GS Logo
The Green Sheet, Inc

Please Log in

Banner Ad
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Pop-ups for the holidays - and beyond

News

Industry Update

Is Clover the POS of the future?

Tyfone confronts data security 'cross over'

BIPS adds to bitcoin news

Views

It's an ever changing world - predictions for 2014

Michael Gavin
Merchant Warehouse

An open letter to the electronic payments industry: Let's put a stop to criminal practices in our industry – now!

Robert O. Carr
Heartland Payment Systems Inc.

Benefit by adopting an as-a-service business model

Sean Berg
Harbortouch

Education

Street SmartsSM:
Nothing succeeds like failure

Dale S. Laszig
Castles Technology Co. Ltd.

Money2020 and the fast-changing payments world

Peggy Bekavac Olson
Strategic Marketing

Sell with the right tools

Tom Waters and Ben Abel
Bank Associates Merchant Services

Company Profile

Planet Group Inc.

New Products

The next storefront

Inspiration

What motivates your business partners?

Departments

Resource Guide

Datebook

Skyscraper Ad

The Green Sheet Online Edition

November 11, 2013  •  Issue 13:11:01

previous next

Tyfone confronts data security 'cross over'

On Oct. 7, 2013, mobile identity verification and security firm Tyfone Inc. entered a pilot program with Wisconsin-based CoVantage Credit Union to test Tyfone's connected smartcard (CSC) technology. The CSC chip hardware, that can be integrated into different form factors, such as a plastic card, microSD card or key chain dongle, is designed to protect consumers' banking and payment data at a time when the two-factor authentication method of user name and password is widely seen as broken.

The pilot is based on Tyfone's SideSafe microSD card for Android-based smartphones, with CoVantage employees and select business members issued "corporate IT" devices. The plan is for the pilot to then transition to the Bring Your Own Device stage.

Post pilot, Tyfone expects to introduce its proprietary SideKey technology, which makes the CSC chip functionality accessible via a key chain or a wearable device that is interoperable with smartphones, tablet devices and PCs. "Communication protocols may be NFC [near field communication] or Bluetooth, and commercial offerings will have a menu of form factors for institutions to choose from," Tyfone said.

Inside the cross over

Dr. Siva Narendra, co-founder and Chief Executive Officer at Tyfone, likened the current security infrastructure designed to protect sensitive cardholder data stored in the cloud to a medieval castle: the data is protected by strong, high walls – firewalls and virtual private networks – that are fatally weak nonetheless.

"This wall is very porous because a legitimate user still needs to get into the fortress, so there are doors everywhere," Narendra said. "And these doors are actually getting weaker rapidly, by the day."

Narendra referred to Moore's law that states computational power is doubling every 18 months. That means ever faster processing speeds for smartphones and computers, but equally faster data crunching capabilities for fraudsters. To counter this exponential growth in password hacking speed, ever longer passwords are required. Four-digit passcodes that were sufficient protection 30 years ago have given way to the stringing together of eight to 12 numbers and letters, with special characters thrown in. But that path is unsustainable.

Based on Moore's law, in 18 months, passwords will need to be 24 characters long and, in three years, they will need to expand to an impractical 48 characters, Narendra said. In fact, he stated that the password security infrastructure is nearing a "point of no return," where hacking speeds will outstrip current security forever. Narendra called it the "cross over," and added that we are currently in the middle of it.

The "software-based password is dead," Narendra said. "It's just a matter of us recognizing it." He noted that regulatory and standards bodies, such as the National Institute of Standards and Technology, are aware of it, but not others, including payments businesses. "A lot of IT folks are in denial," he said.

Hardware to combat hardware

According to Narendra, the solution to this security dilemma is to migrate account security to physical devices that only individual accountholders can access. "The only way you can compete with hardware speed is by using hardware with you as opposed to [data stored] in a central location," he said.

Tyfone's CSC technology is designed to do just that. The password is stored in the secure chip, which is the safest place to store information, according to Narendra. "[I]f you want to visit a website and make a transaction, you go to a website and your password would be validated by your key chain and then the key chain will expose the certificate for this request, challenge, response paradigm," he said.

Tyfone chose to roll out CSC in a variety of form factors because the device needs to be portable and independent of smartphones and corresponding mobile wallets. "Today, when you buy a pair of pants, the wallet is not stitched to it," Narendra said. "You carry your wallet from one pair of pants to another. So we wanted the technology to be just that – neutral."

National implications

Beyond the threat of the cross over for individual security looms the national security issue, as it is generally assumed foreign governments and terrorist organizations are stockpiling hacked passwords for future use in cyber warfare. "Control systems for utilities, petro chemical, some of these systems have already beenbreached by unfriendly parties," said Don Bloodworth, Chief Financial Officer at Tyfone. "They're just sitting back and waiting to act upon that [information]."

The government sector has taken notice. In December 2012, In-Q-Tel, the private industry investment arm for the CIA and the larger U.S. intelligence community, partnered with Tyfone to develop CSC for government applications.

Narendra said mass adoption of CSC technology is about a year away. He believes CSC uptake will track with the rollout of Europay/MasterCard/Visa chip cards in the United States.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services