The NFC payments journey started by examining security as a basic requirement. To this end, solutions based on the Secure Element came to the fore, as these solutions offered a very secure NFC payment experience. This, needless to say, surmounted the challenge of provisioning the customer’s payment credentials on the secure element. The different mobile operators and SIM types in the mix, coupled the complex ecosystem of provisioning using TSM all worked against this type of solutions. Both, banks and customers were unhappy.
Then came the HCE APIs by Android and coupled with tokenization, this solved the problem of depending on the secure element. The relevant payment credentials are dealt with in the software layer. This made the whole ecosystem very simple as the issuers did not have to depend on the MNOs and TSMs.
The challenges facing an HCE-centric approach
Any software based solution is less secure than hardware based solutions, or, at least it is perceived to be. While tokenization of the payment credentials reduces the challenge substantially, areas which can be exploited by hackers still remain. While monetary theft is, of course, a major concern, perhaps a more pressing issue is losing the customer’s confidence.
The likely solution
I am of the firm opinion that the “real” solution will emerge once all the options available in the ecosystem have been thoroughly explored. The bottom-line is that the most viable solution is likely to come to the fore only when the mobile network operators and the issuers join hands.
While we have come full circle, the collaboration between MNOs and issuers needs to be re-examined. Lessons from the past need to be kept in mind, to ensure that the ecosystem we’re dealing with this time is much simpler than the earlier one. So, enter a “hybrid solution”.
The Hybrid HCE solution
Simply put, the Hybrid solution leverages the assets under the control of both, the MNO and Issuers. The MNO controls the mobile network, SIM card, mobile connection, technologies for determining the location of the user and historical perspective of the user. The assets controlled by the issuer are the payment credentials, tokenization platforms and ability to generate alternate card number (PAN).
With this combination, we need to ensure that the payment that is carried out is indeed conducted by the customer themselves. As all the payment tokens are provisioned on the customer’s phone, the idea is to ascertain that the payment has come from that device then we can ensure it is that customers. Here, the generation and provision of payment tokens can be done by the issuers and MNO can ascertain that the device used is the intended one. There has been lot of discussions on the issuer and tokenization side so I shall skip that part in this article. I will cover different mechanism that the MNOs can use for checking the device:
- Using the SIM as for deciphering the token – when a customer gets on-boarded to the wallet, we can provision a unique algorithm on the SIM for that user. All the tokens that are provisioned by the server will use the same algorithm to encrypt the token and the SIM shall decrypt it. This way the token can only be used in the phone which has that particular SIM which was used for registering the customer. While one may argue that the process of one-time provisioning will still need the TSM, we need to see that this is only one time per customer and will not be done for each payment credential or card. This reduces the complexity.
- Using Mobile connect – most of the MNOs have invested in mobile connect standards provided by GSMA for identification. This has the advantage that we need not even provision any algorithm to SIM because it is quite likely that the MNO would have done that. Using this solution, the issuer can request the MNO to determine the customer’s identity. We may use this mechanism with certain intelligence built in. For example, this can be leveraged for high value transactions or to detect unusual activity. Mobile connect also has means of taking the user’s PIN. This way, the lost mobile scenario is taken care of as well.
- Using the location enabled by the MNO – many MNOs are leveraging location-based services to obtain information about the customer. This could be based on GPS, cell tower location, etc. While a user performs the transaction, we can encode the location of the user in certain user defined fields of the EMV token. The issuer can pass this location to the MNO to validate if the user indeed is at that location.
There are few more such innovations that are possible, based on the call history, usage pattern, SIM application. I feel that it is important that the issuers and MNOs join hands to find a suitable solution which is simple, secure and more importantly very easy to adopt by the end customer.