Tuesday, 24 May 2011

UK Banks warned to "Act Now, Before it's too Late"

eWise payo, the first and only UK bank inclusive Online Banking ePayments (OBeP) solution, is sending out a wake-up call to UK banks not to be left behind on payments.

John France, Managing Director of eWise's European Payments Division, believes banks are under considerable threat from European Central Bank/European Commission (ECB/EC) pressure on interchange and that revenues generated by the payment card industry will be hit hard soon.

He comments: "This decline will come sooner than we think. Cards were introduced to facilitate payment in a face-to-face environment, however, the world has moved on with an increasingly large portion of online payments now bypassing the card systems altogether.

"The landscape is at an inflection point as alternative forms of secure payment have been introduced. If banks rely too heavily on cards, they will get left behind and their retail deposits will ultimately be affected. Surprisingly however, banks seem oblivious to the threat; many claim there is no money in payments, but I refute this, particularly in the retail space, where banks have made money through interchange."

France cites four main elements that will impact card revenues: alternative payment providers moving from being just a pure online play; alternative payment providers moving away from the model of loading and unloading online accounts using cards; the introduction of virtual currencies and the European Central Bank's pressure on debit interchange (which the merchant community considers is still too high).

France adds: "The UK's banking community needs to focus on what it does best - looking after peoples' money. They need to generate alternative revenues and focus on retaining and building customer relations. If they don't act now, it will be too late. Banks have always been associated with payments. It is now time for them to return to the front-end of the payment process, as opposed to the back (which is where they currently sit in the card model)."

Infineon's Embedded Secure Element to Secure NFC-Based Smartphones

Infineon Technologies AG is launching its latest security microcontroller for NFC-based applications in smartphones and other mobile devices into wallets, tickets and keys. Known as the "embedded Secure Element", the new security microcontroller will provide security for NFC applications such as mobile payment, ticketing and access control. The embedded Secure Element is compatible with all common mobile phone operating systems.

The new embedded Secure Element - the SLE 97144SE's interface is designed specifically for connection to the NFC modem and allows very high data transfer, above 848 kilobits/second specified according to ISO14443. Infineon's embedded Secure Element can be used worldwide for it supports all standardised ISO14443 protocols for contactless data transfer and is therefore interoperable with all existing infrastructures for mobile payment and ticketing.

IMS Research found out the global number of NFC-enabled smartphones and other mobile devices will be about 40 million in 2011, and projects the figure to grow up to 120 million units in 2012. Infineon expects to ship double the volume of security microcontrollers for NFC-enabled smartphones per quarter of 2011.

Dr. Helmut Gassel, President of the Chip Card & Security Division at Infineon Technologies AG said: "NFC changes the way we use mobile phones. Infineon establishes the technical basis for secure mobile payment. With our security microcontrollers, mobile phones offer NFC functionality that is secure, convenient and efficient. 2011 will see most NFC-enabled mobile devices using Infineon's NFC chips".

SecureRF Corporation Joins AIM for Automatic Identification and Mobile Solutions

SecureRF Corporation has joined AIM, the worldwide association for Automatic Identification and Mobility. SecureRF Corporation will be committed towards the growth of automatic identification and mobility solutions through industry standards development and offer support for a global channel network.

AIM helps in understanding and adopting Auto ID, RFID and enterprise mobile computing around the world through education, standards, and cooperation with other leading industry associations.

SecureRF provides security and privacy solutions for wireless sensors, RFID, Smart Grid, and for data-sensitive applications such as defence, Homeland Security, pharmaceuticals, etc.

Chuck Evanhoe, AIM Board Chairman said: "We applaud the SecureRF's commitment to partnering with us in the development of standards and educational materials for Automatic Identification and Mobility technologies. Their participation in AIM is a strong indication of its support of our technologies to ultimately help companies in multiple industries become more competitive while saving time and money".

GlobalPlatform Defines New Certification Model for Mobile Secure Elements

GlobalPlatform has released a cross-industry certification model, which defines the security evaluation necessary for secure elements with post-issuance capabilities to achieve certification from EMVCo and Common Criteria. The model developed in association with EMVCo, the EMV payments standards body, and the GSMA, which represents the interests of mobile operators worldwide, will speed up the certification process and simplify the deployment of mobile secure elements offering a faster product time to market.

GlobalPlatform has developed its Composition Model v1.0 for the benefit of application and product issuers, such as mobile network operators (MNOs) and financial institutions. The model establishes - for the first time - a streamlined methodology for addressing security requirements from different markets and re-using certification results of applications and secure elements that have previously been achieved. The resulting methodology, therefore, enables the telecom and payment industries to more easily test and redeploy mobile platforms and secure applications once they have been certified.

