The new mobile authentication security technology adds two-factor authentication to the firm's Worklight tool. It works by making the user hold their contactless card next to their mobile phone after entering their pin number when making an online payment.
Using the NFC connection the phone scans the card and uses it to generate a one-time authentication code that is then sent to the server by the mobile device, ensuring none of the data is hijacked or altered mid-transit. As an added layer of protection, IBM said the service features end-to-end encryption between the smartcard and the server, ensuring that, even if hijacked, criminal groups will not be able to use the data.
IBM Research mobile security scientist, Diego Ortiz-Yepes said he expects the advanced encryption of the service to be a key selling point for businesses. "Our two-factor authentication technology, based on the Advanced Encryption Standard, provides a robust security solution with no learning curve," he said.
IBM's two factor authentication solution is currently compatible with Android 4.0 and higher and is based on IBM's Worklight mobile application platform.
The solution comes amid widespread reports that criminals are targeting the Android platform with banking Trojans. The trend began in 2012 when security firm McAfee reported uncovering the notorious FakeTrojan Android malware. The malware stole vast sums of money by mimicking the signing-on process for numerous banking apps.
IBM is one of many companies trying to secure control of the growing mobile payments market. Prior to IBM, Barclays added new ‘mobile checkout' and ‘buy it' features to its Pingit payment services, hoping to make it quicker and easier for businesses to monopolise the growing mobile payments market.
No comments:
Post a Comment