Stephen Wilson

Join the Community

23,157

Expert opinions

43,769

Total members

351

New members (last 30 days)

171

New opinions (last 30 days)

29,034

Total comments

Join Sign in

Managing Director

Lockstep Consulting

Member since

24 Apr 2008

Location

Sydney

Bio

I specialise in data protection, digital identity, privacy engineering, smart technologies and fraud prevention. I run Lockstep Consulting, which provides independent analysis & advice in privacy and identity security, and researches innovative solutions to secure data sharing, verifiable credentials, Card Not Present fraud and identity theft.

See ht

Experience

Managing Director

Lockstep Consulting

To Present

Show all experience

Latest opinions

Now is not the time to go soft

Online computing represents probably the first new platform in thirty years. Not since the PC have we seen a whole new hardware-software-solution-product environment emerge. It's understandable that there's a mad land grab for app-driven market share. But you'd think that the rush to market would be moderated by a realisation that we ought to b...

03 August 2012

How much worse can CNP fraud get?

The Australian Payments Clearing Association (APCA) releases card fraud statistics every six months for the preceding 12m period. For the first time in many years, Australian card fraud has grown in all categories. The ratio of Card Not Present fraud to all fraud remained steady at just under three quarters. An up-turn in skimming and counter

17 July 2012

Credit card numbers are like nitroglycerine

It's terrific that merchants are increasingly pushing back on PCI-DSS. It really is high time we shifted the emphasis from ad hoc stop gap compromise measures, onto tackling the real problem: the replayability of account data. Credit card numbers are a bit like nitroglycerine: handle them with great care or they'll blow up! The slightest slip-up,...

13 January 2012

See all 34 opinions by Stephen

Latest comments

Apple offers to open up NFC payments access to settle EU antitrust probe

Mny thnks Karl. I overlooked the "host" part.

Geez, I am rusty on Host Card Emulation but yes, now I remember. That takes us back to the first digital wallet wars when Google was forced into HCE because the handset vendors wouldn't allow access to the NFC chips.

Do we really want to do all this again?

I know that granting access to the NFC chips is hard. So it should be! But the effort needs to be weighed against the reward of proper hardware security, which HCE cannot provide.

Or can it?

23 Jan 2024 21:47 Read comment

Apple offers to open up NFC payments access to settle EU antitrust probe

The article states:

"Apple would create the necessary APIs to allow equivalent access to the NFC components in the Host Card Emulation mode, a technology issued to securely store payment credentials and complete transactions, without relying on an in-device secure element."

I want to query the part about 'not relying on an in-device secure element'.

As I understand Host Card Emulation, it does use a secure element, just not the same one as in the EMV smartcard. That is, the protocol will use Apple's iPhone enclave.

For a bank and a handset vendor to agree to use an NFC chip set to emulate an EMV card, thebank must satisfy itself that the NFC chips are more or less equivalent to EMV chips as "secure elements".

It will bethesame logic when a handset's NFC chip set isused to hold an (emulated) eID, e-passport or mDL.

If I am correct, then the article might be misleading for it implies that the Apple NFC offering would foresake a secure element.

Steve Wilson, Lockstep Consulting.

23 Jan 2024 06:26 Read comment

Apple to turn iPhone into a payment terminal

Can people please identity themselves? It's hard to thread conersatyions when it's "a finextra member". At least sign off your comments using some handle please.

31 Jan 2022 16:03 Read comment

See all 182 comments by Stephen