Banking security measures can tackle terrorism and terrorist financing
possible, enabling stand-off identification of an individual. As the transportation sector is both one of the early adopters of this technology and one of the key parts of the homeland security infrastructure, it would appear logical to marry together the ease of use requirement of the former with the intelligence gathering, and threat assessment, of the latter.
Future developments are likely to make this even more appealing. As the current cards cannot be “locked” to stop them carrying out transactions as well as just leaking information, it is likely that the next generation will be adapted to allow this opportunity. This is likely because the banks get hit for large losses (£9 is a small sum, but £9 a million times is a large loss) and consumers will get fed up of having to report £9 frauds. Demand will grow for a solution, although one already exists that has a great deal of potential for homeland security purposes.
Mobile phones — the common denominator
A trial has started in London combining the Oyster public transport system, Barclaycard (a major U.K. credit card), Visa, and Nokia to combine the whole contactless payment solution through the mobile phone. The mobile phone has a huge potential in this regard as it is almost universally carried, has the capacity to store information (as it is merely a highly portable remotely connected computer), and has the ability to be “locked” to prevent inadvertent dialling, but also “inadvertent” transactions. The mobile phone, acting as a computer, also has the ability to manage different “identities” for pseudonymity, enabling consumers to select from, say, a Barclaycard Visa, Citibank Mastercard, or e-wallet for payment. Or it could just verify that you belong to that particular library, or have a valid driving license.
The potential uses are incredible, but so are the security features that are already built in. The phone itself uses encryption, and is uniquely identifiable, but it also has the potential to act as a PIN entry device to validate transactions, an area in which here one of our proposed solutions, securePay, fits in.
Chip and PIN was adopted by the U.K. banks at a cost of £1.4 billion ($2.7 billion) to tackle card fraud that was looking to top £500 million ($1 billion) in 2004 alone. Where Chip and PIN is available it has had a dramatic effect in cutting card fraud, reducing it by over 60 percent. Where Chip and PIN is not available, such as in “Card not present” transactions (for example, online), fraud has risen just as dramatically by 74 percent as fraudsters switch their tactics. Over the period in question (2003-6) overall fraud has risen by 1.8 percent despite the multi-billion dollar investment in Chip and PIN, which is a major disincentive for other nations to adopt such a system ($20 billion for the United States using a simple multiplier from the U.K. costs).
Therefore, to enable Chip and PIN to be inserted into a virtual environment, we propose using the mobile phone as the PIN entry device where one does not otherwise exist, sending a message to the phone to ask the consumer to validate a transaction by entering their PIN.
Conclusion
The mobile can thus be part of the banks’ security to prevent terrorist financing through fraud, but it can also be a direct tool in the pursuit of homeland security. After the terrorist attacks on Glasgow airport some of the suspects were tracked down using their mobile phone co-ordinates. With contactless systems coming on board for payment purposes it will now be possible to piggy back on this technology for active stand off screening at transport hubs, or any other environment in which an active scanner were to be installed to monitor crowds.
Andrew is principal consultant at Telsecure, a consultant in secure financial payment systems and cyber security, [email protected]