Mobile Wallet Technology
May 10th, 2017 by Elma Jane

Mobile Wallet Technology have flooded the market in the last few years with offerings such as Apple Pay, Android pay, Samsung Pay and more. And so far, they seem to be succeeding.

To understand how contactless payments work, here is an example.

A smart phone like Android or iPhone allows you to take advantage of mobile wallets like Android Pay, Apple Pay or Samsung Pay. You input your credit card information onto your phone, which stores it for later use.

If you’re shopping at a store that has mobile payment readers at the register, rather than reach for your wallet and get your credit card; you take out your phone to make a payment.

The point-of-sale (POS) terminal will automatically reads the payment information stored by holding your mobile phone a few inches away from the POS, and then processes the transaction. When the mobile device is in range, a wireless communication protocol links the terminal and the phone, which exchange information and conduct a secure transaction in a fraction of a second.

Near-field communication or NFC technology, works by bringing together two electronic devices. In terms of payments technology, a mobile device such as a smartphone and a reader. The reader would be the initiator and the smartphone would be the target, which contains the stored credit card information.

The market potential for NFC payment technology is huge, as more merchants adopt the EMV. EMV compliant terminals accept NFC payments through mobile wallets.

For Electronic Payment set up call now 888-996-2273! 

 

Posted in Best Practices for Merchants, Credit Card Reader Terminal, Mobile Payments, Near Field Communication, Smartphone Tagged with: , , , , , , , , , ,

December 1st, 2016 by Elma Jane

The All in One Smart Terminal!

Smart Terminal

Finally, a dynamic all-in-one smart terminal that offers a turnkey solution for customers to immediately implement in their place of business. Think of it also like a smart phone for accepting payments.

Function meets Form

Enables the speed of business with a modern, engaging design. Here are a few highlights:

  • Dual, interactive touchscreens for the customer and cardholder.
  • Built-in intuitive software, PIN pad and also signature pad, and printer.
  • Charging dock station that includes extra USB ports.
  • One card slot for EMV/MSR transactions.
  • NFC enabled to accept contactless transactions, for example ApplePay.
  • Mobile and web applications to help owners manage their business from anywhere.
  • Ability to print, email and also send SMS receipts.

 

Smart Terminal

Sleek modern device that delivers an incredible customer experience, therefore a great option for retailers, coffee shops, and pop-up shops.

Smart Terminal

It comes with the powerful security of Safe-T built in.

For your EMV/NFC terminal needs give us a call at 888-996-2273.

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , ,

September 17th, 2014 by Elma Jane

Host Card Emulation (HCE) offers virtual payment card issuers the promise of removing dependencies on secure element issuers such as mobile network operators (MNOs). HCE allows issuers to run the payment application in the operating system (OS) environment of the smart phone, so the issuing bank does not depend on a secure element issuer. This means lower barriers to entry and potentially a boost to the NFC ecosystem in general. The issuer will have to deal with the absence of a hardware secure element, since the OS environment itself cannot offer equivalent security. The issuer must mitigate risk using software based techniques, to reduce the risk of an attack. Considering that the risk is based on probability of an attack times the impact of an attack, mitigation measures will generally be geared towards minimizing either one of those.

To reduce the probability of an attack, various software based methods are available. The most obvious one in this category is to move part of the hardware secure element’s functionality from the device to the cloud (thus creating a cloud based secure element). This effectively means that valuable assets are not stored in the easily accessible device, but in the cloud. Secondly, user and hardware verification methods can be implemented. The mobile application itself can be secured with software based technologies.

Should an attack occur, several approaches exist for mitigating the Impact of such an attack. On an application level, it is straightforward to impose transaction constraints (allowing low value and/or a limited number of transactions per timeframe, geographical limitations). But the most characteristic risk mitigation method associated with HCE is to devaluate the assets that are contained by the mobile app, that is to tokenize such assets. Tokenization is based on replacing valuable assets with something that has no value to an attacker, and for which the relation to the valuable asset is established only in the cloud. Since the token itself has no value to the attacker it may be stored in the mobile app. The principle of tokenization is leveraged in the cloud based payments specifications which are (or will soon be) issued by the different card schemes such as Visa and MasterCard.

HCE gives the issuer complete autonomy in defining and implementing the payment application and required risk mitigations (of course within the boundaries set by the schemes). However, the hardware based security approach allowed for a strict separation between the issuance of the mobile payment application on one hand and the transactions performed with that application on the other hand. For the technology and operations related to the issuance, a bank had the option of outsourcing it to a third party (a Trusted Service Manager). From the payment transaction processing perspective, there would be negligible impact and it would practically be business as usual for the bank.

This is quite different for HCE-based approaches. As a consequence of tokenization, the issuance and transaction domains become entangled. The platform involved in generating the tokens, which constitute payment credentials and are therefore related to the issuance domain, is also involved in the transaction authorization.

HCE is offering autonomy to the banks because it brings independence of secure element issuers. But this comes at a cost, namely the full insourcing of all related technologies and systems. Outsourcing becomes less of an option, largely due to the entanglement of the issuance and transaction validation processes, as a result of tokenization.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,