Pre-paid card products enable limited payment from a pre-paid stored value card, using either a contactless card for point of sale transactions or a smartphone app for on-line transactions.
Starbucks has a limited “closed loop” payment option that uses a low-security stored value account that can be used, only at Starbucks, either with a mag stripe Starbucks card or a smartphone app that presents a barcode scanned at point of sale. It is low security, but accepted because the account is prepaid and amounts are small. Starbucks has also attached loyalty benefits/rewards to repeat use of their payment app.
The “Google Wallet” enables only limited payment through a specific Google account which delivers transaction information to Google in exchange for targeted discount offers. Google has tried a few approaches to storing payment credentials in the phone, with limited success. The service has not been introduced in Canada.
‘Square’ and ‘Payfirma’ use technology that, with a small unit that attaches to a mobile phone, allows that phone to receive payment as a Point of Sale terminal, not to use the phone to make payments. In the future, however, NFC smartphones equipped with the right SIM cards will also be able to be used as a new class of EMV contactless card reader. Peripherals that read mag stripe cards, like Square, are not capable of reading secure EMV card data.
Peer-to-peer payments such as M-Pesa in Kenya permit bank-less phone-based transactions as a form of cash replacement, using text messaging or wireless data to send funds from one stored value account to another. This system does not use the secure technology needed for EMV credit/debit card payments.
Using the secure technology of the kind provided by EnStream means banks and other issuers can securely download their customers’ secure credentials onto their Secure Element SIM based smartphones to allow contactless payment. Today, Visa, MasterCard, Interac and American Express all have contactless payment applications: payWave, PayPass, Flash and ExpressPay, respectively. EnStream is deploying on an open, all-comer “utility-like” basis, creating a cost-effective and easy-to-use standard for the market.
EnStream also supports Royal Bank of Canada’s /RBC’s ‘hybrid NFC cloud based solution’ for payment transactions. This allows possible benefits such as increased flexibility, storage and/or processing power while still leveraging the accepted highest security provided by a physical secure element. RBC debit and credit credentials are stored in the RBC cloud and tokenized for use, but the end user is authenticated for security purposes, by way of the hardware based Secure Element on the SIM card.
Recently announced ‘ApplePay’ will allow iPhone 6 users in the US to make contactless NFC payments using Apple’s proprietary Passbook wallet functionality, and a hardware based Secure Element; designed and selected to ensure maximum transaction security. Working with VISA, Mastercard and American Express, credentials from 6 US based FI’s including Bank of America, Capital One, Chase, Citi and Wells Fargo will be available through their wallet in the United States, beginning in October, 2014. Apple has not yet announced a launch date for commercial service in Canada.
Host-card emulation (HCE)
With ‘pure cloud’ solutions, the device does not require a physical secure element, as the applications are provisioned into a remote secure element and accessed by the device during the transaction. By leveraging this less secure HCE technology, many other mobile transaction services such as ticketing, loyalty programs and access control could be developed and implemented.
Moreover, the inclusion of host-card emulation means that full NFC capability – including operation of the reader functionality of NFC handsets – would be made available to app developers. This would give developers the ability to create applications that can turn handsets into contactless card readers, a function that has potential in the mobile point of sale sector and a host of other markets.