Secured NFC Payment KONA I Who We Are Sazzadur Rahaman Software Engineer and Team Lead KONA SL Image Source httpthe9gagcomtoprated4amprogrammerroom4440 Who We Are Md Sanoar Hossain Khan ID: 591866
Download Presentation The PPT/PDF document "Smart Card to the Cloud for Convenient," is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Smart Card to the Cloud for Convenient, Secured NFC Payment
KONA ISlide2
Who We Are?Sazzadur RahamanSoftware Engineer and Team Lead
@ KONA SL
Image Source: http://the9gag.com/top-rated/4am-programmer-room-4440Slide3
Who We Are?Md. Sanoar Hossain KhanSenior Software
Engineer and Development
Project Manager
@ KONA
SLSlide4
OutlinePayment Systems in Action: A Bird’s Eye View
Moving Smart Cards to the Cloud:
The Era of HCE
Birth of Kona Pay: A New Payment Platform in Town
A journey with Kona Pay: Joy of Smashing Challenges
Kona Pay into the Wild: From Korea to
USA
Q/ASlide5
Payment Systems in Action: A Bird’s Eye ViewSlide6
acquirer
Payment System Overview
Payment Network
Issuer
E Commerce
POS
Merchant
Card Holder
Plastic Card
Mobile PhoneSlide7
acquirer
Payment System Overview – Transaction Flow
Payment Network
Issuer
E Commerce
POS
Merchant
Card Holder
Plastic Card
Mobile Phone
1
3
2
4
5Slide8
acquirer
Payment System Overview
Payment Network
Issuer
E Commerce
POS
Merchant
Card Holder
Plastic Card
Mobile Phone
Out of the ScopeSlide9
acquirer
Payment System Overview
Payment Network
Issuer
E Commerce
POS
Merchant
Card Holder
Plastic Card
Mobile Phone
Out of the ScopeSlide10
Smart cardMagnetic Cards vs Smart Cards
Smart card components
Secure IC Chip
(SE)
Contactless Smart card
Secure IC Chip
(SE)
Magnetic Stripe Card
Open magnetic stripe
Service applet
User data
NFC radio
User dataSlide11
Standard NFC Cards and Mobile-based CardSame components in different form factor
Smart
card
IC Chip
(SE)
Service applet
User data
SE
NFC
SE Provider
providing SEs (generally MNOs)
Service
Provider
providing Services to the consumers (generally Banks)
SWP
End-User mobile handset
Convenient than the other form factors Slide12
Need for Trusted Service Manager
Manages Secure Element
Arranges data exchange and business relationships among
stakeholders
Generates Security Domains (SDs). Manages Keys used in generating SDs. Service Providers can safely and independently manage their services.
Makes service provisioning simpler.
Therefore achieves services activation in a short period of time
Trusted Service Manager
SE Provider 1
SP 1
SE Provider 2
SE Provider 3
SP 2
SP 3
Service applet
User data
Service applet
User data
Service applet
User data
Still the ecosystem is more complex than previousSlide13
Moving Smart Cards to the Cloud: The Era of HCESlide14
SE-less mobile card: Host Card EmulationConcept of Host Card Emulation
Transaction processing before HCE
Additional Option with HCE
With Google Android 4.4 and above, the NFC controller communicates with host OS first, allowing it choose where to
request
applet and user
data,
and bypass the SE if required.
Service applet
User data
Secure Element
Local storage
Internet
?Slide15
Security via Tokenization
Issuer (Bank)
Token Server
User’s PAN, expiry date etc.
Token
Token
Vault
Token
Generator
User mobile
1. Static Parameters
2. Dynamic ParametersSlide16
Security via TokenizationToken’s use during transactions
Issuer (Bank)
Token Server
User mobile
User’s PAN, expiry date etc.
Token
Token
Vault
Token Adapter
During a contactless payment transaction they travel through the POS to the Issuer system. The Issuer sends the token to the Tokenization Server for checking, and upon getting confirmation that it is valid, authorizes the transaction.
POS
Acquirer bank
Authorization
6
1
2
3
4
5Slide17
Different flavors (models) of HCE
Mobile Device
Mobile OS
HCE APIs
Service applet (agent)
NFC Controller
User data
Mobile Device
Mobile OS
HCE APIs
Service applet (agent)
NFC Controller
User data
Mobile Device
Mobile OS
HCE APIs
Service applet (agent)
NFC Controller
Mobile Device
Mobile OS
HCE APIs
Service
applet (agent)
NFC Controller
Token
Mobile Device
Mobile OS
HCE APIs
Service applet (agent)
NFC Controller
SE
User data
User data
User dataSlide18
Birth of Kona Pay: A New Payment Platform in TownSlide19
Issuer / Bank
In-store payment using plastic
card
Online
payment
Plastic card
issuance
Tokenization
Mobile Card Issuance
In-store payment using
Mobile card
In-App Payment
Multiple business and technical arrangementsSlide20
Merchant: Online Fraud – Liability Shift
Fraud & Liability
Potential Data Breech
Phishing, Key logging, etc.
