International card organisation Europay is to deploy a system developed by Sonera SmartTrust for authenticating online payments via the SIM card in a mobile phone.
Europay says it will offer SmartTrust's WPKI technology (wireless public key infrastructure) to its member banks as an extension to the existing 3D-SET (Secure Electronic Transaction) payment solution. Under the agreement, mobile phones equipped with the SmartTrust SIM (subscriber identity module) will be able to sign Eurocard-MasterCard payment transactions conducted online.
In the SmartTrust model, when a remote transaction is performed by mobile phone, PC or other device, a SMS (short messaging service) message with the merchant's description of goods is sent to the cardholder's phone. If the transaction is legitimate, the cardholder validates the purchase by sending a digital signature confirming the transaction and enabling authentication by the issuing bank.
The WPKI technology is embedded within the mobile's SIM card. The two companies say a combination of WPKI and SET technology offers a global interoperable secured solution on open networks and accessible from multiple locations and Internet access devices.
"The anonymity of the Internet has made 'card-not-present' transactions a hurdle for both merchants and banks by not binding transactions to card-holders," explains Pekka Honkanen, senior vice president of Sonera SmartTrust.
Honkanen adds that the technology may also be used to enable financial institutions to offer secure mobile access to banking applications such as bill payment and money transfer services via the SIM card.