Protocol (algorithm ) for safely authorizing payments via mobile app

441 views Asked by At

I'm looking for most secure algorithm/protocol to safely authorize actions done via mobile app.

Let's say I'm developing a system that requires user authorisation of certain actions. You can think of it as "banking platform". Let's say there are two ways of accessing the platform: web via normal browser and mobile via app on a smartphone.

One-time tokens and SMS codes are good for the web frontend - when it's separated from the device generating tokens / receiving SMS. But how can I assure security the mobile that's almost certainly used to receive SMS or generates tokens? More secure would be to ask for password. How can I patch this obvious security hole?

1

There are 1 answers

0
K.L. On

Youre probably interested in the PCI guidelines for mobile payment. Read this: https://www.pcisecuritystandards.org/documents/Mobile%20Payment%20Security%20Guidelines%20v1%200.pdf