FYI: The Challenge of Turning Phones into Credit Cards - TheChallenge of Security & Why the UK is Key.

bakeryworms at gmail.com bakeryworms at gmail.com
Sat Feb 26 12:24:06 GMT 2011 

Sent from my BlackBerry® wireless device

-----Original Message-----
From: Nicholas Bohm <nbohm at ernest.net>
Sender: ukcrypto-bounces at chiark.greenend.org.uk
Date: Fri, 25 Feb 2011 17:04:57 
To: UK Cryptography Policy Discussion Group<ukcrypto at chiark.greenend.org.uk>
Reply-To: nbohm at ernest.net, UK Cryptography Policy Discussion Group
	<ukcrypto at chiark.greenend.org.uk>
Subject: Re: FYI: The Challenge of Turning Phones into Credit Cards - The
	Challenge of Security & Why the UK is Key.

On 25/02/2011 16:39, Peter Tomlinson wrote:
> The transaction model described appears to be very similar to the
> contactless payment method using debit/credit cards that is being
> rolled out here now - and a dual PR push for contactless debit/credit
> for public transport in London, featuring Transport For London and a
> head Mastercard honcho, happened this week [1]. The extra gained by
> using the mobile phone is the bonus for the user: a receipt stored in
> the phone.
>
> There is indeed a great deal of work going into transaction security
> for this architecture, and of course there are several architectures
> available for the phone and Simcard and microSD card (maybe with
> Bluetooth as well). This one will run and run - and a number of
> security people are tearing their hair out as they try to work through
> the matrix of not just secure element architectures but also of the
> multiplicity of phone operating systems.
>
> Its a consumer product; money has to be made by transferring money and
> by executing the real transactions (buying things and services [2]);
> there will be some casualties, but a great number of people will like it.

No doubt; but some may like it less if the risk of fraud is left in
their laps, so the liability model will be of equal interest to the
security model.  As to the liability model, transparency will in due
course reign, since Ts&Cs will necessarily be public in order to have
effect.  As to the security model, who knows?

Nicholas
-- 
Contact and PGP key here <http://www.ernest.net/contact/index.htm>

More information about the ukcrypto mailing list