Friday, October 31, 2008

Provisioning of Handsets

The process of provisioning an electronic payment instrument is probably the most critical step and the most onerous from a fraud perspective. Provisioning is the process of connected the payment instrument with a central database so that payment instructions are routed in the correct way. This provisioning process for cards are completed prior to distributing the cards (especially chip based cards).

In all of the deployments that we have done with mobile phones the provisioning is also done prior to distribution of the SIM cards (effectively by injecting a key or keys into the SIM card). In this way the process is much more secure and controlled. The idea of provisioning a payment instrument over the air (OTA) is of course very attractive as this would enable clients to sign up for a mobile payment service with very light authentication. This is why a lot of work is done in this space. For instance, see the following patent.

Mastercard recently announced specifications for OTA provisioning for a PayPass payment instrument on suitably equipped handset. The process as described on the MasterCard is sketchy and it is not clear how a number of hurdles have been overcome. (For instance initial identification of the handset, management of the application on the phone etc.), but it is a step in the right direction.

No comments: