Has the concept of mobile-based payments had its moment in the sun? It isn’t the latest kid on the technology block or (arguably) the most impressive. Its potential in making cards a thing of the past has been discussed to death. Indeed, it has been at the forefront of thousands of industry-wide debates and forums.
So, can it be written off as just a flash-in-the-pan? Well, yes and no. No, because in theory, the concept of a mobile handset coupled with a digital wallet is sound. It has the potential to transform the overall payments experience by introducing contextual awareness into the mix, resulting in happy customers and merchants (the former with personalized offers and the latter with better customer outreach).
The not-so-great news is that despite the potential, a mere handful of pilots have been conducted across multiple geographies. The grand idea of mobile payments seems to have turned out to be a paper tiger. All teeth but no bite.
Is the failure to identify the right kind of technology its downfall? Again, yes and no. There have been several hits and misses. To illustrate, in the initial years, Near Field Communications (NFC) was touted as “the” technology for mobile payments. Over the years, though, industry experts steadily started dismissing NFC on multiple grounds. To begin with, the business model entailed was complex and also added several more players in the ecosystem. This meant more contenders for the already wafer-thin margins. Each solution suggested to salvage the situation, though put forward with honourable intentions, was deemed badly planned. Invariably, all the players involved wanted to have first dibs on the customer.
In the end, while NFC never made it to the mainstream, the idea of mobile payments didn’t die. As a result, many other technologies-in particular QR Codes and Biometrics-have been given a fair trial but these are not really expected to become mainstream unless there are standards defined, followed by an industry-wide push for adoption. Also, security concerns for these alternate payments have to be thought through and a robust mechanism built before these find their feet in this space.
In this scenario, Host Card Emulation (HCE) has arisen as a potential solution to the “which technology ought to be used for mobile payments” conundrum. It seems to have hit the bulls-eye, with bigwigs like MasterCard and VISA announcing their specs and EMV following suit and developing their own guidelines for tokenization. HCE has taken off very rapidly and, in fact, has helped sort out a few kinks in the traditional NFC model. I think it’s appropriate to mention Google at this point, for the HCE specs it introduced in the KitKat version of Android.
Of course, what’s well begun is often half-done. The next step is extending the magic of HCE-based NFC payments outside the Android universe.
To be fair, there has been a fair amount of activity on this front. Several banks have enthusiastically signed up for the same and have been rolled out HCE-based wallet pilot projects. Let’s not get ahead of ourselves, though, it is still a bit premature to measure the success of such projects. Every player worth mentioning operating in this space is attempting to have a “eureka” moment in this context and are certainly pulling out all the stops. Take, for instance, the enabling of tokens for disconnected modes or the solution that ensures the customer carries out the transaction in record time.
Meanwhile, the next big question is: which platform would provide a more secure environment to support HCE-based wallets-the Trusted Execution Environment (TEE) or the secure element (SE on the cloud)? The former is widely regarded as the winner , but it is not without flaws. To begin with, it is dependent on the mobile handset’s processor (always a red flag) and introduces an additional player in the value chain-not always a welcome development.
Of course, the wheels of technology keep turning and so, it is unsurprising that an alternative mechanism – the latest buzzword – white box cryptography (WBC) is already squarely in place. In fact, it has already been implemented to enable token management securely within the phone memory without a secure element in place. While HCE started with the SE being present on the cloud which helps in processing transactions being in the connected mode, the WBC mode is to enable disconnected transactions where required.
I believe that this isn’t mere hype-it could very well be a genuine possibility of enabling over-the-counter payments through NFC. We have already engaged with various players who have evinced interest in deploying HCE solutions. Again a disclaimer-technology can never be perfect. In this context, the jury is still out on the question of who would manage the tokenization systems – would banks have their own system or would the network scheme players like MasterCard and VISA lead the way? While the former seemed to be a logical solution, the process of managing the flow of payments could become complex and while the latter could help in deploying the token systems faster, another question arose-would everyone subscribe to the model?
If history has taught us anything, no-one would have been taken by surprise by Apple’s grand announcements in early September. While I am still unclear of how the overall market will pan out, the launch of the Apple Pay solution on the iPhone 6 and Apple Watch (users of iPhone 5s can use Apple Pay through this) signals the beginning of the US market’s journey towards NFC adoption.
Apple’s heavyweight status became even clearer at the event-as it has already roped in every major player including banks, networks and merchants to be an integral part of the launch. Keeping in with time-honoured tradition, the solution makes it clear that Apple has thought the overall process through to develop an offering which is not only frictionless but also secure. The tokenization thought process which began with HCE has clearly been adopted and I am sure this is destined to become pretty much part of any payment flow.
In fact, the biometric authentication feature they introduced in the last version of the iPhone is now being given space to play-the perception to consumers would clearly be that their payment credentials are secure, which will hopefully translate into a healthier adoption rate. While not stated clearly, the context aware services would have their moment as well. Of course, Apple will continue to mix things up and will most likely steadily throw in the passbook and the ibeacons facilities. Add the payments feature to that and you’re likely to end up with a product that offers more value to consumers and gives the world a solid reason to subscribe to the mobile payments thought process.
But is the world ready? I believe so, especially with the US retail industry going through the EMV migration. In this case, contactless and NFC terminals can be part of the same migration process. This will make the acquiring side ready for the mobile payments revolution while the nuts and bolts have started falling into place on the issuing side-well at least for consumers who will pocket the latest iPhone.
While all the hype surrounding Apple’s latest offering is exciting and full of promise, let’s take a moment. The company has already stated that 83 per cent of card holders in the US can already access this service. But wait what about the other mobile platforms (including Android) which need to enable NFC so that the market will become broader? While this may not give the good people at Apple sleepless nights, it is important to remember that Android rules the roost outside the US.
Speaking of teething issues, personally, I am curious to see how Apple will tackle the issue of a “disconnected” environment and who will introduce payments and authentication to, let’s say, the transit industry-traditionally considered a killer app for NFC. Further, how will wallet providers including large format retailers club their wallet offering with the Apple payment systems? How will Apple build in context awareness in this product, keeping in mind their recent proclamation that they do not hold customer info? While I never claimed to have a crystal ball, I am clear about the fact that Apple will slowly but surely be the ID and access mechanism for various applications and this is where they may open their platform to the developer community.
But that’s Apple. What about the larger Android universe I had mentioned earlier? Well, for one, the right solution is required. Further, banks and payment providers will need to offer their payments products to consumers irrespective of which OS platform they are on. Now the tricky part-dealing with HCE on Android is very different from what Apple Pay is offering. Banks will have to do their homework to figure out how to replicate the process across platforms.
It doesn’t end there. Players like MasterCard and VISA have increased their relevance with tokenization at the network level. It will, therefore, be mildly-I joke-VERY difficult to change the existing system to support NFC payments for other platforms. Also, wallet providers exercised more control on the Android platform and the overall consumer buying behaviour including payments could be more tightly integrated. So, where does all this stand? Are we to believe that the payments piece will now become a platform play? The big question is will Google follow suit? Is there room for it to do so? Interesting times are coming and it won’t be an exaggeration to say that Apple’s recent announcements have led to the makings of a storm in the NFC space. From the viewpoint of someone who has been eagerly waiting for this (me), looks like wishes do come true!!
