Technology: Security

How does a Mobile Transaction Terminal (MTT) ensure end-to-end security ?

WAY Systems has developed the Secure Mobile Application Platform (SMAP) as an end-to-end infrastructure for secure mobile application development, deployment, and maintenance. This consists of hardware, software, and messaging elements as well as a networking infrastructure and an additional level of security and message integrity to manage wireless security, latency, and network connectivity issues.

The foundation of the security of SMAP is to provide each mobile device and server with a unique identity utilizing Public Key Infrastructure (PKI). Each MTT is assigned a unique identification code during the manufacturing process. When an MTT is provided to a merchant, each MTT contains a SAM with a Private/Public Key Pair, which is then digitally signed by a Certificate Authority. The combination of the MTT ID and the signed Public Key is then registered to a specific merchant and stored with the Mobile Transaction Server, establishing a network with mutually authenticated nodes. Additionally, a cryptographic processor contained within the SAM utilizes RSA, DES, and 3DES to encrypt and decrypt all transaction data.

Is the cardholder safe from skimming?

Yes. The MTT encrypts the card data as soon as it is read or swiped so the merchant will never have access to the card data. The card data is also encrypted before it is sent from the mobile phone over the GSM network.