Payment Timelines: a perspective on the historical context

Payment Service Timelines

I have been around the payment industry since well before chip and PIN, even before the introduction of the CVV – not the CVV2 or the iCVV although I clearly remember their introduction, but the original CVV that was inserted into the first 3 digits of the Discretionary Data field on the magstripe.

I have been involved in many of the payment initiatives over the last million years or so, and if I wasn’t involved, I was probably sitting on the sidelines, observing!

Much of what is written below is drawn from personal interaction and contemporary experience. There may be some possible inaccuracies, but hopefully they are few and far between and don’t detract from the bigger picture. I have tried, at all times, to be fair, factual and pragmatic.

I will be adding to the timeline and I will insert the sections in their proper chronological order, however I shall not be writing them sequentially.

UK Mobile Payments

I used to have an HTC M8, because it had NFC functionality and I could use it to pay for Monday lunch and some beer down The Sun in Hoddesdon. This would have been around 2012ish, and it was possible because of the Orange mobile payment app. It always impressed the people down the pub, and it never failed to impress me.

This was well before the launch of apple pay in 2014 and google pay in 2018, but whilst it worked, it had its problems. 

The UK mobile operators had proved the technologies: they could set up a pre-pay account with a card, they could pass EMV card credentials to an app on the phone, and they could store the card data in the Secure Element on the SIM. The app was able to access the SIM and the NFC interface, and emulate a real, contactless card. There were no bells and whistles, such as backchannels for transaction confirmation, but it worked!

The Secure Element on the SIM was able to store the EMV data and the app was able to access this data to make a payment – and so the process was proven in the UK, which was leading the field in all of this! The UK Mobile Operators merged their expertise (with the exception of “3”) and set up WEVE, a joint venture tasked with developing the concept.

The writing was on the wall when Tony Moretta, the Marketing Director, stood up at a conference and announced that WEVE would be developing a transaction framework that would support mobile contactless payments, and also combine loyalty in the same tap. 

The first challenge was the delivery of the EMV credentials to the SIM, and they were proposing a delivery model based on three interconnected TSMs (Trusted Service Manager). TSMs were shiny and they excited senior managers because they were something to talk about down the payment service club. The problem was that few organisations had managed to get single TSMs to work effectively, and these guys wanted three – so I heard.

The second challenge was that it was (and on the whole, it still is) not logically possible to aggregate loyalty and the payment into the same tap – this would require back-end processing that wasn’t available, and still isn’t unless you sign up for the Card Scheme loyalty products.

WEVE were not going to deliver an integrated mobile payment service, and they were definitely not going to deliver a loyalty programme on top of it. All it needed, without trivialising the effort involved, was a transaction switching approach – a fundamental element of card processing – to move card credentials in a logical envelope from issuer to operator, and then to the SIM.

I had a couple of conversations with WEVE at the time (I do remember the names), and it was clear they knew they were not on to a winner. I was told that they had “two rabbits running” but they were both going to fail. I was then told that even though they knew they were going to fail, they had to run their course – even though the switch proposition was understood to be the correct one.

Not surprisingly, by the time the rabbits had run the course, it was too late to retrace steps and recover. 

WEVE failed to deliver any solution, and the press at the time reported this, saying that it wasn’t delivered because it wasn’t possible; it wasn’t possible, but we needed to wait for apple to fix it. 

Apple fixed it, and I remember at the time talking to a geezer from Visa in a pub in Kings Cross about the principles of tokenisation and fiddling about with card numbers – important because tokenisation would be needed if apple was going to launch apple pay in the US (rather than the UK). Magstripe data doesn’t work for apple pay, so tokenisation would be needed to upgrade the card data to apple pay compatible EMV.

The technology wasn’t much of an issue as the iPhone had been equipped with a Secure Element (SE). Card data could be saved to the SE and accessed for the purpose of a contactless payment transaction – the process was the same as that adopted by the UK mobile operators, as it is all based on EMV. 

What apple solved, which didn’t take much solving (!!!), was the process by which cardholders and issuing banks were connected and authenticated, before the card credentials were exported to the iPhone – not a TSM in sight!

The UK Mobile Operators were leading the world, so much so that I went out and bought myself the HTC M8. At the same time, WEVE were getting over excited by shiny TSMs and losing sight of the simple solution, preferring instead the entrepreneurial exploitations of the trail blazing kill or bust approach, funded by other people’s money!

The UK Mobile Operators, disguised as WEVE, had the future of mobile payments in their hands; they were ahead of the game and they gave it away.