In our latest industry interview, Steven Sprague, CEO,
Rivetz, discusses the role of the Trusted Execution Environment (TEE) in enabling secure
e-commerce transactions with cyber currency as a payment alternative.
Is modern e-commerce secure? What are the common misconceptions in
the industry today?
Many people view e-commerce as simply better authentication, but more is required.
Since the early days of online commerce, we have only seen evolutionary changes from
the mail order catalogue companies. Confirmed shipping address and voyeurism of all
our shopping habits are not keeping up with the level of fraud and types of products that
are now part of our everyday online shopping environment.
Anyone who has been to lunch in Europe will be familiar with the payment terminal
being presented at the table for the user to simply pay with their smart card. That
terminal is more than just a smart card reader with a printer; it is part of the EMV security
and assurance system with secure display and secure pin entry that cannot be
compromised. The terminal equipment has provided a secure point of sale experience for
millions of users but the terminal is not present for e-commerce. Even with a fancy EMV
card the user still has to type their credit card information into the web page and with
that come a number of risks and costs.
How can the security of e-commerce be enhanced?
There needs to be an evolution away from simple authentication. For privacy,
transactions, and for content, we need not only authentication but something more.
Today’s technologies have the potential to revolutionize e-commerce. One possible
approach is to combine the safe environment of the trusted execution environment (TEE)
with the advanced flexible nature of cyber currencies. Online merchants would then be
able to offer consumers an alternate secure environment in which to undertake
Cyber currency and the TEE provide us with the capability to build a secure ‘bank’ in
a device that is already owned by the user.
What are the characteristics of the TEE that make it so valuable in e-
The TEE is now an essential part of the mobile ecosystem. The TEE's ability to offer
safe execution of authorized security software, known as 'trusted applications', enables
it to provide end-to-end security by enforcing protection, confidentiality, integrity and
data access rights.
In terms of e-commerce, the TEE offers five key characteristics:
- Secure display. To allow the user to visually see the amount
they will be charged and the account their funds are going to.
- Protected PIN entry. To enable the user to confirm the
transaction and ensure their intent is properly verified.
- Protection of the authentication credentials. To ensure the
user’s source of funds cannot be cloned.
- Protection of the transaction process. To ensure the
instruction to the payment network cannot be altered during creation.
- Attestation and validation of the TEE container. To
ensure the transaction is coming from a known device in a known state.
How can cyber currency enable secure e-commerce transactions?
Digital money makes it possible for merchants to accept an alternative currency
equivalent while providing a number of characteristics that can benefit the e-commerce
- New payment system that only requires network access. Any
browser, serial data port, Wi-Fi hot spot or near field communication (NFC) device
could accept a payment at a point of sale or online.
- New merchant acceptance. The list of
merchants that accept cyber currency is growing.
- An alternative approach for security and privacy for all transactions.
Cyber currencies utilize cryptography standards which provide a fantastic
foundation for security and authorization models.
How will this technology impact the market?
Combining these technologies may lead to lower fraud rates, lower cost of doing
business globally, a means to effectively support micro-transactions and integration
across the user's collection of personal computing devices.
Ultimately this could deliver peace of mind and simplicity to the user and a great
frictionless customer relationship for the merchant.