A guest contribution from Inga Glotzbach and Steffen Blümm from adorsys
Mobile computing and the high availability of the Internet are changing our expectations when consuming and paying for products and services. The ability to access information and make purchases from anywhere allows us to manage our time more flexibly. The Corona crisis in recent months has reinforced the trend towards e-commerce and cashless and contactless payment. While until recently it was ‘cool’ to pay with a smartphone or smart watch, it is now more hygienic and the preferred means of payment.
The development towards a service society, the housing situation in the cities, as well as social legislation have contributed to the fact that more and more employees* are accepting longer and longer journeys to work [1]. For this reason, workers spend more time on their daily commute to work. Especially with public transport, the amount of time required often does not increase linearly with the distance, but much more strongly.
In the same period, the topics of health and fitness also received increased attention. The “health megatrend” [2] has proven to be promising in the effort to open up new market segments for technologies. In recent years, health and fitness have become more and more present through wearables (smart watches, fitness trackers, etc.).
An ever larger part of the population pursues sporting activities in their free time. This often involves distances that we have to cover before we can take up the sporting activities. This trend has also meant that more and more people are spending more and more free time outside their homes, and that technology is a constant companion.
Mobility
Now, when we talk about payment and mobility, we have to look at how we travel these distances. The modalities of mobility that we want to include are: walking, cycling or scooter, public transport or car. Routes are often also covered intermodally (i.e. by linking several means of transport, e.g. by bicycle to the next stop, public transport, suburban railway, underground, walking from stop to employer). However, it is more informative for us to look at the modalities individually.
Placeonas [3] are particularly important in this context – ‘place-onas’ are considerations of how place and situation limit the possibilities of interaction with technology. Placeonas are not only interesting for the consideration of usability (consumption of services), but also with regard to identification and authorization. The latter is certainly a topic which is assigned an important significance in Germany. These procedures are subject to the restrictions of placeonas, just like the interaction possibilities.
For the above mentioned locomotion modalities, the different interaction modalities or placeonas are shown in the diagram.
Here it can be seen that hands can be used to a much greater extent when walking than when driving a car. In addition, the driver’s field of vision is restricted when using the vehicle, as the driver’s focus should be primarily on road traffic, so that only a short attention span is available for other activities. For hearing, the car offers the advantage of a closed or private space, so that personal data can also be output via audio. The same applies indirectly to pedestrians or public transport, provided headphones are used. However, the input of data via voice is less recommendable in public transport, as an acoustic shoulder-surfing attack cannot be ruled out. The same can apply to the car as soon as there are other people in the vehicle.
Technologies
As already mentioned, mobile technologies are our constant companions: Smartphone, Smart-Watch, Fitnesstracker, Android Auto, CarPlay, Alexa Auto, as well as proprietary media systems of car manufacturers. For many, the smartphone has become the mobile control center.
Smart watches like smart phones are equipped with many sensors. However, not all sensors of the watches (especially Apple Watch) can be queried directly, if only for data protection reasons. Theoretically, there is therefore a large amount of data that can be collected and provide information about the users.
Mobile payment
Since transaction data provides a lot of information about the actions and preferences of the user*, the possibility to make payments easily and directly has become a key function of the platforms on which these devices or services are based. Apple, Google and Amazon offer well integrated payment services for their platforms.
But service providers such as WeChat, Alibaba and Uber now also offer their own payment systems within their platforms. In Placeonas, where the solutions mentioned above are problematic to use, some technology and automotive companies have developed systems that can also be used while driving. The company Amazon offers a service called Alexa, a language assistant that makes it possible to pay a bill at any Exxon gas station without having to go to the checkout [4]. CerencePay also offers an all-round product where payments can be made by voice [5].
Authorisation of payments
This is where placeonas and technology come together. Are the users* actively moving – do they control their locomotion? Or are they passively in motion – are they transported or driven? Do they therefore have to pay attention to moving around? The level of attention is again influenced by the speed of movement, road and traffic conditions, e.g. the number of road users, or the types and degrees of freedom of road users. Moving in an environment where many modes of transport converge (city traffic) or where there are no clear traffic rules (pedestrian zone) requires more attention and faster reaction times. The more attention is needed for locomotion, the less is available for authorisation.
Another important aspect is the privacy of the environment. Do the users* have their own space, or are they in public space? In public space, the authorisation procedure must be as resistant as possible to ‘shoulder surfing’. Classic shoulder surfing means that another person can look over the shoulder at the display and read passwords or their input. With voice-controlled devices, however, it is not only possible to read along, but also to listen in – acoustic shoulder surfing.
