Saturday, June 9, 2012

Hacked to "Death" or Key Fob Protected?

It’s the nightmare scenario: A hacker who is able to remotely access your pacemaker — and shut it off.
Pacemakers are programmed via wireless connections with a computer. That reliance on wireless signals, however, leaves pacemakers vulnerable to attack by hackers, who could drain the device battery and turn off therapies.

Dangers of M-commerce

You can keep all your sensitive data stored on our key fob
and access it by plugging it into your smart phone
But there’s a danger for any health care–related m-commerce: In Ponemon’s 2011 study, data breaches were shown to have increased 32 percent from 2010, with 96 percent of health care providers admitting to having experienced at least one data breach in the past two years. Unfortunately, the increase in breaches hasn’t led to more or better precautions. In fact, 49 percent of respondents said their organizations do nothing to protect mobile devices. Even the simple act of misplacing a mobile device can be reason for serious worry.
“Two million smart phones are lost every year,” Golden said in her symposium presentation. “If the health care provider's phone is lost, think of all the information that can be on it.” Patient information, such as Social Security numbers, addresses, and dates of birth, can enable thieves to fraudulently obtain medical care or to create fake insurance claims to collect the proceeds.
With a biometric scanner and encrypted PIN Pad, only you can access vital information
Wireless transmissions can also be intercepted. Golden notes that in general, since the networks mobile devices use for transmission are less secure, information can become more susceptible to hackers or renegade health care employees. Even when security tools are enabled for mobile devices, they don’t guarantee protection.
“Even encrypted [information] can be unencrypted by people who know what they're doing,” Golden said. 
On the more extreme end of the spectrum, medical devices that use wireless signals could put patients’ lives at risk. For example, Golden and graduate student Ilya Dayter point to research during 2008 in which two independent groups showed how a defibrillator can be attacked wirelessly. Within inches of the device, a combination heart defibrillator and pacemaker, researchers were able to reprogram it to shut down and deliver potentially fatal jolts of electricity, according to the New York Times.
What’s more, in Las Vegas at the 2011 Black Hat Technical Security Conference, an information security event for industry professionals, then-senior threat intelligence analyst (and diabetic) Jerome Radcliffe showed how it was possible to take control of his insulin pump, which uses a special remote to administer his insulin, through an easily obtained USB device coupled with his ability to eavesdrop on computer traffic.
“He didn’t obviously show the total damage because he would kill himself, but he showed how easy it was to hack into one of the devices,” Dayter said in an interview following the health care symposium.
Dayter says that because implantable medical devices are so small, it is difficult to add additional security features to prevent such hackings. That said, there are no confirmed cases of patients being hacked to death — so far.

Follow ePayment News at

Google Wallet's Future On Sprint (And Everywhere) In Trouble

Ericsson and Aconite collaborate on mobile contactless payments ...
Image representing Google Alerts as depicted i...
Image via CrunchBase
Ericsson this week announced a partnership with Aconite to provide secure delivery and remote management of applications for consumers' NFC-enabled mobile phones. A.
ATM Marketplace News
Google Wallet's Future On Sprint (And Everywhere) In Trouble ...
By Stephen Schenck
If you've ever wondered why mobile payments have yet to catch on in a big way, and why your NFC-supporting Android doesn't give you easy access to Google Wallet: blame the carriers. From the outset, they've wormed their way into mobile ...
Apple working on virtual pocket iOS app: Organize
By Christian Zibreg
The teen blogging phenom goes on to speculate that "this application will eventually tie into the rumored Apple wallet/NFC service at some point in the future". He could be on to something here, ... Because Apple has been deploying Bluetooth 4.0 equipped devices since mid-2011, all Apple really needs to do to suddenly become a mobile payment company is go on stage at WWDC next month, officially announced iOS 6 and then say:"BAM! iWallet! It's here… and your iPhone 4S is ...

