Will HCE revive NFC mobile payments? No.

As of late there has been a lot of press coverage regarding HCE (Host Card Emulation), which in a nutshell allows devices to make NFC based mobile payments without needing the mobile operators secure element on the device. Both VISA and MasterCard are backing this new approach, in the hope that finally, they can kick start mobile payment offering with NFC, effectively locking merchants back into the card schemes for mobile. Google is also heavily behind HCE, because they need a way of getting their Wallet distributed on actual devices and networks. Google has already had a rocky time with NFC, supporting it, then ditching it, only to now attempt to bring it back to their offering through HCE.

There are many companies pinning their hopes to HCE, touting their solutions and the promise of mobile payments. But is HCE really the saviour of NFC based mobile payments, or is it simply the same old issues dressed up in a new party frock?

 

Secure NFC in the cloud

Effectively HCE allows secure details to be stored in the cloud. This makes a lot of sense if you want to bypass the mobile operators and effectively quash their mobile payment offerings (ISIS in the USA and WEAVE here in the UK). But does it actually add any value for the consumer or for the merchant? Is there actually any real difference? The answer is pretty much no.

If you are using the solution in its pure form, then your phone (no matter how it gets details, from the cloud or a secure element on the device) will broadcast card scheme data to the merchant’s terminal. No matter what that data is, it is being broadcast and is data that is used to complete the payment. This is actually very powerful if you are looking for mass distribution, potentially. I say potentially because though there are businesses accepting NFC contactless payments, they are still small in their numbers. In addition, the merchant still has to opt into accepting contactless payments – and it is worth noting that contactless payments in pure card form are not the same as contactless payments using your mobile phone. In many cases the “handshake” is different requiring businesses to invest yet again in contactless for mobile phone. Do we really think SME owners will continue to invest in technology for zero benefit to their business?

So does HCE make any difference here? No…

 

Availability

HCE and NFC are only available on Android based devices (and not all of them). Though Windows Phone 8 supports NFC, it is locked very much into the Secure Elements, so no HCE support there. If we then look at the most successful mobile smartphone out there (iPhone), we should note no NFC or HCE support (and it doesn’t look like there ever will be). So with this in mind, you are only available to customers on 1 of the top 3 mobile platforms. Though many will say that Android has the lion share in the mobile world, it’s worth noting that they are a distant third in their share regarding mobile web being used. This indicates that the majority of Android users are not embracing all the features on their smartphone, and as such, these probably are the same users that will not look to be early adopters of any form of mobile payment.

Essentially, the consumer base that could potentially look to HCE and NFC payments is quite limited.

 

The customer experience

Many articles will talk about adding value into the mobile phone payment option, but when we do this, any distribution advantages you may have due to card schemes and contactless being accepted vanishes. You may ask why, but the fact is that the acquiring banks (the people who actually operate those contactless card devices) will not be accepting data regarding a discount, or loyalty scheme. To be blunt, they simply can’t accept that data as it’s meaningless to VISA, MasterCard, the Acquiring bank and the customers bank. So in order to accept that data, the mobile payment provider needs to sign the merchant up to their particular version of mobile payments, in order for them to enjoy any added value. Therefore the argument for NFC as an open loop environment using card scheme rails doesn’t fly.

So what does HCE bring my customers in terms of experience over what they have currently with a card. The answer is nothing, unless I buy into a particular vision of HCE by a particular company, and if I am going to do that, I may as well look at alternative payment solutions, that save my business money.

 

Payment processing costs

Do these decrease with HCE? Nope, the poor old merchant is still paying full wack for their card processing, and maybe in some situations more. They will be paying for more expensive NFC based infrastructure on a monthly basis too, so mobile is now costing businesses more to accept. That’s simply not good news for any business owner.

 

HCE a game changer? Nope…

To make mobile attractive to businesses it must be cheaper for businesses to run, maintain and it must bring some added value to their business. It also needs to be available to the vast majority of my customers, so that means available to the top 3 mobile operating systems (Android, iOS, Windows Phone). HCE simply doesn’t stack up on any of these basic business needs. It’s more expensive and provides no added value.

Mobile will no doubt be a game changer in the payments world, but it will not be changed by solutions that look to the same old rails dressed up in a pretty new mobile dress. It will be companies that offer real added value through mobile services, and companies that deliver savings back to businesses with large reductions in payment processing fees.

