GlobalPlatform said that it has advanced its composition model, which streamlines the security evaluation of near-field communication (NFC) contactless mobile applications, and that the enhancements would be of particular interest to mobile application and product issuers, such as mobile network operators (MNOs) and financial institutions.
The international organisation for standardising the management of applications on secure chip technology added that a composite product consists of an open platform (such as a secure element [SEs]), with one or more secure applications (known as sensitive applications), and optionally one or more basic applications (which does not need to comply with stringent security requirements to operate).
As SEs in mobile devices begin to host multiple applications, it is important that all applications perform as intended and do not interfere with the other services being delivered. Evaluating the security of applications pre and post issuance is therefore vital, but needs to be cost and time-effective for all market stakeholders.
GlobalPlatform adds that the composition model, first released in 2011, defines a relatively easy approach to certify the security of SE products that carry sensitive and/or basic applications and simplify post-issuance application management.
The model achieves this this by promoting two key concepts: re-using existing security evaluation results; and limiting security evaluation work to only test the impact of new application and SE combinations. The streamlined methodology enables the telecom and payment industries to more easily redeploy SEs and applications once they have been certified.
“Most of the applications we have on our mobile handsets today have low security,” said Gil Bernabeu, GlobalPlatform’s technical director. “As we start to add applications that connect to our bank accounts or identity, the need to protect an application is crucial. Security evaluation can be expensive and time consuming and while it is imperative that the industry adheres to the highest security standards, it is important that products can be brought to market quickly.
“GlobalPlatform’s work in this area aims to streamline the security testing process. This will encourage application developers to validate the security of their applications appropriately without stifling innovation and product advancements.”
There are various ways for financial institutions to benefit from advanced technologies and business models provided by FinTech's. Whether a business' approach is radical or incremental, data management can help a company to increase their return on investment, argues André Casterman, INTIX.
Tim de Knegt, strategic finance and treasury manager for the Port of Rotterdam, discusses how he is using blockchain, the challenges he will face in his role of treasury over the next 12 months and the advice he would give to someone starting out their career in treasury.
As the May 25 deadline for Europe’s General Data Protection Regulation (GDPR) inches closer, many treasurers are being lumped with the task of ensuring their wider company is compliant.
Apps are a critical part of treasury's shift into mobile banking as 67% of treasury and corporate finance professionals said mobile banking services are of particular interest to them in a recent survey.