Last week, two of my friends asked me “What is Mobile Wallet?”. I realized that I need to put aside my excitement over NFC-enabled iPhone6 and just explain the basics in plain English.
A mobile wallet enables you to use your mobile phone for making payments while shopping. Your credit card information is entered and saved in your mobile phone. To simplify the story, I will only focus on two NFC Mobile Wallets: Softcard and Apple Pay.
A mobile wallet is composed of a few components: a mobile application (app), payment options (credit cards), an authentication method for user identification, and an option for wireless transmission.
- Mobile app: You can download Softcard (formally ISIS Mobile Wallet) from the Google Play Store if you have an NFC-enabled Android phone. If you have an iPhone 6, iPhone 6 plus or iWatch, you can download Apple Pay app from the Apple Store on October 20th, 2014.
- Payment options: The mobile app allows you add credit card information into a mobile wallet.
- Authentication: Softcard requires you to enter a 4-digit pin upon payment. Apple Pay uses Touch ID, a finger print identity sensor.
- Wireless Transmission: NFC (Near Field Communication) is used for both Softcard and Apple Pay. Any NFC-enabled phones such as most of the Android phones and the iPhone 6, can tap an NFC-enabled reader to activate wireless communication between a mobile phone and a cash register that is NFC-enabled.
To Use Softcard (formally ISIS) Mobile Wallet on an Android Phone
- Make sure that the NFC functionality is enabled on the device.
- Ensure your device is equipped with the required Enhanced NFC SIM card with Secure Element.
- Download Softcard Mobile Wallet app from Google Play Store.
- Set up an access PIN.
- Add the method of payment.
- Use the NFC device to pay your bill at stores that have NFC readers.
- Open the Softcard Mobile Wallet app and enter your PIN.
- Select a payment card to use.
- Hold the back of your phone over the contactless symbol on the terminal at checkout.
To Use Apple Pay Mobile Wallet on an iPhone6
- If you don’t have Passbook setup, add the credit or debit card from your iTunes account to Passbook by simply entering the card security code.
- Add a new card, use your iSight camera to instantly capture your card information or simply type it in manually.
- The first card you add automatically becomes your default card.
- Download iOS 8.1
- Use iPhone to pay your bill at stores that have NFC readers
With NFC mobile wallet, you don’t need to carry your credit cards around anymore. It is a safer approach since every transaction has a unique transaction ID and it’s authenticated. Apple Pay seems providing a simpler user experience based on Apple’s website. “One touch to pay with Touch ID. Now paying in stores happens in one natural motion — there’s no need to open an app or even wake your display thanks to the innovative Near Field Communication antenna in iPhone 6. To pay, just hold your iPhone near the contactless reader with your finger on Touch ID. You don’t even have to look at the screen to know your payment information was successfully sent. A subtle vibration and beep lets you know.”
Another note about iPhone6 and iPhone6+, they are really more of an NFC-enabled mobile payment device rather than an NFC-enabled device. All other NFC functionalities besides Apple Pay, have been disabled by Apple.
See more details in my newly released book “Everyday NFC Second Edition”. http://amzn.to/O76fQY
September 9th was an exciting day for NFC enthusiasts and evangelists. Apple announced that iPhone6 would offer Apple Pay, a mobile payment functionality based on NFC (Near Field Communication). The NFC community praised the announcement with relief, “It’s about time.”
The NFC community had hoped that Apple would have adopted NFC for iPhone 5s/5c in 2013. Apple endorsed BLE(Bluetooth Low Energy) instead while continuing to obtain NFC patents. Without Apple’s adoption, NFC has been moving slowly due to the lack of consumer technology awareness. Apple has influenced consumer behavior with an appealing experience and an innovative implementation. I expect that Apple Pay would help consumers to become familiar with NFC.
Before the announcement, on September 8th, the NFC community had the following questions:
- Will iPhone6 be NFC-enabled? If it is, what NFC mode will be offered for public use?
- What type of mobile payment model will be deployed?
- Will an app development framework be offered?
- What will be the user experience?
Now, a day after the excitement, the NFC community has more questions:
- Is iPhone6 capable of reading NFC tags?
- Can the Softcard (formally ISIS) mobile wallet be used with the iPhone6? What’s the impact to the Softcard?
- Will the NFC feature be configured on/off in the Setting? What is the default setting?
- What is the Apple Pay infrastructure?
What are other questions/thoughts in you mind?
Yesterday when I was checking out at the Wholefood Market, I was delightfully surprised by their new NFC-enabled reader. At the top of the screen, it said “Swipe/Tap Your Card/Phone”. According to the excited cashier, I was the first one using my phone to pay.
ISIS Mobile Wallet has been available since November 2013. Jamba Juice was chosen as the main promotion partner; a free drink for payment made with ISIS. Jamba Juice was committed to give away one million drinks. For a while, I was having Jamba Juice every day. What a treat!
James D. White, chairman, president and CEO of Jamba Inc., in a company press release, said “Facilitating 1 million transactions through the mobile wallet over the last seven months confirms that the era mobile commerce has arrived. I am proud that Jamba has been able to serve as a leader in the space”.
I appreciate their leadership for this emerging technology.
There are many discussions about Apple’s potential mobile payment and the possibility of an NFC-enabled iPhone 6. I think it might be helpful to describe two approaches to implement an NFC mobile payment. If you want more technical information, please check out the details in this Android page.
I. SIM based Secure Element (SE):
In order to be able to use ISIS mobile payment, you need to get an ISIS SIM card from your service provider. The SIM card includes a Secure Element (SE) that contains your credentials.
When an NFC Reader is tapped by an NFC device, the NFC Controller routes traffic to the SE for authentication.
This approach is very secure because it is difficult to hack the SIM card.
II. Hosted Card Emulation (HCE):
When you use Google Wallet, you don’t need a specific mobile payment SIM. Google wallet uses HCE.
The NFC card is emulated using HCE. When an NFC Reader is tapped by a device, the data is routed to the host CPU. This approach uses the credentials that are stored in a remote server for authentication.
HCE is considered to be a threat to the SIM-based SE and is adopted in various NFC secure applications.
Now the questions is “When iPhone adopts NFC, which mobile payment approach will it choose?”
Source of pictures: developer.andriod.comhttps://developer.android.com/guide/topics/connectivity/nfc/hce.html
Yesterday (7/14/2014), the WSJ posted an article “The Password Is Finally Dying, Here’s Mine”. Mr. Christopher Mims revealed his twitter account’s password to his readers to make the point of “password is dying”. He wrote “Google is working on an as yet unnamed protocol that allows you to connect to your online accounts on any device by authenticating yourself with your smartphone.” He explained that using the device-based authentication was more secure than using a password.
Using a Smartphone for digital authentication is also a mechanism that is built into mobile wallet; for example ISIS Wallet uses Near Field Communication (NFC) SIM-based solution and Google wallet uses NFC Hosted Card Emulation (HCE) solution. So whatever Google is working on probably is also an NFC based solution.
In June, AT&T introduced NFC Connect that enables customers to use digital credentials on their mobile device. The system is being piloted at Tulane University in New Orleans and Quinnipiac University in Connecticut. Students use Samsung Galaxy S III, an Android smartphone and an NFC SIM to access buildings, meal purchases, laundry, copying and printing. This system requires a Trusted System Manager (TSM) to provision a user’s digital credential into SIM Secure Element (SE) over the air when one signed up the service.
It is likely that Google’s digital credential solution is not a SIM-based solution based on its development of Google Wallet. The cost for users could be lower since a provisioning TSM is not required. That’s my speculation.
In another note, in the AWS Summit NY last week (7/10/2014), Amazon announced Amazon Cognito, one of the new Amazon Mobile Services, as a fully managed user identity and data synchronization service. The goal of the service is to help users securely manage and synchronize app data across their mobile devices. It looks like the Mobile market is Amazon’s next move.
It will be interesting to watch the development of digital authentication with smart devices. What is your thought on this topic?
On June 23, 2014; Barron posted an article about iPhone 6 after an Asia trip. It mentioned “Following supply-chain conversations, we are increasingly confident that the iPhone 6 will support near field communications (NFC) radios supplied by NXP. This is consistent with our prior view of NFC in the iPhone 6 given the deployment of mobile NFC-enabled VeriFone terminals in Apple stores, the China UnionPay agreement, Apple payment patents and NXP’s mobile-payment licensing agreement. Additionally, we believe Apple will deploy an NFC radio without the secure element in the iPhone 6. While some investors may be disappointed by an NFC-only solution, we view this as a positive and incremental revenue opportunity for NXP. We anticipate an iPhone 6 NFC win to represent a significant catalyst for NXP.”