Sprint Plans Launch of NFC Wallet...Isis Isn't in their Plans

Sprint Plans to Launch NFC Mobile Wallet as U.S. Wallet War ...
In what is believed the first use of Samsung's new flagship smartphone the Galaxy S III for NFC mobile payment consumers in New Zealand can tap the Android ...

Sprint Plans to Launch NFC Mobile Wallet as U.S. Wallet War Continues to Heat Up

No. 3 U.S. mobile carrier Sprint is planning to launch its own NFC mobile wallet as early as this summer, NFC Times has learned, as the mobile wallet war in the United States continues to heat up.
Sprint’s wallet plans represent another blow to Google, whose own wallet has been distributed by Sprint, which remains Google’s lone wallet partner among mobile operators.
Sources told NFC Times that Sprint sees advantages in rolling out its own wallet, which according to the sources is named “Touch.” With a wallet, Sprint could build relationships with banks and other service providers. With the Google Wallet, Sprint has virtually no involvement with service providers.

Google reportedly working on Wallet 2.0

Google reportedly working on Wallet 2.0
While the thought and idea behind Google Wallet is an excellent one, most carriers want nothing to do with Google's mobile payment solution. With only one US carrier launching a device with Google Wallet pre-installed, the rest are seeking other ...
See all stories on this topic »


iPhone 5 rumors: NFC to be included in next iPhone
But first, the site notes, in order to be put into practice, NFC has to be adopted by the shops and retail stores where such transactions are possible. Now mobile manufacturers, such as Noka, are building their phones with NFC included.
See all stories on this topic »

Sprint "Touch" NFC Payment System to be Released in Summer?

Google Wallet: Sprint 'Touch' may replace Google Wallet payment - BGR
Image representing Sprint Nextel as depicted i...
Image via CrunchBase
By Dan Graziano
The platform was rejected by AT&T, T-Mobile and Verizon, all of which opted to support the ISIS payment system instead, and has lived a quiet life on a small number of Sprint smartphones. This may not be the case in the near future, however. The nation's third largest carrier is reportedly planning to launch its own NFC mobile wallet solution as soon as this summer, according to NFC Times. The service, called Touch, will allow Sprint to build relationships with banks and other service ...

BGR: The Three Biggest Letters In Tech
Google allegedly working on Wallet 2.0, but Sprint wants its own ...
Despite being the only carrier to pre-load Google Wallet on its devices, Sprint is purportedly looking at offering its own mobile payment system. Sources have told NFC Times that Sprint is currently working with banks and service providers to ...
Android Headlines
Is the ICache Geode the catalyst to a new era of mobile payments?
By Rebecca Basi
In addition, with rumors of Apple bringing NFC to the iPhone, this product might become all together obsolete. All in all, it's great to see some headway with mobile payments and I'm on the edge of my seat waiting to see how the iCache Geode ...
Plastic. The Mobile Agency

Google allegedly working on Wallet 2.0, but Sprint wants its own mobile ecosystem

News9 new results for "Mobile Payment"
SCVNGR raises $12M to expand LevelUp mobile payment app
Logo in use from 1987 until 2005.
Logo in use from 1987 until 2005. (Photo credit: Wikipedia)
SCVNGR, the startup behind the fast-growing LevelUp mobile payment application, has raised $12 million in new funding from existing investors Highland Capital Partners, Google (NASDAQ:GOOG) Ventures and Balderton Capital as well as new investors ...

See all stories on this topic »
Mobile payment feature now available with latest QuickBooks release
QR Code Press
The latest version of QuickBooks Point of Sale Pro 2013 New User w/ HW , is now giving small business retailers the opportunity to get into the mobile payments world both within their brick and mortar locations and outside their shop walls, ...
See all stories on this topic »

