Resources / Opinion / Mobile commerce - the second coming?

Mobile commerce – the second coming?

A couple of weeks ago at the Apple WWDC, Apple quietly announced support for NFC tags. This surprised many, not because it is innovative, but because it’s so old.  

NFC tags were a feature that was supported on the Nokia 6131 flip-phone (amongst many other devices) a decade ago. Most Android OEMs have also been offering this feature for years, although you could be forgiven for not knowing this, as use cases have become almost extinct of late.

I remember programming NFC tags in 2008, which I then attached to the bedpost of my childrens’ beds (much to the chagrin of their mother).  The tag was programmed such that when they tapped their Nokia phone against it at bedtime, it set their phone alarm for school. We had another tag that connected you to the house wifi. OK, both these use cases are kind of geeky, but they were fun and highly engaging – touching an NFC tag with a phone is a very human and enjoyable thing to do – and I know that I am not alone in believing such use cases should have, and would have, grown, had Apple supported this technology earlier.

Nokia 6131 NFC phone in tag-reading action, circa 2008

Mobile payments (which use NFC card emulation) have also been around for as long as NFC tags have and, today, any consumer could be forgiven for feeling overwhelmed by choices for paying by mobile. Device manufacturers (OEMs) are launching solutions – ApplePay, AndroidPay, SamsungPay, Huawei Pay, LG Pay – plus various independent bank owned HCE cloud-based solutions as well as retailers/merchants.  This has led to a confusing array of choices for the consumer, and yet it still feels like mobile payments hasn’t even left the starting gate yet, primarily because many of these solutions lack compelling (value-added) use cases.  Simply tapping your smartphone to pay, instead of tapping your contactless plastic card, just isn’t good enough.  It might turn the heads of a few industry nerds, but it won’t change the behaviour in the mass market.

Javelin strategy illustration of the confusing array of mobile wallet solutions available to consumers (2016)

As I wrote a couple of years ago, mobile payments are stagnating because no-one is offering anything new and I, and many others, argued that value-added services were needed to underpin the experience, to create genuine and tangible benefits over and above an otherwise flat payment experience at PoS.

NFC tag reading offers precisely this – tap the smart-poster to collect your discount/offer/voucher, store it in your digital wallet and redeem at PoS. Tap the product to instantly read more detailed product information. Tap the box to instantly register your product, or tap the phone icon to call customer services. The list is endless.  Suddenly the mobile commerce experience offers consumers real value over and above a dumb plastic card and that, in turn, opens up a myriad of opportunities for innovative service providers. But without Apple, which could mean up to 50% of your regional smartphone users, the technology never really took off and mobile payments have continued to bob along the bottom of a very deep J-curve.

Now this may be about to change.  When Apple release iOS11 in the autumn, NFC tag support will finally be available on virtually every new (and the majority of existing) smartphones across iOS and Android. Apple will almost certainly create compelling use cases (incidentally this won’t just be in payments, but also in IoT, e.g, painlessly pairing your new smart ‘thing’ to your home network, gaming, interactions at concerts/events) all with a simple NFC tap.

Android users will rightly boast they have had this technology for years, and that would be correct, but we haven’t seen these compelling use cases, which is what Apple are very, very good at. And it’s for this reason that I believe Android will also enjoy a resurgence in NFC tags and use cases just as enticing as the Apple ones.

Shopper tapping smartposter for product information

Let’s look again at mobile payments. To deliver the compelling mobile commerce experience on an iPhone, you need a combination of secure hardware (for storage of critical data, cryptographic keys, etc., called a ‘secure enclave’), tokenisation of card payment data (offers additional security for payment), secure biometrics (secure and simple authentication) and now NFC tag read (simplicity and value added services).  With all this you can securely and simply pay with your smartphone, collect and redeem rewards and interact easily with other (Io)Things.  But, importantly, all this capability is also available on Android phones too.  Google now mandates hardware-backed security, Android OS and OEMs also support tokenisation (alongside HCE), most OEMs now offer secure hardware-backed biometric authentication and, as stated earlier, they have supported NFC tags for many years.

The key difference is that, whereas Apple is one contained ecosystem, Android is many. The benefits of Android – its openness, competition and product differentiation – make it much more challenging to provide a consistent user experience. Samsung interpret things differently to Huawei, who interpret things differently to LG, etc. And one of the biggest challenges lies in security provision. For any Android application that wishes to leverage Android’s ‘hardware-backed security’, it typically has to work with multiple players in the ecosystem – secure element (SE) owners or, increasingly, Trusted Execution Environment (TEE) vendors. This has been both complex and challenging and has been a significant barrier to delivering cross-platform, highly secure but very engaging consumer services a la Apple.

That is, until now.  Trustonic has been building out its TEE ecosystem on connected devices (including Android smartphones) for almost five years. Working with silicon vendors and device manufacturers (OEMs), Trustonic has integrated its open TEE technology in more than 1 billion connected devices globally. 9 out of the top 10 Android OEMs now support Trustonic’s TEE, which has the additional benefit of also being ‘open’, meaning that it is available to 3rd party service providers, such as banks and other financial service providers, as well as to the OEMs.

Any service provider can make one integration with Trustonic and have access to hardware-backed security across the majority of Android devices, irrespective of silicon vendor or OEM. But, furthermore and most importantly, Trustonic recognises that service providers need to reach all their customers, even those with smartphones that don’t have an open TEE, like iPhone users.  So, for that reason, Trustonic offers a hybrid protection solution (called Trustonic Application Protection – TAP). A service provider can make a single integration using the TAP SDK from Trustonic and leverage the power of the TEE in more than 1 billion devices, but can also take advantage of market-leading software protection (based around white box cryptography and code protection techniques) everywhere else. One integration bringing optimal security to all devices.

The future is bright once again for mobile commerce, not just for Apple customers, but also for Android customers too.

Contact Trustonic to find out how easy it is for you to integrate TAP into your mobile banking or mobile payments solutions today.

by Andy Ramsden, Marketing Director, Trustonic