News:

What is the key to building a Fort Knox for the Mobile Payment space?

Benjamin Mah, Co-founder and CEO of mobile security startup V-Key, believes that virtualising robust physical security systems is the answer.
  
The mobile payment space is a constantly evolving landscape. Innovation, and the increased adoption of smartphones, has resulted in the proliferation of businesses such as retailers and banks, and device manufacturers offering a wide variety of mobile payment solutions. For example, Apple Pay which enables consumers to make contactless payments in physical stores via their iOS smartphones.
  
In Singapore, leading fast food chain McDonalds allows users to register their Visa cards via its app, allowing them to make payments with a single click. Local telco Singtel launched a mobile wallet app called Dash which allows users to conveniently make bank transfers and pay for services with just one swipe.
  
While the integration of credit cards with various mobile payment platforms is inviting to the consumer, it also opens the door for more hacks and malicious attacks.

In May 2015, several Starbucks app users reported that their accounts were broken into by hackers, resulting in the misuse of their funds. The Starbucks app’s ease-of-use may have been convenient for users, but that came at a price. Without a two-tier security system (for example, an OTP system), it was at a significant risk of being hacked.

It is clear that security is just as paramount as innovation, but what are the prevalent issues that plague mobile payment apps?

Security cannot be left at the app level protection

The mobile payment space is a constantly evolving landscape. Innovation, and the increased adoption of smartphones, has resulted in the proliferation of businesses such as retailers and banks, and device manufacturers offering a wide variety of mobile payment solutions. For example, Apple Pay which enables consumers to make contactless payments in physical stores via their iOS smartphones.

In Singapore, leading fast food chain McDonalds allows users to register their Visa cards via its app, allowing them to make payments with a single click. Local telco Singtel launched a mobile wallet app called Dash which allows users to conveniently make bank transfers and pay for services with just one swipe.

While the integration of credit cards with various mobile payment platforms is inviting to the consumer, it also opens the door for more hacks and malicious attacks.

In May 2015, several Starbucks app users reported that their accounts were broken into by hackers, resulting in the misuse of their funds. The Starbucks app’s ease-of-use may have been convenient for users, but that came at a price. Without a two-tier security system (for example, an OTP system), it was at a significant risk of being hacked.

It is clear that security is just as paramount as innovation, but what are the prevalent issues that plague mobile payment apps?

No mobile operating system is secure

Sure, some device OS such as the Android may be more vulnerable due to its open, customisable framework, but closed systems such the Apple iOS should have a fullproof security setup right?

Not exactly.

While Apple’s iOS emerged as the most secure operating system in a spyware test; due to its closed system, it still has vulnerabilities – a back door, allowing encryption to be bypassed in order to access user data.

Apple claims that such a function is necessary for Apple’s IT department or other enterprise companies to troubleshoot technical issues, but it is a stark reminder that no device OS is completely secure.

“Nobody can guarantee the security of the physical mobile device because the device operating system is designed for interoperability and not security,”

So is there a solution to this conundrum? Mah believes the solution lies in the technology used in time-tested hardware solutions such as physical security chips. All that is needed is to port the technology from its hardware variation to software.

The solution – virtualise a tried-and-tested security system

“The trust foundation of V-Key’s technology is built upon on a decades-old security feature that we are all using today (in our credit cards) – the smart chip,” he says.

The smart chip in our credit cards contains a tamper-resistant security system, including a secure cryptoprocessor, code obfuscation, and other anti-tampering and debugging mechanisms which protect in-memory information. These allows for the establishment of an independent and true isolation out-of-band security.

According to Mah, porting this framework into a software app allows V-Key to create an independent and isolated tamper resistant security system within the app.

But isn’t all software still inextricably interlinked? If the device OS is compromised, would not the security of the apps suffer too?

“With the device OS being insecure, the question here is how do you build a Fort Knox [for the app]? What we need to do here is to stay ahead and be abreast of the APIs in the device OS that are exposed to the developers,” Mah says.

“But even a Fort Knox has doors. So what we do, instead of covering a big surface area like many app developers do through encryption or scanning for everything, we only scope out and secure the openings in the fort,” he adds.

Building a mobile payment system for all

In addition to constructing a robust mobile security framework, V-Key’s objective is also to enable banks and other financial institutions to “ubiquitously support all payment channels with quality end-user experience.”

Mah also believes that leading high-end smartphone players such as Apple and Samsung should not have a monopoly on the mobile payment space.

“We believe that mobile payment systems should be phone-agnostic. Whether you are using an entry level Xiaomi or Micromax smartphone, we want to be able to make mobile transactions secure and seamless for the end user. The whole idea here is that security is just an enabler just like how you consume electricity without needing to know the nuts and bolts of it,” he says.

The V-Key mobile OS, V-OS, was recently used to develop UOB’s Mighty app – a secured mobile wallet for all UOB debit and credit card holders. Customers are able to make transactions from the app via NFC—by tapping their phones against the merchants’ payment terminal and entering a PIN, or authenticating through an SMS OTP system.

Besides serving as a mobile wallet, UOB Mighty also allows users to book dining reservations.

The V-OS is accredited by IDA’s Accreditation@IDA programme – an initiative designed to assist in the growth of Singapore-based tech companies with an innovative product. The programme helps to strengthen their product robustness and provides an independent third party evaluation of the companies’ claimed product core functionalities and ability to deliver. During the evaluation process, the team will help companies to identify and fix technical bugs in areas of functionality, performance and security.

“The Accreditation@IDA team took time to understand our product and company. The evaluation was comprehensive but not onerous. Our company profile has also significantly increased, with higher interests and inquiries from government agencies”, says Mah.

Key challenges and future of mobile payments

“Mobile security can never be 100 percent foolproof. But at V-Key, we are definitely sure we can reduce the residual risk. Another challenge is the ability to scramble and update our software,” says Mah.

The future of mobile security, he says, will be reliant on dynamic updates. This means after a certain amount of transactions over a period of days, the firmware of the mobile payment app will be updated via a token transmitted wirelessly.

“Our product will incorporate a multi-factor authentication moving forward, where we will take in factors such as your location, how much you are transacting and at what frequency you are doing it to assess the security risk,” Mah concludes.

Disclosure: This article was produced by the e27 content marketing team, sponsored by Accreditation@IDA. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the position of Accreditation@IDA.

 

Other news:
News
V-Key extends IDaaS offerings in APAC with Ingram Micro Cloud Agreement

V-Key launches its V-OS Trusted Identity Services in world’s largest Cloud marketplace, offering Enterprise-grade security to everyone.

V-Key announced an agreement with Ingram Micro Cloud, to roll out its internationally acclaimed V-OS Solution progressively in seven Ingram Micro Cloud Marketplace across Asia Pacific. V-OS Trusted Identity Services refer to the Cloud-based Identity as a Service (IDaaS) offerings for mobile security and Authentication technologies. Until recently, these solution have traditionally been offered as on-premise solutions for large enterprises, and this collaboration hopes to enable SMEs to seamlessly deploy Enterprise-grade security to protect Digital Identity.

News
Crunchfish and V-key enter Marketing and Technical Partnership Agreement to facilitate Offline Wallets

Crunchfish AB (“Crunchfish”) announces today that the company has entered into a Marketing & Technical Partnership Agreement with V-Key Pte Ltd (“V-Key”) regarding identifying and developing joint offerings of each party’s software product in relation to Crunchfish’s patent pending Offline Wallet. 

News
World’s First Virtual Secure Element V-OS obtains Common Criteria EAL3+ on iOS and Android.

V-Key is proud to announce that our V-OS is the world’s first Virtual Secure Element to obtain Common Criteria EAL3+ certification on iOS and Android.​

V-Key announced that V-OS, V-Key’s core patented technology, is the world’s first virtual secure element to receive a Common Criteria Evaluation Assurance Level (EAL) rating of 3+, derived from the U.S. Government’s Protection Profile for General Purpose Operating Systems.

News
TONIK chooses V-Key as the Mobile Security Partner for its Digital Bank in the Philippines

TONIK chooses V-Key’s V-OS App Protection on V-OS Cloud to secure their first pure-play Digital Bank in the Philippines

News
V-Key Collaborates With SGTech and IMDA For COVID-19 Support

COVID-19 has pushed the majority of the world’s workforce to exercise the largest work-from-home movement.

Local deep-tech SME, V-Key, participates in an initiative led by SGTech and jointly with IMDA to provide secure 2FA Cloud authentication solutions.

News
V-Key Business Continuity Plan Commitment

With COVID-19 on the minds of many, we want to take a moment to personally update you on the steps we are taking at V-Key to ensure the continuity of our business and support functions of our customers. 

News
Ingram Micro Honours V-Key as Leading ISV

Following the Ingram Micro Comet Competition ASEAN & HK region where V-Key partook and emerged winner, Ingram Micro honoured V-Key as leading ISV.

 

News
V-Key Technology Partner for Razer Fintech

Razer Fintech’s digital bank will be the first global youth bank, namely, the Razer Youth Bank for youth and millennials. Along with the bid, V-Key was announced as one of Razer Fintech’s technology partner.

News
V-Key awarded GATES Gold Special Award for Innovative Solutions for Vendor

Today as GATES ICT Channel Summit comes to an end, V-Key was crowned GATES Gold Special Award for Innovative Solutions for Vendor by live voting.

