Mobile Payments: Today's Challenge
The proliferation of mobile devices such as smartphones and tablets not only gives consumers more choice, it also has the potential to dramatically expand the payments ecosystem, bringing new players such as mobile operators and handset manufacturers into the mix. Multiple payment advocates are competing for attention, with each party advancing a different vision for where the consumer’s electronic wallet—the trusted source of credentials—should reside: on a card, on a phone, or in the Cloud. These various approaches create new challenges and in some cases have the potential to establish new business models. The traditional role of banks in issuing physical cards that are mailed to users could be replaced by new classes of intermediaries such as Trusted Service Managers (TSMs) that provide over-the-air provisioning capabilities to mobile devices.
While new mobility for the customer continues to inspire innovation, these changes also create new data protection challenges. Whether organizations are issuing payment credentials and applications, accepting payments, or processing payments on the back end, they must keep stored customer and account information secure. Mobile transactions must be protected, whether they occur via Near Field Communication (NFC) in a store, on a tablet computer, or using a mobile phone over a wireless network. And every organization involved must continue to comply with an evolving set of industry mandates.
With the market in flux and plenty of innovation still to come, organizations are challenged to:
- Remain flexible, prepared to support a range of mobile payment scenarios and business models as they evolve.
- Be alert to disruptive change that can disturb existing revenue streams.
- Run traditional and mobile payments processes in parallel, while avoiding as much as possible the need for duplication of processing infrastructure and creation of unnecessary silos.
- Keep abreast of emerging technologies and standards for issuing credentials and applications, making payments, and accepting payments—and the business opportunities and risks they create.
- Accommodate peer-to-peer payments as they expand the market beyond the world of retail. Even in developing countries, the need to exchange funds has already triggered innovation beyond the traditional banking model.
- Accelerate the transition to a cashless society by embracing micropayments for parking meters, vending machines, highway tolls, and other purchases that otherwise involve the unnecessary costs and inconvenience of handling cash.
- Build relationships with new players, including mobile device suppliers, peer-to-peer payment services, wallet providers, TSM services, loyalty applications, consumer credit scoring agencies, and others.
Risks Associated with Mobile Payments
- Inability to adapt to mobile payments can put your company at a competitive disadvantage.
- New processes create new security vulnerabilities. Over-the-air provisioning of payment credentials and applications, for example, potentially creates new attack vectors for eavesdroppers to steal and misuse customer data.
- Attackers can steal and misuse data, leading to painful disclosures, adverse publicity, and fines.
- Failure to understand exactly where and how sensitive account data is stored and transmitted can prevent organizations from clearly defining and implementing data protection solutions.
- Rising transaction volumes can lead to performance bottlenecks as inefficient processing limits capacity and degrades the customer experience.
- Overly cumbersome and costly security schemes can hinder an organization’s ability to adapt quickly to new opportunities or to scale its business processes to meet rising service demand.
Mobile Payments: Thales e-Security Solutions
Products and services from Thales e-Security can help you incorporate mobile payments into your business while maintaining the highest levels of performance and security. The payShield 9000 hardware security module (HSM) incorporates specially designed functionality that enables various parties involved in the issuance of mobile applications to mobile phones to securely provision those applications. In addition, other types of applications can be provisioned securely, including contactless payment card applications using NFC, peer-to-peer payments applications, and many more. The Thales solution is based on the GlobalPlatform Card Specification Version 2.2 and EMV Card Personalization Specification (CPS V1.1), providing the ability to establish a secure session with the Secure Element (SE) based on Global Platform Secure Channel Protocol 02 (SCP02) and to prepare secure messages for the SE.
Combining proven products with deep expertise and experience in credential management, payments-related regulations, and the full range of data protection challenges faced by today’s organizations, Thales can help you take full advantage of emerging opportunities—while maintaining a high-assurance infrastructure that is both efficient and fully compliant with emerging industry mandates and standards of due care.
- Uncover and address new data protection challenges arising from evolving mobile payments models and processes.
- Manage cryptographic keys effectively across the mobile payments process.
- Implement proven, certified, tamper-resistant security solutions without compromising performance.
- Accelerate deployments; Thales products integrate out of the box with payment processing software from leading vendors.
- Stay flexible to adapt to changes in mobile payments processes and business models.