Cloud based Mobile Financial Services & Payments

Cloud – MFS on the cloud along with machine learning and data intelligence. A high-level overview of Cloud Computing, Cloud-based mobile financial services and mobile payments is the objective of this post. Cloud computing is an easy and simple concept but sometimes it gets oversimplify along with same reasons for payments under mobile or simplified version as mobile payments about which every single company on this earth is talking about these days and its true every single company. Assumption taken here is readers are fully well versed of Cloud Computing and Mobile Financial Services / Mobile Payments.

Having a full understanding of both technologies can now get some Idea of how to marry both of these to gain some cost & speed effectiveness. In case needs detailed information or deliberation is needed on any part please feel free get in touch directly. Artificial intelligence is on its way to pulling more out of payment intelligence. We will keep AI out of the discussion for this post though.

Presence of Ministry of Innovation for regulation and control on a global level would have made today’s work and innovation may be impossible or must have stopped it long back. Yet time and time again initiatives have failed or fallen short because of business and technological hurdles that impede the innovation and collaboration that is necessary for real success. In the domain & era of cost-cutting we always inclined to watch and look for low cost solutions for every service we launch to max out the returns but sometimes looking at security, privacy, impact & exposure of risk it can put on accounts & pockets ; this stops us and move us away from our imaginations for mobile payments which have big depended on the secure element (SE) to store secure credentials on mobile phones.

Secure elements themselves have been argumentative in mobile payment deployments because of forceful behaviour for issuers to work on a single platform usually owned by another entity in a business relationship that may or may be beneficial to the credential issuer. It’s very interesting to see how Cloud Computing can solve the need for a low-cost solution. I have seen cloud service for same service type, same functionality, same configuration of hardware and same support level (at least on paper) and every other same offering but cost difference with 20 times or more so we know it very well what joy we can expect in a one dollar apple and in a 20 dollar apple that also matters.

Cloud Computing !! Not Exactly a cloud

Cloud Computing or simple name of 3rd party infrastructure which is managed by a 3rd party in their own location or anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). Defining each of them wither advantages and disadvantage is out of scope here. The name cloud was inspired by the symbol that’s often used to represent the Internet in flowcharts and diagrams.

The cloud can be private, public or hybrid in terms of ownership. Cloud allows you to upload/download and access data, services and information from any Internet-connected device, it’s very convenient and cost-effective, but security cannot be taken for granted and tells us it may and may not safe. Week security & poor service turn away customers who want to demand could services. Security of cloud services starts at the user level and privacy starts at service providers level. How users use the service in terms of their own in house network, infra and outdated systems can cause bigger damage than from the sky side (Cloud Services).

In particular, the following issues should be addressed: security, access, management and portability of customer data, transparency. Mobile Money and Mobile Payments service providers are seeing partnerships with telecom operators & banks as key to the success of near field communications (NFC) based mobile money applications. In addition to network advantages, MNO possesses efficient internet/data ready handset distribution channels, billing trust and customer relationships, secure user profiles and location information which can all be used to increase the security of electronic transactions.

Microsoft(Windows Live), Amazone (AM Cloud Services), Apple(iCloud) and Google (Goole Drive) are a few examples of such service providers. I am yet to find if there is any clear and special guidelines for hosting or using them for your very own Mobile Financial Services. In my last article “Payments Jungle (Apple, Android, Samsung & Microsoft)” dated 06-06-2015. I mentioned about Google coming up with Android Pay in which Google announced NFC Host Card Emulation (HCE) support in Android. This innovation now can be called a trump card or game changer.

Host Card Emulation enables a normal Android app to perform the application functions of a secure element by relying on secure cloud storage for the account credentials instead of a secure chip in the phone. Today any NFC-enabled Android 4.4 and Blackberry 10 and above phone can perform HCE. Need to confirm and verify for Samsung S6 & S6 Edge though.

