26 November 2014

71635

Marcelo Delima - Sequent

9 | posts 20,754 | views 4 | comments

How HCE helps banks leverage the mobile app revolution

14 August 2014  |  2824 views  |  3

The world can’t get enough of mobile applications. Last year alone there were 102 billion application downloads according to the analyst firm Gartner. And Google research says 84% of shoppers are now using their mobile phone while they shop in the physical world. Banks would be smart to leverage this revolution. And they would be even smarter to enable existing applications instead of trying to compete with hundreds of other apps for a customer’s attention.

After all, leveraging existing consumer behavior is much easier than changing it. Issuers who are first to put their credentials into applications that consumers already use, have the best chance of achieving and maintaining “top of application” status in this new and potentially huge channel. Being early in this endeavor is dependent on making it easy for everyone involved: the issuer, the merchant partner, and customers.

Host Card Emulation (HCE) has greatly simplified the mobile payment ecosystem by allowing issuers to put credential directly into mobile applications for transactions in the physical world without third party wallets, secure elements, or TSMs. However Host Card Emulation by itself doesn’t:

• Make sure every application that wants to use the credentials is a trusted application.

• Authenticate users to download and use credentials from third party HCE applications.

• Provide for testing and certifying every HCE application that uses the credential.

This means that each time a bank issuer wishes to extend their credentials to new partner applications, it will take the same amount of overhead for each new application. The bank issuing the credential will need to make sure each application manages card lifecycle, application permissions, cardholder authentication, tokens, and trust. All this takes time and resources from the issuer and its merchant and other partners, making it difficult to scale and move at a speed necessary to be first and “top of application.”

Banks should have systems that automate and simplify the work of distributing credentials to applications. HCE does enable apps to communicate directly with the NFC controller, bypassing the secure element. But apps still need to handle sensitive tokenized card data to do payments. Banks cannot expect partner app developers to be knowledgeable about payments industry standards and compliance, Javacard security or obscure terms like “APDU commands.”

That means banks will need systems to vet and authenticate new partners and apps, platforms with easy APIs to distribute credentials to these apps securely and monitor usage of credentials by the third party apps. All of this is needed to make it easy for merchants and other partners to add bank credentials and HCE mobile payment functionality to their applications. The result is banks will reduce overhead to support and certify third party applications and customers can use credentials in applications they already use and love.

And the bank will achieve another metric that will soon become as important as “top of wallet” — being the “top of app”!

 

TagsMobile & onlinePayments

Comments: (6)

Andrei Charniauski - IDC - London | 18 August, 2014, 10:16

Marcelo, great post! This is one of the reasons why, I think, banks will generally be reluctant to provide third party access to their issuers via HCE. I think banks will focus on providing payment capabilities within their own apps - this will also ensure that banks collect much more customer data and improve loyalty. Actually, this is likely to appeal to customers too - as a consumer you would know that there is one app (you bank's app) that can be used to pay at ANY retail location.

 1 thumb up! (Log in to thumb up)
Marcelo Delima - Sequent - Mountain View | 18 August, 2014, 18:47

Hi Andrei, thank you for your comment. Let me tell you I agree with you 100% in the short term. Yes, they first need to focus on their apps and enabling their apps to become repeat use transaction tools for consumers, protecting their brand, improving their customer engagement and adding lucrative VAS. But that's only the first step. The app ecosystem is very, very big, and banks, as powerful as they are, are only one actor in the payments ecosystem. Merchants for example, by their role in acceptance hold trump cards that banks need. It is in the bank's interest to bring them and others into programs and enable them and their apps. Banks need to think how they can scale their mobile commerce initiatives and increase card distribution, usage and differentiation. The back-end tokenization, cloud-based and on-device SW and risk management that enable secure HCE transactions allow banks to think of their app, not only as a single app, but as a hub for mobile commerce innovation. If banks don’t enable the ecosystem at large, someone else will.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Douglas Hartung - Diebold - Houston | 19 August, 2014, 19:30

Yes, some segment of customers will look first to their bank's mobile application when they think about secure payments at retail.

Other segments of customers will be actively engaged in the merchant's application during the shopping experience and merchants will work to keep them there when the shopping experience moves to a payment event.  Whether for the delivery of ads and offers to drive up revenue per visit or to steer towards low cost payment options, the merchant will have an incentive to keep payment within the app where they can shape behavior.

Said differently, great point of view Marcelo.  As much as one might want the payment to be linked to the bank app in all cases, it's not likely to work that way and the points raised in the article about the secure distribution and management of the payment credential are spot on.

thanks.

 1 thumb up! (Log in to thumb up)
Marcelo Delima - Sequent - Mountain View | 19 August, 2014, 21:01

Exactly Hartung! Thank you for your comment. It's not intuitive to think about that looking from a bank's perspective of today's challenges. But when you look at the booming app ecosystems and how every brand wants control over their customer relationships, there is no way a bank can hold that. But they can enable if they so choose...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Andrei Charniauski - IDC - London | 19 August, 2014, 23:02

Gentlemen, sorry, but I will have to disagree with your comments strongly – and this is why.

  1. Merchant wishing to enable NFC payments within its own app will have to establish HCE link with EVERY issuing bank in the country before it can tell its customers that all can use it. This is not going to happen because a) it’s a huge effort which is going to be extremely expensive even for tier 1 retailers even in compact markets and b) not all issuing banks will support HCE even in the next 7-10 years. Otherwise, say, Walmart app will end supporting cardholders of, say, three issuing banks and the marketing message will be: “Walmart app with in-store mobile payments – now available for cardholders of Bank A, Bank B and Bank C!” J That’s not going to go down too well… I know, I know, Marcelo – this where Sequent is supposed to come in J
  2. Banks have absolutely no incentive to provide retailers with access to cardholders via HCE. By doing so, they lose out on loyalty, on customer data and – most importantly – on higher card-not-present interchange fees. All that an additional cost of supporting relationships and, potentially, reduced security. I just don’t see an attractive value proposition here, sorry.
  3. Finally, think about me as a consumer. Am I going to waste time thinking whether I can pay with the retailer’s app at its store for each retailer and load my card into each app? Definitely not for all – perhaps for one or two most regular ones. But I will be happy to use my bank app knowing it is accepted universally at every outlet where my card is accepted.  

 So the way I see it for the next 7-10 years: retailers have no access via HCE and develop own app using card-not-present via own hardware infrastructure – like Starbucks or Powatag.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Marcelo Delima - Sequent - Mountain View | 20 August, 2014, 19:23

Andrei,

Thank you for your comments and candor. I guess we will agree to disagree.

Banks do not operate in a separate bubble from other players. They have strong partnerships throughout the ecosystem and enabling these partners as the first step towards an open platform is an obvious first step. The technology to federate cards easily to apps is out there. And as I mentioned the app ecosystem is too dynamic and if they don't enable the ecosystem at large, someone else will...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Marcelo

Banks and Merchants Must Have Their Own Payment Apps

21 November 2014  |  2034 views  |  1  |  Recommends 0 TagsMobile & onlinePayments

How can I deploy my Android Wallet? tip: It’s already there!

31 October 2014  |  3884 views  |  1  |  Recommends 0 TagsMobile & onlinePayments

SE vs. HCE: What is more secure for NFC mobile payments?

17 October 2014  |  2154 views  |  1  |  Recommends 2 TagsMobile & onlinePayments

HCE Support Could Reach 85 Percent of Smart Phones

10 October 2014  |  1406 views  |  0  |  Recommends 0 TagsMobile & onlinePayments

App Enablement: Turn Any App Into a Wallet

03 October 2014  |  2184 views  |  2  |  Recommends 0 TagsMobile & onlinePayments
name

Marcelo Delima

job title

VP Marketing

company name

Sequent

member since

2014

location

Mountain View

Summary profile See full profile »
Marcelo is Vice President of Marketing for Sequent Software

Marcelo's expertise

What Marcelo reads
Marcelo writes about

Who is commenting on Marcelo's posts

Paul Vieros
Ketharaman Swaminathan
Paul Love
Bjorn Soland
Andrei Charniauski
Douglas Hartung