What Should a Mobile Wallet REALLY Be? Part 3


Tokens are the key that will open the door to the future

Tokens have been around for a long time. But to date no token system is good enough to be the workhorse and de facto standard in mobile. Sure, there are several token providers who are strong in their niche, but we’ve yet to see wide-scale adoption of a mobile host token platform that can serve the rich and poor across multiple operating systems and meet the needs of a diverse set of use cases.

To work in mobile, a token system has to be able to accomplish three things without compromise:

  • Work off-line when the mobile device is not connected to the Internet of Things;
  • Scale to the lowest common denominator, and
  • Provide flexibility for multiple providers and verticals while maintaining control with the user.

A strong tokenization platform that can provide all three of these pillars will enable developers to create new and exciting applications and experiences that are not only outside the application “box,” but also create new paradigms. Google seems to get it with Android Pay. Its Android team is the leader of the rebel cause by providing an open platform for developers to “build innovative services.”

We have high hopes for Android Pay as a platform (as long as it eventually goes beyond payments). Google Wallet will/should leverage Android Pay and may be the holistic answer for that OS, but that remains to be seen as it moves from payments to rewards, ads, and beyond. Apple gets it as well, but is more guarded with its OS and application ecosystem. We hope that Apple will find a way to monetize and open up their NFC controller and secure element for development, but Apple is such (an expensive) niche product, that it can’t lead the world like Microsoft did and Android can.


Working off-line might not seem like that big a deal, and a few years ago it was thought that all devices would be connected at all times through MNO data plans, Wi-Fi or BLE beacons. Consumers, however, deserve the choice to turn off a device and have it still be useful. Having the consumer’s data stored as a token in a secure element on the device is a good way to allow for off-line usage, but it’s expensive to get that hardware on any but a select few of the more expensive devices in the market (iPhone 6, Samsung Galaxy 6), so it’s not a long term solution to anyone but the 1%.

We have heard that up to 50% of transactions in some cloud-based token pilots experienced either significant lag time or no connection to the cloud-based host was made at all, thus making their pilots unacceptable for launch. The token system has to be as reliable as pulling out your physical card to get consumers to think about switching (never mind the value added services that are REALLY going to be the catalyst for the switch).


The next generation token system not only has to work off-line, but it has to scale to the lowest common denominator. This means it will have to work on the least expensive phones and in the secondary market (used phones). This eliminates proprietary systems, like Apple Pay, which will only ever run on Apple products. It also severely limits the effectiveness of any system that requires a secure element, even one in the cloud as additional hardware would be required. This would come at a cost and would be difficult to re-provision for the secondary market.

What’s the answer then? To go fully mobile, any token system for the masses that would go beyond payments to include state-sponsored IDs would be subject to state regulations and controls. Scary stuff when one thinks about implementing such a solution and making a profit from it.

In the US, some states are considering allowing their state-issued driver’s licenses be made available electronically. That’s a great start, but one look at the comments in the articles on this subject tells you that there are concerns among consumers about privacy. Privacy advocates will have to be assuaged in order for any tokenization system to scale beyond vertical specific applications. We are confident that there is a software-only solution that can scale, maintain the security and privacy necessary for full scale roll out, and can become the de facto standard for the next generation of transactions on mobile.

Agnosticism as a Standard

Finally, we also believe that to become a standard, the host token system has to be “OS-agnostic” as well as to tender or transaction type, and able to play with all types of issuing authorities and relying parties.   Will the EMVco-tokenization standards become the de facto standard for all mobile tokens? Not as long as the card networks remain the only token service providers that run on the system. They do, however, have a head start in that their system – to date — manages to work with a wide variety of relying parties (POS terminals). I’m not sure I see that structure migrating outside of payments, however.

Here’s the question: is there a token platform that can work within the EMVco specifications but also have broader capabilities and use cases? We think the answer is an absolute YES. But the concept of tokenization, and its application in other off-line use cases where a card was used before but a phone can do it better now (data access, identification, membership, health care), have to mature to the same point as payments. And that takes not only the application developer’s to create the apps, but for the relying parties to manage their acceptance points (door locks, ID scanners, etc.) to work with these non-card and tokenized form factors.

Ultimately, this question remains: when will digital wallets be able to mature from one-off applications that only work in a particular store or for a particular card? And what about applications that go beyond payments? There must be a bigger vision that guides the interactivity made possible by today’s mobile devices – smart phones, watches, other wearables – and that vision will come from those that control the interface/home screen.

Mobile wallets should enable a new way for consumers to interact with a brand and each other, seamlessly secure and with all the privacy and control they need. There’s still a long way to go to make this vision a reality, but as Yogi Berra once said, “If you don’t know where you are going, you’ll end up someplace else.”

Posted by Rob Stringer on March 12, 2015