Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
News
See Headlines »

Related Companies

Visa

Channels

Retail banking Payments

Keywords

Cards Innovation Mobile & online banking Eftpos
Bankinter circumvents secure element hassle for mobile NFC payments

Bankinter circumvents secure element hassle for mobile NFC payments

Spain's Bankinter is prepping a contactless mobile payments service that does not require a secure element within the handset.

From this summer, Bankinter customers will be able to download an app to their NFC-enabled phone, register the product through the bank's Web site and start making contactless payments within minutes.

Instead of using a secure element from a handset manufacturer or network operator, the customer will temporarily download virtual one-time use replicas of their physical credit or debit card every time they make a payment.

The service, developed with Visa Europe, Net1 UEPS and Seglan, does not require any changes to the existing infrastructure, working with any contactless POS terminals, and is fully EMV compliant.

Because registered cards can be updated via a remote management system controlled by Bankinter, the approach means that the bank can "autonomously define its own business model and brand image" rather than having to strike deals with telcos and handset manufacturers to gain access to the secure element.

Jacobo Díaz, director, innovation, products, markets and quality, Bankinter, says: "The Mobile Virtual Card solution eliminates the main difficulties that today are slowing the commercial launch of NFC payments and make it in compatibility with the standards of the financial industry, helping to avoid market fragmentation that in no way benefits the final consumer."

Related Companies

Visa

Channels

Retail banking Payments

Keywords

Cards Innovation Mobile & online banking Eftpos

Sponsored: Join us at Money20/20 Europe 2024 - 4-6 June, Amsterdam | Use code FEX200 to save €200 on your ticket

Comments: (8)

A Finextra member
A Finextra member 04 March, 2013, 15:29Be the first to give this comment the thumbs up 0 likes

Questions keep exploding in my head like those famous music fireworks held in Côte d'Azur every summer.

Tokenization is a cute concept. Especially if Bankinter can tell me how I can use their service in places with no online connectivity. Like London Undeground...

When banks cannot (or cannot be bothered) to strike a deal with mobile operators or owners of operator-agnostic secure elements, they start re-inventing the wheel. That leads to security breaches.

And then things start getting "interesting": 84% of financial organizations were notified of security breach by external entities. Attackers had an average of 174 days (!!) within the victim's environment before detection occured.

 

Report abuse
Aaron McPherson
Aaron McPherson - Independent - Newton 04 March, 2013, 17:491 like 1 like

The comment about lack of connectivity in the London Underground is a good one, but couldn't you just download a token in advance?  Not ideal, but not a showstopper either.  And most other places, it's not an issue.

As for the security point, I don't get that at all.  How can a one-use token lead to any sort of bank breach?  It's actually safer than passing a real card number through a terminal.

With regard to the inability of banks and carriers to come together on mobile payments, my hope is that ideas like this will persuade the carriers that they cannot control the handset, and therefore must negotiate with the banks if they don't want to be irrelevant.

Report abuse
A Finextra member
A Finextra member 04 March, 2013, 18:10Be the first to give this comment the thumbs up 0 likes

Aaron,

Downloads to a smartphone require at least GPRS connection. There are many places, outside such "extreme" examples as London Underground, where GSM data connectivity cannot be guaranteed - some shopping malls, car parks, trains, airplanes, taxis, etc. Think of ubiquity.

As for the security: lack of secure element means that the target phone cannot be identified with a 100% certainty. Hence, there is a scope for that one-time token to be downloaded (or diverted) to the attacker's phone - not hard to implement, in fact.

Who said BANKS are relevant to payments?.. Just ask Amazon, PayPal, Apple, etc. Tokenization, in fact, is one of the latest fabs via which banks hope to avoid being used as dumb pipes. However, they need to deliver value, instead of control, to remain relevant.

Report abuse
A Finextra member
A Finextra member 04 March, 2013, 22:171 like 1 like Or we can praise Bankinter, a mid-size spanish bank, for being innovative and dare to challenge the NFC mobile payment value chain status quo, in a tough environment for banks in Spain
Report abuse
A Finextra member
A Finextra member 04 March, 2013, 22:41Be the first to give this comment the thumbs up 0 likes

Talking of Spain, innovation and "dare to challenge": http://gizmodo.com/5986820/this-atm-gives-you-money-for-free-expecting-you-to-help-people

Report abuse
A Finextra member
A Finextra member 05 March, 2013, 11:02Be the first to give this comment the thumbs up 0 likes

There are other examples, where mobile payments are securely executed using an online device without a secure element. Wywallet is currently running with more than 600k users in Sweden and an eastern european bank will launch this week with 5 M users and 30k POS. By storing private keys on the phone, you achieve 2 factor PKI authentication, independent of device and network.

 

Report abuse
A Finextra member
A Finextra member 05 March, 2013, 11:39Be the first to give this comment the thumbs up 0 likes I always question the motives behind any decision: is that THE best and most appropriate solution or is it just a "forced" "good enough" alternative to the former...
Report abuse
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 07 March, 2013, 12:44Be the first to give this comment the thumbs up 0 likes

Kudos to Bankinter for showing that Banks Have Nothing To Fear From TELCOs.

Report abuse
Join the discussion

Write a blog post about this story (membership required)

Join us at Money20/20 Europe 2024 - 4-6 June, Amsterdam | Use code FEX200 to save €200 on your tickeJoin us at Money20/20 Europe 2024 - 4-6 June, Amsterdam | Use code FEX200 to save €200 on your ticket

Trending

Related News
Samsung to pre-load mobile devices with Visa NFC app

Samsung to pre-load mobile devices with Visa NFC app

Dutch banks prep mobile NFC payments trial

Dutch banks prep mobile NFC payments trial

Contactless m-payments come to Mobile World Congress

18 Feb 2013

France gears up for mobile NFC services

07 Feb 2013

Telefónica brings mobile P2P and NFC payments to Germany

21 Jan 2013

Lack of retailer support hindering UK contactless take up - ICM

11 Dec 2012

La Caixa to distribute 200,000 contactless stickers

03 Dec 2012

Trending

  1. TOP-5 use cases for GenAI implementation in Banks or Fintech companies

  2. UK government announces open finance task force

  3. Lloyds warns against fraudsters on Booking.com and Airbnb

  4. Canada's real-time payment system won't launch before 2026

  5. Temenos rejects Hindenburg claims after probe completed

Research
See all reports »
The Future of UK Fintech - 2015-2035

The Future of UK Fintech - 2015-2035

Definitive Differentiators - Forging a future-proof payments model

Definitive Differentiators - Forging a future-proof payments model

APP Fraud Liability: A Guide for Banks

APP Fraud Liability: A Guide for Banks