This first version of the model identifies the common certification process applicable to both EMVCo security evaluation and Common Criteria - the international standard for evaluating the security of products and systems. The model defines how to manage the security certification of any certified secure application - such as payment - and any certified secure element platform - for example a UICC. This optimizes the testing requirements of these certification bodies when a new secure application or a new platform is combined with a previously certified platform or application. Additionally, a specific methodology is proposed for loading applications with less stringent security requirements onto certified platforms without impacting the platforms' certification.

Gil Bernabeu, GlobalPlatform Technical Director comments: "GlobalPlatform recognises that as more markets converge and multiple applications are delivered via a single device, streamlining the certification process is key to facilitating a manageable and profitable development process. Although industry bodies such as MNOs and payment organisations will remain responsible for certifying technology compliance, GlobalPlatform believes that adherence to the model and relevant security configurations will become commonplace. The industry engagement demonstrates the importance of common-cross certification processes, and we aim to address this need by creating further relevant models in the future."

Lithuania Goes Live with STORK eID Pilot

STORK, a project co-funded by the EU ICT Policy Support Programme under the Competitiveness and Innovation Framework Programme (CIP), which aims to implement EU-wide interoperability of electronic identities (eIDs), announced that Lithuania is now live in the Cross-Border Authentication Platform for Electronic Services Pilot. The scope of the pilot is to enable online public services to be accessed securely by citizens of Member States using their nationally issued eID credentials.

The Cross-Border Authentication Platform for Electronic Services Pilot aims to achieve more cooperation between EU member states, via mutual recognition of their respective national eID scheme. Through technical interoperability with electronic services, the ease-of-use and take up of these services will be improved across national borders.

In November 2010, it was announced that Lithuania joined the STORK project and interconnection activity has been already completed with Portugal, France, Finland, Germany, Belgium, Austria, Italy and Slovenia, using C-PEPS (Pan-European Proxy Service) and NQC (Non-Qualified Certificate) authentication technology and qualified e.signature certificates for eID verification. The next phase of the Pilot will achieve integration with Estonia and Sweden.

Lithuania introduced personal eID cards on January 1st 2009, and so far over 530,000 cards have been issued to citizens. The cards' contact chip provides means for using the card online, as it contains both a certificate for online identification and a qualified certificate for eSignature.

Five Industries Most Prone to Phishing

Internet Security Awareness Training (ISAT) firm KnowBe4 has released its latest findings that country's top 5 industries as most vulnerable to cyber crime. The findings are based on a survey conducted on small and medium enterprises (SMEs) including latest Inc. 500 and Inc. 5000 listings.

Travel - 25%, Education - 22.92%, Financial Services - 22.69%, Government Services - 21.23%, IT Services - 20.44%

KnowBe4 using the Inc.com website to obtain domain names and a free data-gathering service to find publicly available email addresses. KnowBe4 then sent out a simulated phishing email to employees at more than 3,500 companies. Individuals who clicked the link were directed to a landing page that informed them they had just taken part in a phishing research. The emails were successfully delivered to about 29,000 recipients at 3,037 businesses, and from nearly 500 of those companies, one or more employees clicked the link. Because of the potential for internet security breaches among these businesses, KnowBe4 dubbed them the FAIL500.

KnowBe4 founder and CEO Stu Sjouwerman said: "Our cybercrime statistics should serve as a wake-up call to SMEs nationwide. Not only are these businesses at risk for financial loss through a cyber heist, but their susceptibility to phishing tactics could compromise sensitive customer data such as credit card, bank account and social security numbers".

Note to Subscribers

If you would prefer to receive your News On Line email in plain text, please send an email with "Plain Text" in the subject line.

If you are a subscriber to our Daily News On Line service or Monthly Newsletter you are entitled to access restricted pages on our website news archive. For the username and password please send an email with "Subscriber Password" in the subject line. lesley.dann, Subscriptions Administrator, Smart Card Group. lesley.dann@smartcard.co.uk

To Unsubscribe Email Us at info@smartcard.co.uk or click Unsubscribe

Important Information

From time to time, this news service may include industry forecasts and forward looking statements made by the companies concerned. Readers should be advised that Smart Card News Ltd cannot be held responsible for decisions and/or actions taken by readers of our news service, based on the information provided. This news is only to be distributed to persons/companies who have a contract with Smart Card News Ltd. Unless your company has gained a licence and/or written permission from Smart Card News, the contents of this news page are not to be forwarded to any other person or server. Any replication by any means without prior permission is illegal and action may be taken. If you receive this online news from a forwarded source please contact the team at Smart Card News Ltd. It is illegal to replicate this online news.

Email: info@smartcard.co.uk
Tel: +44 (0)1903 734 677