mobile wallet security
TRANSCRIPT
![Page 1: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/1.jpg)
NULL BANGALORESURAJ PRATAP
Mobile Wallet Security
![Page 2: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/2.jpg)
Agenda
Mobile Wallet intro Statistics Basic feature Build with security Possible security issue
![Page 3: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/3.jpg)
About me
Suraj Pratap. Work as information security
Analyst Bounty hunter ,Got lucky with Google, Microsoft, PayPal, Yahoo etc.
![Page 4: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/4.jpg)
Some Statistics
India has 375 million Internet users in October 2015.
IN share world population 17.50% IN shares of world internet user 6.63 % Online e-commerce users 3.8 % Mobile wallet user 0.57
![Page 5: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/5.jpg)
Statics
Wallet user Age group percentage
18-29 3730-44 3645-59 1760-abv 10
![Page 6: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/6.jpg)
Brands
Paytm Freecharge Mobikwik Airtel money Google pay Apple pay Vodafone M-pesa Chillr Oxigen Wallet Citrus Pay PayUMoney
![Page 7: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/7.jpg)
Mobile wallet
Mobile Application: Financial Tool. Designed to free users from traditional wallet. Replace ATM’s and credit cards Faster Merchant benefits:
Brands to offer a wider variety of payment Easy-to-use payment interface development
Bank and financial institution benefits to offer a consistent payment interface to consumer and merchants
![Page 8: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/8.jpg)
Why mobile wallet
Reference : NTTDATA
![Page 9: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/9.jpg)
Key features
Bill payment services M-brokerage services Mobile money transfers Mobile micro-payments Money spend analyser et
![Page 10: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/10.jpg)
But Wait
![Page 12: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/12.jpg)
InBuild Protection
Client Side Data encryption at client side- most of them Browser sand-boxing - only 3 Encryption and Hashing used AES256/
SHA2 : most of them . please don't ask key ;-) Propriety protocols
![Page 13: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/13.jpg)
InBuild Protection
Server Side Cloud base Platform (Excepts banks wallet) VPC - virtual private cloud PCI certified : Trust Fraud detection team Data encrypted : yes they all claim
![Page 14: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/14.jpg)
InBuild Protection
In Middle Most of them are on TLS 1.1 and 1.2 only SSL Pinning not implemented by all Encrypt data inside SSL : Yes people
implemented MITM : Yes its possible.
![Page 15: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/15.jpg)
Main Security Concerns
If someone steals my phone, they have access to all my information
I will not be able to pay for purchase if my phone lost / stolen
Someone might be able to steal my info when it is sent wirelessly
My "mobile wallet" provider will share my info with other companies
Too much personal spending info in one place on Smartphone
![Page 16: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/16.jpg)
How to address them
Wipe it remotely. Sophisticated, high-tech security Replace immediately Two way authentication Install app from trusted location Review contract terms and conditions
![Page 17: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/17.jpg)
How to address them
Trust :-) / :-( Cloud
![Page 18: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/18.jpg)
Who got Bug
Paytm Freecharge Oxigen Wallet Citrus Pay Mobikwik Airtel money Google pay
![Page 19: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/19.jpg)
who got affected
Users : Only 2 cases which i found Service providers : All of them
![Page 20: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/20.jpg)
By business logic flaws
![Page 21: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/21.jpg)
Conclusion
Should we adopt it / don't
![Page 22: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/22.jpg)
wallet security
Just “lock" it
![Page 23: Mobile Wallet security](https://reader035.vdocument.in/reader035/viewer/2022081513/5889422a1a28abde5a8b4a3d/html5/thumbnails/23.jpg)
Questions