Continuation of my running thoughts as I listen and participate at the Secure Technology Alliance.
Role of the TSP
- Wearables a small part of the IoT market and to scale the vendors need to not have to worry about “Payments”.
- Should device manufactures understand payments? Can they?
- The TSP must appreciate its role and what it is not.
- As we look at IoT we need to recognize the scale of the shift from a issuer centric to a consumer centric model. The payment credential carrier no long belongs to the Issuer.
- What is the role of the Token Requestor? It provides a consolidated view for the consumer. It consolidates rhe view of all the edge devices.
- Who is the ultimate revenue source? The consumer? How does one create the consolidated view with so many instances of tokens?
- What is the life of a token? This then leads to the question of the relationship with the manager (issuer) of the Means of Payment.
- With the pre-provisioned credential how does one manage long term life cycle.
Root of Trust
- Is PKi the right approach to the necessary level of trust this emerging environment requires.
- We must remember the complexity of a PKi infrastructure.
- In the payment space the use of secure devices e.g. HSM was mainly on the acquiring side. Now as a result of EMV issuers became much more concerned with keys and key management.
- As we move into a mobile and more broadly connected world the need to assure trust in the software, device whatever.
- This discussion is very much about the value and need for HSMs.
- The question is raised as to the future of PKi given the US Gov’t perspective.
- And, what of the introduction of Quantum Computing and the associated risk to the available cryptographic algorithms and keys?
- A car can be used a place to shop, it could pay for service rendered, it can be linked to service providers. NFC/BLE/In-app and Card on File.
- The car can host merchant apps.
- The idea of a POS device in the car leaves me lost. Who is the seller?
Smart Cities and Multi-Modal
- To address smart cities one has to think across the wider context.
- What are the roles the FTA can support, becomes a question of what the cities want.
- Mobility on Demand driven by the needs to reduce congestion and improve life.
- Built on local partnership within the community
- A recognition that a multimodal approach is necessary. A focus on user centric approaches to transport.
Multimodal Payment Integration
- The challenge begins with the fragmentation of the transit environment. It is not transit it is all about Mobility.
- They want a brand and system agnostic solution that is intelligent and can help better manage spend.
- How large is transit, public only, 6,500 transit operators supporting 1 trillion rides per year.
- The roadmap is in development, it is early days.
Wearables – lessons learned
- What ìs a wearable? Do define them based of feature and function. Cloths, jewelry…
- We use a wearable when we need them. Athletic, climate, entertainment or work.
- These electronic wearable needs to consider the use cases that should be integrated into a limited number of devices we would wear.
- Three words – simple – connected – enablements
- How will we enable more specifically load the various certificates we need to access, employ and pay for.
- Interoperability will become the challenge. Do we imagine a world restricted by brand / manufacturer? Or, open to a wide array of designs and capabilities then how do we get there.
Data management & personalization
Mobile device software integration
Device life cycle management
Tokenization as a methodology ans ecosystem is essential to the growth of payment in the IoT space.
BLE of IoT Payments
- The cloud may restrict what could be communicated.
- BLE is “local” allowing secure application management and secure transactions.
Managing Trust and Security
- Identity is the key to much.
- The next question therefore it trust in the Identifier.
- Authentication with what, in what where?
- Life cycle management. How do you know your device been wiped clean of all your credentials.