"Paying with a cell phone should be as easy or easier than calling or sending a message" Interview with David González
Security and mobile payments have become two critical factors in terms of the future of banking and the relationship with the customers. We met with David González from G&D who talked to us extensively about the key market trends and some of the most pressing current issues in this sector.
This year mobile payments are going strong and it looks like they are set to gain widespread acceptance. Apple Pay, Android with its forthcoming API, Samsung Pay… Is it simply a question of waiting for more services to appear before it becomes entrenched, or has there been something else?
In recent years, mobile payment technologies using NFC have proved their viability and efficiency all over the world. In fact, G&D has been one of the leading players in a large number of technology projects, in both pilots and services already rolled out in Europe, Oceania, and North and South America.
So there is nothing to prevent the implementation of this type of services. However, the main handicap for mobile payments is the business model. Financial institutions, operators, telephone manufacturers and the retail sector itself must agree and define the market, and they will have to do so whether they want to or not, because there's no doubt that users are demanding to have this service on their devices.
From our end there's no technological limitation to extending this type of services, and if anything has changed, it is definitely the demand by the consumers and end users due to the ease of use, convenience and security. There's no doubt we're about to see a sweeping transformation of the payment models, and anyone who refuses to accept this fact will be left out in the cold.
From our end there's no technological limitation to extending this type of services, and if anything has changed, it is definitely the demand by the consumers and end users due to the ease of use, convenience and security. There's no doubt we're about to see a sweeping transformation of the payment models, and anyone who refuses to accept this fact will be left out in the cold.
Well, just as with all technology ideas, time will tell. And it will be the banks themselves who decide who will emerge triumphant. Of course, this is a potential opportunity for any startup in this area offering a viable, secure and useful solution. But banks, unlike other sectors, can't afford to take risks. Data inviolability, confidentiality and security are the keys to success in this market segment.
Let's take CloudPayment, for example. There are numerous companies that claim to offer this service, but do they all really offer the required level of security? Quite honestly, I'm not so sure. A bank can't afford to offer a solution that turns out tomorrow not to have been sufficiently strong.
The same is true with the added value banks are seeking as a way of setting themselves apart from their competitors. In this market they need to offer robust and scalable solutions that allow businesses to grow and offer new services to their customers.
We're hearing a lot about the Internet of Things. In view of the fact that you work with security aspects, how do you see this product niche? Will they be secure? What will they contribute?
The Internet of Things is set to be one of the levers that will move the technology market in coming years, and along with it, IT security. It is expected that by 2020 there will be 26 billion devices connected to the Internet. And in this scenario protecting people's confidentiality, assuring individuals' and companies' data and protecting digital identities is going to be essential. So much so that Frost & Sullivan predict that the ICT security industry will invoice around $100 billion in 2019.
For years we've been working in the field of M2M or machine to machine communications, the precursors this new concept in technology. That's why we know security and ease of use are basic. So the IoT will be secure. We don't see any impediment for its development.
As for what they'll contribute, it will depend on what services and solutions are developed around the concept. Many will fail, but many others will succeed, just as whenever a new field for the application of technology opens up.
At G&D you handle some transport issues too. Will we soon see a definitive move to a system of digital tickets?
We have all the technology, products and development to enable transport tickets to be carried on a mobile phone. And we also have a wide range of contactless payment cards already on the market for all kinds of collective transport companies (metro, train, bus). Both systems have unquestionable advantages for both companies and users, and they will certainly end up by replacing the traditional tickets we know today.
In our opinion cell phones have significant advantages for users as they can buy tickets before using them and avoid queues at the ticket vending machines. We believe this is also very interesting sector for banks.
Are mobile payments today a really secure option or do they need a little more fine-tuning?
Security in mobile payments is totally guaranteed and is comparable to the security you have when paying physically with a credit or debit card, with the added factor that the phone has more security components than a card in the case of theft or loss: we become aware of its disappearance sooner and it can be blocked remotely.
