October 6, 2015

Fingerprinting the future of payments

Background & status quo

Coins, silver and jewelry were the only form of money until 476 a.d.. The transformation to banknotes (paper money) started during the 11th century, which eventually expanded to the rest of the world as we know today. Due to a problem of money theft back in the days, several companies decided to assign a name to money by introducing a concept of charge card, which is known today as a credit card.
The consumption habits changed many times during the years too, especially nowadays by introducing the online commerce and mobile payments domains.
As a result of introducing various purchasing channels to the consumers, the cyber criminals began to target more retail chains, gas stations and even mom and pop shops.
The main problem todays is that many consumers exposing their credit cards to untrusted or insecure parties. Thus, their credit cards can be replicated easily and used by fraudsters for purchasing personal merchandise or even selling it in the underground market (a.k.a deep web).

A paradigm shift

Many retailers has been breached starting from 2013, which caused to millions of credit card holders to feel uncomfortable with coming back to the breached retail stores. From this period, the security of consumers’ personal data and credit cards became a top priority for some retailers.
The solutions to the payments problems started to evolve.  If we look back at the past two years, the questions we may ask ourselves are: who ever thought that consumers will pay using their biometric data? Who imagined that the wallet may be an optional component in the pocket? Today it is possible and the innovation around it grows exponentially.

Fingerprinting the future

Biometric payments are only the beginning of making our purchasing experience better in terms of security and privacy, but most people are not security experts or security minded, and thus, they don't care. On the other hand, there are other incentives that will enable consumers to use their biometric data for improving their lifestyle, for instance, no more waiting in the checkout lanes, paperless traveling or even integration with the Internet of Things (IOT).
If our security, privacy and lifestyle improvement are not enough, our biometric data will be able to assist in emergency situations, like identifying a person and his medical record in a hospital.
I foresee that in the future, we will forget about wallets as we forgot about calling from pay phones.

January 7, 2015

My Defcon 22 Talks

Bug bounty programs evolution:



A journey to protect points of sale: