Are Android terminals safe? 5 key principles driving payment security on Ingenico’s AXIUM platform

Ingenico, a Worldline brand, has an essential philosophy at its core - to stay up to date with the latest security standards and promote the most secure cryptographic elements for our customers.

These principles lie at the foundation of Ingenico’s approach to developing its solutions, including those using Android. This point is perfectly illustrated by the recently launched AXIUM platform, which was designed to provide secure payment alongside the Android environment.

But whilst significant progress has been made in Android security in recent years, the following key principles remain vital to ensure a safe, secure, and trusted ecosystem:

1. SEGREGATED AND DISTINCT ENVIRONMENTS BETWEEN EVERYTHING RELATED TO PAYMENT, AND NON-PAYMENT ASPECTS OF THE PLATFORM

Android applications created for consumer devices are usually published on Google Play™, the public Appstore managed by Google. Google provides developers with a set of tools to sign their application allowing the Google Play service to recognise and validate the signed software. This is needed to give the ‘green light’ for the software’s distribution.

However, an application authorised with the Google signing toolchain cannot be loaded on an AXIUM terminal. Instead, Ingenico designed a complete ecosystem to manage AXIUM business applications, creating a security red line that connects an app through the software development kit (SDK) and signature tools to the Ingenico Appstore on the Terminal Estate Manager (TEM) for the software distribution.

Looking at this in more technical depth, the Ingenico SDK manages the PCI-PTS SRED (Secure Read and Exchange Data) compliance requirements for Point of Interaction devices, respecting the wide set of security rules required by the PCI Council standard. These include:

  • Protection against attempts to disclose cryptographic information
  • Uniqueness of the secured keys
  • Avoidance of sensitive data retention
  • Cryptographic protection of firmware updates and remote access

to name just a few…

All these features are commonly used by the payment application and are authorised by the signature tool during the application signature process. However, non-payment applications can be signed to run on AXIUM without access to the payment environment and to the secured memory areas.

Managed interaction between non-payment applications with payment services is also possible, driven by specific payment APIs under a ‘payment as a service’ model, whilst still meeting the security principles described.

The AXIUM platform segregates business applications from the payment application environment, opening it up to a large community of Android developers who can build and run their business apps while preventing access to payment features

2. THE CERTIFICATION OF TECHNOLOGY DEVELOPED TO THE LATEST PCI-PTS STANDARDS

The AXIUM operating system (OS) is proprietary designed and dedicated to payment use cases. This provides the right level of security for both the user experience and the customer environment and is totally separate to any business applications.

Based on this architecture, the AXIUM OS and the overall platform have been certified with the most recent certification, PCI PTS version 6.

However, compliance is only one aspect of platform security…

3. FREQUENT UPDATES, ENSURING THAT ANDROID POS, AND CONNECTED DEVICES, ARE PROTECTED FROM EVOLVING THREATS

Android is a giant with worldwide reach. It is no surprise therefore that it represents an appealing target for security threats. Whenever system weaknesses are discovered and resolved, or new security standards take shape, Android gets updated with security patches to prevent hacking or fraud. This is part of the natural life cycle of an operating system.

AXIUM is a business platform built on Android and has been designed to ensure the highest protection against any software threats. And just like Android, Ingenico has in place a continuous assessment process, to evaluate Android threats and solutions to keep AXIUM up to date, secure and trustworthy.

Compliance continues with updates to our customers’ estates supporting the terminal’s life cycle. One of the pillars of the AXIUM platform is that it is always connected. Through its proprietary Estate Manager platform (TEM), Ingenico delivers updates and security patches to AXIUM terminals seamlessly without interrupting the device. This ensures business continuity and provides the best performance to the end user without any compromise on security.

4. TRUSTED APPLICATIONS DEVELOPED BY PEOPLE WHO UNDERSTAND THE COMPLEX REGULATORY ENVIRONMENT

Whilst Android is an open development platform, an Android based payment system must comply with PCI-PTS requirements and meet strict security restrictions

So, how do you protect the payment environment, (card readers, security, pin entry etc.) to ensure they meet the associated security restrictions whilst at the same time providing app developers with safe access to payment features?

This is achieved by preventing an application from directly accessing card payment peripherals, a key obstacle that would otherwise prevent the creation of generic applications. Indeed, Android applications that only use communication channels, screen and touch functions can be ported onto AXIUM quite effortlessly.

In this case, what really differentiates an AXIUM app from a standard Android app, is the signature process and software distribution that must be managed through Ingenico’s tools. This signing toolchain manages the Android permissions, according to the partnership level, thereby balancing the application approvals with the application’s purpose.

Third party app developers benefit from Ingenico’s Payment APIs which give them access to card payment features without getting involved in payment regulation complexity. The APIs provide the bridge to card payment processes in applications, leveraging Ingenico’s experience and opening up routes to new use cases.

