20 August 2017
visit www.avoka.com

Rabobank rolls out mobile wallet

12 February 2015  |  12456 views  |  9 Rabobank logo

Rabobank has rolled out a mobile wallet on the embedded Secure Element of Samsung Galaxy S4 and Samsung Note 3 phones.

Dutch consumers are now able to use their smartphones to pay for their shopping, check balances, store loyalty cards and to redeem digital vouchers via Near Field Communication (NFC) in shops that are equipped with contactless terminals.

Contactless payments are available at around 66,000 retailer terminals in the Netherlands, and the Dutch bank claims to have 150,000 customers who have downloaded its banking app on the Samsung devices.

The commercial launch of the wallet follows an NFC payments pilot in the Dutch city of Leiden conducted by Rabobank in association with ING and ABN Amro.

Some 1000 consumers and 180 businesses took part in the trial, in which 2000 NFC payments per week were made with a total value of about €20,000.

Rabobank, which is using technology from Giesecke & Devrient to secure transactions and upload new applications to consumer phones, is the only bank to so far commit to a full-scale roll out.

The bank was a leading participant in the Dutch Sixpack alliance with the country's top telcos, which shut down three years ago over differences in costs and timing. By using the Samsung SE, Rabobank is able to bypass telco SIM cards altogether.

Comments: (9)

A Finextra member
A Finextra member | 12 February, 2015, 13:31

Good effort by Rabobank, although the embedded secure element model will limit the scalability of this offering to customers with other mobile devices. I hope they will make the switch to cloud-based mobile payments to enable the service on a large majority of Android devices.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 12 February, 2015, 17:17

I take a different view from Andre Stoorvogel. The convenience tradeoff with cloud based wallets is too great. With smart phone penetration around 70% and in two years time, Secure Elements and TEE expected to be at similar rates of availability, we should indeed be using local, user owned hardware security. Secure Elements do scale insofar as they are apporaching ubiquity. We don't put EMV cards or ATMs "in the cloud". All serious payments security rests on local hardware based cryptography (see http://lockstep.com.au/blog/2014/03/26/uniform-approach-cnp) and mobile payments should not be any different. 

See also 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 12 February, 2015, 18:23

Stephen, the problem is not the availability of secure elements, it's about who owns the secure element and how to get access to it. This has been a struggle for years and one of the main reasons why mobile payments have not been taking off yet on a large scale. A secure element in the cloud solves that and I believe that in combination with EMV tokenization, it is a much more attractive alternative to the costly and complex model of an embedded secure element (atleast for Android).

3 thumb ups! 3 thumb ups! (Log in to thumb up)
Shane OHara
Shane OHara - AXLPay Mobile Payments - London | 12 February, 2015, 18:35

Whilst I see the attractiveness of the SE model, I cannot agree with Stephen Wilson. The statement about putting EMV cards and ATMs in the cloud does not really hold much meaning ... EMV cards are in the cloud in the sense that in spite of local cardholder verification, the vast majority of transactions are online and authenticated as a complete transaction on the issuer side. The advantage of cloud based operations outweighs the SE model in that the Issuers ability to make an informed decision to approve/decline is enhanced by the cloud data passed to it (eg, token passed to phone at time hhmm, geographical location patterns as expected etc etc). Further the cloud allows card processors to enhance EMV through usage of cryptography of their own within discretionary components of the authorisation message. The cloud allows far better control when it comes to hosting your wallet on multiple devices.  All routes have their challenges - but its probably a given that we are heading towards ever greater connectivity, not isolated behaviour. 

1 thumb up! 1 thumb up! (Log in to thumb up)
Douglas Hartung
Douglas Hartung - Diebold - Houston | 12 February, 2015, 19:29

