Securing mPOS smartphone apps with Trustonic
Payment innovator Alcinéo has chosen Trustonic Application Protection (TAP) to protect its mobile point of sale (mPOS) apps. This will enable banks around the world to offer Alcinéo’s mPOS solutions to their business clients, providing them with the ability to accept payments on mobile devices safe in the knowledge that their customers’ data and payment credentials are protected to the highest level.
Accepting contactless payments on a smartphone app is highly beneficial for small businesses such as independent retailers and tradespeople, as it enables them to get paid quickly and easily without requiring investment in costly mPOS hardware. Larger merchants are also using mPOS apps on the shop floor to reduce queuing time and provide a more personal service. With these benefits driving rapid adoption, Juniper Research forecasts that mPOS transactions will represent 24% of all POS transactions by 2023.
Arnaud Corria, CEO, Alcinéo, commented: “As demand for and use of smartphones as card acceptance readers continues to grow, simple security is crucial to protect transaction data from malicious attacks. Integrating TAP enables us to provide an mPOS solution that processes payments with the same level of security as a contactless-capable POS – all on a smartphone. No annoying hardware tokens; same security.”
Alcinéo’s integration of Trustonic’s technology is based on the TAP SDK, which enables Alcinéo to embed MCL (Mastercard) and PayWave (Visa) microkernelsinto the device’s Trusted Execution Environment (TEE) - an area isolated from the device’s normal operating system. This protects apps, data and IP from software vulnerabilities in devices’ rich operating systems, which could be exploited by hackers or malware looking to steal sensitive data. The PCI-compliant Alcinéo mPOS solution also uses Trustonic technology to secure the information displayed and entered on-screen, with a feature called Trusted User Interface (TUI).
This protects the confidentiality and integrity of the information exchanged, such as PIN entry or sensitive customer information presented on screen, by using the hardware isolation built into most modern smartphones.
Dan Rawlings, Chief Commercial Officer, Trustonic, added: “This is an exciting jump forward for the payment acceptance industry. Using TAP to build strong security into the app and employing the TEE to store payment credentials on-device, rather than an embedded Secure Element (eSE), enhances security, delivers a frictionless user experience and enables companies like Alcinéo to bring the best payment solutions to market without complex agreements with device manufacturers and mobile carriers. Our TAP SDK reduces time to market and development cost and we look forward to announcing further TAP-based mPOS trials in the coming months.”