IBM has released a new solution that lets Android smartphone users authenticate mobile payments with a contactless card. The technology, based on near-field communication technology, provides an extra layer of security when using an NFC-enabled device and a contactless smartcard to conduct mobile transactions, the company said, including online banking and digital signatures when accessing a corporate intranet or private cloud.

A recent report by ABI Research said the number of NFC devices in use will exceed 500 million in 2014, according to a news release. Those figures plus projections that 1 billion people will use their mobile devices for banking purposes by 2017 increase the risk of hacking, IBM said.

As Mobile Payments Today reported previously, the Internet security firm McAfee expects mobile malware to have doubled in 2013, with Android thought to be particularly vulnerable because of its open platform approach.

To address such challenges, IBM said, it has developed an additional layer, two-factor authentication, for securing mobile transactions.

Two-factor authentication is commonly employed via computer, for example, when a user is asked for both a password and a verification code sent by SMS. IBM said its scientists have applied the same concept using a PIN and a contactless smartcard. The contactless smartcard could be a bank-issued ATM card or an employer-issued identity badge.

"Our two-factor authentication technology based on the Advanced Encryption Standard provides a robust security solution with no learning curve," Diego Ortiz-Yepes, a mobile security scientist at IBM Research, said in the release.

To use the solution, a user holds the contactless smartcard next to the mobile device's NFC reader. After the PIN is keyed in, a one-time code is generated by the card and sent to the server by the mobile device.

IBM said the technology is based on end-to-end encryption between the smartcard and the server using the National Institute of Standards and Technology Advanced Encryption Standard scheme. Current technologies on the market require users to carry an additional device, such as a random password generator, the company said, which is less convenient and in some instances less secure.

The new IBM technology, available for NFC-enabled Android 4.0 devices, is based on IBM Worklight, a mobile application platform that is part of the IBM MobileFirst portfolio. Future updates will include additional NFC-enabled devices based on market trends, the company said.

Learn more about security.