How can India make contactless payments secure?

By: Atul Singh, Regional Sales Director (India Sub-continent) – Banking, Transport & Telecom Solutions, Gemalto

Atul Singh, Director- Banking, Transport & Telecom Solutions, Gemalto

India is starting to make incremental progress towards being a cashless economy. Marking this gradual shift are favourable government initiatives, technological advances in the banking landscape, and changing consumer preferences. More specifically, increasing smartphone penetration, the growth of India’s 3G/4G network, an enthusiastic and technologically savvy younger generation – keen to welcome alternative payment methods, are paving the way for innovative and alternative payment solutions. With 15X growth from USD 90 million in 2012 to USD 1.4 billion in 20151, mobile payments offer a promising future by bringing about easy and convenient cashless transactions for consumers and banks alike.

Contactless payment solutions using Near Field Communication (NFC) technology are already a reality. India’s leading public and private banks have recently launched NFC-enabled debit and credit cards, with many banks following suit. In order to make contactless payments easier for customers, the Reserve Bank of India (RBI) has relaxed the need for any additional verification such as a PIN for transactions up to INR 2,0002. Banks are planning on upgrading about 150,000 point-of-sale machines to be NFC-enabled over the next few years and many NFC pilots – from transport and ticketing to mobile payments3- are underway across the country. Although India is moving towards becoming more NFC friendly, wider adoption across the country still remains a challenge.

For starters, lack of awareness about contactless payments is one of the largest impediments in reaching out to the masses. Consumers in India today have limited or no knowledge about contactless payments or its benefits. Security is another significant concern that’s on the top of the mind of every consumer. Some of these challenges can be overcome by continuously educating consumers, but it is also incumbent on the entire payments ecosystem – from banks, technology providers and regulators to retailers and service providers – to ensure that such systems are secure, convenient and easy-to-use for all.

For mobile NFC payments to be successful, issuers of mobile wallets such as banks and financial institutions, mobile network operators, and over-the-top players must address another major challenge – that of a fragmented mobile ecosystem. This can be quite perplexing when you consider that India has over one billion mobile subscribers4 using multiple devices, from basic feature phones to smartphones that run on different operating systems to subscribers spread across multiple network operators. This makes the mass adoption of mobile wallets particularly challenging since mobile wallets are neither device nor network agnostic.

This is where tokenization plays a critical role. It addresses security concerns by preventing the real card from misuse through substitution of payment credentials with a special number or ‘token’. The real payment credentials can only be accessed by the payment network upon receiving the valid token, thus protecting the debit or credit card from data breaches and frauds.

So, what are the benefits of tokenization?

For issuers, tokenization is an easy way to reach a large number of users with a common software based platform. Tokens have the flexibility to be provisioned onto any device (using any operating system) across any network, unlike traditional payment credentials. They can be stored on the Secure Elements or Trusted Execution Environment (TEE) of the device or even in the cloud (Host Card Emulation). Issuers of mobile wallets hence are no longer limited to a particular target platform and can at address almost a billion mobile subscribers at one go.

From a security point of view, tokenization serves as an additional layer of security. The tokens have a pre-defined purpose. Their use can be restricted to work only on a specific device, at a particular merchant, for a given amount of time or even limited to a type of transaction. The fraudulent use of the token can be more easily detected since it is unlikely that the fraudster will know the pre-defined purpose of the token. In addition, tokenization complements the EMV standard (mandated by the RBI in India), further strengthening the security of all transactions.

For merchants, the cloud-based tokenization means that they can embrace tokenization with little or no upfront capital investments. By working with such service providers, tokens become easy to implement and can be instantly used, unlike traditional approaches, where it takes minutes or days to verify and register a mobile wallet. Finally, for users, tokenization also enables instantaneous sign ups, enabling users to conveniently and easily conduct transactions.

Tokenization’s benefits are clear and compelling – it helps consumers with a seamless mobile payment experience, while enabling issuers to overcome challenges of security and mass adoption by allowing for simple and secure transactions. As contactless or mobile payments continue to gain momentum in India, the possibilities are endless, especially since the RBI recently granted eleven payment bank licenses to organizations, setting the stage for an even larger payments user base.

 

Leave a Reply

Your email address will not be published. Required fields are marked *