Yesterday, Clearbridge’s CTO Sanjay Malhotra was featured in RFID World Canada, talking to the publication about breaking ground in NFC/HCE mobile payments technology, the security challenges associated with building such platforms, and the future of the mobile payments industry in general.
Read the full interview below:
This interview was originally published in RFID World Canada. The full article can be accessed here.
Sanjay Malhotra, CTO: Clearbridge Mobile has developed applications that have been downloaded and used by millions of users. This includes pioneering the first commercial roll-out of a closed-loop cloud-based Host Card Emulation (HCE) / Near Field Communication (NFC) mobile wallet and gift card solution used in 4000+ retail locations across North America.
A key challenge to the success of an HCE/NFC implementation is security. With thousands of mobile payment transactions made daily by our client’s customers, ensuring end-to-end security throughout the payment loop, from the mobile device, to the merchant’s system to the cloud, was imperative. Each mobile payment transaction has its set of security risks and Clearbridge Mobile took several steps to ensure security and privacy. First and foremost was leveraging a secure PCI compliant environment where credit card data is stored, rather than on the mobile application itself. Clearbridge Mobile also created tokens, which mask the unique private account number (PAN) stored in users’ mobile devices. This is the first implementation of its kind in the market.
To further bolster transaction security, Clearbridge Mobile encrypted the PDF417 barcode that is displayed on the mobile device when it is scanned at the POS. This prevents duplication to create false barcodes and provides additional security and authentication.
Sanjay Malhotra, CTO: Traditionally, NFC technology and mobile wallets require access to a secure element (SE) to make a transaction. Multiple parties own access to SE – from carriers to mobile operators – and have their own unique business or technical models. These challenges surrounding integration between many of the players in the NFC ecosystem have been a significant roadblock to the deployment of mass-market NFC services. Now, with HCE technology, an NFC payment bypasses the requirement to connect with an SE, instead the payment application is hosted remotely within a secure data centre in the cloud.
The NFC-HCE deployment by Clearbridge Mobile was rolled out seamlessly by leveraging the merchant’s existing POS (Point of Sale) System. With no modifications to the POS System or complex infrastructure changes, it eliminates the cost and technical barriers of deployment. Also, for the end user, the solution offers a faster, secure and more convenient checkout service, allowing them to make a purchase with just a quick tap of their mobile phones.
Sanjay Malhotra, CTO: With consumers already toting 575 million NFC-equipped smartphones (growing to 1.2 billion by 2018), HCE-based NFC adoption is in its infancy but is on a precipice of exponential growth and set to be an important driver of mobile payment mass adoption. In addition, payment giants such as Visa, MasterCard and EMV have recently demonstrated support for HCE-based mobile payment solutions and have released their first documentation on developing mobile wallets. In December, RBC Bank became the first financial institution in Canada to implement an HCE mobile payment application pilot.
As successful commercialization and support of HCE increases, NFC mobile payment is set to be a mainstream technology and a common method of making a purchase. Furthermore, the significant increase in the shipment of NFC-enabled mobile devices will further drive mobile payment adoption rates.
To learn more about our experience with NFC and HCE, or our mobile payments capabilities in general, get in touch with us today.