Wiseasy Launches “Wise Shield” Security System, Taking Smart POS Standard to a Whole New Level

Payment service is vital for consumers’ property security and personal privacy. The general public and regulatory authorities are highly sensitive  and almost show zero tolerance for payment security. Over the years, the healthy, orderly and rapid development of China’s payment industry cannot have been made possible without a sound security system. This requires payment service agencies, equipment manufacturers, industry managers and other stakeholders to continuously raise the standards and jointly build a dynamic security system. Smart POS has been developing rapidly in the past two years. It has been adapted to the market trend of mobile commerce, while posing new challenges to its security capability due to the continuous expansion of application scenarios. The practice of simply putting together smart phones and traditional POS solutions has been completely open to risks. It is impossible for smart equipment and the Internet to achieve security in a real sense without integration of security chip capacity with smart chip capacity, reasonably cutting down Android’s exclusive operating system for financial equipment, tight controls on APP installation and permission, and providing continuous dynamic services and upgrading security packages!

Wiseasy, a pioneer and an outstanding enterprise in China’s POS industry, officially launched “Wiseasy Shield” security system on November 3 to provide security service for full-range financial smart equipment of WPOS, WTAB and WMI. The “Wise Shield” security system consists of :“equipment physical security”, “operating system security”, “APP security”, “information storage security”, “data communications security” and “dynamic security service”, according to Yan Li, founder and CEO of Wiseasy.

1. Equipment physical security

The design of smart POS should conform to the relevant norms of the bank card detection center, and the synergic of smart chips and security chips is also very important. The approach of simply putting together smart mobile phones and traditional POS to design smart POS without truly understanding the underlying mechanism of smart devices, seems to work functionally, but has great risks in security. As a simple superposition of smart phones solutions on POS solutions, passwords will be designed to be processed in the Android application processor, which is the reason why it is very easy for hackers to get users’ passwords by hacking into Android and even usurp cards by copying them and their passwords. Obviously, to put passwords to Android processing is a great hazard. We can imagine what costs the flaws in design will result in for subsequent remedial!

2. Operating system security

Smart POS is characterized by its Internet property, being open to and compatible with various Internet applications is its benefits. Therefore, most of vendors choose to tailor make the dedicated system of financial smart equipment on Android operating system. However, how to achieve both openness and security poses a huge challenge that has never been faced with when designing traditional functional POS. The Android operating system is extremely complex, and the amount of reduction is interrelated with functional realization and security boundary. The design program of simple superposition is just smart in form, but excessive openness in security reduction will give a chance for hackers to have access to the root permission of the operating system, which means to hand over the key to the gate.

3. APP security

APP rich variety is the key to the realization of smart POS functions, but we must keep control on APP installation and permissions so as to ensure transaction security and data privacy. We must turn off the control switch to the APP of unknown sources to prevent the unauthorized APP from being installed. We should take official Android Market as the only APP entrance. It is also important to ensure APP authentication and not allow it to run once failed. In this way, we can prevent download, installation and running of hacker APP and provide all-round security guarantee. Smart POS has no security when it can go without authentication, and even games and ordinary Android browsers can be installed.

4. Information storage security

Due to difference in the nature of business, smart financial terminals need to put sensitive information in the security processor for storage and management to disconnect APP data and ensure information security. APP data does not need to support cloud encryption backup and recovery to ensure no loss of data. The storage of key secret codes is not done on the server, and the decryption of encrypted key secret codes can only be done on the security processor after they are transferred to the target POS. The storage of key secret codes can only be done on the security processor of Union Pay POS machine, ensuring their security and making it impossible for the third party to crack them. Also, we can lock important information data to avoid risks caused by the switching of key secret codes.

5. Data communication security

In network communication, data security is also very important. For either remote networking or near-field Bluetooth communication, “Wiseasy Shield” is to construct data communication tunnels based on the security processor asymmetric encryption algorithm and symmetric encryption algorithm to ensure data is not decoded or forged in the process of communication. At the same time, authentication of Bluetooth file reception is necessary to prevent hackers from cracking by making use of near field communication.

6. Dynamic security protection

Security is not static. Despite all-round security design of the above five aspects, dynamic services are necessary to build a safe environment for users to ensure constant improvement of security capacity and timely adjustment to changing circumstances. Wiseasy security experts will, according to users’ need, make device self-inspection, make timely remote delivery of patches through the security channels to provide dynamic security services to partners and address possible problems at any time. This dynamic security service is another characteristic of “Wiseasy Shield”.

At present, Wiseasy has begun to provide “Wiseasy Shield” security services for banks, insurance companies, telecom operators, payment institutions and merchants. “Wiseasy Shield” not only sets higher security service standards in the smart POS industry, but takes the lead in dispelling the doubts of financial smart equipment agencies and merchants., “The extensive use of financial smart terminals is an irreversible trend. However, no matter how the terminals develop, we must maintain the “chip” of security and be in awe of the product,” concluded Yan Li, founder of Wiseasy.