Mobile Payments: FAQ and not so FAQ

I have been working in the field of payments, specifically mobile payments for quite sometime now. If you haven’t noticed, a lot is happening in that area. The players in this field keep coming up with new stuff all the time; the field keeps coming up with new players all the time. Some of them just make sense, but some just don’t regardless of how hard we think. It is not their mistake. They are trying out new and innovative ideas hoping that one of them will click.

Mobile payments come with a lot of variables and not everyone has the knowledge or patience to understand all of them equally well. For instance, a credit card expert may not understand how HCE (Host Card Emulation) is affecting the SE (Secure Element); while an NFC expert may not understand how a Card network gets involved in tokenized transactions.  Apparently, it is not a surprise that many questions come to our mind that needs an answer – a short and simple answer.

My goal here is to try and answer these FAQs and not so FAQs for my benefit and reference. I plan to use a question/answer format where each question is answered in one short and simple blog post. As a general rule, I will prefer simplicity to absolute accuracy, because i don’t like my learning to be limited by some fine-print details. In many cases, I will restrict the details to the context of mobile payments to avoid information over-bloat.

I am confident that this will benefit me and hopefully it will benefit others too. I am also hoping that any expert stumbling across these blogs will offer their valuable thoughts thereby helping the rest of us.

Welcome to Mobile Payments FAQ and not so FAQ series. View all posts from the Table of Contents page

 
 
SQLite Auto Increment
 
 
Mobile Payments: Who is an Issuer?

Ganeshji Marwaha

I spend my days as the Director of Technology for Mobility practice and help my clients design enterprise and consumer mobile strategies. Mobile Payments, Digital Wallet and Tokenization technologies are my areas of specialization
  • Connor Poole

    You mention that apple uses an embedded SE in the apple pay vs google wallet article (http://www.gmarwaha.com/blog/2014/10/02/apple-pay-vs-google-wallet-the-secure-element/)

    But you don’t offer pros and cons of using an embedded SE vs a UICC (sim card SE) vs HCE (cloud based). Any input here would be much appreciated; I have assembled below what basic pro’s and cons I can think of.

    embedded SE:

    Pros:
    – Not at the mercy of the cell providers sim card
    – Works without an internet connection
    – The tokenized LUK for the card information is never transmitted nor stored anywhere else
    Cons:
    – Every device has a different hardware configuration, the embedded SE approach is not very standardized. As such, a flaw in interfacing with the embedded SE (a hardware flaw) could introduce security concerns?
    – Fixed storage and fixed capabilities for the life of the device

    UICC:
    Pros:
    – Works without an internet connection
    – The tokenized LUK for the card information is never transmitted nor stored anywhere else
    – Sim is upgradable if new security standard is released
    Cons:
    – Cellular providers can block a phone from using the UICC as they distribute the sim card
    – Easier to remove a sim than to tap the traces for an embedded SE

    HCE:
    Pros:
    – Freedom from carriers
    – Cheaper, no additional hardware
    – tokenized LUK is never on device so if device is stolen there is 0 chance of it being recovered
    Cons:
    – Tokenized LUK is in the cloud and susceptible to server security and transmission security
    – The kernel handles the LUK transmission, a bad kernel could open security flaws
    – Requires internet connection to work???

  • Thank you for the comment Connor Poole. I agree with your idea of providing the differences between different SEs. But, that post was specifically targetted towards explaining where the Secure Element is located when using Apple Pay and Google Wallet. It does make for another interesting blog post to address the differences between all types of SEs though. In fact, I am sure such a post will be an open ground for feedback as one person may not be able to collate all pros and cons. Your list is a very good starting point.

    Quick question: Any reason why you commented on this blog post instead of the other one – http://www.gmarwaha.com/blog/2014/10/02/apple-pay-vs-google-wallet-the-secure-element/

  • Connor Poole

    Whoops, I thought this was the general page for FAQ about mobile payments. Turns out this is just the title page and the series is called FAQ haha. I can delete my comment and move it if you would like

  • Thanks, that will be great and will help preserve context. appreciate it.

  • Rony

    Hey Ganeshji. Many people are still not acquainted with mobile payment services i think it will be great you will be of help to solve the queries relating to it.

  • Dad’s Affan

    hi sir… today i try to make a payment to increase my zynga poker
    cip.. but i dont know how to make it… when i try to make pay by phone i
    got massage like this ”

    Sorry, Facebook is not available for
    DiGi Telecommunications”… than i try used another line.. line is
    celcom but still cant make a payment.. ”the service is not available…