Borchert IT-Sicherheit UG

NA
A smartphone is an insecure device which may contain malware. Secure Elements, Trusted Zones, etc. do not help much in this regard because the credential stored within there can be secretly abused by smartphone malware.
Therefore, the use of a smartphone as an element possession" is questionable, likewise the use of the smartphone as an input device for an inherence element.
Maybe a liability shift is a compromise/solution: If something goes wrong with a smartphone payment, not the customer has to prove that malware was responsible for the incident, but instead the bank has to prove that not malware was responsible for the incident but the customer."
NA
NA
Dynamic linking helps well against phishing attacks. But in order to avoid Man-in-the-Middle attacks, dynamic linking is not enough: in addition, a secure visualisation of the transaction data to the customer is necessary.
The display of a smartphone can not be considered to be secure enough for the visualisation (because of smartphone malware) - a visualisation on a secure device is appropriate.
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
NA
[Other"]"
Startup IT-Security
[Other "]"
Solutions against malware on end devices
Bernd Borchert