Secure QR code payment
description
Transcript of Secure QR code payment
Secure Mobile MoneyQR code Payment
www.jrsys.com.tw
2
Mobile Payments
http://www.pressherald.com/2014/09/14/apple-pay-getting-a-run-for-its-money/http://www.accucode.com/apple-pay-best-solution-retailers/#.VEdID1ckS7E
QR code payments
3
Compare to others
• Secure PKI QR code contains
– Not only an URL or an ID/OTP short codeNot only an URL or an ID/OTP short codeNot only an URL or an ID/OTP short codeNot only an URL or an ID/OTP short code– But also the transaction data But also the transaction data But also the transaction data But also the transaction data with digital signaturewith digital signaturewith digital signaturewith digital signature– Authentication, Integrity, Confidentiality and Authentication, Integrity, Confidentiality and Authentication, Integrity, Confidentiality and Authentication, Integrity, Confidentiality and NonNonNonNon----repudiation secure transactionrepudiation secure transactionrepudiation secure transactionrepudiation secure transactionDate:2014/10/02
Time:11:50Amount: US$25OTPConsumer’s Digital Signature
Patented O2O Payment technology
4
QR code Offline Payment
Out-of-band
authentication
Handwriting Handwriting Handwriting Handwriting
signaturesignaturesignaturesignature
Before Mobile
Most of the QR payment is not digital signed and user must be online
Card can
be Cloned
Merchant
cannot clone
any card !
Sign a Credit card e-Check
Merchant scan it
5
Offline Payment Process
1.Select Virtual credit card
2.Enter the amount
3.Input PIN to make a digital signature
4.Generate a QR code
5.Scan the QR code
6.Make a Digital Signature
7.Connect to Payment Gateway
Date:2014/10/02 Time:11:50Amount: US$25OTPConsumer’s Digital Signature
Consumer Merchant
Merchant
cannot clone
any card !
6
Card Not Present Transaction
Online Shopping
User scan the QR code and make a digital
signature to confirm the payment
QR code Online Payment
Card Number + Expiration Date + CVV
Input Credit Card data
Before Mobile
Dual Channels Two Factors digital signed transactionRisky !
Secure !
7
Online Payment Process
3.User scan the checkout QR code
4.Select virtual credit card
5.Input PIN code to confirm the
payment
Consumer
1.Merchant prepare the checkout data
2.Merchant make a Digital Signed Checkout QR code on the screen
Date:2014/10/02 Time:11:50Amount: US$1,193OTPMerchant’s Digital Signature
Merchant
8
The Differences
Traditional Payment & QR code Payment
jrsys QR code PaymentDataDataDataData URL or a short ID/OTP
codeDigital Signed Transaction
data and OTPAuthenticationAuthenticationAuthenticationAuthentication Weak StrongAuthorizationAuthorizationAuthorizationAuthorization Weak StrongEncryptionEncryptionEncryptionEncryption Weak StrongNonNonNonNon----repudiationrepudiationrepudiationrepudiation No YesCredit Card DataCredit Card DataCredit Card DataCredit Card Data Merchant can get Credit
Card data
Encrypted & Merchant
cannot get it
9
Secure Tokenization Payment
No credit card
number store in
the eWallet
3rd party cannot
get consumer’s
Credit Card Data
All transaction is
confirmed by
digital signatures
10
e-Wallet
� NFC MicroSD
� Bank A
� Bank B
� Credit Card
� Bank C
� Bank D
� Debit Cards
� Bank A
� Bank E
� Loyalty card
� McDonald Card
� Burger King Card
� Transportation Card
� Subway Card
� Railway Card
� QR Shopping
� LBS Promotion
Payment Process
System Architecture
Jrsys provides:
Mobile iOS/Android Client SDKBackend Authentication Servers
Jrsys Payment Authentication Servers
About jrsys
Innovative
Mobile and Cloud Security-Enable
Company
13
Gained 2 U.S. Patents
5 Taiwan Patents
14
Within 4 years
One of the 7 innovative ideas to provide greater access to financial services from 98best ideas of 26 countries
BY: MIF, IDB, CAF and GSMA
Worldwide Awards2012 ASIA PKI
Innovation Award2012 Mobile Money
Innovation AwardAPICTA Award 2013 APICTA Award 2013 APICTA Award 2013 APICTA Award 2013 Security CategoriesSecurity CategoriesSecurity CategoriesSecurity Categories
15
Foxit Security Partner
27,500 Millions
PDF usersuse jrsys Security Suite
16