Ryan Hughes
- Championed digital asset management before the data boom on consumer devices, and mobile applications before app stores existed; currently playing a leadership role in the mobile payments market.
- Key player in the creation of SoftCard, a joint venture involving AT&T, Verizon Wireless and T-Mobile USA to develop the world's first wallet to span multiple banks, networks, and mobile operators.
- Currently leveraging the real world experience of deploying mobile payment solutions to assist banks, mobile network operators, handset manufacturers, and everyone in between to deploy products that engage their consumers.
- Named by in-Mobia as one of top 6 influencers in wireless industry; by Sports Business Journal as one of top 10 influencers in mobile sports; by Billboard as one of top 10 executives in mobile music.
- Formerly two-time captain of the Cornell varsity hockey team, a second round draft pick in the 1990 NHL draft, and leading scorer and MVP of the Boston Bruins minor league team in 1995-96.
- All 7 Best Practices
- Pre-Meeting Discovery Process
- One-on-One Call with Expert
- Meeting Summary Report
- Post-Meeting Engagement
Mobile Payments
Key Trends
- Tokenization, a system of replacing live data in systems with tokens, results in minimized exposure of sensitive data to applications, stores, consumers and processes, reducing the risk of compromise or accidental exposure and unauthorized access to sensitive data.
Visa and MasterCard created the concept that is referred to as tokenization. This is the process of substituting a proxy account number for the consumer's 16-digit card number, with a less sensitive equivalent, referred to as a token. The token serves as a reference that maps back to the consumer's primary account number through the networks' tokenization system.
The tokenization system is built to map the tokens back to the primary account number securely both for creating the instance of the token in the phone (or in the cloud) and for payment authorization. As the consumer completes transactions in a retail environment, the 16-digit token is used, which also passes additional information in the authorization stream that is uniquely tied to the mobile phone, thus making the token unusable if manually keyed into a website, or presented via mag stripe.- Host card emulation (HCE) has opened mobile pay development to more companies by simplifying what used to be a complicated system of storing and transferring sensitive payment credentials.
- Host card emulation (HCE) is available in the latest Android operating system called KitKat. Instead of storing payment credentials in a phone and having to manage the lifecycle of it, HCE provides a mechanism to store the information in the cloud. So now a bank, instead of having to send the credentials to a physical secure element on a phone, can send the credentials to the cloud. HCE basically democratizes payment and allows more businesses to participate in the mobile pay arena without having to forge complex relationships with mobile phone companies.
- Elimination of the mobile network operator (MNO) at the center of the ecosystem causes businesses to move away from carrier-based solutions.
Carriers upgraded SIM (subscriber identity module) cards to include secure elements on them, allowing for Visa, MasterCard, American Express and Discover credit cards and debit cards to be stored on the secure element that resides on the SIM card. In a related move, Visa and MasterCard endorsed host card emulation, basically moving the secure element into the cloud, which is now supported on Android and Windows.
Since host card emulation is now compliant with payment network rules, any bank or digital wallet solution like Samsung, Apple, Google or PayPal can now host payment credentials in the cloud and interact with them at the point of sale. This fundamental change in technology has caused banks to move away from carrier-based solutions. Many carrier-based solutions are either being shut down or shelved prior to launch.
- Companies need a secure process and strategy to deal with the life cycle events involving mobile payment tokens.
A strategy is needed for all participants in the ecosystem to provide a safe and secure method for a customer who loses a phone, gets a new phone, changes operating systems, or even changes mobile operators.
The key players that need to coordinate this process include payment networks, payment processors, banks and mobile wallet operators like Google, Apple, PayPal, Samsung and others. Businesses entering into the mobile pay arena need to manage the life cycle events regarding a consumer and ownership of his or her smartphone while still protecting the consumer's sensitive card information, whether stored on a secure element or in the cloud.- Each of the major players in the digital wallet market are advancing different technologies and different business models, requiring key constituents to have a strategy for dealing with the various implementations.
Each of the individual wallet operators has a different business model. Some of them charge directly to key players, most notably the banks. Others are interested in collecting data from the payment transaction. Yet others are just looking to build advertising solutions on top of the payment transaction itself. Then underpinning all of that, each of the wallet operators has a variation of the technology implementation.
As a bank or any key player prepares to interface with mobile wallet solutions, they need to fully understand the business, the technical and strategic risk associated with cost per transaction, and sharing information that has historically been the domain of the banks with companies like Google, which comes with a risk. To put it simply, each player needs to fully understand the operating landscape before just jumping in. Knowing what questions to ask and what information to research before entering a business arrangement in mobile payments is essential.