Secure Mobile Payments Using Near Field Communication and BlackBerry Smartphones


Did you know that both VISA and MasterCard have certified BlackBerry smartphones with NFC capabilities to be used for mobile payments?

Over the last couple of years, NFC technology has become increasingly popular in smartphones. Recent blog posts on the Inside BlackBerry for Business blog have shown that NFC-enabled devices can be used for a wide range of tasks, including access to your workplace and paying for your morning coffee. NFC has enabled many of us to see our BlackBerry smartphone as not only an important communications tool, but also as an efficient, contactless payment tool. When considering the use of a smartphone for mobile payments security is a major factor.

If you’re interested in learning more about some of the security features embedded in your BlackBerry smartphone when using it as a mobile payment solution, here are the details – straight from the BlackBerry experts!

According to our BlackBerry Security Certification Manager, Nayef Khan, “One major concern customers have when making mobile payments is security. A lot of focus in the mobile industry is put on the security of the “payment tap” process and overall device security. However, what’s often overlooked is how a credit card’s information travels directly to a smartphone, and how that overall data transmission process is secured.” In the NFC industry the systems that get your credit card data securely onto the device are called Trusted Service Managers (TSM). They are a key part of making NFC payments secure. BlackBerry is actively working on TSM functionality. The certification of BlackBerry as a VISA approved Trusted Service Manager (TSM) proves that the world’s top banking organizations recognize the high level of BlackBerry security standards.

So what are Trusted Service Managers (TSMs)?

A TSM is a cloud-based service that creates a secure communication channel between your NFC-enabled smartphone and the financial institution’s payment tool. The BlackBerry solution is designed to create a secure location within a ,secure container called a “Secure Element.” This secure storage area on an NFC-enabled smartphone enables financial institutions to store the sensitive payment information directly within the smartphone.

Our implementation of the TSM is known in the mobile payments industry as a “Secure Element Manager” (SEM). The SEM is responsible for managing space on a Secure Element. SEM also grants access to this secure space to mobile network operators or issuers of credit cards (know as Service Provider TSM or SP-TSM). Through the infrastructure that our SEM provides, SP-TSMs will have a single secure gateway allowing them to support any customer with an NFC-enabled smartphone that wants to enable a “mobile wallet” application. While the provisioning of credit card information is left to the SP-TSMs, the SEM allows for them to make a secure connection to the Secure Element. This arrangement also makes our solution highly scalable – new issuers can be on-boarded quickly.

Can you clarify what a secure element is, exactly?

As an analogy, think of the Secure Element as an apartment building. The manager of the apartment building (BlackBerry) allows each individual apartment (location for issuers and application providers) to be unlocked by a unique key. New tenants (issuers and application providers) can move in as soon as they are approved by the manager and provided with the key.

Visa’s approval of the BlackBerry SEM shows that we have been able to meet the rigorous standards that are expected in the financial industry. Over the years, BlackBerry has been associated with strong security and we are using our experience to build a secure foundation in this new domain.

Securing the “payment tap”

We have talked about how we secure the transmission and storage of sensitive information. In order to provide end-to-end security for a mobile payment transaction, the payment process also needs to be secure. Ever since BlackBerry launched NFC-capable smartphones, we have been working with the financial industry and credit card companies to certify our devices for use of mobile payments. The BlackBerry Curve 9360 and BlackBerry Bold 9900 were among the first smartphones to be certified by MasterCard and Visa for NFC-based mobile payments.

These certifications were granted on the basis of the BlackBerry smartphones meeting the functionality, interoperability and security requirements of MasterCard and Visa. The process includes extensive technical, security, and usability testing. This helps to ensure reliable and secure transactions which are compatible with the global standard for chip-enabled payments. With these certifications, any MasterCard PayPass or Visa payWave issuing bank globally will be able to deploy accounts to the SIM card of these smartphones.

Currently, all NFC-enabled BlackBerry devices in market have received the necessary payments certification. We have also done some great work with our brand new BlackBerry 10 platform. Looking at the device and back-end certifications in unison, BlackBerry is undeniably at the center of NFC innovation. The tools and security are available; we expect wireless carriers and financial institutions to pursue mobile payment solutions using BlackBerry smartphones in the near future – and some have already been implemented.

Is your business looking to make use of mobile payments? Does the TSM infrastructure alleviate some of your concerns regarding mobile payments? Share in the comments below.

About Steph F.

Steph has been with Research In Motion since January 2009, most recently as a Communications Advisor on the Corporate PR team. With experience within the RIM Customer Support Operations organization, the Office of the CIO and the Enterprise and Government Public Relations team, Steph enjoys being a part of all things BlackBerry. Steph engages daily with the BlackBerry For Business community, which gives her an opportunity to connect with enterprise business leaders online. An ink-slinger of the fussiest sort, Steph has experience supporting senior executives (personal correspondence, keynote appearances and media interviews) and event management (press conferences, product launches and trade shows). Outside the office, Steph is a self-proclaimed oenophile, globe trotter and foodie-in-training. She also loves westies and accountants.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus