Gemalto is leading the pack in digital security, with hardware and software solutions utilized by some of the biggest names in tech. We speak with Amol Deshmukh, VP of Gemalto’s Mobile Financial Services division, on leading security in the realm of mobile payments, innovating in wearable tech, and the tricky issue of consumer adoption.
Kevin Xu: Amol, lets start with a breakdown on Gemalto, your place in security, and the global scope.
Amol Deshmukh: Gemalto has been around for a long long time, so we’re definitely considered by the industry as the leader in digital security and M2M technology as well.
We have several lines of business; mostly all of them have to do with increasing the security in the digital experience of whatever people do on a day-to-day basis. So we have customers in the telecom space who are mostly operators, MNOs that buy our products and services to enhance the security of their networks, on the GSM network. So obviously a large portion of our business is providing the SIM cards, personalizing them, and getting them issued into the hands of consumers.
The other area is of course in the financial space where we sell millions and millions of EMV chip cards and solutions. So that is a big business for us coming in the US as well.
Of course all solutions around it whether its personalizing these cards, getting them in the hands of consumers. So when you order a credit card from say Chase bank, and you get it in the mailer and you get it in your hand, that’s us. Of course the trends are also changing now where you also get the same cards over your phones. So Isis is another example of what we’re doing, where Gemalto is the key component for the Isis ecosystem.
And also work with service providers such as Amex, who issue these cards together on Isis phones, which also happen to have the Gemalto SIM cards inside of them. That’s another area. The third area is a kind of pure security in the corporate, government, transportation, and that kind of space, where we sell millions and millions of corporate ID cards to folks such as Exxon Mobil or Shell who want to secure their networks, VPNs, send secure emails between their companies, so on and so forth.
And of course the e-government initiatives, wherever there’s national ID initiatives, Gemalto is typically involved with our products and solutions. And closer to home here, we have the DOD, the Department of Defense where we have a huge majority of the cards that they issue to their personnel and their agencies for network and network logins, checking their emails, security and also physical access at some points.
So the M2M business is a business that was something that we acquired a few years back. Looking at the fact that humans interact with each other but soon its going to be machine interacting security and then you can do that… so that you can have a secure interaction whether its talking to them, talking to humans…. and that’s a huge portion of our business as well.
So from a footprint, about I would say 12,000 employees from over 100 nationalities, we’re in 44 countries and we have about 190 countries that have customers globally. 3,000 plus financial institutions are our customers, 450 plus global MNOs, the names that you would know, AT&T, Verizon, T-Mobile, Orange, Vodafone, everybody.
About 80 plus I would say, government programs, national IDs that we have done, and revenue in 2013 was over $3.25 billion. So a leader in a number of fields if you look at it from a digital security standpoint, anything to do with securing the networks, securing the communications, securing interactions between devices as I mentioned.
And there is probably a chance that several or most of the world’s consumers are going to have a Gemalto product in their pockets or in their phone and wouldn’t even know about it. That’s one of the key things that we do, we’re kind of the “Intel Inside” if you may, for a lot of things, we just don’t have that advertising campaign, but we have several customers who have usage in the background and let them be with their brand.
Lets talk a bit about global NFC adoption for a little bit. Would you say that the security features in NFC and contactless payments are inherently more secure than credit cards? Or is that something that needs to be focused on, built up?
Right. From a US perspective, you have magnetic stripe cards which are quite easy to duplicate, you can just take a swipe of the card and you have all the data. And you can start using it or create a fake card out of that. Now the chip cards inherently have a lot more security built in to it because you can’t really track the chip in terms of trying to get the card data out, EMV is the standard for payment.
EMV has also come out with contactless payment. NFC is the same interface if you may, of contactless payments. So when we’re doing NFC deployments whether it’s using the phones or using our EMV dual-interface cards, then yeah absolutely, we have a much much higher level of security, and a challenge response scenario and where the card authenticates the terminal and the terminal authenticates the card. Dual authentication sort of going back and forth, that is way way, way more secure than a simple magnetic stripe card.
