30 September 2014

71635

Marcelo Delima - Sequent

4 | posts 8,303 | views 3 | comments

How HCE helps banks leverage the mobile app revolution

14 August 2014  |  2695 views  |  3

The world can’t get enough of mobile applications. Last year alone there were 102 billion application downloads according to the analyst firm Gartner. And Google research says 84% of shoppers are now using their mobile phone while they shop in the physical world. Banks would be smart to leverage this revolution. And they would be even smarter to enable existing applications instead of trying to compete with hundreds of other apps for a customer’s attention.

After all, leveraging existing consumer behavior is much easier than changing it. Issuers who are first to put their credentials into applications that consumers already use, have the best chance of achieving and maintaining “top of application” status in this new and potentially huge channel. Being early in this endeavor is dependent on making it easy for everyone involved: the issuer, the merchant partner, and customers.

Host Card Emulation (HCE) has greatly simplified the mobile payment ecosystem by allowing issuers to put credential directly into mobile applications for transactions in the physical world without third party wallets, secure elements, or TSMs. However Host Card Emulation by itself doesn’t:

• Make sure every application that wants to use the credentials is a trusted application.

• Authenticate users to download and use credentials from third party HCE applications.

• Provide for testing and certifying every HCE application that uses the credential.

This means that each time a bank issuer wishes to extend their credentials to new partner applications, it will take the same amount of overhead for each new application. The bank issuing the credential will need to make sure each application manages card lifecycle, application permissions, cardholder authentication, tokens, and trust. All this takes time and resources from the issuer and its merchant and other partners, making it difficult to scale and move at a speed necessary to be first and “top of application.”

Banks should have systems that automate and simplify the work of distributing credentials to applications. HCE does enable apps to communicate directly with the NFC controller, bypassing the secure element. But apps still need to handle sensitive tokenized card data to do payments. Banks cannot expect partner app developers to be knowledgeable about payments industry standards and compliance, Javacard security or obscure terms like “APDU commands.”

That means banks will need systems to vet and authenticate new partners and apps, platforms with easy APIs to distribute credentials to these apps securely and monitor usage of credentials by the third party apps. All of this is needed to make it easy for merchants and other partners to add bank credentials and HCE mobile payment functionality to their applications. The result is banks will reduce overhead to support and certify third party applications and customers can use credentials in applications they already use and love.

And the bank will achieve another metric that will soon become as important as “top of wallet” — being the “top of app”!

 

TagsMobile & onlinePayments

Comments: (6)

Andrei Charniauski - IDC - London | 18 August, 2014, 10:16

Marcelo, great post! This is one of the reasons why, I think, banks will generally be reluctant to provide third party access to their issuers via HCE. I think banks will focus on providing payment capabilities within their own apps - this will also ensure that banks collect much more customer data and improve loyalty. Actually, this is likely to appeal to customers too - as a consumer you would know that there is one app (you bank's app) that can be used to pay at ANY retail location.

Marcelo Delima - Sequent - Mountain View | 18 August, 2014, 18:47

Hi Andrei, thank you for your comment. Let me tell you I agree with you 100% in the short term. Yes, they first need to focus on their apps and enabling their apps to become repeat use transaction tools for consumers, protecting their brand, improving their customer engagement and adding lucrative VAS. But that's only the first step. The app ecosystem is very, very big, and banks, as powerful as they are, are only one actor in the payments ecosystem. Merchants for example, by their role in acceptance hold trump cards that banks need. It is in the bank's interest to bring them and others into programs and enable them and their apps. Banks need to think how they can scale their mobile commerce initiatives and increase card distribution, usage and differentiation. The back-end tokenization, cloud-based and on-device SW and risk management that enable secure HCE transactions allow banks to think of their app, not only as a single app, but as a hub for mobile commerce innovation. If banks don’t enable the ecosystem at large, someone else will.

Douglas Hartung - Diebold - Houston | 19 August, 2014, 19:30

Yes, some segment of customers will look first to their bank's mobile application when they think about secure payments at retail.

