Securing Confidence in Mobile Transactions Date:   Monday , July 01, 2013 Gemalto (Euronext NL0000400653 GTO) is a digital security company providing software applications, secure personal devices and tokens in addition to managed services. Incorporated in 2006, the company is headquartered in Amsterdam, Netherlands and has a current market cap of $5.58 billion. Mobile financial transactions are on the rise in India, as they continue to gain ground globally as well. During March 2012 to Dec 2012, 37 million mobile transactions took place in India, jumping by around 1.7 times in volume and increasing three-fold in value. Two of the key factors responsible for this surge are the growth in smartphone adoption and initiatives taken to encourage mobile transactions such as media promotions and customer education programs. However, according to a 2011 Deloitte-ASSOCHAM study, 67 percent of all banking transactions in India are cash based, which shows there is still lot more potential for mobile transaction's growth. Still there are some challenges in the way of a faster adoption of these services, such as the lack of standard platforms for implementation and concerns around the security of transacting on the mobile. Similar to a personal computer, Mobile phones are also prone to security threats. To address these concerns, people need to be made aware that mobile payments can be more secure than many of other payment systems in use. Mobile Banking Till the start of March 2013, only 40 percent of households in India had bank accounts. With the overall mobile penetration around 70 percent, mobile banking can be one of the most helpful ways to bank which is available 24x7. This is not only convenient for customers, but also beneficial to banks as a low-cost channel. According to McKinsey, if banks address customers’ security concerns and enhance the features and processes available through digital channels, they can see up to a 60 percent growth in usage. To make the transactions secure, Mobile network operators (MNOs) can store the confidential financial data in the secure elements (SIM cards or other secure element form factor). The smart card technology in SIM card makes it tamper-proof providing banking-grade security. The confidential financial applications or data can be stored in this secure environment preventing unauthorized access from other applications/ users. Mobile wallets India is ranked the fifth largest smartphone market globally, with 44 million smartphone subscribers as of Q4 2012, recording a 52 percent growth year-on-year. With several MNOs in India already offering and others launching their mobile wallet services, consumers can use a variety of payment, loyalty and rewards apps depending on their unique shopping preferences. Currently mobile wallet applications in India store debit or credit card and bank account information in an encrypted form on the device, enabling customers to make all kinds of purchases from a single device using medium such as SMS or USSD (Unstructured Supplementary Service Data). Wallet providers need a field-proven secure mobile wallet application suite that allows for the rapid deployment of integrated banking, payment and targeted value added services, as well as backend servers for handling issuance, real-time transactions and offers and rewards. However, it is very critical to make sure that the transfer of user’s confidential bank data to SIM card is secure and no information is stolen during the transfer process. This can be assured through Trusted Service Manager (TSM), which ensures that sensitive data, user credentials and software applications are handled and provisioned with unmatched security protection and seamless service delivery Over-The-Air (OTA). A TSM needs to be open and interoperable platform so as to enable end-to-end security encryption between banks and the SIM cards in mobile devices. Near Field Communication (NFC) NFC is gaining ground worldwide with the NFC retail payments market expected to exceed $180 billion by 2017, according to a recent survey by Juniper. This is further reiterated by a Gartner estimate that 50 percent of smartphones will be NFC enabled by 2015. Mobile NFC services bring with them a whole new dimension to people’s digital life, transforming mobile phones into contactless devices for tap-and-go applications, including transport ticketing, payment, loyalty and other innovative services like smart poster, peer-to-peer sharing or access control. However like other mobile payment processes, users have concerns regarding safety of payment using NFC, which can be certainly addressed. Confidential data of each NFC application like transport or payment can be securely processed in a secured dedicated domain on NFC SIM cards. This makes sure that information of each stakeholder is not accessible to any other stakeholder. Thus different stakeholders of NFC ecosystem can work together without any concerns of losing personal data. This coupled with the ability to attach a PIN code to authenticate transactions, provides users with control like never before. NFC also provides the ability to combine numerous different cards or accounts on one device, thus enabling the consumer to cancel all of them in one go if the device is lost, rather than having to contact each card issuer individually. Later same information can be restored through OTA to a new NFC SIM card. Conclusion Innovations in mobile payments have transformed the mobile phone into a personal banking assistant. However the diversity of operating systems/ platforms used for mobile handsets in market appear as another challenge to enable mobile security features. However, to maintain trust of their customers, banks and MNOs are investing in secure payment infrastructure and services. They are also building awareness among customers about safe transaction practices. Gemalto believes that these steps and a collaborative effort by all stakeholders in the mobile financial ecosystem would enable greater adoption and use of mobile payment solutions.