27 March 2017
visit http://events.sap.com/gb/fsi-forum-2017/en/home

Bankinter circumvents secure element hassle for mobile NFC payments

04 March 2013  |  14776 views  |  8 NFC 2

Spain's Bankinter is prepping a contactless mobile payments service that does not require a secure element within the handset.

From this summer, Bankinter customers will be able to download an app to their NFC-enabled phone, register the product through the bank's Web site and start making contactless payments within minutes.

Instead of using a secure element from a handset manufacturer or network operator, the customer will temporarily download virtual one-time use replicas of their physical credit or debit card every time they make a payment.

The service, developed with Visa Europe, Net1 UEPS and Seglan, does not require any changes to the existing infrastructure, working with any contactless POS terminals, and is fully EMV compliant.

Because registered cards can be updated via a remote management system controlled by Bankinter, the approach means that the bank can "autonomously define its own business model and brand image" rather than having to strike deals with telcos and handset manufacturers to gain access to the secure element.

Jacobo Díaz, director, innovation, products, markets and quality, Bankinter, says: "The Mobile Virtual Card solution eliminates the main difficulties that today are slowing the commercial launch of NFC payments and make it in compatibility with the standards of the financial industry, helping to avoid market fragmentation that in no way benefits the final consumer."
KeywordsEFTPOS

Comments: (8)

Alexander Peschkoff
Alexander Peschkoff - TEDIPAY - London | 04 March, 2013, 15:29

Questions keep exploding in my head like those famous music fireworks held in Côte d'Azur every summer.

Tokenization is a cute concept. Especially if Bankinter can tell me how I can use their service in places with no online connectivity. Like London Undeground...

When banks cannot (or cannot be bothered) to strike a deal with mobile operators or owners of operator-agnostic secure elements, they start re-inventing the wheel. That leads to security breaches.

And then things start getting "interesting": 84% of financial organizations were notified of security breach by external entities. Attackers had an average of 174 days (!!) within the victim's environment before detection occured.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Aaron McPherson
Aaron McPherson - Independent - Newton | 04 March, 2013, 17:49

The comment about lack of connectivity in the London Underground is a good one, but couldn't you just download a token in advance?  Not ideal, but not a showstopper either.  And most other places, it's not an issue.

As for the security point, I don't get that at all.  How can a one-use token lead to any sort of bank breach?  It's actually safer than passing a real card number through a terminal.

With regard to the inability of banks and carriers to come together on mobile payments, my hope is that ideas like this will persuade the carriers that they cannot control the handset, and therefore must negotiate with the banks if they don't want to be irrelevant.

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Alexander Peschkoff
Alexander Peschkoff - TEDIPAY - London | 04 March, 2013, 18:10

Aaron,

Downloads to a smartphone require at least GPRS connection. There are many places, outside such "extreme" examples as London Underground, where GSM data connectivity cannot be guaranteed - some shopping malls, car parks, trains, airplanes, taxis, etc. Think of ubiquity.

As for the security: lack of secure element means that the target phone cannot be identified with a 100% certainty. Hence, there is a scope for that one-time token to be downloaded (or diverted) to the attacker's phone - not hard to implement, in fact.

Who said BANKS are relevant to payments?.. Just ask Amazon, PayPal, Apple, etc. Tokenization, in fact, is one of the latest fabs via which banks hope to avoid being used as dumb pipes. However, they need to deliver value, instead of control, to remain relevant.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Manuel Romero
Manuel Romero - Barclays - Madrid | 04 March, 2013, 22:17 Or we can praise Bankinter, a mid-size spanish bank, for being innovative and dare to challenge the NFC mobile payment value chain status quo, in a tough environment for banks in Spain
2 thumb ups! 2 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 05 March, 2013, 11:02

There are other examples, where mobile payments are securely executed using an online device without a secure element. Wywallet is currently running with more than 600k users in Sweden and an eastern european bank will launch this week with 5 M users and 30k POS. By storing private keys on the phone, you achieve 2 factor PKI authentication, independent of device and network.

 

1 thumb up! 1 thumb up! (Log in to thumb up)
Alexander Peschkoff
Alexander Peschkoff - TEDIPAY - London | 05 March, 2013, 11:39 I always question the motives behind any decision: is that THE best and most appropriate solution or is it just a "forced" "good enough" alternative to the former...
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 07 March, 2013, 12:44

Kudos to Bankinter for showing that Banks Have Nothing To Fear From TELCOs.

1 thumb up! 1 thumb up! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Samsung to pre-load mobile devices with Visa NFC app

Samsung to pre-load mobile devices with Visa NFC app

25 February 2013  |  12512 views  |  2 comments | 18 tweets | 11 linkedin
Dutch banks prep mobile NFC payments trial

Dutch banks prep mobile NFC payments trial

21 February 2013  |  7357 views  |  0 comments | 14 tweets | 2 linkedin
Contactless m-payments come to Mobile World Congress

Contactless m-payments come to Mobile World Congress

18 February 2013  |  7484 views  |  0 comments | 12 tweets | 6 linkedin
France gears up for mobile NFC services

France gears up for mobile NFC services

07 February 2013  |  6799 views  |  0 comments | 10 tweets | 4 linkedin
Telefónica brings mobile P2P and NFC payments to Germany

Telefónica brings mobile P2P and NFC payments to Germany

21 January 2013  |  9127 views  |  1 comments | 17 tweets | 10 linkedin
Lack of retailer support hindering UK contactless take up - ICM

Lack of retailer support hindering UK contactless take up - ICM

11 December 2012  |  7685 views  |  4 comments | 9 tweets | 2 linkedin
La Caixa to distribute 200,000 contactless stickers

La Caixa to distribute 200,000 contactless stickers

03 December 2012  |  8817 views  |  3 comments | 11 tweets | 6 linkedin
ING trials EMV-compliant Internet payments

ING trials EMV-compliant Internet payments

07 November 2012  |  8373 views  |  0 comments | 11 tweets | 10 linkedin
Bankinter launches multimodal mobile brokerage

Bankinter launches multimodal mobile brokerage

30 June 2005  |  3832 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit abe-eba.euVisit capgemini.com

Top topics

Most viewed Most shared
French retailer Carrefour launches online bank accountFrench retailer Carrefour launches online...
57409 views comments | 16 tweets | 36 linkedin
European Commission opens public consultation on fintechEuropean Commission opens public consultat...
9895 views comments | 44 tweets | 26 linkedin
MAS to roll out national KYC utility for SingaporeMAS to roll out national KYC utility for S...
9078 views comments | 26 tweets | 32 linkedin
Can banks really win in the payments business of the future? – new Finextra reportCan banks really win in the payments busin...
9012 views comments | 23 tweets | 37 linkedin
SecureKey taps IBM to put identity on the blockchainSecureKey taps IBM to put identity on the...
7465 views comments | 22 tweets | 15 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job