This press release from HPS indicates that Gemalto will utilize the HPS tokenization platform that is agnostic of the consumer device and operational on any card payment scheme; an exceptionally bold claim:
“Gemalto and HPS are offering an integrated and modular Tokenization solution to provide payment services providers with the strongest mobile payment platform that is agnostic of the consumer device: it secures payment credentials across HCE-enabled handsets, Secure Elements (embedded and SIM) and Trusted Execution Environment (TEE) or any combination thereof. The solution, available in hosted or on-premise modes, can be used by any card issuer and any card payment scheme.”
The branded networks have a business relationship with Apple that suggests this solution will not operate on Apple devices. The existing tokenization scheme available from the branded networks, including the token vault and token service provider functions as identified by the EMVCo tokenization standard are not capable of being operated by others. As a result, this is likely a claim of technology rather than an actual business relationship to enable interoperation with the branded networks. There are several tokenization technology companies that are lined up to be certified by the banded networks should the opportunity arise.
Perhaps the more interesting capability is the support for the many different device security models including Secure Elements (embedded and SIM), Trusted Execution Environment, or any combination of these. What is missing in this statement is support for an updated real-time authorization capability that can take appropriate action on all of the new risk factors associated with managing credentials across all of the environments. Again, a technical solution may not necessarily work effectively in the real world.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
Read the full story
