'The security of the Mobile Virtual Card application is adequate for EMV online Payments' (Fraunhofer AISEC security evaluation, January 3rd 2014).
The solution uses 'Host Card Emulation' over Android 4.4 Kit Kat OS, and does require neither a Secure Element nor network connectivity to perform mobile payments.
More than a year ago Bankinter and Seglan developed an innovative mobile-based payment solution to allow customers to securely and instantly create a onetime-use debit or credit card on their mobile phone both for contactless payments in stores, restaurants or gas stations as well as e-commerce The Mobile Virtual Card (MVC) solution is now ready for commercial launching along Q2-Q3/14.
The solution makes use of secure virtualization techniques and 2-factor authentication, which set the basis for an appropriate security on mobile payments.
'MVC is a technology allowing a multiplicity of different implementations. We have dedicated an entire year to reach the adequate security level for EMV on line payments, based on the results of the 'risk assessment' process performed by Fraunhofer AISEC laboratory', says Jacobo Díaz, Director of Innovation, Products, Markets and Quality of Bankinter.
The user downloads the MVC application into his Smartphone and securely registers, via either web, phone banking or at the banking branch, one or several of his existing credit or debit cards to be used for EMV mobile payments at merchant locations.
'Blackberry has been the company leading Host Card Emulation technology, and we are glad to recognize their major contribution to HCE-based mobile payments. Google later announcement (Nov/13) about HCE support on their new Android 4.4 Kit Kat operating system has allowed us to build a wide enough commercial proposal for our customers. We are convinced that iOS and Windows Phone will incorporate HCE very soon', says Mr. Díaz.
Based on well established EMV standards, this solution does not require any changes to the existing acceptance infrastructure (POS terminals) for NFC proximity payments, and does not require to have network connectivity at the time of payment (which is a major benefit in terms of both usability and performance). It also allows the bank to autonomously define its own business model and brand image in mobile payment media, without entering into an agreement with third parties. In this sense, the cards registered by the user can be updated via a remote management system 100% integrated into the Mobile Virtual Card client-server system of the financial institution.
'The Mobile Virtual Card solution eliminates the main difficulties that have slowed the commercial launch of NFC payments and make it in compatibility with the standards of the financial industry on which many banks have invested along the last 10 years' says Mr. Díaz.
The MVC solution relies on a pending patent, and is targeted to be available for any financial institution interested in evolving their mobile payments services based on EMV standards for debit and credit cards towards a new secure, virtual and mobile form factor, thus preserving the benefits of the ubiquitous payment media existing today but empowering them with the huge advantages of using secure real-time mobile tokenization as an alternative to local secure storage.
Having the solution available is as simple as integrating a ready and customizable MVC Management Module at the issuer secure domain (or, alternatively, obtaining MVC tokenization services from a trusted third party selected by the bank), and personalizing the MVC mobile application according to the issuer needs, so a short time to market may be easily achieved.