Secured Mobile Interaction
Call Us Free: 1-800-123-4567
+33 970 468 468

Securing Payments

Payment securisation on mobile phones in “on the spot” interactivity

Context

Scaling up of users’ accounts, payment modes (telecom operator invoice, Paypal, M-Wallets for each and every bank etc.) combined with the security weakness associated with the use of NFC, makes mobile payments penetration very slow.
This is why the on the spot mobile payment market remains minor compared to the global transaction volume. Even worse, limitations on the price per transaction (no more than 20€ per vendor) have been introduced to bypass or minimize the security weaknesses discovered in the NFC technology, which is slowing down this type of usage even more.
Because of its interoperability and security aspects, the M2Key solution puts in place a reliable and robust service architecture serving transactions between a Point of Contact and a mobile user.

A dynamically secured SSO payment service

hand holding mobile phone with credit card screen
code
M2Key selects the control point through the display of:

  • A rotating token (or security token) dynamically displayed on a dedicated screen
  • A QR code dynamically refreshed on a graphical screen
  • An NFC tag programmed so that a code is periodically modified

 

Any hacking attack is always more difficult because of the dynamic management of the security token generation, combined with the encryption mechanisms of the solution.

Even in the case of brute-force hacking, the time needed to crack the set of encryption combinations cannot be longer than the time interval of the random renewal of the security token.

Therefore, even the capitation of the token when transmitted by NFC technology becomes useless. On one hand, this token does not contain any personal confidential information (such as smart card number, ID/password, etc.), and on the other hand, the token is only one parameter of the full encryption cloud-based security chain.

Use example

When the user is authenticated via their M2Key profile, they may validate a transaction or a payment from their “service account” (potentially different from a classic bank account) without using a traditional payment means.

Depending on the scenario and on the user’s preferences, simply sending the dynamic code to the M2key server becomes the signature (validation) of a payment act. This mechanism is already included, and then immediately effective, in the case of an SMS+ payment mechanism.

Benefits

  • End to end control of the transaction
  • SSO on existing accounts (bank, M-Wallet)
  • Paperless payment directly to the service provider
  • Cloud-based NFC technology for secured dynamic payments