Last month, at CES 2017, ST showcased a complete solution to integrate mobile payment in smartphones and wearable devices. Contactless payment is not new, but building such a system from the ground up is extremely cumbersome, which explains why so few companies offer it. There are so many aspects to consider, such as communication protocols, the security, and the various certifications, that it is easy for an engineering team to quickly become overwhelmed. ST’s turnkey solution is fairly unique in the industry, and the best tool to integrate mobile payment quickly and painlessly. To help understand why this solution is so exceptional, we’ll look at Joe, an average consumer trying to use his smartphone to pay at the checkout line of a typical store.
When Joe places his hand in his pocket to pay, he no longer grabs his wallet, but his phone, because it is so much faster and more convenient. Instead of unlocking his device, which would take too much time, he simply taps a few times on the screen. ST’s solution integrates an accelerometer (LIS2DS12) that detects Joe’s motion, and automatically opens the phone’s digital wallet.
Mobile Payment for All
Now that the interface is up, Joe sees all his credit and debit cards from various institutions, such as Visa, MasterCard, American Express, Discover, or MIFARE®. That’s because ST’s solution has already been pre-certified by most payments and transit schemes. This is an incredible time-saver for manufacturers that can implement this system knowing that they’ll easily be able to provide support for the vast majority of payment methods available to consumers.
At this point Joe simply chooses the card he wishes to use, and then lowers his phone toward the store’s payment terminal. That’s when the cashier notices that unlike other mobile payment solutions on competing smartphones, Joe doesn’t need to touch the payment box with his smartphone. He can simply hover his phone at about a dozen centimeters, and start the transaction process quicker. This truly contactless payment system is possible because ST included an NFC Booster (STS39230) in their system. This little chip increases the power coming out of the NFC’s antenna, to offer the most powerful solution on the market today.
The World of Mobile Payment
Joe is ecstatic that his phone works faster, and from farther, than the rest of the competition, but what he doesn’t know is that in that split second when the store’s terminal requests a payment, a whole world is going to get moving to satisfy that order. Indeed, the information goes from phone NFC’s transceiver to a secure NFC controller, the ST21NFC, which includes a 16-bit CPU core.
At this point in our story, most manufacturers would start worrying about having to develop their own operating system to handle the payment request. However, ST has partnered with Giesecke & Devrient (G&D), who provide a secure operating system, as well as FitPay, which offers software that talks to financial institutions, so manufacturers don’t even need to worry about it. ST’s solution automatically has all the hardware and software components, as well as the necessary Android libraries and APIs, to handle payment requests securely.
When the store’s terminal requests a payment, and the NFC controller receives it, the OS, and the application, work together to generate a token, a very basic code used to access the credit card’s information located in a special ST component (ST33G1M2) known as the Secure Element. This chip stores in hardware the card details and cryptographic keys. Hence, even if there is a vulnerability in the software stack, this sensitive information remains out of the hands of potential hackers, because they are in this specific hardware partitioned from the rest of the system. Furthermore, the card details never leave the Secure Element, because the system will only use them to generate a unique card to pay for the transaction.
Worries of the Past
When this unique card is generated, the payment terminal will confirm with the financial institution that it is valid and linked to Joe’s account. At the end of the transaction, Joe has a big smile on his face because the entire processing, approval and completion of the transaction took one to two seconds. He has no idea how this whole system works, but he knows it is so much faster than cash, signing a receipt, or entering a PIN code.
Furthermore, when the store he just visited is compromised next month, and a group of foreign hackers will have stolen the credit card information of everyone that has ever paid in this shop during the last 5 years, Joe will have an even bigger smile on his face. Indeed, he will remember that the unique card from the mobile payment system is only valid once, and is completely anonymous, because only the bank can decipher it. As a result, whatever the computer thieves got from his transaction in the store’s database is now useless.
Two years later, Joe will buy a new smartphone, and he will remember how his old one saved him from a potentially devastating hack at his favorite store. And the manufacturer will know that this feature was cost-effective, and relatively easy to implement, because ST had provided a complete, certified, and powerful solution that was customized to fit the phone’s design.