Category Archives: contactless payment - Page 3

NFC on Mobile World Congress 2010

Posted by on February 22, 2010 1 comment

In my perspective, NFC was the rising star of the Mobile World Congress 2010. In the first day of the event, the agenda of the session was mobile money. A balanced selection of speakers from carriers to technology companies provided a mind opening content.

The first outcome of the day for me was that NFC is something that you can not expect a single task, but there is a need for companions. I mean, a simple mobile wallet application will not be enough for people to make it a killer application. Mobile coupon style add-ons as well as making the content accesible to user through the handset is crucial. People already have credit cards, debit cards, transportation cards, etc for making the payment. Why would the user have switch it to a handset instead of a card?

Secondly, all the parties are ready to jump on the band wagon but it still needs some time for the boom. We’ve already seen many pilots and even a commercial roll out in Japan, but there’s still some more time ahead.

Mobile World Congress 2010 had also an NFC event for platinum pass holders with a Samsung handset.

It was interesting to see that SIM cards are having more and more abilities for mobile payment applications. Gemalto announced a new SIM card which is able to run a DESFire ticketing application. I also had a product presentation of a SIM platform with NFC support from Giesecke&Devrient.

Finally, BarclayCard announced an iPhone application which can accept contact EMV chip cards with the PIN support. Just like the US version running from magnetic stripe interface, Barclay’s one has a contact chip card reader attached to the iPhone and the terminal software runs on the iPhone OS.

A new dual interface smart card from ACS : ACOS7

Posted by on January 8, 2010 No comments

ACS announced its new dual interface smart card ACOS7. ACS is a Hong Kong based company working on smart cards and readers. Their product portfolio is quite strong, they almost have everything that you can imagine. I especially love the card readers of ACS.

ACOS7 seems an addition to their ACOS family optimised for transportation. It has 8 kb of application memory which is pretty suitable for a transportation applications. ACOS7 has almost every feature you’d expect from a dual interface card product positioned for transportation; from hardware based random number generator to support for ISO7816 Part 4 file structures: transparent, linear fixed, linear variable, cyclic which are essential for transportation logging mechanisms.

I got the impression that ACOS7 is especially targeting the Chinese market, but I think they could do quite well in Europe, too.

Chinese are coming

Posted by on November 29, 2009 No comments

China is a huge country. When you have the population of that much, it’s not logical to pay license fees, but better to develop your own standards. They did it on blueray equivalent media and on payment card applications. China has a payment system of its own, called CUP and NFC World’s latest article says that they will do the NFC on their own way too.

There’s also an interesting card manufacturer company in China, Watchdata. I have personally been following the products of Watchdata for a few years and they are really coming. When I first met with Watchdata dual interface cards, they did not had the EMV, so I was unable to use it. In time, they got the EMV certification and much more. I have seen their chip products replacing many competitors around the world. I saw Watchdata presenting their products around Europe in many respectable events.

Sim Pass is especially an interesting product of Watchdata. Instead of waiting for handset manufacturers to release NFC complaint devices, they developed a SIM card with an embedded antenna. This way, people have a handset which is capable of contactless payment transactions regardless of the handset they have. It’s a very innovative product of its kind, but I don’t think it will reach Europe, since it’s not the European way. But it’s quite a successful implementation step for the mobile contactless payments, that’s for sure.

my-d move from Infineon against NXP’s Mifare Ultralight

Posted by on November 15, 2009 No comments

Contactless chips for limited use have been popular in public transportation for some years. NXP, just like in mifare case, has been leading this market with mifare ultralight. Ultralight chips have limited memory and no crypto support, but have OTP (one time programmable) memory area which is perfect for enabling the restriction the limited use of the ticket. Later on NXP developed a next generation of Ultralight, which is called Ultralight C. Ultralight C supports 3DES in addition to its elder brother Ultralight. Good.

Of course, Ultralight is not the only product in the market. Infineon, as one of the strongest players in the semi-conductor manufacturers have a great product as a competitor to NXP’s Ultralight family called my-d move. my-d move is a member of my-d family of Infineon and has 128 bytes of memory for application and supports 32 bit password for authentication. It also supports password re-try counter feature against brute force attacks. Unlike Ultralight C, my-d move does not have any keys stored in the chip, but has a secure code which is written at the time of issuing the chip. Secure code is authenticated at the time of using the chip along with the password.

One great future of my-d move is, just like Mifare Ultralight, the support for NFC Type 2 Tag Operations. This practically means that my-d move can interact with NFC devices like handsets or other contactless readers. This opens a whole new world for these products. Infineon positions the product as a limited use media like single trip ticket for transportation or event ticketing. Imagine tickets for a rock music event being formatted by a cell phone on an over-the-air service. my-d move and Ultralight opens a gate for enabling projects like this. You can create the ticket with a mobile phone and then send the ticket data to central host over GPRS/3G connection of the mobile handset. You can also validate/invalidate tickets via NFC handsets. Great opportunity. One great addition to this would be the usage of the ticket for buying a drink inside the event. Or think of voting for polls displayed on kiosks with contactless readers and people voting and identifying themselves with the contactless ticket.