If NFC is integrated into iPhone6, it will be disruptive to the mobile payment ecosystem. Currently, Google Wallet and ISIS Wallet are leading the mobile payment market in the United State. Google uses Host Card Emulation (HCE) and ISIS uses SIM-based Secure Element (SE) for authentication.
Google has tried SIM-based SE approach for Google Wallet. That approach didn’t work since telecoms blocked the Google Wallet app. That’s why Google Wallet adopts the HCE approach that doesn’t have a dependency on telecoms.
ISIS Wallet was released in 2014. It’s a product sponsored by AT&T, Verizon and T-Mobile. ISIS runs on NFC-enabled Android phones and iPhones when an external NFC case is attached. ISIS Wallet uses SIM-based SE for authentication to provide ultimate security. ISIS wallet has encountered adoption problems since it was released. Two main reasons were 1. Consumers were not familiar with the NFC technology and didn’t know they were carrying an NFC-enabled phones; 2. IPhone doesn’t have NFC capability and iPhone users had to buy and carry an external case in order to use ISIS Wallet.
If iPhone 6 is NFC-enabled, it will help promoting NFC applications including mobile payment. iPhone might not use SIM-based SE for its mobile wallet solution to eliminate the dependency on Telecoms. And it does not stop telecoms from offering the ISIS solution with it. The reason is that ISIS Wallet is an app that requires ISIS enabled SIM to operate and telecoms own the SIM cards. The ultimate choice might be up to the consumers and the mobile payment market will start emerging.
I can’t wait to see an NFC-enabled iPhone and the mobile payment market evolution. The Money Event will be hosted in CTIA on September 9 to 11 in Las Vegas. That’s a good place to be if you are interested in mobile payments.
SIMalliance published a whitepaper last month entitled “Secure Element Deployment & Host Card Emulation”. It stated that, “SIMalliance contends that while HCE is good for the NFC ecosystem as a whole, the technology remains immature, unstandardized and, relative to SE-based deployment, vulnerable to malicious attack.”
In general, an evaluation becomes meaningful when context for it is set. I am glad to see the white paper set the following context: “Given HCE’s current and anticipated limitations, SIMalliance considered HCE to be best utilised in use cases where stringent security requirements, optimal transaction speeds and always- available functionality are not mandatory.”
Secure Element (SE) is a more mature and established technology supported by standards groups (ETSI, 3GPP, GlobPlatform and Java Card). Not only does it provide more security for NFC services, but also it has an established certification process. At the same time, SE embedded in SIM cards are controlled by the telecoms, and SE embedded in devices are controlled by device manufactures. They are not open to developers to use freely. Therefore SIMalliance recommends that, “MNOs should request OEMs to implement default NFC routing to the SE”.
So the questions are how many NFC apps need to have stringent security requirements, and how fast telecoms and device manufacturers can implement default NFC routing to the SE. Telecoms and device manufacturers want to make a profit by controlling SE access. That’s why Google is using HCE to implement Google Wallet thereby bypassing the control. I think HCE is here to stay until all stakeholders decide to work together in allowing NFC technology to develop to its full potential.
On April 17th, David Marcus, President at PayPal said, “I’ve been looking at three technologies that might truly change the retail experience as we know it.”
One of the technologies David is looking at is NFC HCE (Host Card Emulation). It is an alternative way of using SE (Secure Element) to implement security mechanisms for NFC technology. In my previous blog, I explained why Google has chosen HCE. David Marcus said, “I’m moving from being a massive skeptic of NFC, to being cautiously optimistic on NFC HCE take-up in very specific shopping use cases.”
He envisions two scenarios that would popularize NFC. One is the credit card EMV movement, which would lead to more NFC-enabled terminals at points of sale, and the other is Visa embracing the HCE approach.
I understand David’s point coming from the payment industry leader he is. At the same time, I believe that NFC will take off regardless of payment trends. From my personal experience advocating NFC to business owners, the technology is received with excitement. Entrepreneurs are inspired by the possibilities presented through the integration of NFC tags and chips for enhancing and marketing their products and services. They also wonder why they haven’t heard about the technology sooner.
