Those in the payments industry – banks in particular – have a significant opportunity to transform their customer engagement, and it comes in the form of the mobile device. The ability of mobile technology to facilitate anywhere, any time interaction is leading to innovations in customer relationships and loyalty. Of the mobile payments approaches available today, three are well suited to banks, yet they all rely on a major component that banks do not directly control. However, banks do control their infrastructure on the back end, which has been proven trustworthy at both safeguarding all critical keys and payment credentials and minimizing fraud risk.
For each of the three mobile payment models to be discussed, hardware security modules (HSMs) play a significant role. They overcome the security vulnerabilities and performance challenges typically associated with software-only cryptography. The following sections describe each of the solutions, demonstrating how banks can leverage their existing HSM infrastructure to deliver secure offerings for each while managing risk, helping to reduce fraud and, most significantly, overcoming any inherent weakness of standard mobile devices.
Secure Elements (SEs)
The first model to explore is that of the secure element (SE), which is essentially putting a payment chip card inside a mobile phone. The SE typically takes one of three form factors: embedded (owned by the handset manufacturer), a universal integrated circuit card (or UICC, owned by the mobile network operator) or MicroSD (owned by the bank). The option with most industry collaborative activity currently is the UICC model, which has comprehensive GlobalPlatform specification support and an associated formal testing and certification infrastructure. Apple Pay is a specific implementation introduced with Apple iPhone 6 devices that employs an embedded secure element under Apple control.
Although a mobile device’s operating system is not a trusted entity in and of itself,
SEs are implemented such that any operating system application running on the phone cannot access the SE and its contents; the SE is connected to the near field communication (NFC) controller by a special secure channel called the single wire protocol (SWP). Providing the phone is not rooted or jailbroken, there is no way for any application to legitimately intercept the data to or from the SE. This makes the SE behave just like a contactless chip card. The security of the solution is therefore reliant on the secure provisioning of the SE that for most banks will involve the use of a trusted service manager (TSM).
In order for a bank to support SEs, it needs HSMs to securely manage keys and payment credentials together with the interface to the TSM. It is likely that the bank will need to migrate to a token management system that can manage cards as well as the SEs.
Mobile Person-to-Person Payments (P2P)
Many banks are now providing mobile P2P, a service that facilitates transfer of money between two parties without either one having to know the bank account details of the other. There are two major pre-requisites for banks – the country where the bank wishes to offer the service must have a real-time payment infrastructure capable of supporting P2P and the bank must be registered with that service, meeting all of the necessary security requirements.
There is normally no direct revenue to the banks from transaction fees arising from use of this service in the developed world, unlike the other mobile payment solutions covered in this article. The business drivers for banks are in helping their customers become more efficient and leveraging their existing mobile banking platform to offer an alternative to cash and checks which in turn helps banks to lower their branch infrastructure costs.
To secure all credential storage and transaction messaging between the banks and the central service provider, the vast majority of the trust infrastructure involves the extensive use of HSMs. Each system is proprietary and therefore specific implementation details vary but there are some common critical tasks where HSMs are involved.
The service provider will have initially created the underlying real-time payment platform with bank involvement. Typical HSM deployment includes:
•