Wednesday, September 24, 2014

Evolution of Stored Value on a Personal Electronic Device

Circulation of digital money using personal electronic devices (PED)  must be reliable and secure for widespread acceptance. Vulnerabilities existing in current electronic payment systems remain with digital money, however the methods to exploit the risks change. Vulnerabilities include:

  • Issuance to a counterfeit PED
  • Unauthorized issuance
  • Intercept and capture of issuance to a legitimate PED
  • Surreptitious or unauthorized transfer from a PED to another device  
  • Payment to a counterfeit payee
  • Intercept and capture of payment to a payee
  • Intercept and capture of payee redemption
  • Capture by use of force
  • Friendly Fraud

Mitigation of these vulnerabilities requires careful design of the end-to-end solution. The solution requires the use of public key interchange (PKI) (or similar method to create a non-reputable issued or transferred value). There must be a method to determine the history of legitimate transfer of value from one point to another with the understanding that the circulation of the digital value does not require redemption at the issuer within any time limit. The PED transfer and receive functions must detect attacking agents and have the capability to evolve easily as attacking agents mutate.

Manufacturers must design PEDs better to mitigate the vulnerabilities of digital money. Certainly the use of biometrics to validate users has helped the situation but the capability of PEDs to detect and prevent attacks remains abysmal. PEDs must have situational knowledge when transferring digital currency and that requires allowing only code registered with the payment application to execute during vulnerable processing cycles. 

As manufacturers, financial institutions, and others involved in the payment services industry tighten their security posture the ease, cost effectiveness, and ubiquity of digital currency tied to a value in an account will increase to the point that payment cards and the infrastructure that supports them will go the way of all things.

Next Blog: Digital Currencies and Underground Economies

No comments:

Post a Comment