Hacking Card on File (
CoF
)
Transaction data modification or interception
Key Liability towards Merchant
Need to secure e-Store,
CoF
and Transaction
Online
Shopping
Manually enter Card info
User inconvenient
Store Card info in online account
Merchant need to support Card on File (
CoF
)
Online Transaction
Mag
-stripe transactionSlide21
User
Lots of Credit Card, ID Card, Coupons, etc…
Different credit card, different PIN
.
Input credit card information
manually
Trust Merchants with Credit Card Info
Insecure
online transactions.
Multiple vouchers, coupons, gift cards, etc.
Need to carry those around physically.
Longer card delivery time
.
Card cloning.
Constantly check for suspicious transactions, notify the bank.
Hassle to block the card and get a new one, also the reimbursement of the money from bank.Slide22
Converging FactorsSingle Payment Platform
ALL
Form Factors
ALLProvisioning Modes
ALL
Payment Modes
ALL
Security Measures
Plastic contact card
Plastic contactless card
N
Card
SE (UICC,
mSD
,
eSE
)
Host card emulation
Central mass
perso
Instant
perso
SE/HCE
OTI or OTA
SE/HCE (post) issuance OTI/OTA
In-store: plastic cards
In-store: SE/HCE mobile
In-app: SE/HCE mobile In-app/remote: plastic contactless using NFC
EMV Tokenized plastic card
Whitebox crypto, LDE PKI FIDO, TEE (in roadmap)
*
N Card
is
dual interface
plastic card, supports both contact and contactless, can store multiple
credit cards, gift/loyalty/coupons, transport card, etc., can be (post) personalized using mobile wallet and used to make in-store as well as in-app transaction using NFC
between the card and mobile.** Tokenized plastic card does not store the original PAN inside, rather an alternate PAN
which generates cryptogram for the issuer to verify.Slide23
Converging FactorsSingle Wallet
N Card
SE (UICC,
mSD
, eSE)
Remote Payment
HCE
N
Card is
dual interface
plastic
card
Supports
both contact and
contactless
C
an
store
multiple
credit cards, gift/loyalty/coupons, transport card, etc.,
Post
personalized
using
mobile wallet
Supports
in-store and in-app
transaction using
NFC
between the card and mobile
.Slide24
Payment Network
Acquirer
User
POS
Remote Payment Gateway
Mobile Application
TSM
Mobile Application Platform
Cloud Platform
Voucher Issuance System
Card Issuance System
Token Service Provider
Transaction Management System
Issuer CMS
Card
Components of Kona Pay
Service ManagerSlide25
Personalization Flow
Issuer Authorization System
Service Manager
Card Issuance System (Data Prep)
Raw Data
Issuer
Perso
Machine
Plastic Cards
Card Issuance System (Data
Perso
)
P3 dataSlide26
Personalization Flow
Issuer Authorization System
Service Manager
Card Issuance System (Data Prep)
Raw Data
Issuer
Perso
Machine
Plastic Cards
Card Issuance System (Data
Perso
)
P3 dataSlide27
Personalization Flow
Issuer Authorization System
Service Manager
Card Issuance System (Data Prep)
Raw Data
Issuer
Perso
Machine
Token Service Provider
Secure Server
Tokenized
Plastic Cards
Card Issuance System (Data
Perso
)
P3 dataSlide28
Personalization Flow
Mobile Application
Issuer Authorization System
Cloud Platform
Service Manager
MAP
Card Issuance System (Data Prep)
Raw Data
P3 data
HCE applet
Issuer
Mobile
Token Service Provider
Secure Server
InternetSlide29
Personalization Flow
Mobile Application
TSM
Issuer Authorization System
SE
Cloud Platform
Service Manager
Card Issuance System (Data Prep)
Raw Data
P3 data
Issuer
Mobile
Token Service Provider
Secure Server
Mobile App PlatformSlide30
Personalization Flow
Mobile Application
TSM
Issuer Authorization System
Cloud Platform
Service Manager
MAP
Card Issuance System (Data Prep)
Raw Data
P3 data
Issuer
Dual Interface
Card
Mobile
Token Service Provider
Secure ServerSlide31
Personalization Flow
Mobile Application
TSM
Issuer Authorization System
SE
Cloud Platform
Service Manager
MAP
Card Issuance System (Data Prep)
Raw Data
P3 data
HCE applet
Issuer
Dual Interface
Card
Mobile
Perso
Machine
Token Service Provider
Secure Server
Plastic Cards
Tokenized Plastic Cards
Card Issuance System (Data
Perso
)
Internet
P3 dataSlide32
Transaction Flow
Mobile Application
TMS
