Host Card Emulation (HCE) has been hailed as the cloud-based fix for what ails secure mobile payments. But while HCE solves one problem, it still lives in the cloud. Suppose cloud connectivity were unavailable or lost? In a recent podcast interview, PYMNTS spoke with Shaunt Sarkissian, CEO of Cortex MCP, to discuss what he thinks HCE may need to fully deliver on its potential as a mobile payments catalyst and what Cortex MCP may be doing to help that along.
There’s been a surge in interest in Host Card Emulation ever since Visa and MasterCard announced their support for HCE earlier in the year. In your opinion, is HCE the missing part of the NFC puzzle and why? How would you define it?
SS: Yes. I think the fundamental goal when HCE first came out was about addressing the limitations that existed with a secure element and how can we take those credentials and move that to the cloud? But HCE is only taking us a part of the way toward a solution. Now we’ve gotten credentials off of a device, but what about other use cases – what if I don’t have cloud connectivity? What about the offline scenarios, and the core issues of security?
I think a lot of people think this will solve a lot of the problems around NFC. But really, HCE is just a fancy way to pull any kind of payment credential down to the device from a place that’s not on the device, and pay with it at the POS – whether that’s NFC, BLE, or a QR code – it’s not restricted to making NFC a great thing. Right now, it’s all about how that credential you pull down conforms to existing methods that the terminal can recognize right now. But it definitely increases the utility of NFC, and makes the value proposition more compelling in terms of working across multiple devices. It’s a step in the right direction, but it’s still missing important pieces.
So there is potential for even more activity around mobile/digital payments in the near feature. What are the implications for mobile wallet providers?
SS: I think there are several. A lot of people saw the false start with Google Wallet 1.0. And even Isis to a large extent issues around provisioning data, and TCM, and having to deal with that secure element. But I think people are looking at it now as freeing themselves from the shackles of those technologies – and FIs and players across the board are seeing that it’s creating an opening for them, or a better value proposition, and if they are going to invest in a certain technology like NFC, they wonder if this is the secret sauce.
But there’s the other issue of tokenization – it’s one thing to say you can push data down, but what are you pushing down? The argument now is asking what that new payment methodology going to be. We’re seeing that a lot at Cortex MCP with the EMV tokenization standards – tokenization is something that can be used in multiple use cases as opposed to just one time. Cortex MCP’s mission, what our platform does, is put HCE together with tokenization and capture the best of both.
Therefore, when it comes to protecting cardholder data, should those investing in tokenization also invest in HCE?
SS: Yes, well – I’ll put an asterisk next to that. Tokenization is used in all kinds of ways. Those investing in any solution should look for one where the core payment data does not reside on the device, but in another location. However, I encourage people to look at common denominator use cases – a lot of people look at HCE and assume they you’ll always be connected to the cloud. The reality is that you might not – and that’s a problem.
Look at HCE if you’re looking at tokenization, but don’t make that cloud connection a critical element of executing that transaction. Look to the cloud to take all of your critical information, move it off the device, and still be able to pull that down to the device and use it in any offline scenario. And also, from a tokenization standpoint, that data on the device will be in a secure, incomplete state. So really think about HCE and tokenization, but then look a couple layers below that and figure out how to modify your solution to make it more powerful.
Security and user verification are only a few of the issues keeping mobile payments from taking off. While the reach of mobile devices is pretty much hitting a saturation point, mobile wallets have failed to catch on. What does Cortex MCP bring to the table to help address this situation?
SS: Lots of things. When you look at the wallet experience, you want to be able to leave the leather at home and have a device that can be used ubiquitously throughout the day. The fact is that you need to have a lot of things in a mobile wallet to give it that ubiquity, whether it’s your credentials, driver’s license, or your digital IDs. Also, it’s about being able to effectively target offers in a meaningful way giving them elements of control.
Our core piece, Cortex MCP’s Reducing Currency Denomination (RCD) payment platform, takes the best of what of HCE can provide and the best of what tokenization is while still riding the existing protocols. The RCD technology consists of a prepaid account linked to a 20-digit sequence, which includes a four-digit PIN, and provides an alternative to using secure elements or the cloud for mobile payments at the point of sale. We’re able to allow customers to go in when they create these RCDs to put elements of control on them – whether that be to control the velocity, restrict it to specific merchant categories, and more.
This gave rise to our Intend-to-Spend Analytics platform, where consumers can indicate when they have a certain amount of money to spend on a specific item, and then merchants compete for their dollar. We then use that data to allow merchants to target very effective offers to consumers to get them to convert. So when the offers that come out are intrinsically tied to the benefits of the payment solution, you have a pretty compelling solution.
In the last context, we also have a solution where we can store driver’s licenses, digital IDs, and more on our device with our OVER File Platform. We’re working with government organizations to figure out how that can become a standard, and overall we’re looking at how we can use all of these tools to make our customers much more effective with their solutions.
CEO of Cortex MCP
Shaunt is a seasoned payment industry veteran, and founder and visionary of Cortex MCP. Prior to Cortex, Shaunt was the VP, Strategic Business Development for ROAM Data, Inc. – the industry leader in Mobile Commerce and Mobile POS. At ROAM, Shaunt drove all key client acquisition and strategy opportunities for ROAM with key client including PayPal, Groupon, Google and others. Shaunt was also the Founder and CEO of Sarkcom Corporation, where he drove the drafting of four innovative US patents which form the basis for the Cortex platform. He has also served in various Sales, Business Development, and Strategy roles with CyberSource, and FEI Company. Shaunt is also a member of the Cortex board.
Listen to the full podcast here.