Mobile Security: Oberthur and AuthenTec Partnering on NFC
- The French manufacturer Oberthur and the Austrlian security and identity solutions provider, AuthenTec, join forces to design a safer NFC UICC SIM and enable contactless mobile payments after biometric authentication. This solution has been presented at 2011 CARTES & Identification event: Oberthur Technologies’s NFC FlyBuy SIM card and AuthenTec’s sensor have been embedded in a Motorola Atrix.
- Adding these elements allows biometric authentication of the cardholder for him to access several features, including payment (but also identification or even physical access control).
- The NFC specialist INSIDE Secure has also been taking part in this project.
- Considering the worldwide development of these technologies (the number of compatible Smartphones should reach 300 million by 2014 according to Juniper Research), Oberthur insists on the need to build appropriate solutions to ensure customers’ authentication in payment contexts.
- This association fits in the current trend upholding performance and time saving (contactless deployments’ founding concepts) and provides the user with a simple and fast identification process.
- Mobile payment has been causing several debates these past months as people seldom trust it. The addition of advanced authentication features could help reassure potential users, through increasing their sense of security.
- According to a study conducted by Oracle with 3,000 users (Appel d'opportunité : l'avenir des communications mobiles), the latter are particularly reluctant to go for mobile payment. However more and more familiar with the different services, 68% are worried about the security of their data. These issues are stressing the need for improved security as only 6% of those surveyed said they had already paid for good with their mobile phone and one in five could opt for this means of payment rather than his card.
- This sense of security is all the more important that the number of m-banking services users has also been increasing. According to Cardbeat, in the US for instance, 30% of Smartphones owners benefit from dedicated apps (among which 40% downloaded their app less than one year ago). Just as well, this kind of solution requires a high level of security. This study also insists that m-payment is affected as half of those interrogated actually feel ill at ease about it (compared to one third expressing favourable opinion).
- In France, the issue raised by the use of biometry still persist and the emergence of new solutions triggers further debates. The CNIL, the mission of which is to assess potential technology-initiated risks on the user’s private life as well as the security measures to be implemented in response to those risks, wishes to anticipate any potential drawbacks. In its 2010 report it explains that threats are inherent to the objects we use on a daily basis to communicate, Smartphones notably enable constant geolocation; and It insists that attention must be paid to new uses, such as contactless payment or mobile-based apps.
- Also, potential theft of biometric data is a major concern: as a consequence, EU researchers have developed the TURBINE project (TrUsted Revocable Biometric IdeNtitiEs) enabling indirect storage of sensitive information, the access to which is only possible through cryptographic keys. In case of compromising, these keys are revoked and again generated. Considering the heterogeneous nature of biometric solutions in Europe, setting up a common standard may require significant efforts but may indeed help commercialise such solutions.