Monthly Archives: June 2010

EMVCo released handset requirements for contactless mobile payment

Posted by on June 30, 2010 No comments

By maintaining the specifications of the banking card applications, EMVCo has a huge effect on banking card business. Visa and MasterCard developed their own implementations (VSDC and M/Chip respectively) based on EMV specifications. They are almost identical, they have a few configuration changes. Contactless applications payWave and PayPass are also based on EMV specifications, however they were developed before EMVCo released a contactless specification.

It seems EMVCo is ahead of Visa and MasterCard this time, they released requirements for contactless payments by handsets. There are already implementations of Visa and MasterCard’s applications on handsets, but all of them have been dropped before launch -after pilot phase.

Basically, a mobile application is a user interface for accessing the EMV compliant payment application running on the secure element of the handset. Secure element can reside on the NFC controller of the handset or on the SIM card.

What EMVCo requires for these applications are;

  • Application should have a soft/hard key for easy access. If it’s a soft key, it must be accessible from the main/home screen.
  • Application should inform the handset/card holder when a contactless transaction is in place.
  • Application should be secured by a password and it should be configurable to enable/disable the application.
  • There should be an indication of contactless capability, just like the bluetooth icon.
  • Handset shall provide a mechanism to notify the application when it is powered off.

It is a good effort to draw the boundaries of the environment and will lead the players in the industry to have a single user experience. It seems we will see more mobile payment applications on the market -hopefully in the commercial level rather than pilots.

Original document can be found here.

Nokia : comes with NFC

Posted by on June 22, 2010 No comments

Nokia has always been the pioneer handset manufacturer in the NFC environment since the beginning. Nokia released the SDK of handsets with secure elements located in the handset and in the SIM over SWP years ago. So, I had felt disappointment to hear that the long awaited handset supporting NFC Nokia 6212 was canceled.

Fortunately, Nokia announced that all new Nokia smart phones will support NFC starting from 2011. There’s even more; the secure element will be located every location possible on the handset, not only in the SIM. This means that every player in the NFC space will have their chance to play in the game. Near Field Communications World reports that Nokia Executive Vice President for Markets Anssi Vanjoki made the announcement on Mobey Forum‘s 10th year anniversary in Helsinki.

This is a great news, not only for NFC enthusiasts, but for Nokia, too. Nokia has fallen apart from the smart phone wars (in terms of application store-wise) and I think this will be a big step for Nokia in the smart phone market. I think a killer NFC application will help a lot.

Edit : Turns out that it will be a feature of upcoming Symbian 4 platform and only selected handsets will have NFC support. For details please see here.

Laks : A futuristic company in contactless gadgets

Posted by on June 10, 2010 No comments

Not so long, about 10 years ago, if someone had told you that you could process a payment transaction with your watch, you’d probably laugh. But things have changed in an enormous speed and since last few years, this definitely possible and there are people actually doing this now.

This has been possible by a company -Laks, whose vision is beyond most of the people in both card payments and watch industry. Laks is a Vienna based company developing very cool watches that have a dual interface chip slot and the watch has an antenna inside the watch. The antenna plugs into a specific type of SIM sized dual interface chip produced specifically to fit in this environment. There is the possibility of running many applications on the chip. Actually there is the possibility of requesting any kind of chip in this form, which means that sky is the limit for implementing a chip application inside a watch. Laks also has native mifare chip embedded into the watch. Although I’ve never asked, I am sure that they can fit any kind of chip inside a watch.

Watches come with the antenna, while the dual interface chips do not necessarily. If so, personalization process must be processed while the chip is in the watch, which is something hard to do when personalizing huge volumes.

In Turkey, Garanti Bank launched a product based on Laks watches a few years ago. It was a little bit early, however it was still a very innovative product. In Turkey, there were efforts to develop a payment product based on Laks’ watches, which some of them had already passed the proof of concept phase, unfortunately they were never launched.

Maybe, the commercialization did not happen due to the fact that watch is a personal thing (like a mobile phone in the NFC case) and a payment product bundled in a personal stuff might not sound good to people. But I am sure there will be some contactless projects based on watches and Laks will definitely have a big role in this picture. There are more interesting watches other than having a contactless capability in Laks’ web site, worth to visit.

No NFC support on iPhone 4

Posted by on June 8, 2010 No comments

All those rumors on iPhone having an NFC chip inside turned out to be incorrect after yesterdays WWDC10 event. It seems there are also no plans in the near future.

NFC community was waiting this announcement in great excitement, since it would definitely boom the NFC era, but unfortunately it seems we will go only for Android in the near future. There has been news around the NFC APIs in the Android environment that they are stable now, depending on the hardware of course.

While Micro SD card based solutions are already out there awaiting for commercialization, I think that next big step now should be the availability of NFC chips and antennas in the upcoming Android devices.

Payment vs. ticketing

Posted by on June 6, 2010 No comments

Contactless cards are penetrating into more and more market segments day by day. The three most common use cases of contactless cards are clearly ticketing, payment and access control. Now let’s skip the access control and compare the ticketing and payment use cases.

Work Flows

Functional requirements of a contactless ticketing application are generally store a balance, contract, expire date and a log space. Typical work flow of a contactless ticketing transaction is as follows:

  • Identify the card in the field
  • Authenticate the card and the ticketing terminal
  • Read the contract from the card
  • Read the previous transaction logs -if necessary
  • Compute the fare
  • Debit the card with the fare
  • Write the transaction log

When it comes to payment, the work flow of a contactless EMV payment is as follows:

  • Identify the card in the field
  • Authenticate the card and the terminal
  • Debit the card
  • Store the transaction log

As you can see, the main difference of the payment and the ticketing work flow is the fare calculation based on some variables like contract type of the card and the previous transactions performed and stored in the application. This is something EMV is still uncapable of. Both Visa and MasterCard are already working on ticketing extensions of payWave and PayPass, however they will still have many barriers ahead even if the specification are completed and first samples are out for testing.

Authentication and cryptography

EMV relies on RSA and Triple DES, while ticketing applications use mainly DES variants and AES. Contactless EMV transactions are quite secure with DDA (Dynamic Data Authentication) and it is a perfect solution for an interoperable environment of different banks.

Almost all ticketing systems are proprietary and each transport operator or provider has its own application. Every system has its own infrastructure and interoperability between ticketing systems are quite rare. So each system has its own authentication alghoritm and of course key types and lengths.

Main differences

EMV is designed for securing the transaction between card and terminal, terminal and host systems, host system and the card. It’s the underlying standard of Visa, MasterCard and JCB. Each organization has its own application of EMV but essentially they are mostly identical. Contactless ticketing application depend heavily on the chip platform and operating system they are using. Every transport authority, system integrator or solution provider has its own ticketing application. There are efforts in Europe to standardize the ticketing applications but they are not mature enough yet. So basically ticketing is proprietary for now.

Some time in the near future, payment and ticketing is supposed to meet on the NFC platform, but it seems it’s still a long way there.