What can Apple Pay teach service providers about combining security in the cloud and on the device?

Last updated: 14 November 2014

Mobile devices are about to play an even more central role in our lives. Banks, financial institutions, mobile network operators, transport operators, handset makers and other services are all launching mobile payment apps that turn phones into wallets to make customers’ lives easier.

Apple recently announced its first significant foray into mobile contactless payments with Apple Pay. It has already addressed security concerns. In case of enrolment through iTunes, actual card numbers are stored in the cloud and payment identifiers generated by the Token Service Provider are stored and processed in the Secure Element (accessed via fingerprint recognition) This is a good illustration of combining security frameworks: in the Cloud and on the device.

With so many networks and so many devices in circulation, launching a new payment service means negotiating an extremely fragmented market.

With mobile payment security frameworks developing at a breakneck speed, service providers need guidance on how to evaluate what security frameworks would best suit their use cases. Should they develop  device-based solutions, cloud-based solutions or a combination?

Given how much we rely on our smartphones and how much valuable information resides or passes through these devices, we should all demand resilient protection. The Cloud means we can now access services from any mobile device. This power has transformed the way we use devices for the better. However, it has also upped the ante on risk. Strong authentication is an absolute must (basically ensuring the device is tied to its owner; and impenetrable to anyone else). The best way to achieve this is to spread the risk between different components within a security framework.

Leave a Reply

Your email address will not be published. Required fields are marked *