FYI: The Challenge of Turning Phones into Credit Cards - The Challenge of Security & Why the UK is Key.
Anish Mohammed
anish.mohammed at gmail.com
Fri Feb 25 14:38:48 GMT 2011
Hi Peter,
Doing a micropayment, I dont see much of a problem. I have to admit at this
point i was working as security expert for one such product from Ericsson a
decade ago. It didnt take off as it was too early ( or too much security :-)
)
regards
Anish
On Fri, Feb 25, 2011 at 2:26 PM, Peter Fairbrother <zenadsl6186 at zen.co.uk>wrote:
> Chris Salter wrote:
>
>> Hello UKCrypto,
>>
>> "The Challenge of Turning Phones into Credit Cards - The Challenge of
>> Security & Why the UK is Key".
>>
>>
>> http://www.trustedreviews.com/mobile-phones/review/2011/02/24/The-Challenge-of-Turning-Phones-into-Credit-Cards/p1?utm_source=newsletter&utm_campaign=clicks&utm_medium=daily_20110225_1277
>> or
>> http://preview.tinyurl.com/4w4wz46
>>
>
> It seems to be a very stupid implementation, and quite possibly a stupid
> idea as well - no-one seems to have worked out the security model so far, or
> even have worked out any working security model.
>
> That should have been done *first*.
>
> Is this micropayments, or major purchases? Is a PIN entered on the 'phone?
> Does the issuer put a tamperproof chip in the 'phone?
>
> I'm not surprised that the Kaspersky guy is keen, more business for him -
> but is he going to take responsibility. and more important accept liability,
> when things go wrong? As K. take zero liability for the effectiveness of
> their software at present, I kinda doubt it.
>
>
>
> However if Visa want to implement it, and take the risk, fine by me - as
> long as I don't have to bail them out (again), and as long as paying by card
> remains an option. This should be a legal requirement, like chip and
> signature cards vs chip and PIN cards.
>
> Come to think of it, it may be a legal requirement already, depending on
> the way the present law is interpreted - but that's not an area of law I'm
> familiar with.
>
>
>
> BTW I don't have a mobile 'phone, and I don't want one.
>
>
> -- Peter Fairbrother
>
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20110225/1993254d/attachment.htm>
More information about the ukcrypto
mailing list