[Dave Birch] There's been considerable interest in our post last week drawing attention to the first public announcement of using NFC in a mobile handset for EMV transactions that do not need a Secure Element (SE) and, naturally, some people have been asking us how it works. Before I return to the specific case of Bankinter, let me just make a general point about what is going on here.
As I mentioned to a couple of the people who e-mailed me, we have been working on non-SE EMV over NFC for more than two years now, so we know rather a lot about this at Consult Hyperion. In fact, we know everything about it, so I thought I'd follow up with a slightly more detailed description of the general class of solution. To understand how this class works, you have to understand how EMV works (not what it does, but how it works). In particular, you need to understand something about the keys and certificates that EMV uses to implement the cryptography required for secure transactions. If you are interested in understanding how EMV uses cryptographic keys and certificates to deliver secure transactions, the good people at Cryptomathic have a nice PDF that you can download.
Entitled “EMV Key Management – Explained,” the Cryptomathic white paper provides an overview of the cryptographic processes involved when issuing and managing payment card and mobile applications based on EMV chip card technology.
To greatly simplify, your EMV card contains a cryptographic key that is valid until the expiry date of the card. If the bad guys could get hold of this key (they can't, because it is in the tamper-resistant chip on the card and is never given up) then they could make a clone of your card and go off on a spending spree. So how can an app use EMV without using a key stored in a tamper-resistant chip without risking card cloning? Well, what an app could do is go online to the bank and get a temporary key that it can use but that will not compromise security if it is somehow obtained by criminals. This temporary key could then be used to secure valid EMV transactions through the NFC interface. If the bad guys steal your phone and guess your password and figure out how to decrypt the temporary key from the app, then they are left with a key that is valid for, let's say, one transaction or a couple of transactions or whatever the banks decide to set it (so long as you haven't noticed the phone is missing and reported it stolen). Such an app doesn't use the handset manufacturer's SE or the mobile operator's SE or indeed an attached SE. It's just an app that uses NFC, but that uses NFC to make secure transactions that are interoperable with the installed terminal estate. This ail radically reduces the cost of development, deployment and use, as it's goodbye to the Trusted Service Manager (TSM) and the operator's "apartment model" of renting SIM space.
I should be clear that I am not describing in the paragraph above any specific implementation that any of our clients may or not be exploring. Here I will merely say that there are a variety of different possible implementations of this general schema, depending on how the "card" issuer wants the system to work. So, for example, there is a big difference between online EMV and offline EMV and you may choose different strategies depending on whether you want the app to go online at POS or not, that sort of thing.
So, with that background established, back to the story that I called an "NFC Earthquake".
Spanish banking group Bankinter has developed an NFC payments solution that works without a secure element, potentially cutting out both mobile network operators and over-the-top players like Google from the NFC payments business.
Mr. Alberto Perez Lafuente from Bankinter was kind enough to give me some of his time this week so that I could ask him a few questions on behalf of blog readers. To summarise: they have chosen an online-only payment solution able to handle EMV mobile payments performed with one-time-use payment cards. Each single-use card (valid for one minute) is generated at the mobile app when the user inserts personal / transaction data, and the user then has up to 60 seconds to tap the mobile to the merchant contactless POS for payment.. This makes complete sense in the Spanish market where all POS terminals go online (as they do in, for example, the US). Alberto also told me that they are looking at a solution for transit by implementing DESFire using a similar strategy.
One thing that I thought also worth noting was that Bankinter owns an MVNO, so even in the case where the bank controls its own SIM-based SE it is transparently clear that the costs and complexity of the implementation are excessive. This strikes me as a definite signal to the industry to rethink current models and look for simpler solutions. Alberto told me that he thinks Bankinter's accouncement
will reshape the negotiations between banks, MNOs and handset manufacturers.
I have to say, he's absolutely right, which is why I think it was reasonable to describe the announcement as an earthquake in my post last week. I've no more idea than anyone else how this will all pan out, but I do think it's already clear that the future mass market use of NFC for payments will not be confined to GSMA SIM-based SE model even for EMV.
Finally: before I get any more e-mails telling me that you can't access the NFC interface on, say, a Samsung S3 without going through the SE: yes, I know. If you want to do this now you need a mod, but it's worth playing around with because I agree with Cherian Abraham's excellent analysis that Google will open up the interface in the future. The time to begin experimenting with the non-SE future is now…
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers