20 December 2014

Beyond TEDIPAY

Alexander Peschkoff - TEDIPAY

104Posts 389,712Views 488Comments

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

There is a stranger in your car

10 January 2014  |  2491 views  |  1

When you are on a crowded bus, you don't know who is standing next to you and what that person is up to. There are a lot of weird and obsessed people out there...

Now, imagine your own car - what would you feel if after a couple of hours on a motorway, driving at high speed, you turned around and saw a complete stranger in the backseat...

That's exactly where "software-only" solutions - such as HCE or app-based mobile payments - lead us to.

It was hard to miss the news re Target's security breach, including today's "update" of the damage to 70m cards. Although the (forensic) jury is still out, several credible sources suggest that the breach occurred on the terminal OS level. That is the same OS which was considered mega-safe and which was designed to allow access to/from the authorized parties only.

Why did the Target breach took everyone by (huge) surprise? It's all about zero-day attack - a "black swan" event that brings the proverbial 20/20 hindsight.

The industry keeps forgetting that any software is just that - a piece of code. Which can be manipulated and exploited with a malicious intent that would strike out of the blue.

How many "Target" situations do we need to live through to grasp the difference between secure and "almost safe"?.. The latter is like being "almost pregnant" - you either are or you aren't, there is no middle ground.

TagsSecurityMobile & online

Comments: (1)

A Finextra member | 13 January, 2014, 19:11

I agree 100% Alex. Payment industry players are too complacent in believing themselves and convincing others that their components and systems are very secure and then these things happen right under their noses. POS terminal is one classic example ... despite of the assurances it gets hacked inevitably

I firmly believe that the card Issuers should not trust POS devices nor even Acquirer systems ... thay must ensure that the cardholder data is ONLY KNOWN to their end systems along the payment rails (i.e. EMV or contactless compliant chip application of course and the Issuer Host). Nothing in between should be allowed to see the real PAN data, but the data that looks and feels like PAN, so that the Merchant and Acquirers systems still continue to function normally.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Alexander

How Barclays 'borrowed' my children's money

03 December 2014  |  1861 views  |  3  |  Recommends 0 TagsMobile & onlineRetail bankingGroupInnovation in Financial Services

To those who still don't get it...

09 September 2014  |  2479 views  |  0  |  Recommends 1 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Cash is king, but of which kingdom?..

09 June 2014  |  3026 views  |  2  |  Recommends 1 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Checking my crystal balls

02 June 2014  |  1712 views  |  1  |  Recommends 0 TagsPaymentsInnovationGroupInnovation in Financial Services

Apple's Siri - iPhone security hole

23 May 2014  |  3445 views  |  2  |  Recommends 0 TagsSecurityPaymentsGroupInnovation in Financial Services

Alexander's profile

job title CEO
location London
member since 2012
Summary profile See full profile »
I am the co-founder and CEO of TEDIPAY, the company that is bringing to the market a game-changing platform for secure mobile transactions.

Alexander's expertise

What Alexander reads
Alexander writes about

Who is commenting on Alexander's posts

Lu Zurawski
Chetan Ghadge
Paul Love
Richard Sanders
Brett King
S S
Matt Scott
Sian Bentley
Bjorn Soland
Bo Harald