Mobile carriers just received another blow in their attempt to be “more than just carriers.”
The overwhelming majority of people in the developed world nowadays – and many in the developing world – carry mobile phones, many of them smartphones. Since payment cards are nothing more or less than data holders and, with chip-based-cards, small computers, there is no reason payment cannot be stored, managed and paid using a mobile phone.
The problem, of course, is that storing sensitive data like payment card and account information on a phone – which can be physically lost or virtually hacked – is far too risky. If you don’t believe your phone, or anything else, can be hacked, watch Josh Corman’s TED talk (courtesy of top-notch Information Security & Compliance consultant Daniel Blander).
Carriers and phone manufacturers have responded with “secure areas” of the phone, hardware-controlled and encrypted storage areas that can only be accessed in certain ways. While this makes sense, the carriers of course viewed it as yet another way to tie you to them. Put in other terms, “we are more than just carriers!”
Of course, payment providers like MasterCard and Visa don’t like being tied to carriers very much, and looked for alternatives. Along comes Google’s Android 4.4 KitKat with a cloud-based solution called Host Card Emulation (HCE). It looks like a secure storage area on the phone, but it is actually in the cloud.
This makes a lot of sense, as it is very similar to how physical cards work today. You swipe your card, the payment terminal connects to a payment processor (a.k.a. cloud), validates that you can pay it, and approves the transaction.
Last week, MasterCard and Visa announced that they will work closely with HCE. This should surprise no one (except for the carriers, of course). Users do not want to be tied to the phone or carrier for payments that have nothing to do with them; neither do the payment processors.
In the strategy business, we call it “focusing on your core competency.” What do you do particularly well? What are you best structured to do? What gives you a competitive advantage? It seems to me that device-based encryption sold to Visa and MasterCard doesn’t fit very well with running large-scale tower networks and voice+data interconnections whose services are sold to consumers.
At some point, will the carriers ever learn that it can be a great business to just be a great carrier?