Blog article
See all stories »

Cloud based Mobile Financial Services and Payments

Abstract – A high level overview of Cloud Computing & Cloud based mobile financial services & mobile payments is the objective of this article. Cloud computing is easy and simple concept but some time it gets over simplify along with same reasons for payments under mobile or simplified version as mobile payments about which every single company on this earth is talking about these days and its true every single company. Assumption taken here are reader is fully well versed of Cloud Computing and Mobile Financial Services / Mobile Payments. Having full understanding of both technologies can now get some Idea how to marry both of these to gain some cost & speed effectiveness. In case needs detailed information or deliberation is needed on any part please feel free get in touch directly.

Introduction – Presence of Ministry of Innovation for regulation and control on global level would have made todays work and innovation may be impossible or must have stopped it long back. Yet time and time again initiatives have failed or fallen short because of business and technological hurdles that impede the innovation and collaboration that is necessary for real success. In the domain & era of cost cutting we always inclined to watch and look for low cost solutions for every service we launch to max out the returns but some time looking at security, privacy, impact & exposure of risk it can put on accounts & pockets ; this stops us and move us away from our imaginations for mobile payments which have big depended on the secure element (SE) to store secure credentials on mobile phones. Secure elements themselves have been argumentative in mobile payment deployments because of forceful behaviour for issuers to work on a single platform usually owned by another entity in a business relationship that may or may be beneficial to the credential issuer. Its very interesting to see how Cloud Computing can solve the need of low cost solution. I have seen cloud service for same service type, same functionality , same configuration of hardware and same support level (Atleast on paper) and every other same offering but cost difference with 20 times or more so we know it very well what joy we can expect in a one dollar apple and in a 20 dollar apple that also matters.

Main Story  -  Cloud Computing or simple name of 3rd party infra structure which is managed by 3rd party in their own location or anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). Defining each of them wither advantages and disadvantage is out of scope here. The name cloud was inspired by the symbol that's often used to represent the Internet in flowcharts and diagrams. The cloud can be private, public or hybrid in terms of ownership. Cloud allows you to upload/download and access data, services and information from any Internet-connected device, it’s very convenient and cost effective, but security can not be taken for granted and tells us it may and may not safe. Week security & poor service turn away customers who wants to demand for could services. Security of cloud services starts at user level and privacy starts at service providers level. How users use the service in terms of their own in house network, infra and outdated systems can cause bigger damage then from the sky side (Cloud Services). In particular the following issues should be addressed: security, access, management and portability of customer data, transparency. Mobile Money and Mobile Payments service providers are seeing partnerships with telecom operators & banks as key to success of near field communications (NFC) based mobile money applications. In addition to network advantages, mno possess efficient internet/data ready handset distribution channels, billing trust and customer relationships, secure user profiles and location information which can all be used to increase the security of electronic transactions. 

Microsoft(Windows Live), Amazone (AM Cloud Services), Apple(iCloud) and Google (Goole Drive) are few example of such service providers. I am yet to find if there is any clear and special guidelines for hosting or using them for your very own Mobile Financial Services. In my last article “Payments Jungle (Apple, Android, Samsung & Microsoft)” dated 06-06-2015 at [] I mentioned about google coming up with Android Pay in which google announced NFC Host Card Emulation (HCE) support in Android. This innovation now can be called as trump card or game changer. Host Card Emulation enables a normal Android app to perform the application functions of a secure element by relying on secure cloud storage for the account credentials instead of a secure chip in the phone. Today any NFC-enabled Android 4.4 and Blackberry 10 and above phone can perform HCE. Need to confirm and verify for Samsung S6 & S6 Edge though.  

Cloud-based Mobile Payments – Advantages - Infrastructure as a Service is a provision model in which an organisation outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. In addition, a user will need to upload his or her payment card details into the digital wallet to use it for online and mobile payments to merchants of the virtual/cloud community. Therefore, there is a complementary relationship between the issuing of payment cards and the provision of digital wallet services. Issuer always has direct control over user experience and banding of the product in-spite of virtualisation/Cloud-based mobile payments, which opens up multiple opportunities to deploy services to consumers using flexible business models. Since solution is Cloud-based thus this require fewer/less intermediaries.

