ElectronicPayments
Latest
MasterCard announces PayPass User Interface SDK, lets devs roll their own NFC payment-enabled apps
MasterCard has been in the cashless payment game for quite a while, and now it's hoping to get more developers on the PayPass bandwagon with its freshly unveiled user interface software development kit. By leveraging the SDK, programmers will be able to bake the firm's NFC payment system, which is compatible with over 70 handsets, into their own Android or BlackBerry OS 7 apps. The kit is free to license and includes API code libraries, documentation, a developer guide, sample code, a white-label reference application and a testing suite. Once apps are created with the SDK, they'll have to go through MasterCard's approval process before they go live. Yearning to code PayPass-enabled smartphone software? Check out the press release below for more details.
Google Wallet gets prepaid security fix, but 'brute-force' issue still hangs in the air
Google says it's fixed a Wallet security flaw that potentially allowed a phone thief to spend a user's prepaid balance. The ability to provision new prepaid cards had been suspended pending the update, but has now been restored. Things aren't quite back to normal in the Big G's world of mobile money, however. Users still find themselves caught between two competing arguments over an entirely different vulnerability, which involves a 'brute-force' attack on rooted devices. Google insists that this isn't a major concern, so long as Wallet users refrain from rooting, and that the system still "offers advantages over the plastic cards and folded wallets in use today." On the other hand, the company that discovered this issue -- zvelo -- has come back at Google with an equally blunt response. It acknowledges that a handset must be rooted to be vulnerable, but crucially its researchers also say that a device doesn't have to be rooted before it's stolen. In other words, they allege that a savvy thief can potentially steal a phone and then root it themselves, and they won't be happy with Wallet until it requires longer PIN number. Whichever argument sways you, it's worth bearing in mind that there's no evidence that anyone has yet managed to exploit these weaknesses for criminal purposes.
Provisioning for prepaid Google Wallet cards on hold while PIN-related security hole gets fixed
Remember that Google Wallet exploit from a few days ago? The one that would allow 'brute-force' PIN attacks, but only on rooted Android devices? Well, another PIN-related security hole was discovered soon after, putting even non-rooted Androids at risk. As Android Central points out, should your phone make its way into the wrong hands, your Google Wallet PIN number could be reassigned, allowing access to the prepaid account attached to the phone itself -- yikes. As such, the folks at Mountain View have taken action, shuttering provisions to prepaid cards until it finds a permanent fix for the problem. Despite the troubles, Google is sticking by its original tune, stating that Google Wallet offers multiples levels of protection (when used on official builds of Android) that go beyond traditional plastic cards, including your phone's lock screen. There's no estimate on when things will be back to normal, but you'll find Google's assessments and assurances about this situation at the source link below.
MasterCard reveals roadmap for our electronic payment future: EMV in, magnetic strips out
It's been over fifteen years since MasterCard, Visa and Europay developed EMV technology to make your credit cards more secure, but it has yet to really catch on here in the US. However, MasterCard has created a master plan to help usher in the EMV era and sound the death knell for the magnetic strip. Why? The EMV infrastructure is far more fraud-resistant because each transaction is authenticated dynamically using cryptographic algorithms and a user-specific PIN. That's why MasterCard plans to help build out the EMV POS infrastructure by April of next year and have its secure e-payment system functioning at ATMs, online and with its myriad mobile payment options as well. For now, the nuts and bolts of how the credit card firm plans to bring its plan to fruition are few, but more details will be forthcoming, and there's a bit more info at the source and PR below.
