The adoption of mobile payments is on the rise. In fact, the majority of smartphone owners, 78%, have made a purchase using their mobile device. However, traditional mobile payment methods are lacking in critical security needed to protect sensitive payment information.
Is there a more secure way to transmit payment data than traditional mobile payment methods? The answer lies within ultrasonic technology.
A customer initiates a mobile payment using their mobile device, for example buying something at the department store. Through LISNR’s technology, ultrasonic data transmission occurs, enabling secure bi-communication between the mobile device and the point-of-sale payment terminal via speaker or microphone.
Audible or inaudible tones, depending on use case, send encrypted data between devices to create secure communication. LISNR uses KAB® or Kilo Audio Bit, complete with a throughput of 1,000 bit-per-second to send data over audio across bandwidths. Each audio tone has three parts: the Preamble, the Header, and the Payload.
LISNR’s development kit allows devices to utilize ultrasonic sound technologies on various platforms, enabling tone modulation and demodulation. LISNR currently supports platforms such as:
You can find other sample codes via GitHub here.
Behind the scenes, LISNR offers two different approaches to security when completing payments using ultrasonic sound, RSA-encrypted payload and TLS 1.2.
LISNR’s ultrasonic technology is a secure medium that enables retailers, merchants and card networks to create a secure payment experience that’s possibly the most secure way to pay. How? LISNR’s ultrasonic payment solution is the first bi-directional exchange that can send a confirmation back, while all other methods are unidirectional.
Existing payment solutions such as EMV, swiped card and NFC are all mostly unidirectional and cannot create an off-line handshake. Instead, they’re sending their data into the cloud which increases the potential risk of payment data being exposed.
Ultrasonic technology uses sound to transmit credit card information without interception or data recording. The handshake is done locally between the two devices, without ever connecting online. A local handshake allows retailers to add additional factors without exposing the handshake to the cloud via tokenized and encrypted credit card data, proximity data, biometric information and more.
The resulting handshake includes multiple authentication factors, resulting in greater security when compared to traditional unidirectional payment technologies.
The LISNR bi-directional prototype bridges the last gap between the client and the merchant when a payment is made. Where sensitive payment credentials are being shared, we perform the exchange with similar levels of security already available, such as TLS (Transport Layer Security).
In the RSA-encrypted payload prototype, the mobile device creates a data message containing credit card data and encrypts it with the terminal’s public RSA key. The data is then broadcast and received by the payment terminal, the only device that can decrypt the message.
After decrypting the data, the server responds with a ServerDone message, which can also be used to convey an error in the transfer. This prototype boasts high levels of security because only the server can decrypt the critical payment data. Plus, it’s fast.
In the TLS, or transport layer security, 1.2 prototype, a full handshake and data transfer is performed. A handshake is described as a communication between the mobile device and the terminal that determines the ciphersuite used to encrypt the communication. Verification of the server takes place and a secure connection is established before the transfer of data occurs.
The TLS 1.2 is an industry-accepted protocol without a data limit. The handshake can’t be replayed, making it completely secure.
When using the RSA protocol, implementation requires the RSA keys to be exchanged beforehand, which will require advance planning. The TLS protocol includes a key exchange so the two clients can communicate. As a result, TLS takes longer to complete.
Using LISNR’s bi-directional ultrasonic solution, both customer and critical business data are protected. Mobile device to server communication is encrypted, further securing customer credit card information on any mobile device with a speaker.
Through LISNR’s bi-directional ultrasonic sound payment solution and software working as an enabler, end users can integrate LISNR’s ultrasonic proximity platform to create the most secure way to accept mobile payments. To learn more about LISNR’s bi-directional solution, get in touch with us.
Ethan completed his undergraduate degree at Purdue in Computer Science and his master’s degree from the University of Cincinnati also in CS with a focus on cybersecurity and embedded systems. He is a Full-Stack generalist specialized in Cyber Security and has been an embedded engineer with LISNR since leaving Northrop Grumman in 2018. He works with C++/C, Objective-C, Java, Perl, Python. Reach out if you share some of his areas of interest around Mobile App Security, Malware Reverse Engineering, Malware detection and prevention, Cryptography Network Security, Embedded Systems and Distributed Systems.
LISNR® is data at the speed of sound. LISNR® powers seamless payment experiences, connecting the online to offline customer journey with the most advanced Ultrasonic Data Platform. This is achieved via a secure and scalable software solution that sends micro-communications using sound between devices on standard speakers and microphones.
Today, Visa, Jaguar Land Rover, Ticketmaster, and the US Government trust our solution to power data transmission between connected devices. Founded in 2012, LISNR® has offices in Oakland, CA and Cincinnati, OH. Major investors include Visa, Intel, Jump Capital, R/GA, and Synchrony Financial.
Learn more at LISNR.com/resources/developers
Create your free account to unlock your custom reading experience.