What's New in Payments

White paper sets out how Trusted Execution Environments can be used to secure mobile payments, loyalty, credentials and more

Covershot — Trusted Execution Environment (TEE) 101: A Primer

A new white paper that looks in-depth at Trusted Execution Environment (TEE) technology, the architecture and principles underpinning its operation and how it can be used to secure a variety of mobile wallet and IoT applications is now available to download free of charge from the NFC World Knowledge Centre... More


Cybersecurity firm demos mask that can unlock an iPhone X

This $150 mask beat Face ID on the iPhone X — The Verge — “Vietnamese cybersecurity firm Bkav claims it’s been able to bypass the iPhone X’s Face ID feature using a mask… The firm does stress that the product is just a proof of concept at the moment and more research is needed… ‘Exploitation is difficult for normal users, but simple for professional ones,’ Bkav said.”


What's New in Payments

EMVCo releases online and in-app transaction security framework

EMVCo launches EMV secure remote commerce technical framework — EMVCo — “EMV SRC will address the complexities and potential vulnerabilities within the remote payments environment by defining a consistent approach to enable the secure transmission and interaction of payment card data among participants. This helps reduce exposure to data compromise and simplify merchant support of these solutions.”


US government to explore new national ID concepts

The White House and Equifax agree: Social security numbers should go — Bloomberg — “The Trump administration is exploring ways to replace the use of Social Security numbers as the main method of assuring people’s identities in the wake of consumer credit agency Equifax Inc’s massive data breach. The administration has called on federal departments and agencies to look into the vulnerabilities of employing the identifier tied to retirement benefits, as well as how to replace the existing system.”


Researchers demo voice assistant security flaw

A simple design flaw makes it astoundingly easy to hack Siri and Alexa — Co.Design — “Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear.”