Given the pace of technologies and the level of global competition in the mobile payments & telecom sector, that success that is standardised, fast and takes the least possible time-to-market for product & project. To support these needs for coordination and speed, the Cloud –based solutions plays a key role to ensure that strategic coordination across industries are facilitated and promoted. Standards have been created for installing payment solutions into the wallet after a device has shipped. In general regarding card, internet and mobile payments, some stakeholders believe that the issues in particular to security, access & accessibility, management, portability of customer data and transparency are addressed. Service providers that provide completely secure environments and advanced tokenisation methods, issuers can achieve high security levels for their solutions & systems to gain confidence for the services they offer to MFS customers who always keeps their expectation critical & to a level where playing field for payment solution providers could be large or small. It also aims to allow for device and cloud based solutions, including secure elements and contacts payments.

Cloud-based Mobile Payments – Challenges – Mobile payment using connected devices gives a new meaning to fraud and risk management. Secure elements themselves have been contentious in mobile payment deployments since they force issuers to work on a single platform usually owned by another entity in a business relationship that may or may be beneficial to the credential issuer. Rules and procedures must define which apps can access which credentials so that the right apps can perform transactions at the point of sale and user experience is seamless across multiple apps. Security in smart phone memory is another challenge as In order for transactions to be performed at merchant POS/mPOS systems, even without network coverage, the issuing bank provision details such as a card holder’s name and account number in phone memory (Very Insecure).

Tokenisation only partly addresses this problem and on top of that tokenisation solutions have their own issues if not done properly. Security and standards compliance is always a challenge as you cant put all eggs in one basket for security reasons and increase too much risk. By nature & style of work Digital Issuance vendors handle the same sensitive data as plastic issuer providers and By replacing the real card data with randomised account details these tokens represent actual account details stored in the cloud. The actual cardholder data is never stored in phone memory, not even in encrypted form. The problem is that in most available tokenisation schemes the card data becomes so generic that processors can’t identify if card accounts are linked to rewards programs.

Near field communications & embedded Payment services is coming to age across globe, with telecom operators, handset manufacturers and operating system vendors, social media companies, banks and credit card companies as well as payment platform providers contesting for market share. When mobile devices & cloud-based solution are used for financial transactions it creates both challenges and opportunities for issuers on risk management. On the one hand, there are challenges with mobile devices that have limited security against threats such as malware sniffing card data while on the other hand; rich contextual data creates new risk management opportunities for issuers. Legacy risk management systems are not designed to handle dynamic, contextual data from connected devices. We see this being applied across retail and point-of-sale terminals and taxis for example, that will be able to accept contact-less payment which are creating very heavy dependency on cloud based solutions which might rule against it self .

The security of your files/customer data is in another company’s hands.. Banks and other issuers should be working with approved vendors by the main card associations that are compliant with EMV, PCI and other major payments standards but normally it does not happen.

Conclusions: What are the implications of cloud-based solution? Is it going to change the world (very likely), be a significant “win”, be a nice hack, or simply serve as a road sign indicating that this path is “UNKNOWN/WEL KNOWN”. Cloud based mobile payments can support globally and will give financial institutions and partners greater choice in offering consumers secure ways to pay with smartphones.

Which system is useful and needed for the business considering the market you operate and synchronised with your strategies and goals. While mobile payment announcements from various smartphone makers are growing in frequency, still too much unknown & doubtful thoughts that such services will drive much interest in buying the smartphones that support it.


About the author

Having worked in the mobile payments, mobile financial services (MFS) & telecom industry across domains like Network, Prepaid charging & Billing, IT and Value added services  for over 15 years,  Vinod Sharma has provided his insights and product knowledge to various initiatives across four continents. Currently holds senior roles in MNO in the IT, BSS and Mobile financial services space. In past helped the founding and set-up several start-up business units. Currently based in Harare Zimbabwe. There is only one goal create value for society  & industry by innovating and building mutual benefited products, business and the world.    

Facebook page:




Comments: (0)