I mentioned the insecurity of mobile payment systems before in Rabobank has insecure SMS banking. Apparently the RBI has the same reservations I do. In the article RBI puts a temporary halt on Mobile Payment Services explains.
They haven’t stopped regular services such as requesting bank balance, but they have halted signing off on permitting projects to go life until the final guidelines have been issued, micropayments and larger transactions.
From the draft guidelines:
It is suggested that the banks issue a new mobile pin (mPIN). [...] Banks and the various service providers involved in the m-banking should comply with the following security principles and practices with respect to mPIN : [...]
Protect the mPIN using end to end encryption
They don’t seem to require One Time Passwords, which I would certainly have as a requirement, and I hope they don’t consider A5 to be end-to-end encryption. Nokia and Visa already started working on a secure payment system in 2007 using RFID.1
technorati tags: risk, business, mobile, payment, micropayment
Tags: bank, business, encryption, gsm, mobile, payment, risk, sms
July 26, 2008 at 6:49 pm |
[...] mypheddadena wrote an interesting post today onHere’s a quick excerptI mentioned the insecurity of mobile payment systems before in Rabobank has insecure SMS banking. Apparently the RBI has the same reservations I do. In the article RBI puts a temporary halt on Mobile Payment Services explains. They haven’t stopped regular services such as requesting bank balance, but they have halted signing off on permitting projects to go life until the final guidelines have been issued, micropayments and larger transactions. From the draft guidelines: It is suggested that the banks issue a new mobile pin (mPIN). […] Banks and the various service providers involved in the m-banking should comply with the following security principles and practices with respect to mPIN : […] Protect the mPIN using end to end encryption [...]