Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure (Part 2)

Sramana Mitra: Let’s take a few examples. Let’s take maybe one example from the chip side and one example from the credit card side and talk us through how exactly this works.

Andrew McLennan: I’m the software specialist, so I can give you more detail on the software side and less detail on the hardware side. I’m going to take the use case for host card emulation. In October 2013, Google removed the need for radio device to have to talk directly with a hardware element. Before Google did this, the SIM card was holding a secure element, which is basically a cryptography engine and hardware. If you want to make a mobile payment, the mobile network operators are in control of the SIM; therefore, you had to work through them. The cost of mobile network operators was demanding at that point. Android Google topped the market by allowing anyone to make a payment without passing through the SIM.

At that time, we had been working with Blackberry, which did a similar mechanism on software. We were also promoting hybrid solutions for software payment. When Google did that, that really accelerated our business and validity in the market by basically saying, “This payment will be protected strongly enough in software.” On top of that, the major networks like Visa, MasterCard, and JCB also came out with a concept of tokenization. Instead of your actual credit card details being supplied to a device to make a payment, they send a formatted form of your information that you cannot derive information from. That’s simply cryptographically supplying information for payment to be made. That also works in the code.

When you supply a token to a base, although it can’t derive your personal information, the token itself can still be stolen or cloned. What we’ve enabled networks and banks to do was actually rely on a security model, which is very similar to what we’re used to in hardware, but doing that on software. So you can take this token, bring it onto the device that will be encrypted, and then we can take that encrypted token and process it securely without it being cloned or stolen. On top of that, it came with an additional benefit, which was Android fragmentation. Android has a myriad of devices and lots of variations of the operating system.

Coping with delivering a single payment experience is hard and it’s even worse when you have to do a single security experience which can be completely different. As an example, consider a trusted execution environment, which is not present on every Samsung phone. Can you deliver the same payment experience to every user? We have a very strong position in this market as a provider of security. To make things easy and to stop the continuing fragmentation, we provide a multi-scheme SD gate. If you want to make a payment using a single form of security, but you might want to host a number of cards, then we provide the payment gate that is compliant with the schemes. We also help you with this back-end infrastructure so that you can easily manage that service across multiple schemes.

This segment is part 2 in the series : Thought Leaders in Cyber Security: Andrew McLennan, President, North America of Inside Secure
1 2 3 4 5 6