So if you are a small business, look to see what alternative payment solutions out there provide you with the added value and services you want to move your company forward, helping you increase sales and increase your profitability? It’s an exciting time, and a chance for businesses to break away from the old and embrace the new more productive world.

Tech looking for a business problem to solve

There are some wonderful new technologies coming to the market at an alarming pace it seems, some technology really helps a particular market, perhaps speeding up processes, changing our experiences, even having quite an impact on our lives. Then we have numerous technology that seems to be made, simply because it can be.

Just in 2014 alone (already and it’s the start of February) I’ve been exposed to a number of new technologies that are technically impressive, but they don’t have a problem to solve. They don’t have a real way of impacting our lives as consumers, or as businesses. Technology for technology sake is a phrase that I find myself uttering quite often, and none more so than when I look at the world of mobile and of-course, mobile payments.

 

My friend, NFC

NFC is a technology that has been around for years now. I remember it in an early Nokia phone (dumb phone not a smartphone) and it’s never really delivered anything in terms of impact on my life. I will be honest, most phones I have owned have supported NFC, and yet I have never used the technology for anything more than showing that it works.

Don’t get me wrong, there are some wonderful applications of NFC, but it’s a technology that doesn’t really solve any real issue, no matter what it is used for. Sure, it’s great for sharing data quickly, perhaps triggering music from my phone to play on a set of speakers when I rest my phone on them, great, but has that changed much compared to playing via Bluetooth? No, not really, if anything, NFC is more limiting than my Bluetooth pairing of speakers to my phone.

When we look at mobile payments, I still can’t shake the feeling that it’s a great technology trying to fit into this space, even though it doesn’t quite fit.

At the end of the day, NFC feels like a great technology, but for the sake of technology. NFC doesn’t change the game.

 

Bluetooth beacons

The latest mobile and mobile payment tech to raise its head is beacons. Apple launch their iBeacon and PayPal have released information on their own Beacon project coming in 2015 (possibly). Both are quite neat, and pretty cool technology, they demonstrate well, and when you read about them you do think “wow – that could be cool”. However, the actual use of the technology again doesn’t solve anything, or remove anything from a process (deals or payments).

Even if a Beacon checks me into the store, I still need to have my mobile phone app (maybe even open), I still need to pay at the till using a payment account (maybe PayPal which isn’t exactly cheap or merchant friendly) and I still need an additional way of assigning that transaction to me the customer. With that in mind, is it worth me having Bluetooth switched on and having my phone pinging off beacons?

Even if PayPal manage all this, has it changed my life as a consumer? Probably not. Because there is no added value. All I have done is identify myself to a PayPal system that I am in that store, and at the expense of battery life. There is no added value to the merchant nor to the customer, only a technology that demonstrates well. We must remember too the practicality of all this for the consumer, even if all stores supported beacons, how long before I need to charge my phone? Having my phone constantly pinging beacons via Bluetooth is not good for my battery life, or my sense of security as a consumer. So much so, that most people have Bluetooth disabled on their devices by default, rendering the whole proposition pointless.

Apple beacon is a different approach, it’s not focused on payments and you have to open the app as the consumer, giving you a little more control. However again the concept of only providing deals or information through the beacon app or iPhone won’t stop businesses having to show deals visually in the store or online. Has this made life easier for the business, or actually made it harder? After all, a business won’t want to lose those customers who aren’t on the Apple iPhone platform. What about the majority of smartphone users who are on Android? That growing number on Windows Phone? What about the number of people who don’t even have a smartphone? Do we really expect a store to not provide all those offers exclusively to their iPhone customers? No, so life isn’t easier for the merchant, it’s more complex. No matter the merits of beacons, it still isn’t a game changer for businesses or consumers.

 

Wrapping up someone else’s tech

This is a particular bug bear of mine. There are lots of technologies now out there, and proposed solutions (especially in the mobile payments space) that don’t actually deliver anything at all. Rather, they wrap up someone else’s tech / app, and all they do is pass information to it to semi streamline a process. Now I don’t have anything wrong with streamlining processes in this way, after all, I spent 14 years as a TA doing this for corporates. But does that make my own technology massively valuable? No, it really doesn’t….I don’t want to point fingers at all, but if you again, look at the mobile payment space you will see a fair few of these examples.

