The proliferation of mobile devices such as smartphones and tablets not only gives consumers more choice, it also has the potential to dramatically expand the mobile payments technology ecosystem, bringing new players such as mobile operators and handset manufacturers into the mix. Multiple payment advocates are competing for attention, with each party advancing a different vision for where the consumer’s electronic wallet—the trusted source of credentials—should reside: on a card, on a phone, or in the Cloud. These various approaches to mobile payments technology create new challenges and in some cases have the potential to establish new business models. The traditional role of banks in issuing physical cards that are mailed to users could be replaced by new classes of intermediaries such as Trusted Service Managers (TSMs) that provide over-the-air provisioning capabilities to mobile devices.
While new mobility for the customer continues to inspire innovation, these changes also create new data protection challenges. Whether organizations are issuing payment security credentials and applications, accepting mobile payments, or processing payments on the back end, they must keep stored customer and account information secure. Mobile payment transactions must be protected, whether they occur via Near Field Communication (NFC) in a store, on a tablet computer, or using a mobile phone over a wireless network. And every organization involved must continue to comply with an evolving set of mobile payment security industry mandates.
Thales eSecurity products and services can help you secure your digital transformation to mobile payments while maintaining the highest levels of performance.
Products and services from Thales eSecurity can help you incorporate mobile payments into your business while maintaining the highest levels of performance and mobile payment security. The payShield 9000 hardware security module (HSM) incorporates specially designed functionality that enables various parties involved in the issuance of applications to mobile phones to securely provision those applications. In addition, other types of applications can be provisioned securely, including contactless payment card applications using NFC, peer-to-peer payments applications, and many more. The Thales solution is based on the GlobalPlatform Card Specification Version 2.2 and EMV Card Personalization Specification (CPS V1.1), providing the ability to establish a secure session with the Secure Element (SE) based on Global Platform Secure Channel Protocol 02 (SCP02) and to prepare secure messages for the SE.
Combining proven products with deep expertise and experience in credential management, payments-related regulations, and the full range of data protection challenges faced by today’s organizations, Thales can help you take full advantage of emerging opportunities—while maintaining a high-assurance infrastructure that is both efficient and fully compliant with emerging industry mandates and standards of due care.