“Banking needs to become more flexible and agile with FinTech”
Can a mobile application perform card payment using contactless card technology? We talked to Aivars Kalvans about how FinTech can change the field of banking and how it needs to develop further.
JAXenter: First of all, can you explain more in depth how host card emulation (HCE) and Near Field Communication (NFC) works with payment systems?
Aivars Kalvans: That is a broad question. But in short, it is based on the same principles as EMV cards are. Contactless EMV cards communicate over NFC with the terminal and do not need to be inserted into the card reader. NFC technologies are also limiting – contactless cards do not receive the result of transaction authorization and therefor transaction limits, PIN and risk parameters can’t be updated unless card is inserted into a reader device. The consumer has to insert card into a device every now and then just to keep it working.
Host Card Emulation (HCE) allows an application to emulate Contactless EMV card – it communicates over NFC with the terminal but application is also able to receive updates and authorization results over the internet. That solves the problem of contactless cards. But card emulation introduces new challenges as well because EMV cards have tamper-resistant storage for cryptographic keys but most mobile devices do not. Applications solve this problem by storing cryptographic keys on servers “in the cloud”. If you wondered before, that is why HCE and Cloud Based Payments are so closely tied together.
JAXenter: What are the challenges in bringing this tech to mobile banking?
Aivars Kalvans: Today the biggest challenge is the lack of HCE support in iOS which is one of the leading mobile operating systems in the western world. Android has had support for HCE since the beginning and now even BlackBerry and Windows support it. All we can do is to wait for Apple to change strategy regarding HCE.
The second challenge is availability of devices (POS terminals) that accept contactless payments, but the number of those is growing and that is something payment card industry can influence and change.
JAXenter: What are the benefits to making the switch for the industry? Are there benefits to the consumers as well?
Aivars Kalvans: The biggest benefit compared to other new payment methods is utilization of existing payment card ecosystem: anywhere a contactless card is accepted, a HCE enabled mobile device will be able to make a payment. That is something both the industry and consumers will appreciate.
Also, due to the nature of HCE the device has to be connected with bank’s system and consumer can update expired cards and risk parameters wherever one is. Banks can utilize mobile platform to collect geolocation and other information to prevent credit card fraud with physical cards, to provide personalized deals, information about partners and sales nearby.
JAXenter: Security is a major concern these days. How about does a cloud based payment system take this into account for consumers and enterprises?
Aivars Kalvans: Cloud based payments address security on multiple levels.
Behind the scenes cloud based payment system is made of several physical machines, safe-guarded by firewalls and located on multiple different networks. Only one of the systems is accessible from the public network. All communication between machines of course is encrypted and responsibilities of each system are assigned so that even one compromised system can’t perform work of an another systems.
A lot of credit card fraud comes from low security signature-based or card-not-present transactions. Unfortunately, those transactions are still supported to accept payments online and some countries still show low EMV card adoption rates. Cloud based payments actually are made with a token or a proxy card that accepts only one secure type of transactions. Even when card data or transaction data is stolen it’s not enough to create a fraudulent transaction.
Consumers will appreciate that physical wallets with RFID&NFC protection are no longer needed: in order to pay you have to unlock your phone and select a card from your mobile wallet. Furthermore – the consumer can choose upper transaction amount limit surpassing which the wallet will ask for and additional PIN code entry.
I would be confident to claim HCE payments are among the safest means of payment today.
JAXenter: Has the FinTech movement triggered a culture shift in credit cards and banking?
Aivars Kalvans: Yes, definitely. I personally have mixed feelings about it because on one hand, banking needs to become more flexible and agile for today’s customers. But on the other hand, FinTech is often neglecting exception cases like refunds and disputes and thriving because of lack of regulations that banking has to comply with. Time will show and the best of both sides will combine and survive which is good for us as customers.
JAXenter: What can attendees expect from your session?
Aivars Kalvans: There’s a saying in Latvian that a small road bump flips over a big cart. In this session, I will show how a lack of a small and cheap tamper-resistant storage on the mobile device has to be compensated with complexities in applications and backend systems to provide equivalent security features. Because I have hands-on experience of developing cloud based payment system I will share some real challenges and amusing situations and issues we have faced.
Aivars Kalvans will be delivering a session at JAX Finance which will provide an overview of what host card emulation (HCE) is and how it allows mobile application to communicate over Near Field Communication (NFC) protocol. Contactless payment cards use the same NFC protocol to perform payments. Can a mobile application perform card payment using HCE technology?