Services

Contact Details

Over-The-Air (OTA) Audits

Meridian is an accredited auditor for MasterCard ‘over-the-air’ (OTA) provisioning programme. The official launch of the OTA audits is April 01, 2009 and in February this year we became certified to supply this auditing service.

The OTA audit will be conducted on site at the client’s facility.

The Security Objectives of an OTA Audit are:

  • To ensure the confidentiality and integrity of data throughout the OTA process.
  • To ensure that USIM provisioning occurs fully, and only once.
  • To ensure that only the device of the intended subscriber is provisioned with a given set of subscriber data and application data, following adequate registration and authentication of that subscriber.
  • To ensure that the provisioning process can be fully audited.
  • To ensure the secure data exchange between relevant actors during the OTA provisioning process.
  • To protect physical access to logical assets.

Areas of the audit review will include:

  • Data Security Requirements
  • Network Security
  • OTA Transport
  • Operational Data Management
  • Roles and Responsibilities
  • Security Management System
  • Data Access Authorization and Maintenance
  • Physical and Environmental Security
  • Key Management

The following parties who can perform part or all of the OTA functions

  • An independent Trusted Service Manager
  • A card personalization bureau
  • An issuer

Where an issuer performs the entire OTA process for its own clients, then MasterCard strongly recommends adherence to the “Security Requirements for Mobile Payment Provisioning” requirements document which is available directly from MasterCard upon application.

For all other entities, including issuers who perform OTA for other banks and third parties – the requirements in “Security Requirements for Mobile Payment Provisioning” requirements document shall also be adhered to.

Where any part of the OTA provisioning is performed by a card personalization bureau, then that bureau as well as adhered to the requirements detailed in the requirements document will also need to be a MasterCard approved card personalisation vendor.



Latest

career openings
newsletter
over the air audits

accredited

mastercard website link