Open Access Open Access  Restricted Access Subscription Access

Analysis of Applicability of ISO 9564 Pin Based Authentication to Closed-Loop Mobile Payment Systems


Affiliations
1 Tata Institute of Fundamental Research (TIFR), Mumbai, India
2 Tata Consultancy Services (TCS), Mumbai, India
 

Payment transactions initiated through a mobile device are growing and security concerns must be addressed. People coming from payment card industry often talk passionately about porting ISO 9564 PIN standard based authentication in open-loop card payment to closed-loop mobile financial transactions and certification of closed-loop payment product or solution against this standard. In reality, so far this standard has not been adopted in closed-loop mobile payment authentication and applicability of this ISO standard must be studied carefully before adoption. The authors do a critical analysis of the applicability of this ISO specification and make categorical statement about relevance of compliance to closed-loop mobile payment. Security requirements for authentication in closed-loop mobile payment systems are not standardised through ISO 9564 standard, Common Criteria [3], etc. Since closed-loop mobile payment is a relatively new field, the authors make a case for Common Criteria Recognition Agreement (CCRA) or other standards organization to push for publication of a mobile device-agnostic Protection Profile or standard for it, incorporating the suggested authentication approaches.

Keywords

ISO 9564 PIN Based Authentication, Card-Present and Card-Not-Present Transactions, Open-Loop and Closed-Loop Payments, Mobile Payment, Stored-Value-Account, Common Criteria Protection Profile, Device Fingerprinting, m-PIN (Mobile PIN), One Time Password (OTP), Android Application component called Service, Backend Service.
User
Notifications
Font Size

Abstract Views: 158

PDF Views: 5




  • Analysis of Applicability of ISO 9564 Pin Based Authentication to Closed-Loop Mobile Payment Systems

Abstract Views: 158  |  PDF Views: 5

Authors

Amal Saha
Tata Institute of Fundamental Research (TIFR), Mumbai, India
Sugata Sanyal
Tata Consultancy Services (TCS), Mumbai, India

Abstract


Payment transactions initiated through a mobile device are growing and security concerns must be addressed. People coming from payment card industry often talk passionately about porting ISO 9564 PIN standard based authentication in open-loop card payment to closed-loop mobile financial transactions and certification of closed-loop payment product or solution against this standard. In reality, so far this standard has not been adopted in closed-loop mobile payment authentication and applicability of this ISO standard must be studied carefully before adoption. The authors do a critical analysis of the applicability of this ISO specification and make categorical statement about relevance of compliance to closed-loop mobile payment. Security requirements for authentication in closed-loop mobile payment systems are not standardised through ISO 9564 standard, Common Criteria [3], etc. Since closed-loop mobile payment is a relatively new field, the authors make a case for Common Criteria Recognition Agreement (CCRA) or other standards organization to push for publication of a mobile device-agnostic Protection Profile or standard for it, incorporating the suggested authentication approaches.

Keywords


ISO 9564 PIN Based Authentication, Card-Present and Card-Not-Present Transactions, Open-Loop and Closed-Loop Payments, Mobile Payment, Stored-Value-Account, Common Criteria Protection Profile, Device Fingerprinting, m-PIN (Mobile PIN), One Time Password (OTP), Android Application component called Service, Backend Service.