Thales has launched a new cryptographic solution to load payment applications onto mobile phones.
With predictions made by Juniper Research that mobile payments will reach almost $630 billion by 2014, Thales has added the capability to create a secure message to personalise a payment application hosted in a GlobalPlatform Secure Element via its hardware security module (HSM).
According to the company, this is the first software for HSMs that enables mobile payment issuers to deliver their mobile payment applications to mobile handsets Over-The-Air (OTA) in an efficient and secure manner.
Thales said that this removes the need to use multiple-core cryptographic function calls to build the data needed to issue a payment application that can be lengthy, inefficient and less secure.
Jose Diaz, director of technical and strategic business development at Thales e-Security, told SC Magazine that over the last 18 months the company had focused on the HSM for the card issuing environment as it is a better way of protecting information.
He said: “This is more for the card issuer and the data that is on a chip card that is sent to a third party. We have now added OTA for the mobile device and the HSM protects the data that you write to the mobile device. People will ask why, when there are issues with fraud, can you secure data before using a phone? It is all about protecting data on a phone so that a payment is not compromised.
“Today you have a card in your wallet and the future is on your phone. The most important thing is to get payment data into a phone securely and if it is done within the HSM, it can provide security without doing a lot of work.”
Asked if this a step forward in mobile payments, Diaz said he felt it was, but there is still a fraud issue with card not present transactions.
He said: “Banks are using Visa and MasterCard tokens and the application on the mobile can go through to the website. I do think that mobile will help, in a similar to how chip and PIN has, with card not present transactions.”
Franck Greverie, vice president in charge of information technology security activities at Thales, said: “With the widespread adoption of smartphones, consumers are increasingly looking for the freedom to make purchases from their mobile handsets. Thales is the largest supplier of payment HSMs and our new dedicated cryptographic functions for mobile payment issuers have come at exactly the right time.”