Paypal moves into contactless space

Posted by on August 23, 2010 No comments

Paypal is definitely the most important online payment system provider in the online world. Yet, it seems they are quite enthusiastic about the real world. And of course, the leading online payment service provider goes for the coolest method; over the contactless interface! Near Field Communications World refers to the interview with the Paypal President Scott Thompson on The Wall Street Journal.

Transactions are processed by Bling Nation, so merchants need to obtain a BlingBox to accept Paypal contactless stickers. Paypal customers must get the contactless sticker from a Bling merchant prior to making a transaction. The sticker is supposed to be attached to the back of the handset.

The big picture suggests that Paypal customers will be able to access their accounts in real merchant locations via their contactless stickers attached to their phones. According to Bling Nation, sticker is compliant with NFC, so it will be available to customers without a stick when the secure element dilemma is resolved and ordinary people have NFC enabled phones.

There are no technical details on the payment application itself, so I assume it is secure enough to hit the streets. I think the below issues are very critical and must be addressed -if not already done so:

- The authenticity check of the card and the POS terminal
- The verification of the card holder
- Interoperability with the existing POS network with contactless readers

Anyway, it’s an interesting move for the contactless world from a strong player!

First MicroSD based contactless payment launch in Europe

Posted by on August 12, 2010 No comments

Visa Europe and Akbank -one of the big fives in Turkey- announced the first MicroSD based contactless payment application in Turkey. Akbank, Visa Europe and DeviceFidelity attended the press conference.

As I already mentioned in a previous post, DeviceFidelity’s MicroSD product is a solid solution, especially for Turkey where contactless reader penetration is almost like %2 of total POS terminals -around 32.000 contactless readers are already installed. The projected target figure is %5 of total number 1.800.000 terminals. More than 2.200.000 Visa&MasterCard contactless credit cards have been issued in Turkey by 10 different banks. Contactless usage is on constant increase but not as much as anticipated.

I was unofficially informed that only Blackberry is supported for the time being, but I was unable to confirm it.

It’s a great success for Akbank to commercially launch a handset based payment application. Now I am waiting for the announcement of the availability of the application process as an Akbank customer, which will be by the end of this year!

NFC based check in process work flow

Posted by on August 11, 2010 No comments

I have been on my summer vacation with my family and I had some thoughts on a contactless based check in service while waiting at the check in desk. I developed a process in my mind and after returning back, I bumped into a great article NFC – the future of the check-in process on NFC News. It is a very innovative idea to speed up the check in process and quite convenient from the customer perspective.

The bluetooth enabled contactless sticker is the key element as well as the contactless readers to be installed in the airport gates.

NFC based check in solution may lead to many more innovative ideas like connecting the customer to anther flight or hotel transfer, etc.

Here is the project I planned for a contactless check in process:

EMVCo released handset requirements for contactless mobile payment

Posted by on June 30, 2010 No comments

By maintaining the specifications of the banking card applications, EMVCo has a huge effect on banking card business. Visa and MasterCard developed their own implementations (VSDC and M/Chip respectively) based on EMV specifications. They are almost identical, they have a few configuration changes. Contactless applications payWave and PayPass are also based on EMV specifications, however they were developed before EMVCo released a contactless specification.

It seems EMVCo is ahead of Visa and MasterCard this time, they released requirements for contactless payments by handsets. There are already implementations of Visa and MasterCard’s applications on handsets, but all of them have been dropped before launch -after pilot phase.

Basically, a mobile application is a user interface for accessing the EMV compliant payment application running on the secure element of the handset. Secure element can reside on the NFC controller of the handset or on the SIM card.

What EMVCo requires for these applications are;

  • Application should have a soft/hard key for easy access. If it’s a soft key, it must be accessible from the main/home screen.
  • Application should inform the handset/card holder when a contactless transaction is in place.
  • Application should be secured by a password and it should be configurable to enable/disable the application.
  • There should be an indication of contactless capability, just like the bluetooth icon.
  • Handset shall provide a mechanism to notify the application when it is powered off.

It is a good effort to draw the boundaries of the environment and will lead the players in the industry to have a single user experience. It seems we will see more mobile payment applications on the market -hopefully in the commercial level rather than pilots.

Original document can be found here.

Nokia : comes with NFC

Posted by on June 22, 2010 No comments

Nokia has always been the pioneer handset manufacturer in the NFC environment since the beginning. Nokia released the SDK of handsets with secure elements located in the handset and in the SIM over SWP years ago. So, I had felt disappointment to hear that the long awaited handset supporting NFC Nokia 6212 was canceled.