 

Payments, tech first, solve a problem second

Unfortunately most technology companies at the moment seem to rush to get a technology together, then try to shoe horn it into some business problem or experience that either it doesn’t fit in, or simply doesn’t work for. The mobile payments industry is rife with this, with a multitude of different approaches to payments, all based around technology first, user experience second and practicality for the business and others a distant last.

 

Look at a problem, and then solve it with technology

I must be “old school” when it comes to creating technology. I still like to have a problem to solve, either in terms of a real business need / driver, or an experience we need to get to before I start designing and creating solutions and new technologies. I still maintain that if you want your technology to work it needs to exhibit all of the following 3 points:

1. Make life easier for you and or your customer
2. Add value to your current process
3. Reduce your costs

If your solution doesn’t do all of these potentially for the majority of your customers, then it’s not worth investing in or using.

Shameless plug here, but when you look at mobile payments, Zwallet is the only mobile solution that ticks all three of these points off, and that’s because it’s a technology and solution that looked at real problems, needs, drivers and experiences first.

Payment Security. Has it been forgotten?

People may think I’m not being serious with this post title, but I really am. These past few weeks yet more examples of security not being taken seriously in the payments market have emerged. It started with an article I read on Finextra regarding Google bypassing the secure element on an Android phone for NFC based transactions. It’s the launch of HCE (Host Card Emulation).

 

HCE and NFC

I’m not going to go into too many details and technicalities about it, but my own take on the whole situation with HCE, NFC and Google is that Google and the card schemes are changing the rules in which payments are supposed to be made. They are doing this to better fit with their own solutions, and to potentially lock out ventures like ISIS in the US and WEAVE here in the UK and at the risk of security.

There are strict reasons behind PCI compliance and the use of EMV (secured chip and pin to most of us) and it seems that these are now causing issues for Google and others, so instead of looking for real solutions they change the rules. A great take on this can be found on finextra here

 

QR/Barcodes in transactions

These are the choice of many payment solutions out there, including my own companies CloudZync with Zwallet. However, QR and Barcodes are easy to create, especially static ones, so using these for passing payment information has to be taken into consideration, and I would never allow an authorisation of a payment to be made just because a valid code has been scanned. Yet I have witnessed many solutions out there now that do this…

With Zwallet we always make sure the consumer is involved in the authorisation process fully, so we keep intelligence in the process at the cost of 1 second in the transaction process. For me, 1 extra second making a payment is well worth it to aid in security. (I would like to point out that Zwallet transactions are still dramatically quicker than typical card based transactions, even with the added 1 second for security).

 

Security underlying cause for concern?

So what is the underlying cause of security concerns with payments? What really causes so much effort to go into technology a trying to patch security issues or catch fraud post a transaction? The answer is the actual card scheme itself and the infrastructure behind it.

Let’s be real. Cards are amazing. For the last 40 years they have steadily dominated the way in which most of us pay for goods and services. But, has security increased much in that time? A little is the answer. There is a lot more technology backed behind it, but fraud is back on the rise again, so we must ask ourselves why. And the answer is simple, cards were never designed for the digital economy. Everything that we do to utilise the card infrastructure is a cludge, a patch/hack in tech terms. All this technology and security to try and secure something that is very insecure, 16 digits on a card, mixed with two dates and 3 digits on the back.  If we lose control of those details then a fraudster can do whatever they want with our cards, and that’s why so much is invested in fraud detection post a transaction and so much is invested in risk management.

My fear is, while card based transactions using Chip and Pin remain ok, the way we use cards digitally isn’t so secure. Throw into the mix mobile payments and companies actively trying to utilise card details in their solutions to make payments, and holes start to appear. In essence, trying to use technology to secure something that by its nature is not secure causes all sorts of issues. And though great lengths to make things much more secure are possible, the costs behind these rack up.

No matter how you try to secure card details, or to what lengths you go, the fact remains that the infrastructure for cards requires those simple card details, and fraudsters are becoming increasingly intelligent, innovative and capable of getting their hands on those details and using them.

 

The security solution

The only real secure option is to start with a blank sheet of paper for payments and wake up and realise that the digital economy requires payments to be carried out on an infrastructure that is designed for digital transactions from the ground up. It also MUST include more human elements in the process and not just require everything to be automated.

