There’s no questioning that global commerce is becoming increasingly mobile-oriented. Whether it be ordering an Uber, or a beer from your seat at a ball game, most see where its headed. The fintech community does too. Go to a show like LendIt, Finovate, or Money20/20 and count the number of companies developing technologies related to some aspect of mobile commerce. Billions of dollars are being invested in such companies each year.
Yet not everybody is convinced. Survey after survey show that significant portions of society still do not fully trust mobile payments, a perception fed by media stories of hacks, pop culture portrayals, and, yes, some consumer ignorance.
MagicCube’s origins begin three years ago when Mr. Shawki served as Visa’s global head for remote payments. He was charged with adding secure mobile and remote activities to Visa’s bank, merchant and account holder networks. He saw dozens of Silicon Valley startups developing mobile solutions, but they were based on legacy security ideas.
Mobile security must overcome significant issues, Mr. Shawki explained. Hardware approaches rely on elements such as a chip in a device. Such solutions are unique to one device, involve multiple parties, and are difficult to keep up to date. They are also expensive, difficult to understand and are slow to implement.
Encryption software is the other common method, but it has its limits, Mr. Shawki said. It is vulnerable on its own and often is a stitched together solution.
MagicCube also brings together different elements, but they work in concert to provide end-to-end security through a software Trusted Execution Environment (sTEE) which combines on-device and cloud components. A secure container is placed inside an app and completely isolated to safely store sensitive data and logic such as cryptokeys, payment tokens and user information. It safeguards mobile and IoT apps from more than 200 threats including cloning, lifting, man-in-the-middle, tampering, spoofing, denial of service, impersonation and repudiation by accessing multiple types and layers of encryption, obfuscation, tokenization, secure transport, and a designed-for-purpose set of countermeasures.
That allows the app to execute business rules which handle secure operations even when a device is offline. The “miniCloud” is the backend appliance which provides Cube security and management. It sits next to the app’s backend and connects with a few APIs. The software builds a complete platform with the best characteristics of a sTEE while also protecting data as it travels between the Cube and miniCloud. An SDK delivers the app component and it is easily integrated with an app requiring a minimum of APIs.
Mr. Shawki said MagicCube engineers created a virtual chip as the anchor for a full platform that enables deploying large scale security to Internet of Things (IoT) devices. It is easy to integrate and the software is managed remotely and can be updated over the air without a user updating the app.
The IoT is a huge opportunity but comes with huge gaps, Mr. Shawki said.
“The typical connected car has seven or eight subsystems like entertainment and key systems. They are becoming smart and their operating systems come with the ability to connect to other objects, but also to hackers.”
Security was often an afterthought in the rush to progress, Mr. Shawki said, and the growth path of mobile payments technology is very similar. Device manufacturers are not chip manufacturers, so enter MagicCube to fill the void to protect data as it transfers between secure locations, a problem exposed by recent issues with eATMs where smartphones are used as identification. Hackers circumvented security and stole funds from customers by compromising the chip and exposing the chain of custody.
“The industry is moving fast, but not enough thought goes into what happens once these things are connected,” Mr. Shawki said.