We're transferring more and more services to our cell phones, and becoming ever more dependent on it. Are people conscious of this? Do you think there's enough security, and that it's used correctly to protect information –for example in the case the device is stolen?
Not always. If you ask users you find widespread concern about the security of their data and the information they keep in their telephones. But a lot of people don't make backup copies or install an anti-virus. For them, together with a new breed of users who are much more demanding about the inviolability and confidentiality of their data, there are users who are unaware of the dangers incurred by careless use of their cell phone.
Paradoxically this revolution is taking place in parallel with an environment that is awash with apps and social networks based on information sharing.
For this reason at G&D we believe that when we talk about offering financial services we need to be ahead of the field and offer robust but unobtrusive security that's practically invisible to the users. In other words, we need to offer security without the user being aware of it.
However, even though we can guarantee the physical and logical security of the devices, the user must also help by behaving securely. Fortunately we're also seeing a change in mindset and significant efforts to raise awareness by institutions and agents in the market.
What role will the SIM play in the future? It looks like many people would like to get rid of it. For you privacy is essential, but do you think people are aware of what it does and how they manage it? It seems that sometimes we make “sacrifices” so we can enjoy certain services. The Sony hacking incident was widely discussed, and just recently Gemalto was called into question in the matter of its SIMs. What role will cyber security play in the future?
Giesecke & Devrient (G&D) is one of the world's leading manufacturers of SIM cards. We are providers for over 350 telephone operators. SIM cards are the basic security element if we want to preserve users' privacy in their communications and transactions. In fact, we've been instrumental in developing and implementing the security standards that have succeeded in making SIM inviolable.
As for the case you mention, at G&D we don't comment on the news from the competition, but the reports suggest it was not an attack on the SIM. In the case of G&D, we place great emphasis on security, and we make a substantial investment in reinforcing and updating the security systems we use to generate, store and transmit data.
As I said earlier, logical and physical security is practically inviolable. However, the human factor plays a key role in any security infrastructure and unfortunately that depends on each one of us.
What do mobile payments need for everyone to use them massively?
The key feature that will lead to a massive use of mobile payments will be their ease of use and convenience. Paying with a mobile device should be as easy or easier than paying with a card, calling or sending a message.
With our commercial cloud payment solutions, banks all around the world like the Commonwealth Bank of Australia are seeing that it is today a reality.
Do you see business opportunities in Smartwatches?
If this type of devices become successful, we see opportunities as at the moment they're merely an extension of smartphones. But it's still early to know how well they're accepted by users on a massive scale. I think we have to wait a little and see how they settle into the range of currently existing devices.
In Barcelona you presented several new developments. Could you tell us a little more about them?
At the last MWC 2015, G&D proved it has the most advanced technologies to simplify and protect the deployment and use of the new generation of mobile services in a range of spheres such as telecommunications, banking, transport, automotion, industry and app developers.
Along with Vodafone, we presented Secure Login, the corporate solution to prevent digital identity theft through smartphones and mobile devices, based on a SIM manufactured by G&D, incorporating a fixed and unrepeatable identity which is impossible to clone or reproduce.
Also for operators we presented SmartLicentio, which enables a security component to be installed remotely in the SIM, thereby giving access to all kinds of web services (email, mobile banking, e-commerce, voice and video conferences). The personal data and information are encrypted and stored in the SIM.
Another new development was SIMSec, a service to enable developers of mobile apps to protect their customers' data. Here the phone SIM is used to store the customer's credentials when using the app, including PIN numbers, usernames and passwords, and to prevent their theft and use for any type of fraud.
Finally we converted a smartphone into an electronic ticket which is valid for travel on collective public transport. The phone can store a monthly or annual subscription, or a ticket for a single journey, and can be used for different types of transport, either intercity, urban, road, train or plane. Within the sphere of the IoT and machine to machine communication, we showed solutions for both the professional environment and for household networks of connected devices. We have security solutions for 4.0 manufactures and the new industrial environments, and we showed how data subscriptions for domestic users could be shared via cell phones with tablets, smartwatches, wearables and other IoT (Internet of Things) devices with integrated SIM cards.