In our latest industry interview, Steven Sprague, CEO, Rivetz, discusses the role of the trusted execution environment (TEE) in enabling secure e-commerce transactions with cyber currency as a payment alternative.
Is modern e-commerce secure? What are the common misconceptions in the industry today?
Many people view e-commerce as simply better authentication, but more is required. Since the early days of online commerce, we have only seen evolutionary changes from the mail order catalogue companies. Confirmed shipping address and voyeurism of all our shopping habits are not keeping up with the level of fraud and types of products that are now part of our everyday online shopping environment.
Anyone who has been to lunch in Europe will be familiar with the payment terminal being presented at the table for the user to simply pay with their smart card. That terminal is more than just a smart card reader with a printer; it is part of the EMV security and assurance system with secure display and secure pin entry that cannot be compromised. The terminal equipment has provided a secure point of sale experience for millions of users but the terminal is not present for e-commerce. Even with a fancy EMV card the user still has to type their credit card information into the web page and with that come a number of risks and costs.
How can the security of e-commerce be enhanced?
There needs to be an evolution away from simple authentication. For privacy, transactions, and for content, we need not only authentication but something more.
Today’s technologies have the potential to revolutionize e-commerce. One possible approach is to combine the safe environment of the trusted execution environment (TEE) with the advanced flexible nature of cyber currencies. Online merchants would then be able to offer consumers an alternate secure environment in which to undertake transactions.
Cyber currency and the TEE provide us with the capability to build a secure ‘bank’ in a device that is already owned by the user.
What are the characteristics of the TEE that make it so valuable in e-commerce?
The TEE is now an essential part of the mobile ecosystem. The TEE's ability to offer safe execution of authorized security software, known as 'trusted applications', enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights.
In terms of e-commerce, the TEE offers five key characteristics:
- Secure display. To allow the user to visually see the amount they will be charged and the account their funds are going to.
- Protected PIN entry. To enable the user to confirm the transaction and ensure their intent is properly verified.
- Protection of the authentication credentials. To ensure the user’s source of funds cannot be cloned.
- Protection of the transaction process. To ensure the instruction to the payment network cannot be altered during creation.
- Attestation and validation of the TEE container. To ensure the transaction is coming from a known device in a known state.
How can cyber currency enable secure e-commerce transactions?
Digital money makes it possible for merchants to accept an alternative currency equivalent while providing a number of characteristics that can benefit the e-commerce market:
- New payment system that only requires network access. Any browser, serial data port, Wi-Fi hot spot or near field communication (NFC) device could accept a payment at a point of sale or online.
- New merchant acceptance. The list of merchants that accept cyber currency is growing.
- An alternative approach for security and privacy for all transactions. Cyber currencies utilize cryptography standards which provide a fantastic foundation for security and authorization models.
How will this technology impact the market?
Combining these technologies may lead to lower fraud rates, lower cost of doing business globally, a means to effectively support micro-transactions and integration across the user's collection of personal computing devices.
Ultimately this could deliver peace of mind and simplicity to the user and a great frictionless customer relationship for the merchant.