Computer crime, cyber crime, cyber terrorism problemsLogo - Computer Crime Research Center (CCRC)

PowerSwipe Aims To Thwart Wireless Crimes
(by Tim Bresien)

Technicians at Los Angeles-based Creditel have spent nearly three years developing a mobile-security system that they believe will stymie a great many would-be wireless crooks. The company's soon-to-be-launched PowerSwipe device, expected to sell for less than US$300, attaches to a Java phone and transforms it into a handheld commerce enabler.

Though the hype surrounding the always-imminent union of the financial and mobile industries has died down somewhat, the foremost obstacle preventing the full bloom of a wireless, cashless society still remains: security. No amount of marketing rhetoric will create a universal, secure experience at the Coke machine, the retail shop, the restaurant, the bank -- and your front door.

Criminal Element

Earlier rosy projections for m-commerce might just as easily have applied to a looming surge in organized cybercrime -- wireless fraud could represent a huge growth market for that industry. Consumers and businesses need to know that their credit-card or other financial information is protected and transmitted securely across wireless networks before they are likely to embrace mobile payment options en masse. But it is doubtful that there ever will be a single universal solution to reassure all users.

Nevertheless, new converged voice and data devices are hitting the market as 3G services gradually roll out, and enterprises are transmitting customer data and other sensitive information over wireless networks at an increasing -- some say alarming -- rate. Effective encryption and access restrictions are therefore crucial, and Creditel wants to meet at least some of that need.

Built-In Encryption

Yankee Group analyst Adam Zawel told NewsFactor that one of the big problems with achieving wireless security "is that power-constrained devices can't fulfill the encryption responsibilities for highly secure transactions.

"A common solution is for the mobile user to enter a personal ID number," he explained, "which, in conjunction with the device ID, serves as a two-factor scheme. The remote service provider, having authenticated the user, can then forward the previously stored credit card number to a merchant."

Creditel takes a different approach. Although PowerSwipe will leverage sophisticated Internet-capable phones and robust wireless data networks, it relies on neither for the protection of credit-card information or other sensitive data. Creditel's security technology is built in; any information read by PowerSwipe is processed and encrypted before it ever makes its way over the phone to the mobile operator's network.

By securing data locally, and not depending on a carrier's own encryption methods or Secure Sockets Layer (SSL) protocol, Creditel may have developed a solution for a whole host of vertical markets. A Java phone acts as a host for the PowerSwipe attachment, but only has access to non-sensitive data like the cardholder's name and the transaction amount.

The embedded security application on the PowerSwipe employs a 128-bit key Triple DES encryption algorithm. Creditel has partnered with VPN kingpin SafeNet using its FIPS-140-1 approved CGX security platform to ensure a rock-solid path from the phone to the Creditel Server and back again.

CEO Georges Elias told NewsFactor that "Creditel developed its PowerSwipe device and Mobile Transaction Exchange (MTx) to satisfy a previously unmet need for businesses to process credit card and check card payments wirelessly, quickly, easily and, most importantly, securely."

Think Wirelessly, Act Locally

A PowerSwipe unit has the ability to quickly read and securely transmit all types of data, whether it comes from a magnetic stripe card, smart chip, MICR line check, bar code or fingerprint. It is also able to interface with a variety of portable infrared printers. You may soon see them in use by pizza delivery personnel, plumbers, electricians, tow truck operators and many other small businesses that have been mired in performing time-consuming check authorizations and making manual credit card calls to the home office.

Three years ago, Creditel saw its future among thousands of these small to medium-size businesses. And it still does. But the company said the buzz surrounding its mobile security technology is beginning to draw the attention of government agencies and Fortune 500 firms as well.

Elias said, "The system was created with the flexibility and scalability to enable the delivery of other real-time turnkey business services, including credit decisioning, ID verification, access control, location tracking and other field enterprise automation tools."

Hurdles To Clear

With the Creditel approach and other security measures, wireless networks have the potential to be secure. But even as stronger technological solutions emerge, greater risk factors become apparent.

Truth be told, though the world relies heavily on banking institutions and credit-card companies for their secure payment and debit processing methodologies today, the industry is still a multibillion-dollar haven for creative thieves. Add wireless to the equation, and the opportunities for abuse increase dramatically.

Right now, some of the brightest minds in the tech sphere are hard at work perfecting new strategies to perpetrate identity theft and financial fraud. They are excited about the prospects for mobile commerce too.

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at +38 061 220 12 83