The US has finally made the effort to make that transition and has that… on the horizon, so starting to catch up with the rest of the world in terms of security I would think.
What do you think are some of the main friction points in holding back NFC adoption?
With NFC or any new technology, you have to get over the hump of any existing infrastructure. So that’s one of the challenges that the world or any industry usually faces, if you have an existing infrastructure. The infrastructure today in the US is mostly magnetic stripe based. For them to be able to support chip or NFC transaction, there’s a certain change that needs to happen. The good news however on this, especially at this time with the mandates for migration to EMV, both on the issuer and the acquirer and the merchant side, is that there’s going to be a change in this infrastructure at some point with a date associated to it, so its not open-ended. So this kind of a change that’s going to happen for the infrastructure that’s going to help tremendously. The other piece is, most of the US terminal vendors, actually I would say all of them, because there’s just two big ones left now; VeriFone and Ingenico.
All of their terminals support contact as well as the NFC or contactless kind of interfaces on their terminals. So once the physical change of those terminals happens, you’re going to be in a position where there are all these terminals that have the specific connection to be able to support NFC transactions. I would say that’s probably one of the key holdbacks if you may, for any sort of technology change. We see that with NFC, however we see the light very close now, so we don’t even say its now light at the end of the tunnel, because we see the light already. And our experience has shown that that’s the way it’s worked with the Canadian market, the Australian market, UK market, any of the markets that migrated, once that infrastructure jump or leap happened, then taking on new and more secure forms of payment was quite rapid after that.
What about in terms of consumer habits? What do you see happening?
It’s just simple, very simple for me, from a user perspective, if you’re asked to pay, you pull out your card, you swipe it and off you go.
When actual user behavior has to change with EMV migration, where you now have to have a chip card so either you insert it, or you present it as a contactless interface just because you can now, you might see a change in the user behavior.
We’ve seen it in several places around the globe, there is a slight hump that has to be overcome from a user behavior, for sure, no doubt. I almost put it close to before there were touch screens, nobody ever thought of touching the screen. But now, if you give a regular laptop to my kid, he is four, and he’s going to try to touch that screen because that’s all he knows.
It’s a matter of getting used to it, in that sense so once you see and you start using it, you’re going to have acceptance and ubiquity of that. But yeah you’re absolutely right, you don’t see that in the US today more so because as of now as we speak today, the migration hasn’t happened completely. So you’re still in the moment where what you’ve been doing or what users have been doing for a long time is pull their card of the pocket, try to swipe it and be on their way. It’s not overnight, and that’s why the mandates for migration actually do help, because it puts a stake in the sand, a line, where you can say OK, after this at least the technology has to be able to support it, and force users to move to a different user experience.
So what you’re saying is when EMV happens next year, we’ll see an uptake in mobile payments?
Mobile payments as well as NFC transactions globally. And you’re right, you try to link the two together but it’s very difficult to time it perfectly. You’ve got to have the chicken, and then the egg. You’ve got to have enough devices in the market, you’ve got to have enough cards in the market and then the infrastructure change happens. The good thing is, people are not going to wait for each other right now. You see Isis going quite strong, and Isis with its wallet and I don’t know if you’ve read the news recently but American Express is provisioning several thousand, several hundred thousand cards on the Isis phones. So a month in and month out going forward for the past few months. So that, in the hands of the consumers has started to happen. There are so many phones that can already support NFC as well. And you see more and more devices that are coming out with support for that. So I think that’s a good sign, in general for the contactless industry.
I want to get your thoughts on what you thought was the future of payment security. I’ve read a lot about biometrics and I was wondering if that was something Gemalto was looking into.
Yeah that’s a great question because we’ve looked at biometrics for quite a long time. Just what we’ve seen come back from the markets, is that a system where the biometric information is stored in a central location, is not something that has gained a lot of popularity.
Purely because if that is once compromised then there is a big problem. Biometrics are a good entry point if you want to replace PINs, and if you want to be able to unlock the credentials that you have, whether it’s payment credentials, security credentials, and instead of trying to remember my PIN, in a more distributed system, if I can use the biometrics to unlock those and then go on with whatever I want to do, that’s going to be probably a more easy to digest.
