Thursday, August 08, 2013
Secure element on the phone. The implications of architecture and brand.
In previous posts, I have discussed the implications of placing the secure element in the phone. (Read here and here).I thought that I have said what needed to be said, but having given it some more thought, there are even more things to be said - hence this post.
One should actually think of secure elements as brands. In the old world, we typically know that we can trust a payment-instrument because we can see a brand that we associate with trust/security (like Visa). We can also see that this brand is connected or integrated with the payment instrument. It is difficult to remove the brand from the instrument. As payments become virtual, this is getting difficult. Even if you see the brand, how do you know that it is attached to the payment instrument (secure element). It could easily be some-one making themselves look like the secure element.
Placing the secure element in the phone means that you will have to start trusting the handset-manufacturer's brand for payment. Maybe not a bad thing, you may say, but think of the implications if you would like to claim from Samsung if a fraudulent payment happened. Where would you go, and would they actually want to help you?
At least by placing the element on the phone, the consumer still have something physical to represent the payment instrument (their phone). Just think of the implications when the secure element sits in the cloud... somewhere. Like some of the following examples (Read here and here). But this is probably another post.