Red 1 R 193 G 0 B 54 UL Corporate Colours Red 25% R 149 G 7 B 38 Red 50% R 99 G 4 B 25 Tan R 209 G...
-
Upload
gonzalo-underdown -
Category
Documents
-
view
217 -
download
1
Transcript of Red 1 R 193 G 0 B 54 UL Corporate Colours Red 25% R 149 G 7 B 38 Red 50% R 99 G 4 B 25 Tan R 209 G...
UL and the UL logo are trademarks of UL LLC © 2014
NFC based payment: how will it develop relative to upcoming alternative approaches?
Hong Kong | March 2014
About UL…
Be the best, and achieve meaningful size in all that we do
CertifyValidateTestInspectAuditAdvice & Educate
We
Safe productsSafe buildings
Safe workplacesSafe water, food & health
Safe, clean energy
Compliance
Security
About UL Transaction Security
Working towards a safer world by being the number one independent center in Transaction Security Technology
• Unrivalled expertise across industry domains• State-of-the-art services/products portfolio• Recognition in our local markets – Thought Leadership• Scalable offering
Service offering
UL supports worldwide many mCommerce initiatives with advisory services
Weve ISIS• “UL staff has been extremely valuable to
ISIS in supporting the testing and integration of our TSM.”
• “.. the UL team always considered any issues beyond just the technical aspects and looked at the wider commercial and customer implications, which was and is invaluable for us.”
• “The strategic workshops hosted by UL TS at the start of our project were crucial to create a common vision and helped us to speed up the project”
• “The effort from the UL team has been crucial for our project. Their competence, attitude and hard work have been inspiring for us all.”
Customer References
DNB & Telenor Mobiel Betalen Nederland
Agenda
Alternative approaches to NFC-based payments
Alternative to SE-based NFC implementation
Impact and Outlook
QR/Bar codes: remotely-based
Trigger redirects paymenttransaction to e-money transfer
Lifecycle management
E-Money Service
Merchant’s physical shop
Authentication and payment transaction (e-money transfer)
Internet
Internet
Bluetooth Low Energy: remotely-based
Trigger redirects paymenttransaction to e-money transfer
Lifecycle management
E-Money Service
Merchant’s physical shop
Authentication and payment transaction (e-money transfer)
Internet
Internet
BLE: How does it work?User experience perspective
Proximity marketing when consumer
passes nearby B&M store
Cashier submits
payment from the POS by
selecting customer from list of nearby checked-in customers
Consumer is checked in at
the store
As the consumer enters a micro-
region at the store, he receives
personalized deals or coupons
Cashier verifies identity of
consumer using visual inspection.
Customer chooses payment
scheme
Consumer approaches cash register to choose payment scheme and give verbal
approval for payment
The Beacon network at the store is aware that consumer is in the area and “checks him in”
after he approves so.
POS detects presence of
customer nearby. List of customers
nearby is re-sorted
The POS is equiped with a beacon as well
BLE: Business opportunities
Proximity marketing
Micro Location-based notification
Customized marketing
Specific directions
Indoor mapping
“Contactless payments”
BLE versus NFC
BLE and NFC are both short range wireless data transfer technologies, even though the range at which BLE operates is much longer.
Tens of meters compared to a few centimeters for NFC
• Between both technologies there are minor differences in power consumption
• Whereas NFC is focused on one-to-one data exchange, BLE allows for multiple simultaneous connections
• Both BLE and NFC utilize AES-128 bit data encryption and pairing modes
The principle underlying use for both technologies is different
“Traditional” NFC
Handset
Tag Handset Terminal
Read / Write mode
Peer 2 peer mode
Card emulationmode
Host CPU Secure Element
Sco
pe
SE-based NFC: proximity-based
SP-TSM
NFCLifecycle management
SEI-TSM
Merchant’s physical shop
High investments
Complex network
Immature business
arrangements
...
Low degree of standardisatio
n
High degree of collaboration
needed
Challenge for SE-based NFC Card Emulation: SEI ≠ SP
Physical cards:
SEI = SP
NFC Card emulation:
SEI ≠ SP
Perso bureau
Card vendor
BPOSupplycontract
SP
SP TSM SEI TSM
BPO BPO
Supplycontract
Card vendor
Supply contract
SP SEI
Android KitKat’s HCE promises to change that
Host-based Card Emulation
AID Routing Rule
Default Host
AID Y Secure Element
NFC Controlle
r
Host CPU
Android OS
Contactless
smartcard reader
Secure Elemen
t
Select AID “x”
Select AID “y”
Android device
Android has in-built security mechanisms (e.g. sandboxing). These may be over-ruled in case the device is rooted.
HCE takes place in environment that is not secure: the host
NFC Controll
er
Host CPU
Android OS
Contactless
smartcard reader
Secure Eleme
nt
Select AID “x”
Android device
Device rooting
HCE & Cloud solutions.
App 1
App 2
Wallet
Device Authentication. Key Management. Tokenization.
Token storage.
PCI requirements. Host physical and logical requirements.
HCE accelerates the NFC ecosystem
NFC Ecosystem is getting ready to scale up:• Device support• Consumers are used to access services
from mobile devices• Infrastructure is growing
With HCE SPs have the freedom to choose for the HW security or not
SE access discussions are however delaying development, while many
services do not require top-level security from day one
HCE impact on NFC ecosystem
Impact on Explanation
SPs • Are given an additional degree of freedom
App development• Enhancing the security of HCE applications• Existing wallet and payment apps to be updated
TSM• The role of (SP-)TSMs may change from the
personalization of an applet to the personalization of an HCE service.
SEI (& SEI TSM)• The role of the SEI is removed (or much lighter) for HCE
services
Example 1: HCE for open-loop high value payments
SP’s compromise point-of-view
Pro
• Convenience• Reduced costs• Less players +
no SE issuers
Con
• Decreased security
• High potential losses
• Certification unclear (yet)
Example 2: HCE for low value payments, closed loop systems, transit, access control
SP’s compromise point-of-view
Con
• Decreased security
• Low potential losses
• Compatibility
Pro
• Convenience• Reduced costs• Less players +
no SE issuers
Summary
• Alternatives approaches are available, all bring their own challenges.
• Cash and Physical cards are still the most commonly deployed
22
THANK YOU.