We have solutions around that as well, whether it’s storing the biometric fingerprint on the card, or in secure elements, so on and so forth, that can be done, not a problem. From a mobile security standpoint I think what is going to be key is the fact that folks actually know that when they’re paying: One it’s more secure than using your magstripe, for sure. Two, its going to be more convenient as well. Security is the tough sell, and I think contactless is going to be seen as a convenient method.
Especially when you start using phones, it’s much easier to tap your phone and walk away. And people are starting to get used to tapping cards, tapping card readers, cards to open doors, to use their cards for payments or for other things, access for corporations, things of that nature.
So the tap is starting to get a mindshare if you may, people are used to using the tap as opposed to doing something else. So I think that’s going to be a key for mobile payments in general, and of course the underlying fact that the consumers, obviously, almost make an assumption that it has to be secure, they put that on the service providers. So they expect that the service providers have put in solutions that don’t compromise their privacy and security. And that’s exactly where we help our customers from our solutions and product standpoint.
Last question, and that comes back to contactless payments. Have you been looking towards wearable technologies and incorporating payments in wearable form-factors?
We’ve seen quite a strong interest from the market, we have solutions actually in the market right now for wearable technology. We’re starting to see a little bit more interest of saying, okay, can I do this as a brand, because there is a branding thing that wearable brings along with it as well. There’s a convenience and there’s a cool factor, associated with it, but yeah absolutely we have actual solutions in the field and technology that allows folks to use payment cards inside of these wearable bands that for us looks like a regular card that you just insert, similar to a SIM card that goes into a phone.
So you stamp it out, put it into the wearable and off you go for payment. So we take care of everything that needs to be done from our product and personalization standpoint. We’re starting to see that as a strong interest from the market for sure. It’s amazing, I was in the business of the financial space about, I would say… six years back, we started pushing this into the market, and there were some stadiums around the world who tried to do that, like football stadiums or soccer stadiums who wanted to do commemorative kind of bands, for their users and then the user can interact with the payment system. We are starting to see that interest peak now and more and more of our customers are coming back to us and saying “Hey, I’d like to issue a companion wearable along with my dual interface card for payment,” for example. So it’s really all about being right there and I think the financial institutions are starting to be in that space again.
Any last comments?
We’ve really seen contactless as being the key for payments going forward, where there’s migration to new infrastructure happening, the EMV migration happening, start seeing a strong uptake of contactless payments. And once that happens that also bodes well from a mobile payment standpoint, which is… it’s not very difficult to swipe your card, it’s very difficult to swipe your phone but its very easy to tap your phone to achieve the same result.
So those link together, and you see the increase of contactless really bodes well for increase of mobile payments as well. And inherently, your phone is a multi-application phone and can support many many things, so with payments then, you can have other things that we also look at. Geolocation, you know how to make sure that your users can get relevant offers, things of that nature. So it starts becoming a much more lucrative and enhanced experience from a consumer standpoint. And that’s what starts getting them to use it.
Because lets be clear, folks don’t wake up in the morning and say - how do I pay in a different way today? You’ve got to get them to move and to do certain things because they want to do it, and the power of that choice, giving that in the hands of the consumers, making it something that they choose versus something that’s pushed on to them…. is much easier on a mobile phone than anything else, so you see a start where these mobile payments are on the rise once you have the infrastructure ready and are able to support it. That’s where we are definitely quite excited and we see a very very bright future for mobile usage and payments in general.
Amol Deshmukh, Director of Mobile Financial Services North America, Gemalto
Amol joined Gemalto in 1996, where he has served a variety of roles in the domains of corporate security and financial services. His experience includes engaging Fortune 500 companies, financial institutions and payment associations to champion next-generation authentication and payment technologies. In his current role as director of mobile financial services (MFS), Amol’s broad security and payments expertise has been instrumental in shaping Gemalto’s strategy to address the converging mobile and payment landscape.
