Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories ยป

Channels

Payments
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Eliminating CNP from eCommerce - cont

Let's for a moment think outside the box and try to forget about using the SE in the mobile phone as a secure storage for the card info ... consumers already have the proper secure elements in their cards ... there is too much politics involved in arguing about who controls the SE in the mobile phone, and that battle will never be won or the acceptable compromise between Issuers and MNOs may never be achieved ... so let's forget about using the NFC enabled mobile phone in so called 'card emulation mode' 

My personal view is that since many Android phones on today's market are already NFC enabled, they could be used simply as the personal consumer contactless card readers during e-commerce transactions to interact with the existing contactless chip cards.

Mini paradigm shift in a way, which would ideally open the doors for the 'card present' e-commerce transactions, if the big players like payment schemes and card issuers would be willing to play along and make the effort to certify such solutions.

 

5926

Channels

Payments
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (4)

A Finextra member
A Finextra member 14 October, 2013, 09:53Be the first to give this comment the thumbs up 0 likes

You (almost) described "Cloud POS" - https://www.finextra.com/blogs/fullblog.aspx?blogid=8336

With some tweaks to the flow and comm. channels, that makes perfect sense. How quickly and eagerly the card networks jump on board is another story (now that they are married to the idea of "tokens" that give them perceived control... - in fact, "Cloud POS" gives them a much better and needed role to play in e-comm...)

Report abuse
A Finextra member
A Finextra member 14 October, 2013, 12:45Be the first to give this comment the thumbs up 0 likes

Alex

The 'token concept' you mentioned schemes are now pushing as their favorite in my view is not a replacement for something like this, but is in fact a perfect complement. You would hope that in those organizations (we have all dealt with them on a business and technical side in our business adventures and startups) they would have enough brain power to realize that.

For example at step 13 in the flow which I proposed in my post, the online merchant side would still get 'token' with the final approval containing the EMV TC cryptogram (instead of the real card data) so that in their system they never see nor never store any cardholder credentials.

I took a look at you blog post about 'cloud POS'. It seems to me that great mind think alike ;-)

Report abuse
A Finextra member
A Finextra member 14 October, 2013, 12:57Be the first to give this comment the thumbs up 0 likes

Milos, one of the token architectures I saw was based on providing consumers with dynamic 16-digit tokens BEFORE the transaction. The token would then be used in leu of a card.

With the "Cloud POS" approach, the customer can use any generic identifier (e.g. email) when initiating the transaction, hence no need for tokens at that stage. As you correctly pointed out, a token can indeed be used after the transaction. 

The reason the card networks want to use tokens before the transaction is control - to get a grip on "card on file" competition (such as PayPal)... It's not about PCI, fraud, etc... At all!

Report abuse
A Finextra member
A Finextra member 14 October, 2013, 15:52Be the first to give this comment the thumbs up 0 likes

Sure issuing the 'token' at the beginning of the transaction will also work, but I am unsure if it would maybe require changes to the current processes and infrastructures. 

Report abuse
Join the discussion

Member since

0

Location

0

More from member

Community
See all blogs »
Business 

Sustaining Momentum: Driving Trust During Economic Downturns

Scott Dawson

Scott Dawson

E-commerce 

From Payment Optimisation to Personalisation

Galit Shani-Michel

Galit Shani-Michel

Imagine a world without cash 

The rise of the Super Apps

David Hensley

David Hensley

Banking Strategy, Digital and Transformation 

Goodbye to Passwords: Is Voice Authentication the Future of Fintech Security?

Sergiy Fitsak

Sergiy Fitsak

Now hiring

See more