Seems that the major networks are already embracing the notion of cloud-based credential delivery systems, especially when the actual credentials are tokenized.  One thing learned from the Softcard activity in the States, avoid chokepoints controlled by others whenever possible.  Stephen may well be correct about the incremental security, but at what cost?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Martin Cox
Martin Cox - Rambus - Rotterdam | 12 February, 2015, 20:57 Two years ago Samsung was positioning it's embedded secure element in the S4 as a SIM SE replacement and pre loading the Visa and MasterCard apps. Two Australian banks CBA (MasterCard) and Westpac (Visa) launched solutions around a year ago. What happened next? Samsung dropped the embedded SE from the Galaxy S5 everywhere except Australia as Google confirmed HCE in Android 4.4. So if you're a Rabo customer and you've got an old Samsung device your're in luck. If you're looking for a service that will roll out on multiple devices you may prefer to look elsewhere. The impending launch of "SamsungPay" may deliver a new twist to the story but my guess is that this is either a very late project delivery, a strange strategic move to get something to market after the demise of six pack or some brilliant insight based on Samsung strategy that isn't yet public.
2 thumb ups! 2 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 13 February, 2015, 09:47

As Martin and Douglas so clearly point out, the phone producers are a moving target for payment providers - who knows when they make a change that brings down the service or makes it insecure? I guess Rabobank would like to win some experience and show some commitment to phone producers. With regards to security the SE is probably good for secure storage but once there is a screen, keyboard and payment app involved,  malware can control anything that goes between the app and the secure element. This is why all payment apps must be able to defend themselves against malicious code injection.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 18 February, 2015, 12:22

I suspect Martin, it's the result of one of your first two guesses. It's a pity that device features and characteristics vary from territory to territory then again by what the major operators want from them (e.g. dual SIM slot offerings for some areas but not others etc). The problem arises with any device centric solution or feature; it's only temporary and then quickly succeded it seems every six months with new device launches. Lifting the solution out of the device architecture dependencies and up to the platform instead (OS or cloud) offers much more device reach and user freedom, surely.

However, I'm always a keen advocate of experimentation and piloting and the operational and implementation learnings the business take away from this. Whichever way it works for Rabobank much will be learned and understood for the good.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Shane OHara
Shane OHara - AXLPay Mobile Payments - London | 18 February, 2015, 18:57

Agreed Marcus. Cloud contact with a device allows closer contact.. ie closer scrutiny by the issuing side and hence protection against fraud. With frequent token cycling and p2pe the bones of good longer term solutions are there. My biggest concern is that with the proliferation of solutions being put into play, whilst most will be robust, some will be, inevitably, weak and when exploited, public confidence will be rocked.

1 thumb up! 1 thumb up! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Rabobank introduces QR code-based online banking authentication

Rabobank introduces QR code-based online banking authentication

19 September 2014  |  13557 views  |  1 comments | 16 tweets | 15 linkedin
PayPal hits the high street in Holland

PayPal hits the high street in Holland

28 July 2014  |  8056 views  |  0 comments | 17 tweets | 12 linkedin
Rabobank to hold Dutch fintech hackathon

Rabobank to hold Dutch fintech hackathon

04 June 2014  |  8582 views  |  0 comments | 11 tweets | 5 linkedin
Rabobank preps commercial Dutch NFC m-payments service

Rabobank preps commercial Dutch NFC m-payments service

11 November 2013  |  6271 views  |  0 comments | 8 tweets | 7 linkedin
Dutch retailers get cashless 'thank you'

Dutch retailers get cashless 'thank you'

08 March 2013  |  9002 views  |  0 comments | 18 tweets | 7 linkedin
Dutch banks prep mobile NFC payments trial

Dutch banks prep mobile NFC payments trial

21 February 2013  |  7628 views  |  0 comments | 14 tweets | 2 linkedin
Dutch banks and telcos disband mobile wallet joint venture

Dutch banks and telcos disband mobile wallet joint venture

19 July 2012  |  10993 views  |  2 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
download the paper nowvisit www.abe-eba.euvisit www.niceactimize.com

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
9513 views comments | 23 tweets | 23 linkedin
Norwegian banks and startups form fintech clusterNorwegian banks and startups form fintech...
8065 views comments | 19 tweets | 23 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
7632 views comments | 10 tweets | 7 linkedin
hands typing furiouslyWhy Is Risk Analytics Important?
7239 views 0 | 2 tweets | 1 linkedin
Barclays pairs banking data with third party apps for SmartBusiness DashboardBarclays pairs banking data with third par...
6816 views comments | 14 tweets | 13 linkedin

Featured job

Competitive base and bonus, plus benefits
London, UK

Find your next job