Where are the development of bank cards headed? - Part 3
2018.02.20. 08:00 | Hírek
In the previous part of the series, we discussed that several inventions are linked to bank cards, in the second part, we wrote about probably the last physical innovations of bank cards, the aroma, display, buttons and built-in battery developed in the first decade of the 2000’s. By the time these had been developed, the world went past them with the spreading of smartphones. But what can we expect from the combination of smartphones and bank cards? In the third part of a four-part series of articles, we unveil the future of digital bank cards with experts from Bancard Ltd.
Mobile payment - since when?
Before we jump to conclusions that smartphones brought us the promised land of digital payment, we soon realize that it’s not true at all. Although there are real card-based cell phone payment solutions today whose spread will reveal the circle of people using cell phones for payment instead of bank cards, according to the expectations of the bank sector, the mobile payment does not originate from this.
First mobile payments were SMS-based when they started in the 90’s. Cell phone service providers created a separate account, called m-commerce, where clients could load cash and pay for certain services via text messages. At first, clients paid for ringtones and operator logos, but mobile payment emerged soon after. The most significant sections of SMS-based mobile payment are e-highway vignettes and mobile parking.
The QR code (Quick Response) is a 1994 invention that was developed in car manufacturing industry, but its use became large-scale only when cell phones with cameras emerged. That is to say information hidden in the QR code could be interpreted, which was usually a web address, thus it could be transferred into the device quickly and simply from a sticker or a screen instead of tiring typing prone to errors. Attempts have been made on card-based payment with QR codes, such as the MasterCard Mobile application released in November 2011,but discontinued since, with which you could pay bills by scanning the code on Telekom accounts. A similar attempt was made in the grocery store chain G’Roby, where goods could be purchased by QR codes on billboards or we could donate to charities, such as Red Cross.
OTPay, Barion and Simple apps feature QR code payment (in stores) today at contracted sites, and the most popular iCsekk app, launched in 2012, has enabled QR code payment on printed bills since 2010 using any bank cards for the price, and it’s mandatory to include QR codes on bills since 2015. (Inclusion of QR codes are mandatory also on partially filled out bills from January 1st 2018). In addition to the above mentioned, a QR code appears on desktop screens after each web accepting of OTP Bank promoting the payment of the transaction by OTP SmartBank app, instead of a bank card.
Payment on an OTP web site accepting QR codes via OTP SmatBank app (source)
So there are several examples in Hungary for QR code payment, however, Bancard experts do not expect breakthrough in mobile payment from this, much rather from the NFC technology introduced with contactless cards that has a developed, or at least being developed worldwide acceptance network, so it doesn’t need further development from the accepting side (not including the POS terminals enabling contactless payment or their software updates, but it’s mandatory each year according to security and technological provisions anyway). Therefore we’ll use contactless payment with cell phones in the future similar to the way we pay with physical cards today. Although the PIN will be entered in the cell phone instead of the POS terminal and there will be a few small changes too.
Tokens will go with the cell phones instead of card information
The evolution of bank cards in the aspect of physical cards is clearly over. The future of development will primarily focus on integrating the contactless cards into cell phones that will feature contactless payment technology (with an NFC circuit in the device, hence the NFC feature) like the physical contactless cards, and they will do a pretty good job.
If our biggest problem was that if we lost our bank card, every information was available for fraudulent web shopping or using it for contactless payment under 5000 HUF without the need of the PIN, then we can sit back and relax with the new mobile payment: the bank card installed or “digitalized” in our cell phone will be unusable after losing it for various reasons.
Firstly: this technology is designed to assign a sequence of numbers, known as token, to the bank card in the cell phone when it’s digitalized (which takes only a few seconds) by the client, so the card information will not be stored on the cell phone without the need of encryption. Even if somebody gets the information, he won’t be able to do anything with it because the card company will know immediately that it’s not coming from the original environment (so the company accepts integrated bank card tokens only from cell phones, beside other types of checking of course).
Secondly: consistently with the above mentioned, card numbers travel only between card companies and banks, as we can see in the next figure. Between the accepting bank and the trader’s or the client’s cell phone, thus the card number never travels in a sensitive environment in terms of information security.
The process of tokenized payment - we can clearly see that only tokens and not card numbers are sent to clients (source)
Thirdly: Each and every transaction assigns different tokens, so the same data cannot be used again for another payment. This is why sooner or later mobile payments will require internet connection and - as the figure shows - the device will pre-download the tokens needed for the next payments directly from the card company server, one for each payment.
Fourthly: if the biggest liability was the client not focusing on security enough, the new system will resolve this too: mobile payment can only be carried out with some sort of code or password at the POS terminal as opposed to physical contactless cards. We can only pay under 5000 HUF without a code, and only when the client deliberately wants to use it this way, but this setting is not even available in several apps. Additionally, the NFC circuit can be switched off on the cell phone rendering it useless for payment, while contactless cards has no such options, the NFC circuit is always “engaged” in them.
So if somebody loses his cell phone, it will be in greater safety than he would have lost his bank card. (Of course, in case the cell phone is lost, we must call the bank and disable our mobile contactless card as with physical cards too).
In the fourth part of the series, in our final columns we present specifically the mobile payment solutions in Hungary, as well as global ones, and mention the most crucial security properties and differences in the solutions in Hungary.