Issuer Authorization System
SE
Service Manager
Perso
Machine
HCE applet
Issuer
Dual Interface
Card
Mobile
POS
Transaction
update
Acquirer
Payment Network
In-store
purchases
POS
TSP
Cloud
Paltform
TSM
MAP
Card Issuance System (Data Prep)
Secure ServerSlide33
Transaction Flow
Mobile Application
TMS
Issuer Authorization System
SE
Service Manager
Perso
Machine
HCE applet
Issuer
Dual Interface
Card
Mobile
Transaction
update
Acquirer
Payment Network
Remote Payment Gateway
In-app
purchases
TSP
Cloud
Paltform
TSM
MAP
Card Issuance System (Data Prep)
Secure ServerSlide34
Issuer / Bank
N
Card
Soft
card
SE-based card
Single
wallet
In-app and online
payment
Voucher
redemption
One platform supports all form-factors and channels
In-store
paymentSlide35
Merchant: No Liability | No PCI-DSS | Higher Conversion
Merchant
TOKEN
NO NEED
No more Liability
Card on File
Does not store real PAN
Only store Token (alternate PAN)
Manual Entry
No need to enter Card info manually
Token will be used on entire ecosystem
Transaction Security
EMV transaction instead on Magstripe
Highly secure – impossible to break
No more PCI-DSS
Cost Saver
Does not need Certification Issuance / Renewal
Less administrative cost on Infrastructure
Higher Conversion
User Experience
Secured and hassle free Shopping
Increase conversion rateSlide36
User
N
Card
One
PIN
Single
wallet
Secure transactions
Convenient voucher
redemption
Single click
transactionSlide37
A journey with Kona Pay: Joy of Smashing ChallengesSlide38
Challenges - Development with the Spec ReleasesHost Card Emulation is a relatively (in payment industry terms) recent idea. However the major brands have rapidly endorsed and developed specifications to help vendors.
VCP-CS
Compatible with EMV tokenization spec
Defined components of HCE eco-system: for provisioning, tokenization, verification, lifecycle management etc.—with general responsibilities
Behavior guidance for application in mobile. Compatible with VCPS
Q1
Q2
Q3
Q4
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Android 4.4 mobile OS platform with HCE support
VCP-CS (VISA Cloud-based Payments - Contactless Specifications) 1.0
EMV Payment Tokenization Specification 1.0
VCP-CS 1.1
VCP-CS 1.2
MasterCard Cloud-Based Payments Specification 1.0
Draft
AmEx
specifications
Cartes
2014
2014
EMV Tokenization Specifications
PAN, expiry date, cardholder name, cryptographic keys to be tokenized
Tokens have similar format to original data
Token ranges different from original PAN ranges etc.
Different business models—digitized card in mobile, card-on-file online etc.
MasterCard CBP
Compatible with EMV tokenization spec
Defined components of HCE eco-system—with specific responsibilities and actions
Defined specific behavior for application in mobile in detail.Slide39
Challenges - Development with the Spec ReleasesHad to adapt lots of changes within short timeHad to try different business models to fit inHard Deadline to stay ahead of the market competitorsWe had to forecast different behaviors for MasterCard CBPS SpecsSometimes it worked and sometimes it didn’tSlide40
Challenges We FacedMaintaining Effective Peer Code Review, under Serious DeadlinesAutomated Test CoverageScrum Practice in Distributed TeamsTesting while developmentMocking the dependencyImplement the skeleton first from top to bottom.Effective Team Collaboration while doing, webservices Dependency Analysis before planning a sprint is very vitalSlide41
Challenges We FacedEffective Team Collaboration while doing, webservices Dependency Analysis before planning a sprint is very vital
Image Source:
http://wonderfulengineering.comSlide42
People behind Kona PayTotal Developers: 22Total QAs: 7Scrum Teams: 5Slide43
Scrum MeetingSlide44
Lessons to make scrum successfulSlide45
Technologies Used for Kona PaySlide46
Technologies Used for Kona PaySlide47
Kona Pay into the Wild: From Korea to The WorldSlide48
Kona Pay was Unveiled in South Korea for Korean MarketSlide49
Kona Pay in Outside KoreaKona Pay is unveiled in Money20/20 2015
for
US Market
Kona Pay will be unveiled in Cartes-2015
for Europe MarketSlide50
Q/ASlide51
Thanks