Cryptomathic Blog

Merchants are one of the corners of the ‘four corner’ model in the payment world. In what follows, we will explain some of the security mechanisms for Merchants to prevent unauthorized transactions and payment card fraud.

An issuer is one of the corners in the ‘four corner’ model. An issuer is a financial organization (e.g. a bank) that produces payment cards and allows the cardholders to use them.

The EMV personalization data processing in itself is not the topic of this article, we will instead focus on the cryptographic schemes involved in EMV personalization, as well as the key management involved; which is both complex and mandatory.

Here we provide a short overview of why strong authentication is seriously needed to provide security for mobile banking and payment applications. 

The use of mobile payments is expected to continue to rise and become the second most popular payment method after debit cards by 2022. In 2017, China’s mobile payments market was estimated at $17 trillion. The growth of mobile payments depends totally on the prevention of data breaches, and for this, there is an important technology that should be designed into the mix of security mechanisms: Tokenization.

The Conveyancing Association (CA) in the UK has revealed the findings of its 2022 Lender Survey, which it strongly believes will assist in identifying areas where the industry can collaborate to enhance the mortgage and conveyancing process. Within these findings, Qualified Electronic Signatures (QES) play a large part by streamlining processes that are not only compliant with UK Law, but also across the EU, and in compliance with the eIDAS regulation.

Just a month ago, NIST announced its selection of three digital signature algorithms and one key establishment mechanism (KEM) for future use in quantum-resistant cryptography applications. Also, four algorithms for post-quantum key establishment were selected as candidates for the 4^th round of evaluation, for potential standardization at a later time.

In this article, we proposeWhat-You-See-Is-What-You-Timestamp (WYSIWYT) as an attractive alternative to Qualified Electronic Signatures, for certain signing needs where non-repudiable user acceptance and integrity protection are required for a given contract or transaction, i.e. when documents need to be formally accepted, but where no fulfilment form is prescribed by national law.

Certain industries have a necessity to protect confidential information as well as a requirement for authentication - proving that a document was sent by a particular person. In this blog post, we will not be looking at why specific industry sectors SHOULD use electronic signatures, instead, we aim to educate the reader on where and why certain sectors NEED to use them.