Fortunately, Nokia announced that all new Nokia smart phones will support NFC starting from 2011. There’s even more; the secure element will be located every location possible on the handset, not only in the SIM. This means that every player in the NFC space will have their chance to play in the game. Near Field Communications World reports that Nokia Executive Vice President for Markets Anssi Vanjoki made the announcement on Mobey Forum‘s 10th year anniversary in Helsinki.

This is a great news, not only for NFC enthusiasts, but for Nokia, too. Nokia has fallen apart from the smart phone wars (in terms of application store-wise) and I think this will be a big step for Nokia in the smart phone market. I think a killer NFC application will help a lot.

Edit : Turns out that it will be a feature of upcoming Symbian 4 platform and only selected handsets will have NFC support. For details please see here.

Laks : A futuristic company in contactless gadgets

Posted by on June 10, 2010 No comments

Not so long, about 10 years ago, if someone had told you that you could process a payment transaction with your watch, you’d probably laugh. But things have changed in an enormous speed and since last few years, this definitely possible and there are people actually doing this now.

This has been possible by a company -Laks, whose vision is beyond most of the people in both card payments and watch industry. Laks is a Vienna based company developing very cool watches that have a dual interface chip slot and the watch has an antenna inside the watch. The antenna plugs into a specific type of SIM sized dual interface chip produced specifically to fit in this environment. There is the possibility of running many applications on the chip. Actually there is the possibility of requesting any kind of chip in this form, which means that sky is the limit for implementing a chip application inside a watch. Laks also has native mifare chip embedded into the watch. Although I’ve never asked, I am sure that they can fit any kind of chip inside a watch.

Watches come with the antenna, while the dual interface chips do not necessarily. If so, personalization process must be processed while the chip is in the watch, which is something hard to do when personalizing huge volumes.

In Turkey, Garanti Bank launched a product based on Laks watches a few years ago. It was a little bit early, however it was still a very innovative product. In Turkey, there were efforts to develop a payment product based on Laks’ watches, which some of them had already passed the proof of concept phase, unfortunately they were never launched.

Maybe, the commercialization did not happen due to the fact that watch is a personal thing (like a mobile phone in the NFC case) and a payment product bundled in a personal stuff might not sound good to people. But I am sure there will be some contactless projects based on watches and Laks will definitely have a big role in this picture. There are more interesting watches other than having a contactless capability in Laks’ web site, worth to visit.

No NFC support on iPhone 4

Posted by on June 8, 2010 No comments

All those rumors on iPhone having an NFC chip inside turned out to be incorrect after yesterdays WWDC10 event. It seems there are also no plans in the near future.

NFC community was waiting this announcement in great excitement, since it would definitely boom the NFC era, but unfortunately it seems we will go only for Android in the near future. There has been news around the NFC APIs in the Android environment that they are stable now, depending on the hardware of course.

While Micro SD card based solutions are already out there awaiting for commercialization, I think that next big step now should be the availability of NFC chips and antennas in the upcoming Android devices.

Payment vs. ticketing

Posted by on June 6, 2010 No comments

Contactless cards are penetrating into more and more market segments day by day. The three most common use cases of contactless cards are clearly ticketing, payment and access control. Now let’s skip the access control and compare the ticketing and payment use cases.

Work Flows

Functional requirements of a contactless ticketing application are generally store a balance, contract, expire date and a log space. Typical work flow of a contactless ticketing transaction is as follows:

  • Identify the card in the field
  • Authenticate the card and the ticketing terminal
  • Read the contract from the card
  • Read the previous transaction logs -if necessary
  • Compute the fare
  • Debit the card with the fare
  • Write the transaction log

When it comes to payment, the work flow of a contactless EMV payment is as follows:

  • Identify the card in the field
  • Authenticate the card and the terminal
  • Debit the card
  • Store the transaction log

As you can see, the main difference of the payment and the ticketing work flow is the fare calculation based on some variables like contract type of the card and the previous transactions performed and stored in the application. This is something EMV is still uncapable of. Both Visa and MasterCard are already working on ticketing extensions of payWave and PayPass, however they will still have many barriers ahead even if the specification are completed and first samples are out for testing.

Authentication and cryptography

EMV relies on RSA and Triple DES, while ticketing applications use mainly DES variants and AES. Contactless EMV transactions are quite secure with DDA (Dynamic Data Authentication) and it is a perfect solution for an interoperable environment of different banks.