The platform application signature scheme is designed to ensure that customers can build partnerships with third parties application providers, without interfering with the payment platform and its strong security constraints.

5. THE USE OF TERMINAL, ECOCSYSTEM, AND ENCRYPTION TECHNOLOGIES, TO ENSURE SECURE COMMUNICATION BETWEEN ALL PARTS OF THE PAYMENT AND SENSITIVE DATA CHAINS ARE PROTECTED, AND SAFELY INTEGRATED

Data protection may not be as fascinating or exciting as other aspects of a product, such as the design or user interface, but it sits at the core of a payment terminal and must withstand any threat: breaking the data protection wall would mean full access to sensitive information or money.

Sensitive data on a payment terminal is protected using cryptography. Commonly, cryptographic algorithms use one secret key (symmetric cryptography), or a pair of keys composed of a public/private key couple (asymmetric cryptography) to cipher and decipher data. The keys are secrets held by the parties allowed to safely exchange information, i.e., the credit card and the terminal. 

The AXIUM platform is designed for devices already built to manage sensitive information and communication

As machine calculation performance grows over time, the main challenge for cryptographic algorithms is to keep secret keys complex enough to avoid reverse engineering (brute force attack resistance) whilst preserving quick data encryption/decryption processes. If a key is violated, this could allow access to data, such as transactions, credit cards, bank accounts, emails – all of which would be compromised, opening up the potential for users to become a victim of fraud.

The RSA key, (named after the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who first described the algorithm in 1977), is probably the most used asymmetric cryptographic algorithm in SSL/TLS communication security today: when we access a web portal or login to an authenticated service, RSA is working behind the scenes to prevent fraud and reduce risk. 

However, research in cryptography continues to search for new concepts to solve the conundrum of fast encryption/decryption while preserving a strong key brute force resistance.

Elliptic Curve Cryptography (ECC) is one of the most enhanced asymmetric cryptographic algorithms and will probably replace RSA in time. ECC key pair generation is simple as private and public keys are a randomised point of an elliptic curve over a finite field. The ECC encryption algorithm, uses the elliptic curve math theory to cipher information. The reverse engineering of the ECC algorithm must solve a high-complexity math problem called “discrete logarithm over finite fields”: this reinforces the ECC brute force attack resistance, whilst reducing the key size and preserving a high level of performance in the encryption/decryption processes. For example, a proven elliptic curve cryptography key of 384 bit achieves the same level of security as an RSA key of 7680 bit.

The AXIUM platform is built with strong cryptography, including AES (Advanced Encryption Standard) symmetric keys and Elliptic Curve Cryptography (ECC). These security solutions are also compliant with the relevant security standards for PCI PIN and PCI P2PE.

All of the security elements described here are not only available on the AXIUM platform, but also on Ingenico’s Tetra platform too, helping to facilitate the integration, user experience and the overall estate management for our customers.

Ingenico’s proven experience in the payment industry has helped to bring together the benefits of all the latest technologies, cementing its position as a one of the world’s most trusted and reliable payment providers. We remain focused on our customer needs and will continue to work closely with them to deploy the latest features, guiding them through their use to ensure the most secure payment experience in new environments.

Security is in our DNA

If you would like to join Ingenico's Developer Community and learn more about building digital apps and services on our smart terminals, please visit our Developers' Partner Programme website

 

 

 

Mario Perciabosco

About the author

Mario Perciabosco, Android and Service Development Team Leader for Terminals, Solutions & Services EMEA at Ingenico, a Worldline brand.

Mario has 18 years’ experience in the payments industry having held a variety of roles in Software, Development and Pre-Sales. He is currently the Android leader for Professional Services in EMEA and responsible for new collaborations, reinforcing customer partnerships and offering his experience to simplify access to the most recent payment technologies

About Worldline

Worldline [Euronext: WLN] is the European leader in the payments and transactional services industry and #4 player worldwide. With its global reach and its commitment to innovation, Worldline is the technology partner of choice for merchants, banks and third-party acquirers as well as public transport operators, government agencies and industrial companies in all sectors.

Powered by over 20,000 employees in more than 50 countries, Worldline provides its clients with sustainable, trusted and secure solutions across the payment value chain, fostering their business growth wherever they are. Services offered by Worldline in the areas of Merchant Services; Terminals, Solutions & Services; Financial Services and Mobility & e-Transactional Services include domestic and cross-border commercial acquiring, both in-store and online, highly-secure payment transaction processing, a broad portfolio of payment terminals as well as e-ticketing and digital services in the industrial environment. In 2019 Worldline generated a proforma revenue of 5.3 billion euros.

www.worldline.com