Peter Gutmann

Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit and an upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.

AusCERT2012 Presentation

Contactless Payment Systems: Credit Cards and NFC Phones

Within the last year or two, banks, credit card companies, and phone vendors have been quietly, or occasionally loudly, pushing out contactless payment systems for credit cards and phones. The banks and credit card companies are doing it because it makes it easier than even to spend money, and the phone vendors are doing it because they want in on the action that the banks and credit card vendors are currently getting. Unfortunately in the rush to make spending money as effortless as possible, security seems to have fallen by the wayside.

This talk looks at some of the issues surrounding currently-deployed contactless payment systems, as well as the perverse incentives created by the business models that are making things that way.

AusCERT2012 Presentation in PDF format