- ROB BROWN
Some would say cloud-based mobile payments have shouldered the responsibility of being ‘the future of payments’ for several years now, but we’re yet to live in a world where the wave of a phone buys the morning paper and coffee.
Initially, the market naturally shifted from a classical brick and mortar card payment to a mobile Secure Element (SE)based payment (Smart Card or UICC, embedded SE, µSD Card…). Indeed, it seemed very logical to provide a similar level of security for hosting banks and users credential in a discrete, tamper-proof piece of hardware.
As a clear example, many business opportunities were foreseen through NFC payment, uniting the real and virtual world for a better user experience. However, the potential of NFC payment have fragmented the market, where stakeholders want too big a share of the pie.
While current smartphones and mobile network infrastructure is technically ready to make some forms of payment happen, a few barriers have cropped up preventing cloud-based payment from really hitting the mainstream – such as consumers and service providers’ concerns about security.
To see mass adoption of cloud-based payments, mobile solutions need to raise the bar of security, as software-based protection is no longer effective.. The Trusted Execution Environment (TEE) seems the best candidate to replace the missing link of the security chain in mobile solutions.
This kind of trusted technology is pre-embedded into mobile devices, without requiring any extra hardware token. It provides a hardware-based isolated environment for sensitive applications and offers unique capabilities such as the Trusted user Interface, which enables safe credential entry or sensitive information display. Adding secure mass storage capabilities for cryptographic materials and any kind of data, the TEE can enable end-to-end security with remote servers, and ensure authenticity of transactions.
Put simply, the TEE is the one major change that is currently being rolled out and will be the key to unlocking cloud-based payments for everyone in the short term.
Nevertheless, SE-based payments may not have said their last word. TEE could still strengthen the security of such payment modes, for example, by securely capturing a PIN code and transmitting it safely to the application in the SE for validation.