The HCE tap is open, let NFC services flow

Banks: What is ‘enough security’?

I was prepared for Mobey Forum’s third annual Mobey Day event to be a lively affair. Bringing banks together with, amongst others, GSMA, chip manufacturers and mobile payment software providers to discuss the future of near field communication (NFC) was always going to ignite debate.

What I was less prepared for, however, says Sirpa Nordlund executive director of the Mobey Forum, was just how far and how fast that debate has evolved in the past few months, let alone the last year.

For years, NFC-for-payment services have been hamstrung by deployment complexity and commercial power plays. This year, things are refreshingly different. Wind back the clock to November 2013; Google kick-started a wave of change by including support for host card emulation (HCE) in Android KitKat. Banks and other NFC service providers began to ask a very big question: ‘Could HCE replace the SIM-based secure element?’ Or, put another way: ‘Could HCE solve our technical and commercial go-to-market problems with NFC services?’

In March, follow-on announcements of support for HCE from Visa and MasterCard, together with EMVCo’s release of its first tokenisation framework, confirmed for many service providers that HCE was indeed a serious contender in the market for secure NFC service models.

Contest gives way to consensus

Wind forward a few short months to October and the HCE debates at Mobey Day had evolved almost beyond recognition. Evangelists were present on both sides, but a broad consensus became apparent on a number of previously contested themes. Firstly, that HCE is a force for good but does not signal the death of the secure element (SE) in NFC services. Neither the SE nor HCE NFC will dominate the NFC services industry, not least because both models present service providers with different sets of advantages and challenges.

In 2015, we are likely to see multiple deployment models establish, where the SE (either on the SIM or embedded in the device) will both coexist and cooperate with HCE to form hybrid solutions that can provide enough security for the service in question. This puts the ball firmly back in the service provider’s court. Banks especially, for whom mobile data security has always been a zero-sum game, are now faced with a new question, one that must seem entirely alien: What constitutes ‘enough security’?

And with that the rug is pulled, once again. If banks are to abandon the pursuit of ‘maximum security’ (as delivered via the embattled SE/TSM model) in favour of ‘proportionate security’ (via a service-appropriate blend of HCE/tokenisation/SE/software-based security) in order to finally get their solutions to market, they must first decide what an ‘acceptable security risk’ looks like. I fear that this expression will stick in the throat of many a bank’s mobile payments manager in 2015, as they try to explain to a frustrated board why they are now proposing to write-off a fair portion of SE-NFC investment and, at the same time, drop down a security peg in order to enable widespread deployment via an all-HCE or hybrid based solution.

Look to ApplePay and its TouchID biometric authentication for the route through the maze, advised David Birch of Consult Hyperion, who reminded us all not to get too hung up on security: “We’re buying coffee here, not launching nuclear missiles,” he argued with characteristic alacrity. “Convenience trumps security every time. Every time.” For evidence, Birch drew on the elegant simplicity of Apple’s biometric TouchID. Sure, fingerprints can be stolen and recreated, but how often is this really going to happen? And even if it did, would the genius thief not have bigger ambitions for this new found power than pick-pocketing iPhones? TouchID’s simplicity and convenience will drive consumer adoption at such a rate that it will dwarf any issues that emerge relative to its security.  Indeed so beguiling is TouchID and its ability to authenticate payments via ApplePay, that Birch believes it may hold the power to entice Android defectors back to the iPhone in swathes. Let’s see.

ApplePay featured heavily across the two days of presentations and was met with universal admiration for its model. One notably insightful comment came from Mario Maawad at Caixabank who observed that ApplePay’s value to the whole NFC ecosystem was not only in bringing NFC to all those iPhone users, but by doing so with a user experience so frictionless that consumers will finally realise that conventional forms of payment are indeed inconvenient. This revelation alone will drive a shift in the consumer mindset, he says, and heighten awareness of the mobile channel’s potential to make life that bit easier. That must surely be good for all stakeholders in the mobile industry.

Beyond ApplePay, Mobey Day’s speakers offered a variety of other thought provoking insights for delegates to digest. Kristian Luoma, head of business development at Finland’s OP Pohjola Bank, made a notable distinction between how the next generation of mobile-specific social media platforms make the end-user feel. Facebook’s mobile user experience, according to Luoma, which focuses on connecting people, doesn’t feel anywhere near as good as the instant-response mobile world of WhatsApp, the handset-dedicated messaging platform, which is designed to serve groups of connected people. His point here is that mobile payments must be made to feel good, as well as operate conveniently and securely. In his words: “In mobile payments the winners will be those that can make the payment feel as good as sharing a selfie.” An interesting (and ambitious) challenge for payment providers everywhere.

Despite softening the blows with FIFA and street football analogies, the hard truths delivered by Amir Tabakovic, chair of Mobey Forum’s Mobile Wallet Workgroup, about the disintermediating threat that merchant-oriented prepaid mobile wallets pose to banks, really struck a nerve. Prepaid’s growing utilisation as an alternative banking platform, together with its unrestricted regulatory environment and easy integration with merchant loyalty programmes, combine to make it a defining force in the near-term future of mobile wallets, he says. Banks will ignore prepaid at their peril.

There is a string that ties all of these elements together. Mobile financial service providers everywhere now need to focus, above all, on the end-user experience. Today’s ecosystem is teeming with influential, agile and powerful stakeholders, many of which are on a mission to make the cumbersome business of paying for goods vanish completely from the consumer’s mobile shopping experience. If banks don’t move to broaden their horizons and establish a new and visible role in the end-user’s mobile experience, they may find that they too become unfortunate victims of the great ‘payments vanishing act’.

Sirpa Nordlund is the executive director of Mobey Forum
Sirpa Nordlund is executive director of Mobey Forum

Which of the Mobey Day presentations struck a chord with you? How do you see NFC mobile payments moving forward in the coming months and years? I’d be delighted to hear your thoughts via mobeyforum@mobeyforum.org or tweet us @MobeyForum

The author of this blog is Sirpa Nordlund, executive director, Mobey Forum

 

RECENT ARTICLES
A Device to Cloud Solution for Smart Water Meters and more

Airtel to power more than 20 million Adani smart meters

Posted on: April 29, 2024

Airtel Business, the B2B arm of Bharti Airtel, has announced that it will power over 20 million smart meters for Adani Energy Solutions Limited (AESL). Airtel, through its nationwide communications

Read more
close up beautiful optical fiber details

CDG and Innovation Incubator launch AI-powered telecom solutions

Posted on: April 29, 2024

Communications Data Group has announced an alliance with Innovation Incubator to operate an extension of CDG’s innovation lab and develop Generative AI powered solutions aimed at transforming the subscriber and

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into

Read more