Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER



Similar documents
ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD

Android pay. Frequently asked questions

THE CASE FOR IN-SOURCING EMV

How Secure are Contactless Payment Systems?

Mobile Near-Field Communications (NFC) Payments

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013

Digital Payment Solutions TSYS Enterprise Tokenization:

Apple Pay. Frequently Asked Questions UK Launch

Apple Pay. Frequently Asked Questions UK

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

Preparing for EMV chip card acceptance

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

GLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY MasterCard M/Chip Mobile Solution

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

The future of contactless mobile payment: with or without Secure Element?

OVERVIEW OF MOBILE PAYMENT LANDSCAPE

OVERVIEW OF MOBILE PAYMENT LANDSCAPE Marianne Crowe Federal Reserve Bank of Boston NEACH September 10, 2014

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

RETHINKING CARDS BUSINESS. Erick Ho, Head of Payment Services, SunGard 17 September Break through.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

EMV-TT. Now available on Android. White Paper by

EMV and Small Merchants:

Bringing Mobile Payments to Market for an International Retailer

Latest and Future development of Mobile Payment in Hong Kong

About Visa paywave for mobile

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Credit Card Processing Overview

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

HCE and SIM Secure Element:

Asian Payment Card Forum Growing the Business: Launching Successful Consumer Payments Products

mobile payment acceptance Solutions Visa security best practices version 3.0

Significance of Tokenization in Promoting Cloud Based Secure Elements

EMV and Restaurants What you need to know! November 19, 2014

PCI and EMV Compliance Checkup

NFC Application Mobile Payments

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

CardControl. Credit Card Processing 101. Overview. Contents

We make cards and payments work for people as a part of everyday life. We bring information to life

CANADA VS THE USA - THE CONTRAST AND LESSONS FOR MOBILE PAYMENTS

MasterCard Contactless Reader v3.0. INTRODUCTION TO MASTERCARD CONTACTLESS READER v3.0

EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.

The Canadian Migration to EMV. Prepared By:

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers

Secure Element Deployment & Host Card Emulation v1.0

The State of Pay. A mobile revolution. semble.co.nz

The Mobile Wallet. Why It s A Corporate Priority And How To Overcome Three Common Challenges Of Making Mobile Payments Mainstream

MOBILE PAYMENT IN THE EU: ROLE OF NFC. Gerd Thys Product Manager Clear2Pay Open Test Solutions (OTS)

Mobile Payment Solutions: Best Practices and Guidelines

FAQ EMV. EMV Overview

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

Payments Transformation - EMV comes to the US

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

How To Approve A Mastercard Tsm

EMV : Frequently Asked Questions for Merchants

EMV Frequently Asked Questions for Merchants May, 2014

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

What Merchants Need to Know About EMV

EMV FAQs for developers

CONTACTLESS INTEROPERABILITY IN TRANSIT

EMV Delivery of Mobile, Parking and Unattended Payments. Elavon

U.S. Mobile Payments Landscape NCSL Legislative Summit 2013

Payments Security White Paper

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Euronet Software Solutions Integrated Credit Card System Improve your organization s marketability, profitability and revenue

Bringing Security & Interoperability to Mobile Transactions. Critical Considerations

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

WIRECARD FUTURE OF PAYMENTS. MainFirst Insights to Go Web Conference January 22, 2015

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

Payments simplified. 1

Grow with our omni-channel payment processing technologies and merchant services.

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

EMV/NFC/MOBILE PAYMENTS THE TIME IS NOW THE OPPORTUNITY IS HUGE

Mobile Payments: Merchants Perspectives

Mobile Commerce Solutions

White Paper PCI-Validated Point-to-Point Encryption

OpenEdge Research & Development Group April 2015

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association

Smart Ride: European transit systems move to contactless mobile payments Trends and Developments, May 05, 2015

Transcription:

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

Why Cloud-Based Mobile Payments? The promise of mobile payments has captured the imagination of banks, mobile operators, merchants, and consumers for over a decade. Yet time and time again initiatives have failed or fallen short because of business and technological hurdles that impede the innovation and collaboration that is necessary for real success. To date, mobile payments have depended on the secure element (SE) to store secure credentials on mobile phones. Secure elements themselves have been contentious in mobile payment deployments since they force issuers to work on a single platform usually owned by another entity in a business relationship that may or may be beneficial to the credential issuer. A Game Changing Innovation Google s announcement of NFC Host Card Emulation (HCE) support in Android is being called a game changing innovation. HCE enables a normal Android app to perform the application functions of a secure element by relying on secure cloud storage for the account credentials instead of a secure chip in the phone. Today any NFC-enabled Android 4.4 and Blackberry 10 phone can perform HCE. More announcements about HCE support from other OEMs are expected in the coming months. Cloud Digital Issuance is the Key To make secure cloud-based mobile payments possible, there has to be digital issuance systems capable of securely storing credentials in the cloud, issuing them to mobile apps, and providing secure access to those credentials to trusted apps in the phone. Digital issuance systems must manage tokens downloaded to mobile phones in lieu of real card data for payment transactions. The significance of HCE is the independence from secure elements it gives issuers that want to enable apps for mobile payments. Instead, apps use cloud-based digital cards to make EMV-compliant payments at the point of sale. This new technology opens a number of opportunities for issuers to enable mobile payments and wallet services to their customers. HCE returns control over payment issuance and user experience back to the card issuers. 2

