Mobile Payment solutions are increasingly gaining traction in the industry, and we see more and more deployments. In addition to the generally accepted contact and magnetic stripe-based banking cards, other technologies are becoming available for our daily life purchases. Hardware to support contactless payments is being rolled out widely and paving the way to using our smart mobile devices for electronic payments.
Solutions using smart mobile devices are not built with the physical security provisions that we tend to see in traditional payment cards. This is compensated for with different risk management, e.g. online monitoring is possible and prime assets are not stored and processed in the physically less protected hardware. Host Card Emulation (HCE) relies heavily on tokenization, where the systems work with credentials that have limited value for criminals.
The introduction of these new technologies has an effect on the security requirements and risk models appropriate for Mobile Payment solutions. Brightsight is deeply involved in this domain and up to date with the latest developments via the numerous Mobile Payment security evaluations we perform. Our experts can help you find your way in this fairly new technological domain, which is rapidly evolving and full of challenges. Ask yourself whether you are up to date with the latest trends in:
• White Box Cryptography;
• Code Obfuscation;
• Trusted Execution Domain (TEE);
• Embedded Secure Elements (eSE).
Brightsight experts are always up to date!
Our broad portfolio of accreditations ensures that we can help you in any area of Mobile Payment. Our current list of accreditations includes:
• Visa Ready accreditation for Cloud Based Payments;
• MasterCard accreditation for Cloud Based Payments;
• American Express Cloud Based Payment accreditation;
• Interac (Canada) accreditation;
• Global Platform (GP) accreditation.
Brightsight offers security evaluation services for each phase of the development process. Our services aim to provide support such that development can be performed in the shortest possible time frames, as Time-To-Market is extremely important for the Mobile Payment market. Evaluations are performed in a structured way and with a planning the developer can rely on.
What we offer
Security training workshops
We provide training in the various technical domains of Mobile Payments, such as the Global Platform TEE and payment scheme HCE security programs. In these training programs, Brightsight experts give an introduction to the security program in order to get the development team at the right level of knowledge to start their developments in an efficient way and avoid known pitfalls where possible.
Topics of the training program include:
• Overview of the technology with a strong focus on security;
• Relevant security requirements and their purpose;
• Security considerations for the domain in question;
• How to prepare for smooth evaluation;
• Known development pitfalls.
Hardware and software security design reviews
At specifically selected milestones along the development process, the implementation is assessed for obvious security concerns. This service can be applied at various stages of the process (e.g. from initial design to concrete implementation). Depending on developer preference, the assessment can be performed interactively, remotely or as a combination of these two methods.
Full formal security compliance evaluations
Once developed and considered ready, the final implementation is subjected to a full formal and strongly structured evaluation process that enables clear planning and facilitates essential implementation revisions with minimal impact on Time-to-Market. The added value of the Brightsight evaluation process is the educational component that brings the development team to a higher level for future developments.
Brightsight understands that Time-to-Market is critical in the Mobile Payment domain and has tailored services to address specific needs.
Please contact us if you’d like to know more about our services in the domain of Mobile Payments.