Tap & Pay

Concept definition

Card issuers can enable their cardholders to pay in-store by tapping their phone at NFC-enabled point-of-sale (POS) terminals using their mobile banking app. By combining digital cards with consumer device cardholder verification methods, contactless payments can be performed without transaction limits.

The IDEMIA Tap & Pay service enables digitization of payment cards on Android mobile app allowing consumers to pay in stores, by tapping their mobile devices on POS terminals (based on Host Card Emulation technology).

Use Cases

The IDEMIA Tap & Pay service covers the following use cases:

  • The IDEMIA Tap & Pay service enables cardholders to have a digital version of their payment card in a mobile banking app to pay by tapping their Android phone at NFC-enabled POS terminal, in store. In this use case the payment performed is considered as a card-present transaction (proximity payments).
  • In addition to proximity payments with merchants, the IDEMIA Tap & Pay service could be used for EMV transit use case thanks to the offline data authentication capability (both for closed and open loop configuration).
  • The IDEMIA Tap & Pay service could also be used for in-app payments. This use case is relevant in the contact of private label card issuers who could drive the adoption and integration of this in-app payment options with participating merchants.

User Experience

Tap & Pay service activation

Tap & Pay service – Contactless transaction

  • Enable digital-first experiences for cardholders to Tap & Pay immediately after creating an account or applying for a credit line (i.e. while waiting for the physical card to arrive by post or in case of unexpected events related to the physical cards such as stolen or lost card).
  • Contactless payments can be performed without transaction limits.
  • See real-time transaction details using their mobile banking app offering a consolidated view.
  • Consumers don’t need to worry about fraud and risking their information. Their card details are not exposed as securely stored in their mobile banking app.

Key features

Easy integration

IDEMIA exposes easy-to-use set of APIs and provide the issuer with a multi-scheme mobile SDK and wallet server to securely store credentials and emulate card during card-present payments.

Wallet Agent SDK certifications

The IDEMIA Tap & Pay SDK (Android 7+) is compliant and certified by international networks, Visa and Mastercard and for the both functional and security requirements.

Support of multiple schemes technologies

The IDEMIA Tap & Pay service is designed to support multiple schemes payment technologies, including Visa (VMPA), Mastercard (mChip), Discover (D-PAS), JCB (JCB contactless) and White Label Alliance payment technology (WISE).

Support of co-badged cards

A card could have two "badges", meaning two payment instruments, usually for domestic and for international payment transactions, or for close loop payment transactions. In such case, two tokens shall be enrolled for the same card. The IDEMIA Tap & Pay service supports co-badged cards configuration, meaning it is possible to provisioning two tokens for the same card into the same device for this particular use case.

Payment flows supported

Depending on consumer verification configuration and the amount of given transaction the cardholder can perform the in-store transaction in one of the following scenarios:

  • Single tap for low value payment, also for high value payment when online PIN is supported by given implementation.
  • Pre-tap when consumer wants to perform on-device cardholder verification prior to actual payment (i.e. consumer already knows that transaction will be qualified as high value payment).
  • Double tap when after initial tap the transaction is qualified as high value payment, the consumer is requested to perform on-device cardholder verification and tap again.

Security is paramount

Being one step ahead in security is the key factor for IDEMIA, therefore the IDEMIA Tap & Pay service is designed to reduce the exposure of sensitive data like payment keys by enforcing security measures such as transport and data layer encryption, end-to-end data encryption using AES and RSA keys, mutual SSL or VPN encryption for the transport layer … The IDEMIA Tap & Pay service supports enhanced security feature of White-Box cryptography to enable strongest obfuscation and prevent against any type of security attacks. It provides:

  • Enhanced obfuscation of data and keys stored on the device,
  • Prevention against any type of tampering and reverse-engineering,
  • Strong diversification using randomization and secret algorithms,
  • Secure payment cryptogram generation in controlled white-box environment,
  • Unique keys specific to customer implementation to further strengthen solution security.

QR code technology supported

While NFC payments are progressing, new methods of token on device such as QR Code has already gained popularity in some parts of the world. The IDEMIA Tap & Pay service and associated SDK is also able to support the provisioning of tokenized QR code for proximity payments in the consumer-presented mode. This use case is possible to implement with private label card issuers.

Activate new features

By relying on the IDEMIA Digital First Platform Suite and integrating the IDEMIA Tap & Pay service, card issuers can easily access new services and make new features available via their mobile banking app to the cardholders. The IDEMIA Tap & Pay service can be combined with the IDEMIA Issuer to TSP Gateway service to connect issuers to networks TSPs in a unified way.

The IDEMIA Digital First Platforms Suite operate as a multi-tenant cloud system offering issuers a unique interface to activate features from their mobile banking app and for connectivity to Token Service Providers and Token Requestors, for a variety of use cases.

Service Benefits

The IDEMIA Tap & Pay service provides issuers with the following benefits:

  • In this wallet option, the payment service is powered and branded by the issuer enabling them to advertise and communicate about the service and other card product through their mobile banking app. The issuer could perform consumer payment habit analysis to push real time and targeted marketing and promotion campaigns.
  • Provide convenient and independent payment service to cardholders.
  • This wallet option can give the issuers the freedom to innovate as they are in control of their roadmap to add new features (contrary to third party wallets). Issuers build the user interface and so have control over how the cardholder interacts with the service.
  • This payment service can coexist with third party wallets enabling the issuer to have a global mobile payment strategy.

Integration overview

Below are the different end-points the issuer needs to integrate with to benefit from the IDEMIA Tap & Pay service:

The issuer will embed into its mobile app the IDEMIA Wallet Agent SDK. If the issuer is not already connected to networks TSPs, IDEMIA can provide the IDEMIA Issuer to TSP Gateway service and then issuer would integrate with IDEMIA Issuer API.

Integration overview