Real intelligence still remains with the consumer and the business. By removing them from the process more and more, we may make the payment process a little quicker, but we increasingly make it less secure. After all, the process of me having to know my PIN to make a payment is far more secure if I have lost my card, compared to just waving my card in front of a reader and making a payment.

These are the reasons behind the security approaches we have at CloudZync, the reasons why we make sure the consumer has to actively be involved in the purchase process and actively have to authorise each and every payment. If we remove them too much, then there are more gaps for fraudsters to exploit.

I’m not saying everything can be 100% secure, it simply can’t, and intelligent innovative fraudsters will always find a way to exploit processes and technology, but we must actively make it as hard as possible, and currently, in the race to stamp authority on possibly the payments method of the future, security seems to be being overlooked…That is a great concern of mine, and should be a great concern for each and every consumer out there and business owner…

iPhone 5: What Apple got right

September 12^th was the big day and Apple finally showed us their new iPhone 5. However there wasn’t anything there that many of us didn’t know about already, such was the extent of leaks leading up to this event.  So far the reaction to the event is one of underwhelming acceptance…It seems that Apple hasn’t been an innovative company for some time now, rather everything they do is playing catch-up with other people’s ideas and innovations while attempting to maximise and squeeze yet more revenue from their current customers. This, Apple does exceptionally well at…

iPhone 5, it got no NFC right at least: Picture from engadget

Catch up on the iPhone 5 launch event here at engadget

So while there are many blogs, articles, reviews out there that show what’s wrong with the iPhone 5, and there is quite a list, I am going to focus on something they did get right, and that flies in the face of all the technology journalists, who on this subject often show they know nothing about technology and or business combined…Apple got it right when they opted NOT to include NFC in their device.

 

No NFC for the iPhone

While many reviewers are saying this is dangerous omission I have to say it’s highly sensible. If you believe what tech journalists are saying, then we should all be making NFC enabled mobile payments pretty much now, and they have based this belief not on fact, rather on marketing gumph from a few companies out there, VISA, Google and a bunch of phone networks. What they all fail to take into account is that customer experience is being put ahead of practicality, security and cost. In the real world, this means most businesses will not be using it.

The payments industry is pretty much in a mess, there is nothing wrong with the customer experience of using cash or cards, yet there is a common belief amongst businesses and customers that they should be able to make payments with their mobile device. This has lead to endless different approaches to mobile payments, almost all of which centre around NFC capabilities. However, let’s just think for a moment. Cards are not secure things; we know this by how easy it is to make fraudulent transactions, especially in a digital age. NFC is not a secure form of communication, VISA even state this in their own Patent applications. So put the two together and you get…A great demonstration of how we can use mobiles to make contactless payments, but ultimately a nightmare for merchants with endless costs and charge backs, essentially fraudsters saying “don’t mind if I do”. No wonder most merchants say “no thank you”….

Other phone manufacturers may have embraced NFC in their devices, but even then, each manufacturer and device OS uses it in different ways. Just because your device supports NFC doesn’t mean it supports contactless payments. We see this mess with Googles own Wallet only being able to support the one bank card, its own pre-paid card having to be pulled and you not being able to use your Google Wallet at a typical contactless payment point. Throw in the fact that the phone carriers want a bit of the NFC action and you can quickly see how messy this environment is. Sure it’s competitive, but it’s competitive because no one is doing the same thing and everyone is arguing over who owns what part of an NFC based transaction. Even Microsoft’s Windows 8 phones support NFC based transactions, but you need to get yourself a secured NFC SIM with your card details on it. Not exactly lending itself to you simply adding all your payment cards to the device. But this is because the phone carriers want some of the payment transaction action, and it’s a way to stay friends (at the detriment of practicality, customer experience and security).

I haven’t even spoke about costs of supporting NFC for the merchant, which essentially means new hardware, firmware, support and maintenance for that hardware and perhaps updates to their POS if they want to distinguish between a chip and pin card transaction, signature, card not present, or contactless payment, even mobile contactless payment.

So while so many seem to be singing the praises of NFC and perhaps mentioning concerns that the iPhone 5 doesn’t have NFC, I would say no NFC for Apple is a wise move. Apple usually only embrace a technology once it really has proved itself, so not to deter from the customer experience of using their devices. NFC is no different….As a reviewer of the iPhone 5 there are many areas of concern, lack of NFC is for sure not one of them…