While the government is pushing for digital payments through mobile phones, chipset maker Qualcomm said that wallets and mobile banking applications in India are not using hardware-level security which can make online transactions more secure.
“You will be surprised because most of the banking or wallet apps around the world don’t use hardware security. They actually run completely in Android mode and users password can be stolen. Users use fingerprint which might be captured … in India that is the case for most of all digital wallets and mobile banking apps,” Qualcomm senior director product management Sy Choudhury told reporters here.
He said that even most famous digital payment application in India is not using hardware-level security.
“Reason we are saying that none of them is using it because we work with OEMs (original equipment makers),” Choudhury said.
As per market research firm Strategy Analytics, Qualcomm leads mobile chipset market globally with 37% share.
“Everyone is getting connected, everyone is getting authenticated by the device. How do you know that your device is getting ready for demonetization? When you download a mobile banking app you don’t know if it is using hardware security or not,” Choudhury said.
He said that Qualcomm is now approaching digital payments companies for using secure environment for processing payments on the mobile phone.
“We are providing a secure execution environment in the chipsets. This layer separates transactions on a mobile phone from the operating system. This checks any malware from affecting transactions,” Choudhury said.
He said that Qualcomm is also coming up with a new feature in its mobile chipsets from 2017 that verify user with payment gateway using unique features like device id, phone manufacturer signature, Android version in the phone, rootkit of operating system, location and time, which will be nearly impossible to duplicate.