MasterCard and Visa announced on Wednesday a plan to endorse a new mobile payments technology that could bring the idea of using your phone to tap-to-pay for purchases back from the dead.
The technology is built into the latest version of the Android mobile operating system, called KitKat, that was released in the fall. At the time, the payments industry was abuzz about the inclusion of support for something called host-card emulation. BlackBerry already supported HCE, but Android’s market share dominance was the reason to now take notice.
HCE essentially allows the payment card info typically transferred when a card is swiped — name, card number, etc. — to be stored in the cloud, letting mobile apps access that info in a new way instead of from the so-called “secure element” hardware embedded in the phone. Why is that important?
Historically, mobile carriers controlled who gained access to the secure element. That means they’ve ultimately been able to decide which apps a shopper can use for NFC payments in brick-and-mortar stores. NFC, which stands for near field communication, is a wireless technology that allows a piece of hardware to exchange data with another piece of hardware nearby simply by bringing them close or tapping them together. Since the payment data transferred in an NFC transaction previously had to come from the phone’s hardware secure element, a mobile carrier could decline any given app from using that data.
For example, Google Wallet’s tap-to-pay feature using NFC isn’t available on the vast majority of phones running on Verizon, AT&T and T-Mobile networks. That’s widely believed to be the result, at least in part, of the fact that those three carriers are the backers of a competitive app called the ISIS Wallet.
But with HCE, phones can bypass those carrier restrictions; an app can access and present the payment card information for an NFC payment from the cloud, which mobile carriers do not control. But the only way a purchase using HCE and NFC could take place is if the credit companies allowed the payment card details to be stored in the cloud. In short, HCE needed their stamp of approval.
Wednesday’s confirmation that MasterCard and Visa are certifying this new payments approach is a pretty big deal.
The development means that a wide range of businesses — from banks to retail chains — can now build payment features into their Android mobile apps no matter what wireless carrier the phone is running on. And, in the short term, this means the country’s biggest banks, with their sizable app user base and consumer trust, could be the next big players in the increasingly competitive world of in-store mobile payments.
In an interview with Re/code on Tuesday evening, MasterCard’s James Anderson, group head of emerging payments, said the payment network will publish a specification in the first half of this year that explains how a mobile app and payment terminal need to interact to make NFC payments utilizing HCE possible for MasterCard credit and debit card accounts.
Similarly, Visa is set to announce today that it is publishing its own updated standard to enable host-card emulated payments. It is also providing a software development kit to help app developers make sure their apps are compatible with Visa’s rules. Lastly, the company said it is developing a service to have a one-time password — or token — replace a credit or debit card number as the information that is passed to the payment network to make these types of transactions more secure.
It’s not clear yet whether the two specifications are compatible with each other or whether app makers may need to develop for two different standards.
“We believe that this is the thing to very significantly accelerate the adoption of mobile payments in many markets around the world,” said Sam Shrauger, Visa’s global head of digital for developed markets.
Now back to the banks. Why does this suddenly make them potential winners in mobile payments? For one, you can’t forget that banks are the channels by which MasterCard and Visa get their cards in the hands of shoppers. So if the credit card companies want anyone in the payments ecosystem to succeed in mobile payments, it’s likely the banks.
Secondly, a lot of people already trust them with their money, meaning non-early adopters may trust a mobile payment option through a bank’s app more than ones from younger companies such as PayPal or Google or even ISIS.
Lastly, the biggest banks already have large customer bases using their apps for tasks such as money transfers and check deposits. Why not add payments, a logical extension, to the mix?
One big U.S. bank already is. Capital One confirmed on Wednesday afternoon that it is currently working on adding tap-to-pay functionality to its Android app.
“Capital One is exploring HCE payment capabilities as part of our ongoing pursuit to provide secure, convenient payment solutions for our customers,” a spokesman said in an email statement to Re/code.
The news is also big for startups such as SimplyTapp, the creator of host-card emulation, which are working to help banks integrate the tap-to-pay functionality into their existing mobile apps. How soon a big U.S. bank decides to do that remains to be seen. The bank will most likely want to make sure that a significant chunk of its customer base is using NFC-enabled phones running on Android.
The payment network approval for HCE also could lead to more NFC payment features built into retailer apps. Such use cases would likely involve giving customers incentives to use the retailer’s branded credit card to fund the NFC payment. Why? Because the transaction fees on these transactions would be lower for the merchant versus if the customer used other credit or debit card payments.
“All of a sudden NFC is not dead anymore,” said Cherian Abraham, mobile commerce and payments lead at Experian Global Consulting and an adviser to SimplyTapp.
Still, there are many open questions.
Will Apple eventually support host-card emulation or NFC?
What about American Express?
And, of course, what percentage of physical stores will accept tap-to-pay transactions in the next few years? Estimates of current merchant penetration in the U.S. range from five percent for small merchants to 25 percent for the largest retailers. That number should grow over the next two years as retailers are pushed to install equipment to accept so-called chip-and-PIN payment cards that also happen to come with technology to accept contact-free payments. But a lot can happen between now and then.
Lastly, any conversation around mobile payments has to include the question of whether enough Americans really want to replace their wallet with their phone. Is a bank creating an app that makes it easy enough of an incentive? I’m not so sure.
MasterCard’s Anderson said he believes that, in the future, “everyone will eventually be paying with their phone.”
If that proves to be true, banks may stand to benefit the most. The ball is moving into their court.