CHICAGO, IL., April 8, 2014 (GLOBE NEWSWIRE) -- Aconite, the leading provider of smart product management software and EMV Enablement supplier to major corporations, announces support for the new mobile payment infrastructure based on Host Card Emulation (HCE) and Tokenization.
New features in smartphone operating systems coupled with announcements from card brands and EMVCo have breathed new life into mobile payment using NFC at the Point of Sale – the idea that a phone has to have an EMV-like payment application installed in a Secure Element to support mobile payment has been overtaken. The new direction the mobile payments proposition is taking is being defined by HCE and Tokenization.
At Aconite we believe that existing card issuers need a simple way to enable their customers to use mobiles to pay at POS terminals. The good news is that HCEwill ease the process, while Tokenization will make mobile payments even more secure than standard EMV cards. And to the POS the payment will still look like a regular EMV contactless transaction, preserving the technical and commercial infrastructure of existing card payments.
HCE allows an app installed in the phone – in regular phone memory like any other – to talk to the NFC hardware, when previously this was restricted to apps in the Secure Element, which are difficult to download and manage. Now it will be easy for a customer to download and install a payment app from their card issuer. But regular phone memory is not secure, so neither the secret keys used to protect EMV transactions nor the PIN or passcode can be stored there. This is where 'H' for Host comes in – all the information that needs to be stored securely is held in a server in the cloud, which the phone can access over the internet.
Likewise the PAN (or Card Number) should not be stored in non-secure phone memory, so the issuer or a service provider can tokenize it, that is, give it an alias. And a token used in place of the real PAN can have other properties too. Its use can be restricted to a specific merchant or group of merchants, or it can be limited to use between specified dates, to a set number of transactions or to a maximum spend amount. So if token data is stolen, its use to a fraudster is virtually zero.
The issuer will be able to push tokens to the customer's phone or the customer may request a token from a Token Server, operated by the issuer or by a service provider. Meanwhile, behind the scenes, issuers can apply risk management processes that will control the availability and usage of the tokens that a customer can receive.
Enhancements to existing Aconite products enable the features needed for issuers to operate an HCE and token-enabled service, including real-time data preparation, distributed EMV transaction processing, remote CVM management and mapping risk scores to card/token profiles. Issuers that are weighing an entry into the mobile payment world can start planning their programs now based on the use of Aconite products, secure in the knowledge that forthcoming releases will continue to lead the field with innovative support for these and other new industry initiatives.
Aconite delivers software solutions and provides consulting expertise for managing smart products — business applications on chips in smart cards, tokens or mobiles to issuers around the world. We provide a rapid and cost-effective route to implementing new customer propositions, entering new markets and complying with international standards.
Incorporating a unique blend of proven software and professional services, Aconite solutions can be tailored to meet individual business requirements without the need to replace legacy systems and with minimal impact on staff and processes.
Based in the UK, Aconite operates across the globe, with a local presence in many markets.
EVP Sales and Marketing
t: +44 (0)20 7713 4800