The Green Sheet Online Edition
April 14, 2014 • Issue 14:04:01
Spurning of secure element, end of XP support present opportunities
Google Wallet nixed secure element technology for the newest KitKat version of the Android operating system. And Microsoft Corp. ended support for Windows XP. However these developments open opportunities in the market.
Integrated into Google Wallet’s upgraded OS is support for Host Card Emulation (HCE) technology, which allows tap-and-pay transactions to bypass the secure element inside near field communication (NFC)-enabled chips embedded within smartphones.
This means users of phones with previous Android operating systems cannot make mobile contactless transactions at the physical POS. However, by bypassing the secure element, which is controlled by the mobile telecommunication firms, Google is not subject to the wireless carriers' rules for using the secure element.
Smart Card Alliance Director Randy Vanderhoof said Google's endorsement of HCE breaks the telecoms’ control over how contactless payments are made, and thus enables Google Wallet transactions to be accomplished in other ways, such as via the cloud.
If HCE proves to be viable for enabling mobile in-store payments, the carriers will not be able to monetize the secure element by charging a fee for transactions to flow through it.
Additionally, HCE could open up the market so that more mobile wallet providers’ solutions can compete for space on consumers' smartphones, as the carriers would be unable to dictate terms by controlling the secure element. Thus, Google's adoption of HCE "has the potential to be a turning point" for the market, Vanderhoof said.
Visa, MasterCard on board
"The Android HCE feature provides us with a platform to evolve the Visa payWave standard, support the development of secure, cloud-based mobile applications, while at the same time offer greater choice to our clients," said Elizabeth Buse, Executive Vice President, Global Solutions, Visa.
MasterCard added that the open architecture of HCE “greatly simplifies and speeds the deployment process of NFC-based mobile offerings to consumers by card-issuing financial institutions."
The NFC Forum Executive Director Paula Hunter said, "With HCE, transactions take place using credentials stored in the cloud or on the host processor of the NFC-enabled mobile device rather than a tamper resistant secure element, such as an embedded security chip, SIM, or microSD card."
Vanderhoof noted that tap-and-pay mobile transactions still need the NFC chip, with its remote communication functionality. Also, data security is more problematic in the cloud. But Vanderhoof said this new route for NFC transactions is an opportunity to innovate security solutions in the cloud.
XP vulnerability means POS opportunity
The end of technical support for the Windows XP operating system means that XP-based ATMs, as well as POS systems that run on XP, will experience problems if they become infected with malware. But the deadline could be a selling opportunity focused on merchants ready to adopt tablet POSs.
POS provider Revel Systems said merchants want tablet POS systems because they are user friendly and aesthetically pleasing. Also, businesses remaining on Windows XP will no longer be Payment Card Industry Data Security Standard compliant and “will leave themselves and their customers vulnerable to security and malware threats," Revel said.
Microsoft admitted that fraud rose 66 percent two years after it ended support for XP Service Pack 2. An Evolve IP LLC report said that of 1,070 information technology professionals surveyed online, almost 6 in 10 would be unable to migrate all end-user devices to a new OS before support ended April 8, 2014.
For Revel, the appeal of Apple Inc.'s iOS-based tablet POS systems is sleek design and security. "Everyone wants a tablet point of sale," said Chris Ciabarra, co-founder and Chief Technology Officer at Revel. "Everyone knows it's the future. People don't want this old legacy-looking system. They just spent a million dollars on their store. … They want something good looking and, of course, functional."
According to Ciabarra, what distinguishes Apple is its malware impermeability because the software architecture allows only one app to be open on a mobile device at a time. "So it is impossible for one app to steal information from another,” he added.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.