Proprietary Wallets Die, HCE Will Live
The mobile payments space is dynamic – and changing. With new technologies come new uncertainties, and with recent renowned data breaches comes increasing skepticism about securing mobile. In a recent podcast interview with Bill Mann, Senior Vice President of Strategy for New Business Innovation at CA Technologies, we got the scoop on what’s going on in payments today and how CA Technologies is setting out to address important trends and concerns with its HCE technology.
WHAT’S UP AND DOWN IN MOBILE
What’s up? Security – no surprise. Mann says that the post Target breach payments market is moving down the path toward security much more quickly and effectively, with more focus being on protecting account information among merchants and POS systems than ever before.
“In some circles, there were debates about EMV adoption in the US, but I think that process will now move faster,” said Mann. “With some initial deployment of EMV chips in the US, the plan for 2015 is going well.” In Europe, he added, EMV has been around for a long time and has shown to help protect card-present transactions, but because the US is such a bigger market (and there have been some issues with cost), it’s been slower to adopt it.
As for what we’re seeing less of, Mann believes that proprietary branded wallets like that of Starbucks will decline, especially with Square discontinuing offerings around these types of wallets. “That’s just the way the market is evolving – not all pilots can be successful,” said Mann. “They won’t get enough traction in the market to make them viable as alternatives to the simple card we have today.”
HCE: IS IT A RISK?
Mann also thinks that the market will see less of certain security mechanisms because they will be replaced by HCE.
The basic concept around HCE, or host card emulation, is that when consumers make a payment, they go to the cloud, get their PAN or account information, and store it in their phone to make a payment. However, with the coming of HCE technologies, there could be some complications since for the first time, the control of payments security isn’t entirely within ecosystem. Now, there is an operating system being introduced into the mix and there’s a potential point of vulnerability. If a mobile device happened to be compromised, networks would be limited to what they can do to protect against data theft.
Acknowledging these concerns, Mann said that he didn’t think this was a big risk. There are a lot of aspects within mobile payments based on the cloud that counter these vulnerabilities, he said.
“The way information is stored rids some of these issues,” said Mann. “One way is tokenization – the PAN is never actually stored in the phone, but is actually stored as a different number.” There are then a lot of built-in mechanisms, he said, allowing the PAN to only be used once, or there other parameters that stop it from being used multiple times.
But, with all these factors around security, it’s really a balancing act. CA Technologies’s HCE compliant wallet capabilities, said Mann, is an example of this – it’s a “hybrid” that uses cryptographic camouflage technology, tokenization, risk-based authentication, and fraud prevention to create a secure environment.
THE BIGGEST ISSUES
As the man at the control panel for strategy at CA Technologies, Mann sees three big areas of concern: security and consumer adoptions and acceptance.
“Our clients are talking about how to reduce the risk, how to increase security, how we manage devices, and more,” said Mann. “And on the consumer side, they wonder how this is accepted at the POS, the details of the online consumer experience, what happens if they lose their phone, et cetera.”
Another big issue, noted Mann, is on the business side. Companies ask how they will make money off this, what the repercussions of having mobile cards will be within the card industry, and what ultimately happens when mobile comes along and changes the game.
CA Technologies thinks that the key is to give clients the tools they need to support their brand and their business goals while protecting their assets from fraud.
“There is a lot of uncertainty about where the market is going, but there will always be uncertainty and new technologies around the corner,” said Mann. “The key is to provide flexibility. We’re building something that’s open such that we can support many types solutions. That’s an important message that banks want to hear.”
Listen to the full podcast here in order to get more details on how Mann and CA Technologies’s view on HCE and its applicability in mobile payments.
SVP, Digital Payments at CA Technologies
Bill Mann is SVP of the Digital Payments business at CA Technologies, a new role in 2013.
Bill’s experience covers the whole software security sector, as well as Cloud, SaaS and IT Management segments. At CA he held various leadership positions with a focus on general management and product management.
From 2003 to 2011, Bill was instrumental in CA’s leadership in security, specifically identity & access management by driving business strategy and product management for organic product development and spearheading all security acquisitions including Netegrity. In 2010, he revamped the security strategy to focus on Cloud and SaaS resulting in the acquisition of Arcot. He also ran CA’s Threat Management business that was later divested to become Total Defense, and first-gen offerings in the SIEM/SVM spaces.
In 2011, Bill was SVP of Cloud Strategy responsible for defining and coordinating the company’s overall hybrid cloud strategy across all IT Management software segments.
In 2012, Bill was SVP of the Data Management Business Unit, a general management role for mid-market focused ArcServe backup and the Erwin data modeling businesses. As part of this assignment, Bill defined CA’s cross-company strategy for Big Data, as well as served as an industry expert for the TechAmerica Foundation Big Data Commission.
Prior to joining CA, Bill was co-founder & CTO of JustOn, a consumer-focused web file-sharing startup. JustOn reached 5 million consumers in 6 months and was acquired by Novell, where he defined a content distribution network (CDN) service and signed service providers paving the way for a spinout called Volera. At Volera, Bill lead product management for appliances to manage and secure media content and build CDNs.
Before JustOn, as director of product management for Worldtalk, he was credited with the first integrated web security product.