Card Association certification of mobile payment schemes

Using mobile phones to secure card-not-present transactions have been announced frequently. This is probably one of the areas in payment where innovation is rife. Anyone that have experienced the inconvenience of a stolen card and this card then being used for fraudulent transactions on the Internet will appreciate the advantage of using mobile phones in this way.

This blog is not about the many attempts to secure card payments in a proprietary way - and many examples exist - but about the fact that the card associations now seem to be certifying some of these solutions. I think that this is a major step forward with significant implications. The fact that unique payment solutions (some of these being very different to what we generally would have done) now get Credit Card Association endorsement or even licensing is indeed very interesting.

While quite a few of these examples can be found (one that we at Fundamo are intimately involved with), I would like to just quote two:
  • Mastercard recently announced their Chip Authentication Program (CAP) which allows for a One Time Password (OTP) to be generated by a phone (Read here). This means that someone can use a card on the Internet with a OTP that has been generated by their mobile. This is quite interesting as merchants can validate the OTP for a specific transaction. Security is much higher and the computing power of the phone is utilised well.
  • The mCheck solution deployed on Airtel in India is also an interesting case study.(Read here). While I do not know the detailed architecture of the solution, it is my understanding that the encryption capabilities of the SIM card is used to good effect to secure an ordinary Credit Card transaction. This is solution is endorsed by VISA, even though it is very specific to mCheck.
This approach, while commendable, may lead to a situation where so many acceptable schemes are available that it becomes extremely difficult to keep track of legal mechanisms. The allocation of liabilities may also not always be clear to the uninformed. The proliferation of different Credit Card Schemas could lead to some problems.