Although checks, cash and bank cards have not fallen out of use – far from it – electronic payment is developing fast all around the world, involving a wide range of different formats and methods, from payment via SMS to a Paypal account or smartphones using NFC. And watches and connected objects are also set to join the long list of payment means in the near future.
“The idea we are promoting is that there will not be just one method which will win the day. A response will be needed to all situations, depending on the country and the penetration rate of banking services, smartphones and broadband,” explains Mehdi Elhaoussine, Head of Digital Payments at OT.
In parallel, payment actors have also become very diverse, with the recent emergence of new players. Smartphone manufacturers like Apple and Samsung are currently in the headlines, each offering a mobile payment system using NFC technology. Notably Samsung has recently announced its partnership with OT for the launch of Samsung Pay in Europe leveraging the PEARL by OT® eSE. Mobile operators are meanwhile striving to maintain a foothold in the value chain or entering the fray by offering their own mobile payment service, particularly in emerging countries where penetration of banking services is low.
These new technologies are offering banks an opportunity to reinvent money. The challenge for them is now to filter out the technology to favor various models. This may involve adding a payment function to their own mobile application or forming partnerships with smartphone manufacturers or mobile operators to house their payment methods in third-party applications, thereby acting as a virtual wallet. The goal is to offer their services via mobile to as many people as possible. The technology differs depending on the option chosen and security will be assured by a physical component built into the device (eSE or SIM) or using a software solution in the case of HCE (Host Card Emulation) which relies on the Cloud. Finally, hybrid solutions exist, segregating applications logic and security data.
In this respect, OT has established a platform for issuing, securing and managing digital payment means. These advanced solutions, aimed at banks and payment schemes, provide a comprehensive and pragmatic response to rapid technological changes.
According to Mehdi Elhaoussine:”The idea is to offer an infrastructure facilitating and simplifying the payment experience for users, irrespective of the channel or method used. The two keywords for OT are security and simplicity.”
With counterfeiters now replaced by hackers, the question of confidence in new digital payment methods of all kinds is now fundamental. OT has adopted “tokenization” techniques to tackle this. The principle involves concealing the bank card number, in order to reduce fraud. A bank card alias, called a “token”, is created for each cardholder. This token is then used for mobile or online transactions. The token can be static, if protected in a physical Secure Element, or dynamic in a software environment, in which case it should be periodically refreshed to reduce risk. Its use will also tend to be restricted, on a timely basis, on a given device, at certain merchants, or to a specific channel. The other major advantage of tokenization is the ability to remotely deploy a payment means on a mobile in real time.
The real card number is therefore protected:
“Rather than storing a bank card number in a smartphone, we create an alias, which adds an additional layer of security. If the data were intercepted, the bank data would not be compromised,” explains Mehdi Elhaoussine, adding, “OT stays out of the endless IT security debate between tokenization and encryption – we combine them to make the most of the latest technology. While tokenization was originally intended for digital payment methods, OT has even managed to extend its use to a plastic card using its OT MOTION CODE™ integrated on the latest generation cards. Indeed, by displaying a dynamic cryptogram on a physical payment card, OT MOTION CODE™ can be regarded as a form of tokenization. Similarly to the tokens replacing the PAN for mobile payment, the dynamic cryptogram is a form of alias used instead of the CVV that we know”.
OT’s Universal Credential Platform (UCP) therefore offers banks and payment networks a complete and scalable solution, whatever the format or the underlying technology. The sector is undergoing rapid transformation and OT has successfully adapted to support its customers seeking to offer users secure payment methods across all channels. To ensure that the experience is always as smooth and stress-free as possible, this infrastructure represents one of the major challenges for banks and other financial institutions in the coming years.