QR Code Press
Google allegedly working on Wallet 2.0, but Sprint wants its own mobile ...
The Verge
By Justin Rubio on June 8, 2012 12:24 pm 55Comments Despite being the only carrier to pre-load Google Wallet on its devices, Sprint is purportedly looking at offering its own mobile payment system. Sources have told NFC Times that Sprint is currently ...
See all stories on this topic »
Beginning With An iWallet, Apple Could Revolutionize Personal Banking
Cult of Mac
There's been a lot of talk over the past year or so about mobile payment systems and the concept of an iWallet. One of the challenges to any digital wallet concept is that it needs several components, most of which are provided by different companies ...
See all stories on this topic »
Regulatory Perils in the Fast-Growth World of Mobile Payment Apps
JD Supra (press release)
by Manatt, Phelps & Phillips, LLP on 6/8/2012 From buying groceries to concert tickets in our technology driven world, this could be the new catch phrase to describe your payment preference. Consumers purchase products daily: swiping cards, ...
See all stories on this topic »
Number of cash transactions increased in 2011
This is Money
In recent times, a number of 'smart' mobile payment systems have been developed, such as Barclays Pingit and Google Wallet which are expected to be the 'future' of payments. However, it appears that many consumers are willing to stick with cash rather ...
See all stories on this topic »

This is Money
Nasdaq's post-Facebook plan is panned
Washington Post
Facebook is also working on its solution to strengthen its mobile presence, having launched both an app store and two-step mobile payment system this week. Facebook had previously said that it wasn't sure to make money on the mobile platform, ...
See all stories on this topic »
Eventster wants you to find activities near you
... people to connect with their contacts and leave tips to give more than just a Yellow Pages listing or semi-anonymous review. We are also seeing the opportunity for mobile payment services to open up in the recommendation and friend-suggestion arena.
See all stories on this topic »
Weekly Internet Update: Google & Facebook
Trefis (subscription)
It also revealed a new mobile payment offering which should help it improve the transaction volumes by simplifying the transaction flow. It was also revealed that Yahoo and Facebook may be working to settle their differences and call a truce on their ...
See all stories on this topic »

Blogs3 new results for "Mobile Payment"
Rumor: Sprint Releasing Its Own Mobile Payment Service Called ...
By David Ruddock - rss.feedsportal
Well, we knew it was a possibility, and given Google Wallet's painfully slow adoption rate (by carriers), rumors today from NFCTimes that the service's sole.
Android Headlines
Google reportedly working on Google Wallet 2.0, as Sprint allegedly ...
By Jake Smith
According to a new report out today from the NFC Times, Sprint is currently working with partners to launch its own mobile payment service — allegedly called "Touch". It's not exactly clear if Sprint plans to drop Google Wallet, but offering their ...
Mobile payments made easier | Mobile Phone Reviews UK
By Mobilemaniac
Facebook, the leading social networking, following a declaration at Mobile World Congress in February, is now bringing out a new two-step mobile payment flow that developers can incorporate in their Facebook apps via Facebook's Payment ...
Mobile Phone Reviews UK

Web2 new results for "Mobile Payment"
Sprint working on its own mobile payment platform
With AT&T,T-Mobile and Verizon opting to support the ISIS mobile payment platform over Google Wallet, word comes that from NFC Times that Sprint will be ...
Sprint Wants to Create its Own Mobile Payment System; Google ...
Despite the availability of Google Wallet and the upcoming Isis system, which is a mobile payment partnership between AT&T, Verizon and T-Mobile, Sprint ...

Law Seminars Int'l Conference on Mobile Payments

LSI Conference on Mobile Payments

JD Supra (press release)

