Presentation on theme: "European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014."— Presentation transcript:
European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014 A. BORSCHETTE CENTRE, Brussels
Content What is mobile payment? How big are cyber security risks? What is the European Commission doing about it?
What is mobile payment? Some examples 1. Contactless m-payment with NFC mobile 2. PayPal / Pre-paid card wireless payment 3. M-payments & ATM transactions using QR 4. M-payments using electronic currencies 5. M-payments using Near Sound Data Transfer and other technologies
m-payment with NFC mobile Options: Mobile + NFC card -Security equal to security of another NFC credit/debit card Mobile + secure SIM -Security higher than the security of another NFC credit/debit card Mobile + secure element in the cloud/software -Android 4.4 (kitkat) can drive the NFC hardware on your mobile phone -Security data not yet available but probably lower than NFC card Blog.tesco.com
PayPal / Pre-paid card payment Similar to PayPal (1) from a web browser. Difference is 2 factor identification based on phone number and pin code. No secure element. Trusted Service Manager is PayPal that ensures link between credentials of mobile phone holder and linked credit/debit accounts. (1)PayPal used as one example. Description not complete (2) Googles brilliant plan to get millions to adopt its e- money system: Gmail www.qz.com March 27, 2014www.qz.com Google e-money
M-payments & ATM using QR codes (1) Text emulation Fake payment requests? Security measures? (2) Real mobile QR payments
M-payments with e-currencies Issues: Legal base Trusted service manager? (the network?) (Security?)
M-payment with NSDT & and …. Characteristics: Side channel attacks? Interoperability?
How big are cyber security risks? Security Concern reason for 69% of non-users. Share of m-banking consumers that are unbanked is 11% (1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014 Size of the market? (1) Usage of different means of accessing banking services
How big are cyber security risks? (1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014 Age profile (1) Use of mobile banking in the past 12 months by age (%)
How secure? (1) Survey results How big are cyber security risks? (1) Consumers and Mobile Financial Services 2014, Board of Governors of the Federal Reserve, March 2014
What does the EU Commission? Data Protection directive/legislation In place since 1995: Directive EC 95/46 New legislation under discussion with Parliament to revise the directive into a refreshed legislation Network Information Security directive (NIS) Initiative presented by EU commission Directive under discussion in Parliament The Cyber Security Strategy Complements the NIS directive Links to H2020
Capabilities: Common NIS requirements at national level NIS strategy and cooperation plan NIS competent authority Computer Emergency Response Team (CERT) Proposal for a Directive on NIS Key elements (1/3) What does the EU Commission?
Cooperation: NIS competent authorities to cooperate within a network at EU level Early warnings and coordinated response Capacity building NIS exercises at EU level ENISA to assist Proposal for a Directive on NIS Key elements (2/3) What does the EU Commission?
Risk management and incident reporting for: Energy – electricity, gas and oil Credit institutions and stock exchanges Transport – air, maritime, rail Healthcare Internet enablers Public administrations Proposal for a Directive on NIS Key elements (3/3) What does the EU Commission?