Basicly, my point is that these chips are great for any type of ticketing, not limited to limited use for transportation.

A possible huge step for NFC

Posted by on November 6, 2009 5 comments

A recent post on Near Field Communications Group on Linkedin states that Apple is working on some prototype iPhones which have contactless reader. Here’s the full post:

Had to share this news. A highly reliable source has informed me that Apple has built some prototypes of the next gen iPhone with an RFID reader built in and they have seen it in action. So its not full NFC but its a start for real service discovery and I’m told that the reaction was very positive that we can expect this in the next gen iPhone. If Apple does it, expect every phone manufacturer and their sister to begin pumping out NFC enabled phones, at least for service discovery and sync. This just reinforces what we knew based on the two seperate patents Apple submited that had the iPhone enabled to read RFID tags. I’m told that the touch project video and the BT SIG’s specs were all driving forces to push this forward as well as other factors. Guess I’ll be touching my iPhone to my Mac to link them together to sync iTunes by next year.
Nokia has been the leader of NFC innovations in the handset world, but if this happens to be true Apple may go far ahead. And at the same time it will lead to a boom in NFC applications.

A recent post on Near Field Communications Group on Linkedin states that Apple is working on some prototype iPhones which have contactless reader. Here’s the full post:

Had to share this news. A highly reliable source has informed me that Apple has built some prototypes of the next gen iPhone with an RFID reader built in and they have seen it in action. So its not full NFC but its a start for real service discovery and I’m told that the reaction was very positive that we can expect this in the next gen iPhone. If Apple does it, expect every phone manufacturer and their sister to begin pumping out NFC enabled phones, at least for service discovery and sync. This just reinforces what we knew based on the two seperate patents Apple submited that had the iPhone enabled to read RFID tags. I’m told that the touch project video and the BT SIG’s specs were all driving forces to push this forward as well as other factors. Guess I’ll be touching my iPhone to my Mac to link them together to sync iTunes by next year.

Nokia has been the leader of NFC innovations in the handset world, but if this happens to be true Apple may go far ahead. And at the same time, it will definitely lead to a boom in NFC applications.

SIM-Centric or not?

Posted by on October 26, 2009 No comments

According to the post on NFCNews, Nokia release its first NFC handset which holds the NFC application on the SIM card, rather than the handset itself.

Well, let’s go through the concepts first. We can say that the heart of an NFC system is the secure element. Secure element refers to the IC (integrated circuit) which hosts the application, which stores the data and communicates the NFC reader. The data stored in the secure element can be financial balance, cardholder data, ticket contract details (on a transport ticketing application), etc and it’s protected by at least DES or TDES keys. The physical communication layer is actually an antenna attached to the handset. In the first generation NFC handsets, both the secure element and the antenna was integrated into the handset.

The place of the secure element actually directs us to the party who controls what application to install or what application not to! If you define the secure element as the SIM card, that means that the owner of the SIM card -which is the mobile network operator- decides what applications will be installed for using with the contactless interface. Before the introduction of the Single Wire Protocol (SWP), this was almost impossible. And there was no business model, either. Now it’s quite clear. Thanks to ETSI, now there’s a standard for this and I think that this will eventually lead to a SIM-Centric NFC world.

On an NFC event held in Istanbul, Turkey on May 27-28, product manager from Nokia (I can not remember his name, sorry) told that at least half of the Nokia phones would have NFC capability in 2-3 years. (I can not remember the exact figures either, but it was something around this, maybe even more) This means that a lot of people will have a contactless device in their hands -even if they don’t want to- and there will be a huge battle for installing an NFC application on a phone. I asked him if Nokia would have both SIM-Centric and handset-centric phones or not. He responded in a very politically correct manner that the market will decide on this.

Just imagine what can you do with this power: You can top-up your transportation card, use it with your phone, check the balance any time from your phone. You can display the last 2-3 transactions from your phone, which bus or tram did you take last time and how much did it cost. You can even top-up by using your airtime. It opens a whole new world, things are shining on the bright side. And this is all happening by using OTA services provided by the network operator.

However, there is a dark side of course. Third party application owners and developers need to negotiate with the mobile network operators. They can not do anything that the operator is not happy with. Let’s say you have a distribution channel and you have a project for adding NFC support so that people will have the chance to use their NFC enabled phones for downloading content. Well, you need to deal with the operator(s) and try to find a way to find a business case for the operator. Good luck.

Briefly, it seems we will have a SIM-Centric NFC world coming and need to prepare for this.

Transportation task force from GlobalPlatform

Posted by on October 6, 2009 No comments

Access control applications and transportation systems were the “killer applications” that caused the boom in the contactless cards. Access control systems are generally do not require anything more than a unique id, but transportation systems are more complex.

