Secure Transactions Themes from Mobile World Congress
From Mobile World Congress 2014, the mobile industry's showcase event held in Barcelona, Dave Birch, Director of Consult Hyperion, the technical and strategic consultancy that specialises in electronic transactions, and internationally recognised thought leader in digital money and digital identity, has been studying the form.
"Consult Hyperion was delighted to have been invited to chair the session on mobile identity services, to take part in the session on key technology trends for digital commerce and to deliver the breakfast briefings on host-card emulation (HCE, see below) and mobile payment interoperability. It was a busy week, but a great opportunity to showcase our thought leadership in digital money and digital identity."
Having spent the week surveying the scene, Consult Hyperion's team view picked out five show themes relevant to the world of secure transactions
Host Card Emulation allows any app on any NFC-enabled Android 4.4 device - phone, tablet or any other device running Android 4.4 - to emulate a contactless smart card, letting users tap to initiate transactions with an app of their choice without needing a provisioned secure element (SE) in the device. Apps can also use a new Reader Mode to act as readers for HCE cards and other NFC-based transactions. The device effectively becomes a contactless card that you can use to make purchases, display tickets and vouchers and present ID.
"By removing the decision about whether a hardware Secure Element is placed on the SIM or the handset, HCE makes irrelevant the commercial negotiations previously needed for NFC to succeed," says Birch. "Now there's nothing to stop it taking off as a convenience rather than a security mechanism."
Tokenisation replaces the card PAN with one time use numbers that are valid for a short time only. These can be transmitted like regular PANs across existing bank networks but their short life span means that they pose little risk for security breaches. They aren't a new idea but now that they can be generated by mobile apps, customer usability issues are no longer a problem. The same principle could even be applied to other types of information, for example digital identities.
"One day soon, my Waitrose app will obtain tokens from my V.Me wallet, my MasterPass wallet, my PingIt app, my Zapp app and any other wallets it can find on my phone through a standard discovery process and standard API. Then when I check out at Waitrose, my app will pop up and take care of business," predicts Birch.
Higher assurance federated identity models, such as IDAP, the UK government's identity assurance programme, NSTIC, the US's National Strategy for Trusted Identities in Cyberspace, and Assure UK (the new name for the OIX/GSMA initiative) all allow consumers to gain higher assurance identities to provide more convenient access to higher value services, for which social logon (e.g. Facebook Connect) is not good enough.
"2014 will be the crunch time for IDAP," says Birch. "The service is just going through the technical launch now and the Cabinet Office will be looking to onboard the first services and consumers during the year."
While cost saving is the driver for the government, these programmes will also provide value to consumers and service providers: better ways to access more services, better engagement with the consumer in ways that the consumer will want.
"Fundamentally, identity is a key enabler for the internet. Good identity promises to make consumers' online experience more engaging and more rewarding. Let's hope we can deliver," Birch says.
While consumers appeared hesitant about mobile wallets during 2013, 2014 could see them really take off, reinforced by technologies such as tokenisation, digital identity and HCE. To be successful however, they must do things that leather wallets can't. That means more than just storing apps. "For us, the wallet is something that lies under and inside a variety of apps, providing them with services such as identity," says Birch. "We like to call this the hyper-wallet." On top of that, wallet issuers need to do a better job of identifying the benefits they bring to users. The way to do that is to start by identifying the main pain points i.e. where wallets can help consumers or the needs it fulfils. That's a marketing fundamental - identify the need. Barclays' PingIt has already done that with person to person payments. Easy online payments from the phone might be another area as might be managing electronic receipts.
If wallets are intended to make shopping more rewarding for consumers, it's MPOS that carries out the same function for retailers. Not just conventional POS devices that have been untethered but mobile phones and tablets with added card interfaces, MPOS devices run apps and communicate with consumer mobile devices. 2013 saw their spread into small retailers who were unable or unwilling to obtain regular acquiring relationships with banks. 2014 will see them become more prevalent in retailers of all sizes, reducing the need to queue to pay and accentuating customer relationships over payments. The more consumers want to pay by phone, the less they will want to queue to hand over old fashioned payment cards at the point of sale.
These trends and others are forming the basis of Consult Hyperion's thought leadership events in 2014, its Tomorrow's Transactions Forum, which takes place at One America Square in London and its Tomorrow's Transactions Unconference series.