The last two years have seen some extraordinary developments in mobile transactions, not the least of which has been the introduction of the concept of a mobile wallet. The idea behind the mobile wallet is that a consumer can go into a retail location and the use their mobile phone to pay for goods and services.
Crucial to this concept is how and where to store sensitive information and authenticate a user. For the mobile device to be used as an ID or a payment vehicle, the device must be capable of storing information capable of supporting identity. Think of authenticating the user as a chain which starts at the back as a web or application interface…continues onto a server which confirms who you are….then connects to the device to confirm identity and relays that information back to the website or application. If the chain is broken during this process, your identity cannot be confirmed.
Companies like Isis are attempting to do this by integrating with an NFC chip on a mobile device. The NFC chip is a secure element on a phone that would store sensitive payment information in addition to acting as a radio broadcaster and receiver with a pay point. The only problem with using such a chip is that it increases the cost of deploying a phone and leaves the OEM and mobile operator with the difficult choice of who should be allowed access to this functionality.
Companies have taken at least two other hardware-based approaches to address significant portions of the mobile wallet problem.
The first is the use of a SIM card as a means of authenticating a user. In this case, the SIM card acts as a secure storage element which uses SMS as a means of providing a two factor authentication of a user’s identity. This solution is currently being offered by companies such as Valimo, a subsidiary of Gemalto. There are two limitations to this approach:
- It costs too much money to deploy secure element enabled SIM cards to a wide audience of people.
- The approach relies upon SMS as a data bearer which is susceptible to delivery delays. SMS guarantees the delivery of a message, but not the timing of the delivery.
The second provides users with a radio enabled secure SD card, capable of handling mobile authentication. Unfortunately this solution suffers from the same limitations as the use of SIM cards. Cost and its reliance upon SMS make it undesirable.
However, there is another approach to the market which is more efficient, cost-effective, and allows for a greater degree of ubiquity on mobile devices. This approach addresses user authentication and signing through software only.
To date, there are a small number of companies championing the use of software as a pure authentication and signing mechanism on mobile devices. One such company called Encap provides a secure solution that does not rely on expensive hardware integrations. Its solution enables it to securely authenticate users under a variety of different scenarios, such as authenticating bank transactions, mobile payments, digital signing of documents, and verifying user identity. Best of all, with the Encap solution, authentication and signing follow the legal requirements for Europe. This means that purchases and actions taken by users are legally binding in the eyes of courts and therefore should greatly reduce opportunities for fraud and identity theft.
This technology can also open up a variety of new applications for both the cloud and mobile applications in a far more secure environment.
Consider this… Companies today have no standard that they must follow to authenticate a user to provide a service. This opens up the opportunity for an inconsistent and compromising user experience. It also provides companies with a need to mitigate liability with no real means of providing a consistent experience for their customers across platforms. As a result, users have a poor experience because they must memorize passwords and various other authentication mechanisms.
The new technology provided by such companies as Encap opens up the opportunity for service providers to enhance this service to improve user experience. For example, in the country of Slovakia, a company called mTrust has established themselves as a trusted service provider for banks, ticketing agencies, and various other companies. The services of these institutions can now be offered with a consistent user experience, applied across an entire nation. The result is a shared and mutually reinforcing user experience across entire industries allowing for increased user adoption and a better overall experience.
My prediction is that there will be far more uptake with these types of solutions over hardware-based solutions because of the general fragmentation of the overall market. At some point, platform providers such as Google will go back to their roots and understand that they can increase the utilization of platforms such as android far easier by detaching themselves from the hardware restrictions which encumber OEMs today. Within the next three years, there should be a dramatic number of new services offered to consumers utilizing software only authentication and signing solutions.