Mobile Payment Security

This course provides details on how card payments are processed, including differences between older ‘magnetic stripe’ transactions and newer EMV (or ‘chip’) based transactions. Using this as a base, the course outlines specifically how payment solutions are being implemented around the world on smartphones and mobile devices, the differences between mobile acceptance and mobile issuance, and how other types of payment methods and payment processes may be implemented on these devices. This includes discussions of tokenization and token service providers, their relationship to financial institutions and merchants, as well as card transactions using card readers, contactless payments, and the rise of mobile apps, mobile wallets, and the ledger systems that are often used to manage these processes. Topics of mobile security, security standards, cryptography, protection of sensitive data, potential data breaches, malware, and key management are touched upon at a high level, but primary focus is provided to the mobile payments eco-system and implementations. 3b:T4de,

• the principle components of open and closed loop payment systems
• the difference between MagStripe and EMV payments and threat models associated with each
• the differences and similarities between contact and contactless payments using EMV
• what the core standards for payments are and how they are changing
• the different types of cardholder authentication
• the differences between mobile issuance and mobile acquiring and the role that financial institutions play in each
• the roles that tokenization and token service providers play in mobile payments
• about the migration away from dedicated payment terminals and what that means for the future
• about securing enrollment and implementation of mobile applications
• what the key drivers for change are in the area of payments and how these are shaping the emerging patterns for fraud

• This course is intended for cybersecurity professionals with an interest in payment systems. Basic knowledge of cybersecurity concepts (cryptography, threat models, etc.) is required, with a BS Degree in Cybersecurity optimal.