Developing secure software and systems is hard. Even if the most experienced engineers use the best tools and follow best practices, bugs and vulnerabilities can slip through. Add to that the amount of legacy or 3rd-party code in use today, developer turnover and the use of outsourcing, and we can see that it is very difficult to eliminate all vulnerabilities from within a solution. This is why security by design and defence in depth are important principles. By designing-in security right from the start, and having multiple independent and overlapping methods of protection, the impacts of vulnerabilities can be reduced.
16 years on from PIN day (Valentines Day 2006) how is our relationship with PIN holding up?
Last year Dave Birch postulated that PIN was in decline and indeed no longer necessary as our mobile phones make use of various biometrics to authenticate us and our transactions, but as we often remind ourselves in Chyp, we’re not normal. UK Finance statistics tells us that whilst the use of Apple Pay & Google Pay at the Point of Sale is on the rise, the humble plastic card is still the preferred way to pay.
Everyone seems to think that MaaS (Mobility-as-a-Service) is a brand-new business model, when in fact, Transit Agencies have been providing mobility as a service for years, just without the hyphens. When I ride transit I just pay for the service when I need it or purchase a monthly pass if I expect to use it regularly. This is similar to the “as-a-Service” model that has been popularized by software companies who moved away from the license model where users pay a one-time fee to purchase the software. They now offer a subscription model where users pay a recurring fee to use the software. I’ve ridden transit for many years and have never had to buy a bus or train. Sounds like Mobility-as-a-Service to me.
For Safer Internet Day, I thought I’d bring a Mediterranean theme. As a classicist, I frequently switch between ancient and modern, applying time-tested principles to emerging technologies. Plato had it right on data protection: the price of not participating in public life is to be ruled by less able men.
Insecure technology is regularly cited as barrier to the use of online voting systems, in particular when casting your vote through your mobile phone, rather than putting your cross on a piece of paper and putting in a box at the polling station or mail box. At the same time those detractors trust the same mobile technology to place stock trades, initiate high value payments and more recently accessing their health records.
The human society is now at crossroads – demanding changes in our lifestyle, health choices, economics, and civil liberties. These changes are accelerated by climate change, political response to the pandemic, the need for racial and gender equality, human migration, and of course, a few break-through technologies such as digital automation, data analytics, and machine-learning (AI). So where are we heading? The call for “Great Reset” has been reverberating since the past few years and is now getting louder and louder. This was the topic of the virtual fireside chat by two visionaries on our Tomorrow’s Transactions webinar, Brett King and Dave Birch, discussing the societal and technological changes that are foreseen in the next few decades. This conversation was centered around Brett King’s (Richard Petty, co-author) book, “The Rise of Technosocialism” and aligns with Consult Hyperion’s engagement with think tanks on global issues. Our aim to is separate foresight and facts from fiction in trying to understand the trends in the market that our clients should watch-out for especially in payments, banking, transit, digital identity, and information security.
Our overriding theme of this year’s Live5 is interoperability which will lead to inclusion. Whether this is in payments or transit, identity or as a generalised trend what we’re seeing is a collapsing of the barriers between silos. In some areas this is happening more quickly than in others.
Here at Consult Hyperion, we are often involved in design implementation and testing of secure systems on devices such as smart cards and mobile phones for payments, banking and other applications where security is critical.
At Consult Hyperion we frequently discuss the implications of financial crime migrating online. You’re less likely to be mugged at the cashpoint but the online environment is of course open to a wider range of attackers, often well hidden, and operating in diverse geographies. Personally, I have little patience with those who cite the ‘Four Horsemen of the Information Apocalypse’: terrorists, drug dealers, kidnappers and child pornographers. It is, therefore, particularly refreshing to see a genuinely practical approach to child protection being promoted by TrustElevate, drawing on opinions expressed by young people themselves.
The biggest news in payments security in the last month concerns allegations that point of sale terminals supplied by PAX Technology have been subverted to have the capability of launching cyberattacks. Details of the allegations can be found at Krebs and Bloomberg; in response, PAX Technology has published a rebuttal.