Circulation of digital money using personal electronic devices (PED) must be reliable and secure for widespread acceptance. Vulnerabilities existing in current electronic payment
systems remain with digital money, however the methods to exploit the risks change. Vulnerabilities include:
- Issuance to a counterfeit PED
- Unauthorized issuance
- Intercept and capture of issuance to a legitimate PED
- Surreptitious or unauthorized transfer from a PED to another device
- Payment to a counterfeit payee
- Intercept and capture of payment to a payee
- Intercept and capture of payee redemption
- Capture by use of force
- Friendly Fraud
Mitigation of these vulnerabilities requires careful design
of the end-to-end solution. The solution requires the use of public key
interchange (PKI) (or similar method to create a non-reputable issued or
transferred value). There must be a method to determine the history of legitimate
transfer of value from one point to another with the understanding that the
circulation of the digital value does not require redemption at the issuer
within any time limit. The PED transfer and receive functions must detect
attacking agents and have the capability to evolve easily as attacking agents
mutate.
Manufacturers must design PEDs better to mitigate the vulnerabilities
of digital money. Certainly the use of biometrics to validate users has helped
the situation but the capability of PEDs to detect and prevent attacks remains abysmal.
PEDs must have situational knowledge when transferring digital currency and
that requires allowing only code registered with the payment application to execute
during vulnerable processing cycles.
As manufacturers, financial institutions, and others
involved in the payment services industry tighten their security posture the ease,
cost effectiveness, and ubiquity of digital currency tied to a value in an
account will increase to the point that payment cards and the infrastructure
that supports them will go the way of all things.
Next Blog: Digital
Currencies and Underground Economies
No comments:
Post a Comment