News
V-Key – Winner of Ingram Micro Comet Competition ASEAN & HK region 2019

Competing alongside 14 other innovative companies in the competition, V-Key emerged Winner of the Ingram Micro Comet Competition ASEAN & HK region, walking away with $100,000 in GTM funding. Amongst the other runner ups were Arcstone, DataMesh and Taiger.

News
Deputy Prime Minister of Singapore, Mr. Heng Swee Keat Visits V-Key

On 26th July, V-Key had the privilege of hosting the Deputy Prime Minister of Singapore, Mr Heng Swee Keat, and a group of esteemed guests in our Singapore headquarters.

News
The Straits Times and Statista recognises V-Key as Singapore’s 3rd Fastest Growing Company

V-Key, a leading provider of internationally-acclaimed digital security solutions, was named as one of the top 3 firms in the inaugural “Fastest Growing Companies in Singapore” conducted by The Straits Times and Statista.

News
Razer Pay and V-Key announce strategic partnership to boost digital security

Razer Pay and V-Key inked a Memorandum of Understanding (MOU) to foster strategic collaboration over digital identity and e-payments.

News
Paidy selects V-Key to secure its App-based instant post-pay credit service for Japanese Consumers

As Paidy, a Japanese payments company providing instant post-pay credit service expands their payment offerings and merchant touchpoints, they recognized the need for a fast and seamless payment experience. V-Key’s pioneering mobile security technology gives the Paidy team the confidence that they are future-proofing their mobile strategy and ensuring the integrity of their consumers’ data.

News
Joint technologies of LiveBank’s virtual branch and V-Key’s security and biometrics, to hit the banking industry

A partnership agreement just signed between V-Key, with its patented Virtual Secure Element, and Ailleron, the owner of LiveBank, which offers cutting-edge technologies, will bring a new dimension to digital bank onboarding worldwide.

News
Assurity Partners V-Key For New Mobile Software Authentication Solution

V-Key partners Assurity to bring convenience to security

News
The Nilson Report: Software “Chip” to secure mobile payment
News
V-Key Partners with Ant Financial To Secure Mobile Payments

Singapore-based V-Key works with global payments and e-commerce companies, banking and financial institutions and government bodies to protect the personal and financial data of their mobile customers.

News
Singapore takes bold strides in Fintech journey

Boosting collaboration will help build vibrant ecosystem where innovation will drive economy

News
Building a pipeline of talent through Partnerships

Continuous partnerships with institutes of higher learning give V-Key Pte Ltd easy access to talent for future growth

News
V-Key receives Accreditation boost from IDA

Mobile security company V-Key is among the first few innovative tech product companies to receive accreditation from IDA.

 

News
Mobile Security a growing market

Security companies are trying to keep pace with the rapid evolution of mobile devices. Recent incidents of cyber attacks and breaches have raised awareness of the need to enhance security. Industry players have said this presents an opportunity for them to step up and offer solutions.

 

News
V-Key Mobile Security solutions accredited by Singapore Government

V-Key, pioneer and inventor of mobile Virtual Secure Element has been accredited by the Infocomm Development Authority of Singapore (IDA) under the Accreditation@IDA programme, certifying V-Key’s V-OS Virtual Secure Element and V-Guard Mobile Application Protection solutions.

 

News
ChinaPnR and V-Key Strategic Alliance: Securing more than One million merchants in China

Leading financial payment provider China Payment and Remittance Service Co., Ltd. (“ChinaPnR”) formed a strategic partnership with international pioneer in mobile security and cryptographic technology, V-Key Inc. (“V-Key”).

 

News
V-Key receives US$12M in Series B Funding from Ant Financial Services group investment

Ant Financial Services Group (Ant Financial), operating company of Alipay, and existing investor venture capital firm, IPV Capital, make a USD12 million Series B investment for a minority stake in V-Key.

News
V-Key Inc selected as Innotribe Startup Finalist

V-Key selected as a finalist at the SWIFT Innotribe Startup Challenge Regional Showcase to compete at Sibos 2013 in Dubai.

 

News
V-Key’s executive team expands with addition of cybersecurity veteran Tony Chew as Chief Security Architect

V-Key, a global leader in software-based digital security, today announced the appointment of Tony Chew to the position of Chief Security Architect.  Tony will spearhead V-Key’s engagement with banking regulators and financial institutions in Asia.

 

News
V-Key secures US$4 Million Series A Funding from IPV Capital

V-Key Inc. secures Series A funding of US$4 million from IPV Capital, a leading early growth venture capital fund based in China with global offices in Shanghai, Beijing and Silicon Valley.