EMVCo has recently published a dedicated white paper – ‘Wireless Payment: Considerations for Use of EMV® Chip’ – which explores the data, security and technology considerations for wireless payments across multiple use-cases.
In this post, Jonathan Main, Chair of the EMVCo Wireless Task Force, examines the potential for mobile and wearable devices to use wireless technologies for EMV Chip payments.
EMV® Contactless and Near Field Communication (NFC) technology has transformed the in-store payment experience by enabling consumers to pay using their smartphone and wearable devices, in addition to their contactless-enabled payment cards.
As mobile and wearable technology has advanced, many devices now support other wireless protocols including Bluetooth, Wi-Fi and Ultra-Wide Band (UWB). The increased range of these wireless technologies – coupled with wide availability, interoperability, security and user control – opens up opportunities for innovative in-store experiences, as the consumer does not have to be right next to the terminal to pay.
This comes amid increasing consumer interest for ‘frictionless’ and ‘just walk out’ shopping experiences, with a survey of UK smartphone users indicating that 70% would welcome checkout-free shopping to increase convenience and reduce time spent waiting in line.[1]
As interest builds and following feedback from EMVCo Associates, EMVCo has been exploring the potential and required elements necessary to address the use of wireless technologies for in-store payments.
EMVCo and wireless payments
Before examining the considerations in more detail, it is firstly important to consider the scope of EMVCo’s exploration.
While the greater range of wireless technology opens the potential to support all phases of the transaction experience (shopping, payment and completion), EMVCo has focused solely on the payments phase. This phase is initiated by the consumer demonstrating an intent to pay, which prompts the generation and exchange of payment data between the cardholder device and the merchant system.
More specifically, EMVCo examined how EMV Chip technology could support the secure communication of data to provide evidence of cardholder involvement, card involvement, and the presence of the cardholder and card in the locality of the merchant:
- Cardholder involvement
Cardholder involvement is the process of establishing that the genuine owner of the card account intends to make a particular payment with their card.
This requires intent to pay – an action taken by the user that indicates they want to use their card or mobile device to make a payment. For traditional in-store payments, this is straightforward as the consumer clearly expresses intent by inserting a card into a terminal or tapping their card or device.
For wireless payments, the lack of physical proximity to a terminal requires a different approach. The intent could be ‘explicit’, such as the user actively enabling a payment app on their device when they are ready to make a purchase. It may also be ‘implicit’, where the user does not directly acknowledge intent on their device at the time of payment. Examples of implicit intent include entering a payment zone in-store or walking through an entry gate designated for automatic payment.
Determining cardholder involvement also requires cardholder verification. Cardholder Verification Methods (CVM) are used to confirm whether the person presenting a payment card is the legitimate cardholder. More advanced mobile devices have enabled consumer verification to be performed on the consumer’s own device – known as Consumer Device Cardholder Verification Methods (CDCVM). This offers various possibilities across wireless payment use-cases.
For example, a user could provide biometric authentication on their device to enable a payment for a 30 second window. Or a user could enter a passcode on their smartwatch to enable a payment to be made for as long as their pulse is detected. Another option would be a user entering a store and opening a merchant app, prompting consumer verification of their chosen payment card.
It is also important to note that for traditional in-store payments, cardholder verification follows the intent to pay. Yet with wireless use-cases, there is the possibility for cardholder verification to either precede, coincide with or – in some cases – establish the intent to pay.
- Card involvement
In addition to the cardholder, the card itself must be able to provide evidence of its involvement in a transaction by generating an application cryptogram. By verifying this application cryptogram, an issuer can validate the transaction was performed by a genuine card (known as card authentication). For wireless payments, the existing methods supported by the EMV Chip Specifications can be used.
- Cardholder / card presence in the locality of the merchant
Another fundamental element of an in-store payment is determining that the cardholder, card and merchant are at the same physical location.
For traditional in-store payments, this is again relatively straightforward as the cardholder must either insert or tap their payment card or device. But as the range of some wireless technologies can extend to hundreds of metres, locality cannot be assumed and must be determined.
There are several potential options for determining locality. Some wireless technologies have an inherently limited range, so the ability for the cardholder device and merchant system to communicate implies locality (in the same way as for contact and contactless transactions). Identifying the specific wireless technology in use – even if it has a greater range – may also sufficiently determine locality.
Certain technologies like UWB support secure ranging capabilities which can provide evidence to within a few centimetres of where the cardholder is within the store, as well as relative movement (this can also help to determine intent to pay). Additional information from the user’s mobile device – known as out of band data – can also be used. This could include GPS data, secondary wireless ranging or local environmental data provided by the merchant (for example, a number or QR code displayed in-store).
What’s next for wireless payments
It is clear that EMV Chip technology can enable and support innovative payment experiences through wireless protocols, which presents a range of new opportunities and challenges for industry stakeholders.
While EMVCo does not see an immediate need to develop a dedicated specification for particular wireless technologies due to the diversity of potential use-cases and the fact that wireless interoperability is already well-addressed, it continues to work in close collaboration with industry participants to evaluate the role that wireless technologies can play in payments. For example, EMVCo has signed a liaison agreement with the FiRA Consortium to further explore the opportunities of UWB. EMVCo also encourages all industry stakeholders to share wireless payment use-cases in development that are not supported by current specifications.
More broadly, EMVCo is committed to enabling seamless, reliable and secure payments amid changing consumer behaviours and advancing technologies.
[1] Charged Retail, 70% of consumers would welcome checkout-free shopping, March 2022