AT&T, T-Mobile and Verizon spent a huge amount of money on ISIS mobile payment implementation based on NFC, yet they are not promoting the technology proactively or effectively. Not many subscribers know about NFC or ISIS. What is the missing link?
This is a follow up blog about my exploration on the use of the ISIS Mobile Wallet. I needed to return my iPhone ISIS case to the AT&T store since it didn’t work well. I decided to continue my hands on ISIS experience and picked up an Android phone. I chose the HTC One.
Here is what I have performed:
- Download the ISIS mobile app:
I downloaded the ISIS mobile app from Google Play Store and attempted to sign on to the ISIS mobile wallet. I had forgotten both my password and the answer to my security question. My ISIS account was locked after a few attempts to sign in. With such a security mechanism in place, I felt more comfortable as a mobile wallet user. I called AT&T customer support and they reset the ISIS password for me in a very efficient manner.
- Set up of the ISIS Mobile Wallet:
To my surprise, my ISIS wallet was empty and I was asked to add all cards into it.
This is the message I received:
“This is an important service alert from Isis.
Your Isis Mobile Wallet was transferred to a new phone. Any existing installations of your Isis Mobile Wallet will be disabled while you complete the reinstallation process on your new phone.
As part of this process, you may be required to re-activate Payment Cards by your issuers.”
OK, I get it. When I bought a new wallet, I would need to move all of my cards to my new wallet. Since this is a digital world, I expect more from my digital wallet. A better experience would have been for all the cards associated with my wallet being moved to a new phone automatically. Are these cards not associated with my ISIS wallet in the data base? Why do I have to key in all of the information again?
I was also notified that my iPhone wallet was not available. It seems that ISIS only allows one active wallet and each time the wallet needs to be re-associated with all of the cards.
- Get Jamba Juice:
The experience at the Jamba Juice store was good. This is the store that was having trouble receiving ISIS wallet from the iPhone case. It received ISIS from HTC One instantly. I am happy about the experience.
- Read NFC tag:
I used the HTC One to scan an NFC tag on my book and it didn’t ask for my permission; “do you want to accept the NFC connection?” as my Galaxy III did. Instead, it scanned the URL in the NFC tag and went to my author’s page at Amazon. It’s good to see the read/write mode working and it’s not good to see that there is no security provided. In this case, when my phone is approaching any NFC tag, it will read it and put the phone in danger of a virus attack.
Overall, it’s a better experience to use an NFC enabled phone to perform ISIS Mobile Wallet activities than using an NFC embedded iPhone case. Stay tuned for more exploration.
I am getting a bit tired with my ISIS enabled iPhone. The case added weight to my iPhone. Most of the ISIS transactions didn’t work well. The only good thing is that I am getting free drinks from Jamba Juice until the end of March. Other than card emulation mode, none of the other NFC modes work. I can’t tap an NFC tag or an NFC enabled phone with the case to get the full benefits of NFC. I think I might switch to an Android phone. Most of the Android smartphones are NFC enabled.
Looking back at the history of NFC’s development, I find the situation kind of ironic. We had an NFC enthusiast, Google, demonstrate NFC card emulation mode’s value by implementing mobile wallet. Telecoms disabled the capability from the phones because they were developing their own mobile wallet solutions and wanted to control SIM-based NFC. So Google dropped SIM-based NFC, the most direct and secured way to protect security and privacy with Secure Element, and implemented HCE (Host Card Emulation) based mobile wallet. Even though it’s not as secure as a SIM-based solution, the HCE solution is beyond the control of telecoms.
Control provokes innovation by requiring creative solutions to market dominant. History repeats!
On the other end, Apple has been filing patents for NFC communication technology but still hasn’t added NFC capability into their devices. Their blue ocean strategy is to find a market space with no competitors. At the same time, their actions have slowed down the adoption of NFC technology and pushed BLE forward. Apple is also exercising a control with its vast user market. Again, innovation will emerge to escape the control. History will repeat.
NFC Solutions Summit 2014 will be held in Austin, TX on June 2-4. I trust that the NFC ecosystem will demonstrate strength and creativity on mobile wallet solutions through collaboration and innovation. Extreme early discount to purchase a ticket is available until April 2nd. Reserve your seat now!