European Consumer Summit 2014
On-line and mobile payments
Dr Florent Frederix
Trust & Security Unit, DG CONNECT, European Commission
1th of April 2014
A. BORSCHETTE CENTRE , Brussels
Content
• What is mobile payment?
• How big are cyber security risks?
• What is the European Commission doing about it?
•
What is mobile payment?
• Some examples
•
•
•
•
•
1. Contactless m-payment with NFC mobile
2. PayPal / Pre-paid card wireless payment
3. M-payments & ATM transactions using QR
4. M-payments using electronic currencies
5. M-payments using Near Sound Data Transfer and
other technologies
m-payment with NFC mobile
• Options:
• Mobile + NFC card
-
Security equal to security of another NFC credit/debit card
Blog.tesco.com
• Mobile + secure SIM
-
Security higher than the security of another NFC credit/debit card
• Mobile + secure element in the cloud/software
-
Android 4.4 (kitkat) can drive the NFC hardware on your mobile phone
Security data not yet available but probably lower than NFC card
PayPal / Pre-paid card payment
• Similar to PayPal(1) from a web browser.
• Difference is 2 factor identification based on phone number and
pin code. No secure element.
• Trusted Service Manager is PayPal that ensures link between
credentials of mobile phone holder and linked credit/debit
accounts.
(1)PayPal used as one example.
Description not complete
(2) Google’s brilliant plan to get millions to adopt its emoney system: Gmail www.qz.com March 27, 2014
Google e-money
M-payments & ATM using QR codes
• (1) Text emulation
• Fake payment requests?
• Security measures?
• (2) Real mobile QR payments
M-payments with e-currencies
• Issues:
• Legal base
• Trusted service manager? (the network?)
• (Security?)
M-payment with NSDT & and ….
• Characteristics:
• Side channel attacks?
• Interoperability?
How big are cyber security risks?
Size of the market?(1)
Usage of different means of accessing banking services
• — Security Concern reason for 69% of non-users.
• — Share of m-banking consumers that are unbanked is 11%
(1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014
How big are cyber security risks?
Age profile(1)
Use of mobile banking
in the past 12 months by age
(%)
(1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014
How big are cyber security risks?
• How secure?(1)
• Survey results
(1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014
What does the EU Commission?
• Data Protection directive/legislation
• In place since 1995: Directive EC 95/46
• New legislation under discussion with Parliament
to revise the directive into a refreshed legislation
• Network Information Security directive (NIS)
• Initiative presented by EU commission
• Directive under discussion in Parliament
• The Cyber Security Strategy
• Complements the NIS directive
• Links to H2020
What does the EU Commission?
Proposal for a Directive on NIS
Key elements (1/3)
Capabilities: Common NIS requirements at national level
 NIS strategy
and cooperation plan
 NIS competent authority
 Computer Emergency
Response Team (CERT)
What does the EU Commission?
Proposal for a Directive on NIS
Key elements (2/3)
Cooperation: NIS competent authorities to cooperate within a network at EU level

Early warnings and coordinated response

Capacity building

NIS exercises at EU level

ENISA to assist
What does the EU Commission?
Proposal for a Directive on NIS
Key elements (3/3)
•
Risk management and incident reporting for:






Energy – electricity, gas and oil
Credit institutions and stock exchanges
Transport – air, maritime, rail
Healthcare
Internet enablers
Public administrations
What does the EU Commission?
• The Cyber Security Strategy
Thanks