Image representing JD Supra as depicted in Cru...
Image via CrunchBase

LSI Conference on Mobile Payments

[author: Karen Ross]
Law Seminars International hosted a mobile payments conference in Atlanta, Georgia on May 17th and 18th that featured high profile players such as American Express, PayPal and Starbucks, major bank regulators, and faculty from leading law firms, consulting firms and industry associations. The conference’s objective was two-fold – to educate attendees about the current mobile payments landscape and to discuss the future of mobile payments. Panels covered, among other things, system options and economics, overseas business and legal ecosystems, the m-commerce customer experience, privacy and data security, and US regulatory considerations.
Throughout the two-day conference many presenters parroted the concept that US consumers will require a robust m-commerce experience with ‘payment’ as one component of a larger value-added experience. For example, Starbucks mentioned that the impetus for its payment app was to provide its customers with Starbucks card balance information, and the payment component followed later. In terms of mobile payment platforms, the consensus was that while most players continue to place their bets on near field communication (NFC) as the system leader, even those that believe NFC is the future have started implementing products based on today’s technology (i.e., cloud computing) to test the mobile marketplace.  Bank regulator representatives in attendance also weighed in about their respective agency objectives as they relate to mobile payments and the efforts of their organizations to better understand and regulate the space.
Summary of Select Panel Discussions
Mobile Payments Marketplace
One panel included a mobile payments industry consultant and a representative from the Federal Reserve Bank of Atlanta, which leads the Federal Reserve’s efforts on mobile payments. We learned that the Federal Reserve Banks of Atlanta and Boston plan to update their mobile payments paper entitled Mobile Payments in the United States: Mapping Out the Road Ahead, later this summer. This panel discussed the mobile payments landscape generally and the role of e-commerce as a driver of m-commerce in terms of consumer comfort with online banking and mobile banking leading to more comfort with peer to peer payments, remote mobile payments and NFC payments. The panel discussed how US stakeholders could emulate overseas players where US demographics mirror the foreign market. On the regulatory front, a panelist raised the issue that, in multi-party mobile payments models, banks are being held accountable for their non-bank partners which may not have the expertise or resources to perform the necessary due diligence and, some banks have responded by requesting more regulation over their downstream partners. Another panelist re-characterized the payments race as a battle for data and the ability to mine and use that data in a way that creates a product that is bigger than payments.
Lessons From Around the World
Another panel provided lessons from around the world, in the context of business and legal considerations as mobile payment systems are implemented in major countries outside the US. The panel highlighted population growth statistics around the world and attributed interest in globalization to such growth, but also cautioned that all payments law is local as every country has an interest in protecting its consumers. The panel focused on data protection and privacy laws in the European Union and China, and identified them as a great source of agony to many companies seeking to map US payment products across the world, especially those with Internet based products which could cause a global compliance problem. According to the panelists, some countries even impose criminal sanctions if their data protection laws are violated. Panelists encouraged companies to decide first how they want to play in the space, whether at the margins or full assimilation, then consider the time and money involved in compliance before developing and implementing global payment products.
Case Studies
American Express, PayPal and Starbucks presented on the features of their mobile payments products Serve, PayPal Mobile and the Starbucks App, respectively. A common thread throughout the presentations was each company’s objective to have commerce drive payment and not vice versa.
Data Security and Privacy
On the privacy and security front, Davis Wright Tremaine LLP attorney Randy Gainer highlighted the deficiencies of current technology in the quest to protect consumer data and the privacy compliance issues faced by mobile payments stakeholders. After detailing the weakness of current computer security, he identified NFC, cryptograms and dynamic CVVs as some of the potential solutions to the existing hacking and fraud problems. Randy also discussed the rampancy of class action privacy suits and a courts’ general unwillingness to side with a company that has not provided its consumer with a privacy disclosure that accurately reflects, in a clear and obvious manner, the type of data that is collected and how it is used.  However, he identified a pending Supreme Court case Edwards v. First Am. Corp., that may resolve the question of whether actual damages are necessary prior to initiating a class action suit, and a ruling in the affirmative could change this legal landscape because, according to Randy, most privacy plaintiffs would have a difficult time making this showing.
Regulatory Considerations
Representatives from the Federal Deposit Insurance Corporation (FDIC), Federal Trade Commission (FTC), Financial Crimes Enforcement Network (FinCen) and Consumer Financial Protection Bureau (CFPB) agencies were also in attendance to discuss the regulatory considerations in the mobile payments space.
  • FinCen is focused on the types of “activities” it would like prohibit which it hopes would result in regulations that are technology agnostic and that offer flexibility in the constantly-evolving mobile payments space. FinCen points to the recently passed prepaid access rule, which we wrote about here, as a manifestation of that principle. The prepaid access rule — which requires that sellers of prepaid access comply with certain anti-money laundering obligations — applies to sellers of more than $10,000 in prepaid access to any single person in any single day unless the seller has policies in place to prevent the same. When questioned about the types of policies and procedures that would be sufficient to avoid being covered, FinCen clarified that while there are no prescribed policies and procedures, the agency would look to low caps on sales of prepaid access (e.g.., a system that prevents a buyer from buying more than a certain amount of prepaid access at once) or the seller’s ability to leverage existing anti-fraud and anti-theft systems (e.g., surveillance that ensures the same person isn’t purchasing large amounts of prepaid access several times a day). As an aside, FinCen also hinted that it will likely treat virtual currencies as a form of money transmission in the future and virtual currencies would therefore subject to FinCen’s anti-money laundering regulations. 
  • The FDIC believes mobile banking is more likely within its purview than mobile payments. It issued a supervisory journal on the agency’s views on mobile banking and plans to work on a follow-up journal article that will focus on mobile payments for release in the summer of 2012. 
  • The FTC mentioned its organization of a mobile payments task force in an effort to gather the appropriate persons at the FTC together to think about agency objectives in the mobile payment space. Toward that end the FTC has also hired its first Chief Technologist, Edward Felten, hosted its first mobile payments workshop which we wrote about here and a dot com disclosures workshop on May 30, 2012 to discuss advertising and privacy disclosures in online and mobile media. Within mobile payments the FTC plans to focus on dispute resolution, data security and privacy and even where its previous enforcement jurisdiction has been transferred to the CFPB it plans to fulfill its education directives within these areas.
  •  The CFPB plans to approach mobile payments regulations cautiously by evaluating existing rules and determining which rules apply, how they apply and whether they are effective in this space. The agency’s focus is primarily on mobile wallets where new entrants without a long history of compliance (i.e., non banks) could make mistakes and fail to adequately protect consumers.

