Pagaré’s Payment Ecosystem
Many Backers have asked for a deeper explanation of how Pagaré will work, including the security requirements we talked about in the previous update. There is an entire payment ecosystem that will enable Pagaré to transact payments. For nearly two years, we have been working within this ecosystem to ensure that when Pagaré goes live, it will be able to conduct secure transactions.
Pagaré will function on a platform to enable it to make secure payments through a process called tokenization, which replaces your actual card information with a representative and highly secure “token.” Tokenization keeps your data secure by allowing you to complete a transaction without sharing your card information at the point of sale (POS) terminal. Tokenization is made possible through collaboration with various entities in the payment ecosystem. These include:
Standards Organizations and Payment Systems: There are three main payment organizations that publish and maintain standards that Pagaré must meet in order to operate in a retail environment. These include: (1) Global Platform, a non-profit association which identifies, develops and publishes specifications that promote the secure and interoperable deployment and management of multiple applications on secure chip technology; (2) EMVCo, which facilitates worldwide interoperability and acceptance of secure payment transactions by providing specifications based on contact chip, contactless chip, card personalization, and tokenization, and (3) PCI DSS, a proprietary information security standard for organizations that handle credit cards from the major card schemes, which was created to reduce credit card fraud via its exposure.
Card Networks: FitPay belongs to a very select group with the ability to integrate directly with the card networks for the explicit purpose of enabling secure, contactless transactions on a wearable device. This is a deep and collaborative relationship involving constant contact with each team’s engineering resources. Each network provides unique specifications and certifications for the tokenization process, hardware and software involved in the Pagaré solution.
Issuing Banks: The banks that issue your credit cards are also a part of the process, to ensure the security procedures meets their own requirements. Fortunately, many issuing banks accept the standards outlined above, so any device featuring tokenized payments like Pagaré doesn’t have to be approved by each issuer, as long as the issuer has signed on to the standards of the entities above, which many major issuers have.
Trusted Service Manager (TSM): The TSM is a third party that maintains the software applets and creates the security domains in which the tokens get personalized. It maintains and develops the operating system (OS) of the embedded secure element (eSE) chip, which allows Pagaré to operate securely.
Chip Providers: The chip manufacturers provide the physical secure element, which is printed with the pre-certified OS before it can be embedded into a device.
Making Pagaré function in a retail environment requires coordination with each of these organizations in the payment ecosystem and the development of a device like Pagaré is new ground for the entire payment industry. If you look around, this model only exists on Apple, Samsung and Android devices, which, to different degrees, operate in a closed environment where they control both the hardware and software stacks.
So how does this impact Pagaré’s timeline?
Pagaré’s eSE needs to be pre-loaded with a certified operating system (OS) before manufacturing and assembly begins. In addition to the OS certification, the “applets” that control how the credit card credentials are stored on the eSE must also be certified. The OS and applets can only be written by a limited number of authorized companies in the world and certified by an even smaller number. Each change to the security models requires new certification. The OS is not allowed to be updated remotely once it’s shipped, which is part of what keeps it secure. Once certified, the devices will always be backwards compatible to previous security models so rest assured when we deliver it will always work.
Recently mandated changes to the key-exchange procedure that underpins the entire security model (Specifically Global Platform Amendment A utilizing the Scenario #1 Pull Model using a PK Scheme, if you want to get technical). These updates require changes to both the OS and applets, triggering the need for re-certification of each component. These changes are not insignificant to implement, requiring many weeks of work, and certification scheduling and assessment.
As we described in the earlier update, our original timeline did not anticipate these changes or the impact they would have on our delivery schedule. As we prepared to go to production, we learned about the changes, and on June 14th, we received the actual schedule to get the OS updated from our vendor, certified, and burned to the eSE chips – all of which is required before we go to production. We knew that the delay would be disappointing to Backers, so we wanted to make sure we got the new schedule right before we reset the timelines. The last thing we wanted to do was to change the anticipated delivery date more than once.
Pagaré is a proof of concept that we are using to build and validate our model for all wearable devices (eat our own dog food). Your backing helped us fund Pagaré, but as you know this is a complex project that’s breaking new ground. Pagaré will be one of the first devices utilizing a platform to enable a wider range of wearables to transact payments. The process has not been easy, but the team developing Pagaré brings decades of payments experience to this project and has the technical expertise and relationships necessary to make it happen.
Thank you again for your support. We’ll keep providing updates on our progress and more details about Pagaré.
The FitPay Team