Protectoria announced today a technological break-through for payment transaction security. The technology enables PSD2 (Payment Services Directive II) security compliance for payments for a single smartphone without any other pre-requisites other than an Internet connection and a security enhanced payment app. The security solution -The Protectoria Secure Mobile Platform- has been analysed and independently verified by a German security certification bureau, SRC.
The Protectoria Secure Mobile Platform is based on patent pending security mechanisms which create a unique software based Trusted Execution Environment (TEE) for the payment application. The TEE is a personalized, unpredictable and dynamically secure running environment within the phone’s application layer. The secure design assumes that the operating system is controlled by malware at all times, but still efficiently protects transactions from manipulation. One specific finding of the evaluation was that the dynamic loading of code blocks and the code obfuscation mechanism provide a reasonable amount of complexity to the system, which makes it extremely hard to analyse the code and manipulate transactions, even if the smartphone device is infected with malware. (“Whitepaper – How it works”)
CEO of Protectoria, Trond Lemberg, says: “This is a huge step forward for payment security on a single smartphone device. The TEE has a systematically proactive capability of mitigating all types of attack methodologies against payments, as published by the well-reputed organizations OWASP and MITRE. PSPs (Payment Services Providers) can with this achievement consider security as an enabler for their mobile based businesses, no longer something that limits the user experience or the scale of business. “
Such mobile payment limitations are often manifested by limited transaction size, accepting only recipients on a whitelist, or by implementing additional checkout procedures and reactive anti-fraud measures that introduces extra costs, increases time of delivery and frictions with users.
Figuratively spoken, the cyber-criminals’ weapons are turned against themselves by minimizing the attack surfaces and limiting the amount of time available, making it practically impossible to launch attacks on secured transactions. In addition to the systemic risks in modern smartphone platforms, the introduction of the PSD2 shifts the economic risk originating from financial fraud to the PSPs. This leaves only a few options for financial service providers:
Either limit the services which can be offered on single devices or accept technological lock-ins from hardware manufacturers or protect against the cyber-criminals with active protection measures, completely under the PSPs own control. While the two first options exactly are in the opposite direction of the PSD2 objectives, the latter one -the Protectoria Secure Mobile Platform – avoids all such business limitations.