Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
36 views

Payment Architecture (Part2)

The document discusses payment architecture in financial technology. It covers topics like payment cards, payment gateways, digital wallets, DuitNow which is Malaysia's interbank transfer service, risks to payment systems, and attacks and mitigations.

Uploaded by

Seph Lwl
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
36 views

Payment Architecture (Part2)

The document discusses payment architecture in financial technology. It covers topics like payment cards, payment gateways, digital wallets, DuitNow which is Malaysia's interbank transfer service, risks to payment systems, and attacks and mitigations.

Uploaded by

Seph Lwl
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Payment Architecture

Saravanan Kulanthaivelu
Who am i?

• Currently employed as Cyber Forensic Senior Specialist for Standard Chartered Global
Business Service
• more than 20 years of experience in the IT industry, with experience in forensics, incident
response, network security, malware analysis and threat intelligence.
• Worked as consultant with Mandiant (FireEye) and was stationed in one of the largest bank
in Malaysia as resident incident response and forensic consultant, providing global threats
advisory services.
• Worked in the law enforcement sector, Malaysian Communication and Multimedia
Commission (MCMC) which monitors threats towards Malaysian network and advise the
relevant bodies on mitigation strategies.
• Master in Science, Universiti Sains Malaysia.
• Bachelor in Computer Science with Honors, Universiti Sains Malaysia.
• Member of
• HTCIA
• GIAC Advisory Board
• UKM Fellow
• Certifications

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 1


EXTERNAL
Contents

1. Introduction
2. Payment Card Architecture
3. Payment Gateway
4. Digital Wallet
5. Risks and Mitigations (discussions)

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 2


EXTERNAL
Digital Wallet / E-wallet

• A digital wallet, sometimes called an e-wallet, is a service that allows users to securely
store their payment information and passwords for several websites and payment
methods. E-wallet is like the digital equivalent of your real-world physical wallet, just that
it appears as an app in your smartphone.
• Often, these wallets also offer the option of storing a number of other items such as
driver’s licenses, gift cards, tickets for events and transportation passes.
• Digital wallet software is usually housed through a mobile app on a smartphone, but it
can also be used through other devices such as tablets and PCs. The mobile app
versions tend to be more popular because of their mobility and flexibility.
• The mobile Digital Wallets often enable users to make mobile payments, offering users
the option to pay for their purchases, using their mobile phones.
• The digital wallets are usually protected by a passcode or some other form of
authentication.

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 31


EXTERNAL
Types of E-Wallets

• Network Based
•Stores digital money on the cloud
•Not tied to any card scheme like Mastercard or Visa
•Use existing payment methods to top up
• Card Based
•Use existing card scheme

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 32


EXTERNAL
Towards a cashless society

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 33


EXTERNAL
DuitNow

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 34


EXTERNAL
What is DuitNow?

• DuitNow is an extra layer you can choose to interact with if you would rather not send
your bank account number to someone
• Identifiers that can be linked to DuitNow are:
•Mobile phone number
•IC number
•Army or police number
•Passport number (only for non-locals)
•Business registration number (only applicable for SSM-registered businesses)
• The DuitNow network was developed by PayNet which is jointly owned by 11 banks,
with BNM being the largest shareholder. The holding company that runs such crucial
online banking platforms like MEPS, JomPay, FPX and etc

Source:https://fintechnews.my/18812/banking/duitnow-bnm-paynet-questions/

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 35


EXTERNAL
Risks to payment systems

• Intercepting Transaction Data


• Attacking the software and updates
• Exploiting the credentials
• Attacking Data at Rest
• Intercepting Data in motion
• Attacking intra-bank network

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 36


EXTERNAL
Attack and Mitigation

• Discussion on
• The real attacks
• Mitigation deployed
• Improvement on the defense
• Better use of technology
• Possible new attack surfaces

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 37


EXTERNAL
Thank You
svanak@gmail.com
Twitter:@svanank

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 38


EXTERNAL
References
• https://en.wikipedia.org/wiki/Payment_card
• https://en.wikipedia.org/wiki/EMV
• https://kalyan-city.blogspot.com/2012/01/what-is-credit-card-meaning-definition.html
• https://www.nuix.com/blog/howd-they-do-part-2-you-stole-my-credit-card-number
• https://en.wikipedia.org/wiki/Payment_gateway
• https://squareup.com/us/en/townsquare/what-is-a-card-not-present-transaction
• https://fintechnews.my/18812/banking/duitnow-bnm-paynet-questions/

UKM –PAYMENT ARCHTECTURE IN FINANCIAL TECHNOLOGY 39


EXTERNAL

You might also like