Other segments of customers will be actively engaged in the merchant's application during the shopping experience and merchants will work to keep them there when the shopping experience moves to a payment event.  Whether for the delivery of ads and offers to drive up revenue per visit or to steer towards low cost payment options, the merchant will have an incentive to keep payment within the app where they can shape behavior.

Said differently, great point of view Marcelo.  As much as one might want the payment to be linked to the bank app in all cases, it's not likely to work that way and the points raised in the article about the secure distribution and management of the payment credential are spot on.

thanks.

Marcelo Delima - Sequent - Mountain View | 19 August, 2014, 21:01

Exactly Hartung! Thank you for your comment. It's not intuitive to think about that looking from a bank's perspective of today's challenges. But when you look at the booming app ecosystems and how every brand wants control over their customer relationships, there is no way a bank can hold that. But they can enable if they so choose...

Andrei Charniauski - IDC - London | 19 August, 2014, 23:02

Gentlemen, sorry, but I will have to disagree with your comments strongly – and this is why.

  1. Merchant wishing to enable NFC payments within its own app will have to establish HCE link with EVERY issuing bank in the country before it can tell its customers that all can use it. This is not going to happen because a) it’s a huge effort which is going to be extremely expensive even for tier 1 retailers even in compact markets and b) not all issuing banks will support HCE even in the next 7-10 years. Otherwise, say, Walmart app will end supporting cardholders of, say, three issuing banks and the marketing message will be: “Walmart app with in-store mobile payments – now available for cardholders of Bank A, Bank B and Bank C!” J That’s not going to go down too well… I know, I know, Marcelo – this where Sequent is supposed to come in J
  2. Banks have absolutely no incentive to provide retailers with access to cardholders via HCE. By doing so, they lose out on loyalty, on customer data and – most importantly – on higher card-not-present interchange fees. All that an additional cost of supporting relationships and, potentially, reduced security. I just don’t see an attractive value proposition here, sorry.
  3. Finally, think about me as a consumer. Am I going to waste time thinking whether I can pay with the retailer’s app at its store for each retailer and load my card into each app? Definitely not for all – perhaps for one or two most regular ones. But I will be happy to use my bank app knowing it is accepted universally at every outlet where my card is accepted.  

 So the way I see it for the next 7-10 years: retailers have no access via HCE and develop own app using card-not-present via own hardware infrastructure – like Starbucks or Powatag.

Marcelo Delima - Sequent - Mountain View | 20 August, 2014, 19:23

Andrei,

Thank you for your comments and candor. I guess we will agree to disagree.

Banks do not operate in a separate bubble from other players. They have strong partnerships throughout the ecosystem and enabling these partners as the first step towards an open platform is an obvious first step. The technology to federate cards easily to apps is out there. And as I mentioned the app ecosystem is too dynamic and if they don't enable the ecosystem at large, someone else will...

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Marcelo

HCE Infographic: Host Card Emulation - Why it Matters

05 September 2014  |  1445 views  |  0  |  Recommends 0 TagsMobile & onlinePayments

Host Card Emulation Puts Banks, Merchants on Top of Wallet

27 August 2014  |  2460 views  |  0  |  Recommends 0 TagsMobile & onlinePayments

Host Card Emulation: A solution for the 90 percent

20 August 2014  |  1704 views  |  0  |  Recommends 0 TagsMobile & onlinePayments

How HCE helps banks leverage the mobile app revolution

14 August 2014  |  2695 views  |  3  |  Recommends 0 TagsMobile & onlinePayments
name

Marcelo Delima

job title

VP Marketing

company name

Sequent

member since

2014

location

Mountain View

Summary profile See full profile »
Marcelo is Vice President of Marketing for Sequent Software

Marcelo's expertise

What Marcelo reads
Marcelo writes about
Marcelo's blog archive
September 2014 (1)August 2014 (3)

Who is commenting on Marcelo's posts

Andrei Charniauski
Douglas Hartung