University of New South Wales Lecture - Security and Payments

Transcript

1. Pi and Albert August 25th, 2014 UNSW Greg Chapman Steven

   Hadley

2. 2 Agenda ♦ Greg – Point of sale card payments

   overview – Development journey – Introducing Pi & Albert ♦ Steve – Albert in detail – Security and payments – The new app ecosystem – Potential unsolved problem spaces ♦ Greg – Closing & questions

3. 46% of customer payments are at the point of sale

4. 4 Card payments 101 $ $ i i?Y(N) i? $

   Y(N)

5. Spot the difference…

6. Creating a partnership of innovators

7. Pi - a revolutionary new approach

8. Introducing Albert Secure meets the strictest global security standards (PCI-PTS

   3.x) Open Android V4.0 operating system opens a new world of possibilities in app development Touch 7” high resolution multi-touch screen Powerful Dual core processor with 1GB of RAM and 16GB of Flash memory for complex operations Apps Capability to access Commbank, Third-party apps and customised apps Connectivity 3G and Wi-Fi as standard, with the option of direct Ethernet connectivity to POS Camera 8 MP camera is built in to enable coupons, vouchers and QR codes to be scanned Payments EMV chip & PIN, contactless, magnetic stripe as well as NFC couponing and wallet capabilities

9. 9 Leo Albert Third-party Apps CommBank Apps Merchant Apps Developers

   Merchants App bank SDK + App bank Emmy Elements of the Pi platform

10. 10 Agenda ♦ Greg – Point of sale card payments

    overview – Development journey – Introducing Pi & Albert ♦ Steve – Albert in detail – Security and payments – The new app ecosystem – Potential unsolved problem spaces ♦ Greg – Closing & questions

11. 11 Why so much security ♦Sensitive data – PINs –

    Transaction data – Customer data – Keys ♦Fraudulent transactions – Fake refunds – Altered amounts ♦Disruption to network – Breaches affect <= 180k terminals

12. 12 Building a device

13. 13 The device ♦ 7” Touch screen ♦ Card readers

    – Mag stripe – NFC – Smartcard ♦ Bluetooth ♦ Host mode USB ♦ 3G ♦ Wi-Fi ♦ Camera ♦ Internal printer

14. 14 Android inside ♦Android 4.0.4 ♦SE Android – Improved Android

    – SE Linux

15. 15 Device security ♦Tamper resistant ♦Secure module ♦Comms/firewall manager ♦Stripped

    back Android ♦Signed apps ♦Custom app installer ♦Custom boot loader

16. 16 Payment security ♦Security keys injected into device ♦Bank logons

    ♦Terminal config from TMS ♦Bank keys updated and synced ♦User device logins ♦Data encrypted and transmitted over SSL ♦Software updates managed remotely ♦PINs never seen in the clear

17. 17 Apps ♦Native and hybrid ♦No native (C/C++) code ♦SDK,

    simulator and emulator ♦Sold and distributed on App bank ♦No Google Play ♦Signed by CBA ♦Deployed by TMS only

18. 18 Example app

19. 19 Code It’s easy to take a payment…

20. 20 App challenges ♦All code reviewed ♦Business, tech and security

    reviews ♦Sensitive customer data ♦Monitoring ♦Upgrading platform and OS versions ♦Supporting developers ♦Secure is never 100% secure

21. 21 Unsolved problem spaces ♦Monitoring for security breaches – 180k

    terminals with x apps – Device patterns – Usage patterns – Identifying patterns, fingerprints and anomalies ♦Anonymous data – Can insights be collected from anonymous data – Time, amount, card type, card mechanism, location, merchant ID, terminal ID

22. 22 Agenda ♦ Greg – Point of sale card payments

    overview – Development journey – Introducing Pi & Albert ♦ Steve – Albert in detail – Security and payments – The new app ecosystem – Potential unsolved problem spaces ♦ Greg – Closing & questions

23. Q&A

24. 24 The Summer Intern Program A 10 week program giving

    you a taste of working within Australia’s best bank. ♦ Learn from experienced professionals and gain invaluable work experience. ♦ Team up with a buddy for advice and insight. ♦ Participate in development sessions, Blogs & ‘InstaGrad’. ♦ Enjoy networking opportunities and social events to help you start building relationships across the Group. ♦ Opportunity to transition early in to the CommBank Graduate Program.

25. 25 The Graduate Program You could be CommBank’s Future Leaders.

    This program is designed to help you realise that potential. Award Winning - 2010, 2011, 2012, 2013 ♦ Top Graduate Employer in the Commercial and Retail Banking sector by Australian Association of Graduate Employers (A.A.G.E) Our program features: ♦ Graduate Development Program throughout your first year, run in parallel to business unit-specific training and development throughout your program. ♦ Access to Senior Management. ♦ Ongoing support - Mentoring and Buddy Programs. ♦ Networking opportunities. ♦ Volunteering opportunities to make a difference within the community.

26. 26 Application Process Online Application Online Assessment Telephone Interview Assessment

    Day Offer Process Date Summer Intern Program Applications Open early July – early August each year Graduate Program Applications Open late Feb – late March each year commbank.com.au/graduate

27. 27 Connect with us LinkedIn. com/company/common wealthbank Instagram. com/commban k

    Facebook. com/commbankequip Blog.commbank.com.au Stay up to date on our graduate and summer intern opportunities at: commbank.com.au/graduate
28. None