Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .




Alex Lithgow-Smith, Senior Consultant, Consult Hyperion

There’s been a technology earthquake over the past year that brings together phones, cards, and clouds in a way that may revolutionise payments.

CHYP, Now The Phone Is A Contactless Card

CHYP, Now The Phone Is A Contactless Card

Despite the success of contactless card products like Oyster in London, there are still remarkably few ways in which consumers can use mobile phones for contactless or NFC payments at the point of sale. On buses (and soon the Tube) we reach for our bank cards, not our phones. In Pret and Caffe Nero, we can make contactless payments but we use our cards, not our phones. The few successful phone based schemes, such as the one used by Starbucks, use barcode based technology rather than NFC.

This been largely to do with the difficulty of arriving at business arrangements between banks, phone operators and handset manufacturers about how to store the security features required to make a payment using an NFC phone.

Credit and debit card payments comply (except in the US) with a standard devised by the payments associations called EMV. That means equivalent payments using a phone must comply too. Previously, to do this in a phone meant storing the security keys required for the transaction in a tamper resistant chip on the phone – the Secure Element. That led to the need for negotiations over where that Secure Element was – if it was on the SIM, the mobile operators owned it; if it was in the handset, handset manufacturers owned it. Either way meant problems and expense for the banks.

All that has disappeared with Google’s recent announcement of Host Card Emulation, or HCE, in its latest Android implementation. HCE allows the phone to emulate a contactless card, meaning that there’s no need any more for a Secure Element. Instead the security information is sent direct to the phone. To ensure that the transaction remains secure, just enough information for one transaction or for one day, depending on the way HCE is implemented, is sent via the cloud to the handset. Enough for one transaction is obviously the most secure way, but that only works if the phone can then retrieve the next set of information so that it’s ready for the next transaction. If there’s any chance it might not, for example underground with no signal, then storing enough credentials for a few transactions on the phone is a safe enough approach.

While it’s been technically possible to do this in the past by modifying Android (Consult Hyperion has been working on this for several years) Google’s announcement has made this much, much easier.

So all of a sudden the need for banks to negotiate SIM card real estate with mobile phone operators has gone. One of the first banks to show an interest in this new approach, Bankinter in Spain, has just announced the commercial launch of its “Mobile Virtual Card” (MVC) product. They have had a detailed risk analysis carried out by the Fraunhofer AISEC in Germany — who concluded that the security of the HCE solution is “adequate for EMV online” transactions (that is, where the POS goes online for authorisation) — and are launching the service to their customers and hoping to licence the service to other issuers.

One of the most interesting things about Bankinter’s enthusiasm for HCE is that they actually own a Mobile Virtual Network Operator. So if it’s too difficult for a bank that actually controls the SIMs to go the conventional route, imagine how much easier the existence of HCE is going to make life for banks that don’t.

I honestly think that this may be the jumping-off point for NFC and that after the lack of progress of the past few years, NFC will finally take off. Visa and MasterCard’s recent announcements of their support for HCE appears to reinforce this.

Not that this is all bad news for the mobile operators. While it’s true that some are pressing ahead with pushing the traditional Secure Element based approach to NFC, there are other ways in which they can add value to an HCE based approach.

We’ve always argued that for the mobile operators, their central role will be in digital identity. The Secure Element (SE) is the obvious place to store these digital identities. And by storing digital identities that the app developers can access via standard APIs, the mobile operators can provide something of genuine value to the rest of the stakeholders: an identity infrastructure that both NFC (whether HCE or not) and other technologies, such as potential rival Bluetooth Low Energy, can use.

It could be that information which guarantees that the phone being used to make the NFC transaction is the correct phone, in the hands of the correct owner. After all, it’s the mobile operator that can tell whether the phone has been recently used to call regularly used numbers from regularly used locations.

We’ll be making that argument strongly to mobile operators over the coming year. But in the meantime, Host Card Emulation is exactly the impetus needed to make consumers reach for their phones rather than their cards at the point of sale.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post