Sprint working on its own NFC wallet?

Sprint working on its own NFC wallet?
Mobile Payments Today
Dan Balaban at NFC Times has dropped a bit of a bombshell: Sprint is apparently working on an NFC mobile wallet of its own. And Balaban is reporting that the announcement could be as close as this summer. That's a pretty big deal considering Sprint is ...
See all stories on this topic »
iPhone 5 will have NFC inside, reckons Orange
In France, there are currently around 10000 retail outlets accepting NFC mobile payments, according to Orange, but the operator believes most French shops will be accepting contactless payments by next year. Mobile users in France who bank with BNP ...
See all stories on this topic »

Ericsson and Aconite collaborate on mobile contactless payments
Mobile Payments Today
Ericsson this week announced a partnership with Aconite to provide secure delivery and remote management of applications for consumers' NFC-enabled mobile phones. A story at Voicendata said the service will give application issuers a turnkey solution ...
See all stories on this topic »
Lessons from the US on PayPal's retail roll-out
Retail Week
As Aurora Fashions becomes the first UK retailer to roll out PayPal in store, Retail Week's content partner StoreFrontBackTalk looks at the payment provider's strategy in the US. PayPal's strategy for its retail mobile payments program is clearly a ...
See all stories on this topic »
Apple iWallet awarded with new patent in the US
QR Code Press
The iWallet is a mobile application being developed by Apple for the purposes of mobile commerce. The application is meant to make use of NFC technology to allow users to make mobile payments for goods and services. The latest patent is in regards to ...
See all stories on this topic »

QR Code Press
Spain's la Caixa rolls out first large scale deployment of contactless EMV
Mobile Payments Today
... positioning itself at the forefront of innovation," said Gabrielle Bugat, senior vice president of secure transactions at Gemalto. "They are setting up the contactless ecosystem which will help educate and prepare the market for NFC mobile payment.
See all stories on this topic »

Disqus for ePayment News