Following announcement of the launch of Apple Pay in the UK, please find below a comment from Winston Bond, European Technical Manager at Arxan Technologies, who weighs out the security of mobile payment platforms such as Apple Pay and Android Pay.
Winston Bond, Technical Director at Arxan Technologies :
“The launch of Apple Pay in the UK is another node in the already expanding world of mobile payments. However, this launch does trigger a debate over ‘software vs hardware-based security.’ A hardware-based approach, as found with Apple Pay, although it is seen as restrictive and could offer little incentive to merchants due to the proprietary nature of Apple, it has for a long time been viewed as stronger in terms of security. However, the software-based, Host Card Emulation (HCE) approach found in Android Pay is close on its heels. We have seen advancements with the HCE approach come a long way in recent times, as it achieves a similar level of security protection as hardware-based, and offers additional advantages of speed and agility.
In fact, with Android platform global adoption at least 4 times greater than iOS, the probability of success in defining a mobile payment ecosystem with mass adoption and greater longevity resides in the software-based approach’s favour – as long as certain security precautions, such as tamper-proofing software and white-box cryptography found with HCE, are taken.
Whichever route the consumers and retailers take, the need for the delivery of a robust level of protection for mobile payment technology is critical and is not one to be bypassed in favour of speed of deployment of an app and new functionality.”[su_box title=”Winston Bond, European Technical Manager, Arxan Technologies” style=”noise” box_color=”#336588″]Arxan provides the world’s strongest application protection solutions. Our unique patented guarding technology 1) Defends applications against attacks, 2) Detects at run-time when an attack is being attempted, and 3) Responds to detected attacks to stop them, alert, or repair. Arxan offers solutions for software running on mobile devices, desktops, servers, and embedded platforms — including those connected as part of the Internet of Things (IoT) — and is currently protecting applications running on more than 300 million devices across a range of industries, including: financial services, high tech/independent software vendors (ISVs), manufacturing, healthcare, digital media, gaming, and others. The company’s headquarters and engineering operations are based in the United States with global offices in EMEA and APAC.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.