Thursday, August 08, 2013

Secure element on the phone. The implications of architecture and brand.

In previous posts, I have discussed the implications of placing the secure element in the phone. (Read here and here).I thought that I have said what needed to be said, but having given it some more thought, there are even more things to be said - hence this post.
One should actually think of secure elements as brands. In the old world, we typically know that we can trust a payment-instrument because we can see a brand that we associate with trust/security (like Visa). We can also see that this brand is connected or integrated with the payment instrument. It is difficult to remove the brand from the instrument. As payments become virtual, this is getting difficult. Even if you see the brand, how do you know that it is attached to the payment instrument (secure element). It could easily be some-one making themselves look like the secure element.
 
Placing the secure element in the phone means that you will have to start trusting the handset-manufacturer's brand for payment. Maybe not a bad thing, you may say, but think of the implications if you would like to claim from Samsung if a fraudulent payment happened. Where would you go, and would they actually want to help you?
 
At least by placing the element on the phone, the consumer still have something physical to represent the payment instrument (their phone). Just think of the implications when the secure element sits in the cloud... somewhere. Like some of the following examples (Read here and here). But this is probably another post.

2 comments:

BR said...

What's the strategic advantage of the handset-manufacturer allowing a third party to use the secure element how ever they want?

It's clearly a more open solution, but the key players are generally not.

- Bill

Kaiser said...

These days I am also searching for solution to bypass operator's TSM/OTA module. Since the growth of high speed network using WiFi, HSDPA, 3G customer can download the secure element data and application from direct banking website through secure channels. I am looking forward how the banks can store NFC application in secure element which are there in Anriod, blackberry & Nokia phones.