the third of three blogs about technologies to support contact-free use of public transport.

The radio again – I hear that the Transport Minister for England had just reported that there have been fewer than 400 fines for people failed to wear face covering on public transport. More than 115,000 travellers have been stopped and reminded that face coverings are mandatory, and 9,500 people prevented from travelling.

Contact-free public transport (Part 2)

photo of a bus

This is the second of three blogs about technologies to support contact-free use of public transport.

Public transport operators have been making great efforts to make public transport safe during the pandemic. TfL recently launched a new app that makes it easier for passengers to plan their travel and avoid routes where they might come close to large numbers of people. There are claims that the rate of uptake of contactless by passengers has increased significantly since the pandemic and the demand for contact-free transactions on public transport. Visa recently offered a graph relating to global public transport contactless transactions. However, it is not clear what the actual contactless usage is since they are hidden behind month-on-month percentage increases which look enormous when the previous months had fallen off the proverbial cliff.

Contact-free public transport (Part 1)

buildings city clock downtown

This is the first of three blogs about technologies to support contact-free use of public transport.

I heard on the radio that, despite ministers encouraging people in England back to work in their offices, most are staying at home. Commuter trains are about one-third full and buses are about 40% full. During the COVID-19 pandemic, demand for public transport fell off a cliff as governments told their people to stay at home.  A major part of encouraging travellers to use public transport is the provision of systems that allow social distancing of passengers from staff, ideally eliminating the need to exchange physical tickets, cash and paper receipts.

Payment card issuance errors leave you vulnerable to fraud

Major payment cards

As Consult Hyperion, and as many other analysts, predicted, Covid-19 has driven the adoption and use of contact-free technology at the point of service. A recent survey funded by the National Retail Foundation, found that no-touch payments have increased for 69 percent of US retailers surveyed, since January 2020. In May, Mastercard reported that 78% of all their transactions across Europe were contactless.

Fraudsters are always looking for ways to take advantage of potential weaknesses or even inexperience in new payment devices. A recent news story promoted a man in the middle attack in which two phones are used to transfer and manipulate the transaction message between a stolen contactless card and the point of sale terminal.

Contact-free and App Clips in Apple’s iOS 14

pexels-photo-887751.jpeg

The Use of Contact-free is Accelerating

At Consult Hyperion, we have already seen the pandemic accelerate the adoption of contact-free payments in the face to face environment as customers have become wary of catching COVID by touching shared devices, such as self-service terminals and PIN pads.  The use of personal devices for payments is hardly new but the attraction of an in-app/in-store version of mobile payments, whereby the consumer uses an app on their own device to interact with the retailer or service provider and pay for services, has just increased dramatically. Solutions for parking (RingGo) and for restaurants (like the Wahaca app, powered by Judopay) were already demonstrating the benefits of such an approach for customers and businesses before COVID struck.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.