Almost all ticketing systems are proprietary and each transport operator or provider has its own application. Every system has its own infrastructure and interoperability between ticketing systems are quite rare. So each system has its own authentication alghoritm and of course key types and lengths.

Main differences

EMV is designed for securing the transaction between card and terminal, terminal and host systems, host system and the card. It’s the underlying standard of Visa, MasterCard and JCB. Each organization has its own application of EMV but essentially they are mostly identical. Contactless ticketing application depend heavily on the chip platform and operating system they are using. Every transport authority, system integrator or solution provider has its own ticketing application. There are efforts in Europe to standardize the ticketing applications but they are not mature enough yet. So basically ticketing is proprietary for now.

Some time in the near future, payment and ticketing is supposed to meet on the NFC platform, but it seems it’s still a long way there.

M-Pesa, the most innovative mobile payment system

Posted by on May 22, 2010 No comments

Think of a country where most of the people don’t have basic bank accounts. Most of the population live in outskirts or villages far away from city life. Robbery is the second name of the capital city -Nairobi. Yes, I am talking about Kenya, one of the most beautiful countries in Africa.

Around 2 years ago, the biggest mobile network operator Safaricom started a mobile money transfer system called M-Pesa which now became the most innovative mobile payment system throughout the world. It was created for responding the underbanked population for their basic money transfer needs. There was no legal infrastructure to regulate the system, government could do it after 6 months of the launch. Now it’s projected that almost one third of every Kenyan has an active M-Pesa account.

So, what is M-Pesa, how do people use it? M-Pesa is a money transfer program managed via cell phones. All the cell phones are compatible since the application was developed on the SIM card. All Safaricom SIM cards have the M-Pesa application pre-installed, so all you need to do is to register the service. Even I was -as a foreigner- able to register it within hours by using my passport only.

What really great is that there are no hardware terminals installed, both users and distribution network use the same SIM-centric approach. For registering, you simply need to apply to an M-Pesa agent. Agent keys in the typical personal information to his/her cell phone and you receive the notification in hours. The application is protected by a PIN, which is created during the registration, so it is secure enough.

With an M-Pesa account, you can send and receive money, withdraw cash from ATMs, shop at certain points and now the latest news is that you can even link your account to a bank account. What would an average Kenyan want more from a mobile network operator?

I personally consider M-Pesa as one of the most creative product based on a smart card platform. The SIM application alone enables the whole service as the heart of the system. Safaricom manages a pool account for all the money loaded in to M-Pesa accounts. Safaricom is not a bank, but now with the introduction of M-Kesho, people can open a bank account at Equity Bank and use the basic banking instruments through the M-Pesa application just by linking the M-Pesa account with the Equity Bank account. Another innovative step!

M-Pesa was a huge success, so Vodafone, the owner of Safaricom launched the same product in Tanzania, Afghanistan and is planning in India, Eygpt and South Africa.

It’s a true success of a smart card/SIM technology, yet I can consider as a contactless system since everything happens out of the contact interface!

Almost reality: mobile payment with iPhone

Posted by on May 19, 2010 No comments

Visa has been working for some time on mobile payment space with DeviceFidelity for porting the Visa contactless applications into the MicroSD environment. We’ve already heard many news that Apple is also quite interested on the same subject and now finally that seems to be a reality, according to a post on Engadget.

Apple has been submitting patent application for the next generation iPhone on NFC objects. However, I strongly believe that the secure element will be under the control of Apple, not the carrier or the user -if an iPhone with NFC support is to be released. So Visa is heading on to its own path. What I understand from the news is that a PayWave application running on a MicroSD card will be attached to iPhone through a special casing. It seems we will see the application available on iTunes in the long run. And it’s name is In2Pay.

Although there’s not much detail on the project in general, I think that it will be specific to US, which will essentially switch the transaction interface from magnetic stripe to contactless for payment, not more. Of course a transaction history kind of details must be available in the application. The aplication will be secured by password

It’s a good move from Visa to provide a solution to mobile payment space over the iPhone platform, but I believe it will take quite a time to make the application commercially available. If it comes quickly, it will definitely be the killer application for me to buy an iPhone!

DeviceFidelity’s white paper also indicates that other mobile platforms are supported. More importantly, In2Pay v2 will have OTA support for personalization and multiple bank accounts will be available. v2 will have the full NFC environment from couponing to payment.

I strongly recommend to download the white paper from DeviceFidelity (requires a very short registration)