Speaking generally, two products dominate the contactless transportation installations: NXP‘s mifare family and the Calypso family, which are famous from the ISO 14443 Type A and B, by the way. Mifare has been dominant for years, but with the security leak that was imposed by the German CCC has been quite a barrier for Mifare lately. NXP responded with Mifare Plus, which is a product designed for migrating the current systems without changing the card media. I think it’s a very good move.

In the last 3-4 years, we saw that banks are trying to penetrate into the contactless transportation systems. Unfortunately the technology that the banks have -EMV- can not respond to the transportation ticketing requirements. Both Visa and MasterCard are working on this.

On the other hand, I saw a very interesting news on Near Field Communications World.com about GlobalPlatform‘s new task force on transportation systems.

I think this will eventually lead to more standardized schemes in the transport ticketing world. Both NXP and Calypso already have compliant products with GlobalPlatform. But the effort that the GlobalPlatform itself will make more efficient affect, not just on the cards, but the readers and terminals as well. It’s also important in terms of NFC based payment scenarios in the transportation since the GSM world will be using a SIM-centric systems based on GlobalPlatform standards.

Payez Mobile

Posted by on October 1, 2009 No comments

The most active community about the NFC world is definitely the French one. There has been a pilot ongoing since the last year and the results are (as almost all pilots) pretty positive. Now France is taking another step and setting up the standards for NFC based mobile payments for Europe.

AEPM (Association Européenne Payez Mobile) was founded by French banks and mobile operators for standardizing the NFC payment systems and now they have another version of standards which is freely downloadable from here.

France was the first country in the world to start the nation wide smart card deployments and they are still in the lead of smart card technology. It’s not a chance that almost all the big card and POS companies are France based.

Contactless Payments : American and European Way

Posted by on September 29, 2009 No comments

When it comes to card business, almost everything is different between US and Europe. US market is huge and very mature. US never migrated to EMV, while Europe has almost completed the migration. (Well mostly)

EMV is the defining point between these two markets. Europe has chosen the card to be the safest and made a huge investment. Now European cards have the ability to process an offline PIN, validate itself to the POS terminal prior to online authorization, generate dynamic signature of each transaction (cryptogram), validate the host system, etc. In the US, POS terminals just read out the mag stripe data and send the transaction to the issuing host for authorization.

In this context, contactless transactions work in the same way. US contactless cards just send the mag stripe data over RF interface instead of the mag stripe reader and everything else is almost the same. However, there’s a slightly different security enhancement which may change the things. Each contactless transaction is sent to host by generating an unique transaction counter, which can not be done in the mag stripe world. Big step.

In Europe, contactless transactions are offline. Visa and MasterCard release specifications for online too, but this was just for compliance with the US network. Offline means the card application needs to authorize the transaction without asking to any central host. To be able to do this, you just need to have a smart application inside the chip which can store some smart decision making data. This is the main difference between Europe and the US.

In the US, contactless only chips can be used without any interaction with the mag stripe. But in Europe, this is simply not possible. The chip needs to be dual interface, meaning that it should work both from contact and the contactless interface.

With the introduction of contactless payments, US market began developing into another era, while for Europe, it was a natural extension to the contact applications. Once again Europe choses the expensive and the safest way while US goes from the opportunistic path.

Practical barriers of NFC

Posted by on September 28, 2009 No comments

NFC is the most popular issue among the payment system providers, mobile network operators, banks, transport authorities and the list continiues. It offers so much for all parties involved. The most common understanding of people is to use the mobile phone as a contactless payment device or a contactless tag. In this scenario;
-Customer uses a great device for eveything
-Mobile network operator has a great product that ensures the customer loyalty and more data transfer
-Application provider extends its application to a one more media and is making plans for adding more functionality to the application running on the phone.

Well everyone seems happy; but up to now, this scenario has never been realized in Europe in the commercial world other than pilot programmes. There are some big barriers waiting on the road:

First of all, the technology is not mature enough. Well actually not the technology but the party who controls the power has not been decided yet. I am referring to the infamous SWP protocol. There are two possible positions of the NFC controller on the phone. It’s either in the handset or in the SIM card. This practically means that if the mobile network operator or the customer him/herself is going to decide what to install/use on the phone. If the secure element resides on the SIM card, that means no one can do anything without the authorization of the mobile network operator. With the introduction of the SWP (Single wire protocol) SIM card can host an application that uses the contactless interface provided by the handset. This opens a whole new world of opportunities to the mobile network operators. (I am planning to have a separate post for this) But on the other hand it forces the application owners to work closely with mobile network operators, moreover they can not do anything that the mobile network operator does not approve.

Secondly, the killer application like transportation is quite complex and have many different players involved. There are already also complex scenarios of owning, using, renewing a transportation schema contactless card and when a handset comes into the picture things go more complicated.

Another issue is the personal taste. Researches indicate that people change to their phones in every two years and the question what is going to happen to the balance on the previous phone? How will the balance be transferred to the next phone?

I believe NFC will create a great deal of changes in our daily life and payment habits, however it will take some time.