“With voice-controlled devices, however, not only is it possible to read along, but also to listen in – acoustic shoulder surfing.”
For these two reasons, classic passwords or passcodes are not suitable in the context of mobility, as too much attention is required. Moreover, they are difficult to protect against shoulder-surfing attacks, whether acoustic or classic, and this seems less serious at first, since we work a lot with biometric methods today (fingerprint, face recognition, etc.). This works especially well in those Placeona scenarios where hands are free for interaction and not actively involved in navigation.
In the car, a fingerprint scanner would have to be installed on the steering wheel for authorization to be compatible with the Placeona. But since a steering wheel is not a fully integrated component in the car’s media system, attack vectors are created. In this case, communication with the central system could be compromised. This is possible because the communication runs over bus systems that cannot be completely shielded. Placing the sensor in the center console directly on the media system is not really compatible with the Placeona. The situation is similar with face recognition – the placement of the sensor must be decoupled from the media system, which opens up attack vectors.
Another way of identification using biometric data is voice recognition. This is used, for example, by CerencePay or by Google with Voice Match. However, the security of this procedure is debatable. What is clear is that the algorithm requires a certain tolerance, since depending on the environment, other sound events can overlap frequencies. A cold can also change the voice significantly. Google’s voice match voice recognition system, which was introduced this year, points out that the possibility of misuse is real [6].
When used in a secure context or in combination with other procedures, however, this can increase security and above all convenience.
In addition to the classic biometric methods (fingerprint, face, voice recognition), which are widely used today in one form or another, there are other methods based on pattern recognition. Nymi has been working for years on technologies that use the heart rhythm pattern (cardiac signature) for identification. According to the MIT Technology Review of June 27, 2019, the US military has a laser (Jetson), which also relies on identification via the heart rhythm [7]. This can also be used for identification from a distance.
Especially for smartphones, work is being done on algorithms that use the smallest movements, so-called micro-movements, for identification. In the mobile context, where the smartphone is held in the hand, this is an interesting option to complement other approaches. Since the heart rhythm, as well as the micro-movements, are not easily ‘readable’ for the time being, nor can they be easily imitated, they are of interest for use in situations with little privacy.
If we look again at the car as a mode of transport, we have to say that the Placeona is also dependent on technical assistance systems. Driving assistance systems from the level ‘Highly Automated Driving (Level 3)’ extend the Placeona for driving a passenger car. This increases the leeway for using safer procedures in cars. It is easier to use a visual password, as well as a fingerprint, even if the corresponding technology is built into the center console (* for this reason, a marker has also been added to the matrix shown). The biometric procedures are secure if the sensors are integrated into the centre console and cannot be separated from the system.
As an expert for payment processing and a manufacturer of open source open banking products [8], adorsys [9] also looked at the topic of transaction authorisation with different placeonas, especially in combination with conversational interfaces. As an IT company with a strong awareness of the immanent importance of application-oriented research, we have intensively studied the potential of voice-controlled user interfaces. We were very interested in how we could combine these rapidly spreading user interfaces with our payment systems and services to create better user experiences. In 2017, we have created a prototype to authorize payments via a voice assistant via smartphone. In 2020, we investigated payment transactions while driving and their authorization through visual passwords. We call this concept Picture Passcode.
This concept takes into account the special specifications and requirements of automotive ergonomics, but could also be conceived in other scenarios where payments have to be authorized contactlessly. In times of pandemics such as Covid-19, where hygiene is becoming increasingly important, we need more security procedures that protect both privacy and health.
Final review
The security of users* and their data when making payments has many facets, both physical and non-physical. The placeonas used here are of course only abstractions of situations we find for locomotion modalities. The real contexts in which people move around daily are almost infinite. In this short consideration we have seen that different procedures work better or worse in different situations. Through choices and combinations of procedures we can increase both safety and comfort for the users.
Sources:
[1] https://www.aerzteblatt.de/nachrichten/61186/Deutsche-leben-gesundheitsbewusster
[2] https://kommunalwirtschaft.eu/tagesanzeiger/detail/i22139/c140
[3] https://experience.sap.com/conversational-ux/modalities/
[4] https://www.exxon.com/en/amazon-alexa-pay-for-gas
[5] https://www.cerence.com/cerence-products/applications/cerence-pay