The Benefits of Cloud-based Mobile Payments Cloud-based mobile payments bring a number of benefits to credential issuers. Open and flexible: Cloud-based mobile payments open multiple opportunities to deploy services to consumers using flexible business models. Unlock issuer brand value: Issuers have direct control over branding and user experience. No ecosystem dependency: Cloud-based mobile payments require fewer intermediaries, speeding time to market and giving issuers more control of the launch and project. Security: By relying on approved vendors that provide completely secure environments and advanced tokenization methods, issuers can achieve high security levels for card data. Visa and MasterCard endorsed: Cloud-based mobile payments have been endorsed by both major card associations. Standards, requirements and program approval processes are being defined to enable financial institutions to securely host digital cards in the cloud. 3

The Challenges Cloud and HCE promise to unlock the benefits of mobile payments for multiple stakeholders. However, the implementation of a secure system for cloud-based payments has the potential for major liabilities for issuers if not handled properly. Security in smart phone memory: In order for transactions to be performed at merchant POS systems, even without network coverage, the issuing bank must provision digital card details to the phone s memory. Details such as a card holder s name and account number must be stored in unsecure phone memory. Tokenization only partly addresses this problem. Risk and fraud management: Using mobile devices and cloud to perform transactions creates both challenges and opportunities for issuers on risk management. Mobile payment using connected devices gives a new meaning to fraud and risk management. On the one hand, there are challenges with mobile devices that have limited security against threats such as malware sniffing card data while on the other hand, rich contextual data creates new risk management opportunities for issuers. Legacy risk management systems are not designed to handle dynamic, contextual data from connected devices. App and user experience: Consumers want the choice to pay using a bank app, a merchant app, or other favorite app. This expectation by consumers requires a management platform to enforce configuration and business rules. Rules and procedures must define which apps can access Generic tokenization standards: Common tokenization solutions create their own issues if not done properly. By replacing the real card data with randomized account details these tokens represent actual account details stored in the cloud. The actual cardholder data is never stored in phone memory, not even in encrypted form. The problem is that in most available tokenization schemes the card data becomes so generic that processors can t identify if card accounts are linked to rewards programs. which credentials so that the right apps can perform transactions at the point of sale and user experience is seamless across multiple apps. Security and standards compliance: Digital Issuance vendors handle the same sensitive data as plastic issuer providers. Banks and other issuers should be working with approved vendors by the main card associations that are compliant with EMV, PCI and other major payments standards. 4

Sequent Digital Issuance Sequent Digital Issuance solution for edge issuance (secure element based) has been in the market for over three years, deployed in commercial and pre-commercial environments at large banks and perso bureaus globally. Extending Secure Digital Issuance to the Cloud Sequent is now extending its PCI-compliant and Visa approved Digital Issuance solution for cloud. Sequent s Digital Issuance solution for the cloud enables financial institutions, hospitality providers, merchants, and other card issuers to issue digital cards securely from cloud-based servers to any mobile device. The Sequent Digital Issuance for the cloud provides advanced HCE-based account issuance with features that address the biggest issues related to cloud-based mobile payments: Features: Tokenization and on-device middleware for secured phone memory: Sequent s Tokenization Service supports the mapping of tokenized credentials to real cardholder data, in real-time, during authorization and settlement. Not relying on tokenization alone, Sequent s on-device software manages security of card data, one-time use keys, and other confidential user data in the phone. Issuer-specific token formats: Sequent tokenization strategy works with genuine card data. Our tokenization system replaces a portion of the account data with randomized details, but works with the issuer so that tokenized accounts remain recognizable to acquiring systems, gateways, networks, and issuer processors. Advanced risk management: Sequent s patent-pending risk scoring solution further reduces issuer's risk of fraud from lost, stolen, compromised devices, or stolen transaction data. As part of a comprehensive risk-management strategy, these tools strengthen the issuer s confidence and ability to compartmentalize mobile payment risk without burdening the cardholder. Built-in app and user experience: Sequent s innovative and patented Wallet Wizard combined with SDK allows banks, merchants, and other developers to turn their existing mobile apps into wallets. It creates a policy-driven link between bank-issued payment credentials and trusted mobile applications. Bank-level security on all products: Sequent designs, builds, and operates its products and services to the highest level of commercial security. Sequent production environment is PCI DSS and EMV compliant, and is a compliant and approved over-the-air (OTA) perso bureau. 5

Sequent Digital Issuance supports card issuance to mobile devices using Cloud with HCE or Secure Element for flexible deployment options in different environments, with different partners and with all technologies. In the cloud, on the phone, everywhere: Securely issue digital cards to the cloud using tokenization and HCE or to mobile phones with secure elements. All card types: Provision any card or credential including credit, debit, prepaid, transit, access control, loyalty, coupons, and offers. All standards: Sequent Digital Issuance systems are compatible with EMVCo, Visa, MasterCard, and non-payment standards such as Mifare 4 Mobile. All redemption technologies: Broad set of redemption options such as NFC, QR code, or bar code. 6

Why Sequent? Sequent is the world s leading provider of digital issuance and open wallet platform-as-a-service that delivers secure mobile payments and value-added services to banks, mobile operators, merchants and access control providers. With Sequent, customers can offer wallet services open to an ecosystem of partners and developers, while meeting the requirements of highly secure and regulated industries. Sequent products include: Sequent Open Wallet Platform, Digital Issuance and Trust Authority. Sequent is endorsed and used by major customers on four continents. Our customers Sequent Software Inc. 385 Ravendale Drive, Mountain View, CA 94043-5240 www.sequent.com contactus@sequent.com +1 650-419-2713 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information