Cloud-based Mobile Payments – Advantages

Infrastructure as a Service is a provision model in which an organisation outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. In addition, a user will need to upload his or her payment card details into the digital wallet to use it for online and mobile payments to merchants of the virtual/cloud community. Therefore, there is a complementary relationship between the issuing of payment cards and the provision of digital wallet services. Issuer always has direct control over user experience and banding of the product in-spite of virtualisation/Cloud-based mobile payments, which opens up multiple opportunities to deploy services to consumers using flexible business models. Since the solution is Cloud-based thus this requires fewer/fewer intermediaries.

Given the pace of technologies and the level of global competition in the mobile payments & telecom sector, that success that is standardised, fast and takes the least possible time-to-market for product & project. To support these needs for coordination and speed, the Cloud-based solutions play a key role to ensure that strategic coordination across industries is facilitated and promoted. Standards have been created for installing payment solutions into the wallet after a device has shipped. In general, regarding the card, internet and mobile payments, some stakeholders believe that the issues in particular to security, access & accessibility, management, portability of customer data and transparency are addressed.

Service providers that provide completely secure environments and advanced tokenisation methods, issuers can achieve high-security levels for their solutions & systems to gain confidence for the services they offer to MFS customers who always keep their expectation critical & to a level where playing field for payment solution providers could be large or small. It also aims to allow for the device and cloud-based solutions, including secure elements and contacts payments.

Cloud-based Mobile Payments – Challenges

Mobile payment using connected devices gives a new meaning to fraud and risk management. Secure elements themselves have been contentious in mobile payment deployments since they force issuers to work on a single platform usually owned by another entity in a business relationship that may or may be beneficial to the credential issuer. Rules and procedures must define which apps can access which credentials so that the right apps can perform transactions at the point of sale and user experience is seamless across multiple apps. Security in smartphone memory is another challenge as in order for transactions to be performed at merchant POS/mPOS systems, even without network coverage. The issuing bank provision details such as a card holder’s name and account number in phone memory (very Insecure).

Tokenisation only partly addresses this problem and on top of that tokenisation solutions have their own issues if not done properly. Security and standards compliance is always a challenge as you can’t put all eggs in one basket for security reasons and increase too much risk. By nature & style of work, Digital Issuance vendors handle the same sensitive data as plastic issuer providers and By replacing the real card data with randomised account details these tokens represent actual account details stored in the cloud. The actual cardholder data is never stored in phone memory, not even in an encrypted form. The problem is that in most available tokenisation schemes the card data becomes so generic that processors can’t identify if card accounts are linked to rewards programs.

Near field communications & embedded Payment services is coming to age across the globe, with telecom operators, handset manufacturers and operating system vendors, social media companies, banks and credit card companies as well as payment platform providers contesting for market share. When mobile devices & cloud-based solution are used for financial transactions it creates both challenges and opportunities for issuers on risk management. On the one hand, there are challenges with mobile devices that have limited security against threats such as malware sniffing card data while on the other hand; rich contextual data creates new risk management opportunities for issuers. Legacy risk management systems are not designed to handle dynamic, contextual data from connected devices.

We see this being applied across retail and point-of-sale terminals and taxis, for example, that will be able to accept the contactless payment which is creating very heavy dependency on cloud-based solutions which might rule against itself.

The security of your files/customer data is in another company’s hands. Banks and other issuers should be working with approved vendors by the main card associations that are compliant with EMV, PCI and other major payments standards but normally it does not happen.

Conclusions: What are the implications of a cloud-based solution? Is it going to change the world (very likely), be a significant “win”, be a nice hack, or simply serve as a road sign indicating that this path is “UNKNOWN / WELL KNOWN”? Cloud-based mobile payments can support globally and will give financial institutions and partners greater choice in offering consumers secure ways to pay with smartphones.

Which system is useful and needed for the business considering the market you operate and synchronised with your strategies and goals. While mobile payment announcements from various smartphone makers are growing in frequency, still too much unknown & doubtful thoughts that such services will drive much interest in buying the smartphones that support it.