Share this project


Share this project

The coolest, easiest way to pay at millions of retailers using your Pebble smartwatch. Leave the phone behind. Just tap and go!
The coolest, easiest way to pay at millions of retailers using your Pebble smartwatch. Leave the phone behind. Just tap and go!
2,777 backers pledged $208,164 to help bring this project to life.

Pagaré’s Payment Ecosystem

Posted by Fit Pay Inc. (Creator)

Many Backers have asked for a deeper explanation of how Pagaré will work, including the security requirements we talked about in the previous update. There is an entire payment ecosystem that will enable Pagaré to transact payments. For nearly two years, we have been working within this ecosystem to ensure that when Pagaré goes live, it will be able to conduct secure transactions.  

Pagaré will function on a platform to enable it to make secure payments through a process called tokenization, which replaces your actual card information with a representative and highly secure “token.” Tokenization keeps your data secure by allowing you to complete a transaction without sharing your card information at the point of sale (POS) terminal. Tokenization is made possible through collaboration with various entities in the payment ecosystem. These include:  

Standards Organizations and Payment Systems: There are three main payment organizations that publish and maintain standards that Pagaré must meet in order to operate in a retail environment. These include: (1) Global Platform, a non-profit association which identifies, develops and publishes specifications that promote the secure and interoperable deployment and management of multiple applications on secure chip technology; (2) EMVCo, which facilitates worldwide interoperability and acceptance of secure payment transactions by providing specifications based on contact chip, contactless chip, card personalization, and tokenization, and (3) PCI DSS, a proprietary information security standard for organizations that handle credit cards from the major card schemes, which was created to reduce credit card fraud via its exposure. 

Card Networks: FitPay belongs to a very select group with the ability to integrate directly with the card networks for the explicit purpose of enabling secure, contactless transactions on a wearable device. This is a deep and collaborative relationship involving constant contact with each team’s engineering resources. Each network provides unique specifications and certifications for the tokenization process, hardware and software involved in the Pagaré solution.  

Issuing Banks: The banks that issue your credit cards are also a part of the process, to ensure the security procedures meets their own requirements. Fortunately, many issuing banks accept the standards outlined above, so any device featuring tokenized payments like Pagaré doesn’t have to be approved by each issuer, as long as the issuer has signed on to the standards of the entities above, which many major issuers have.  

Trusted Service Manager (TSM): The TSM is a third party that maintains the software applets and creates the security domains in which the tokens get personalized. It maintains and develops the operating system (OS) of the embedded secure element (eSE) chip, which allows Pagaré to operate securely.  

Chip Providers: The chip manufacturers provide the physical secure element, which is printed with the pre-certified OS before it can be embedded into a device.  

Making Pagaré function in a retail environment requires coordination with each of these organizations in the payment ecosystem and the development of a device like Pagaré is new ground for the entire payment industry. If you look around, this model only exists on Apple, Samsung and Android devices, which, to different degrees, operate in a closed environment where they control both the hardware and software stacks. 

So how does this impact Pagaré’s timeline?

Pagaré’s eSE needs to be pre-loaded with a certified operating system (OS) before manufacturing and assembly begins. In addition to the OS certification, the “applets” that control how the credit card credentials are stored on the eSE must also be certified. The OS and applets can only be written by a limited number of authorized companies in the world and certified by an even smaller number. Each change to the security models requires new certification. The OS is not allowed to be updated remotely once it’s shipped, which is part of what keeps it secure. Once certified, the devices will always be backwards compatible to previous security models so rest assured when we deliver it will always work.

Recently mandated changes to the key-exchange procedure that underpins the entire security model (Specifically Global Platform Amendment A utilizing the Scenario #1 Pull Model using a PK Scheme, if you want to get technical). These updates require changes to both the OS and applets, triggering the need for re-certification of each component. These changes are not insignificant to implement, requiring many weeks of work, and certification scheduling and assessment. 

As we described in the earlier update, our original timeline did not anticipate these changes or the impact they would have on our delivery schedule. As we prepared to go to production, we learned about the changes, and on June 14th, we received the actual schedule to get the OS updated from our vendor, certified, and burned to the eSE chips – all of which is required before we go to production. We knew that the delay would be disappointing to Backers, so we wanted to make sure we got the new schedule right before we reset the timelines. The last thing we wanted to do was to change the anticipated delivery date more than once.  

Pagaré is a proof of concept that we are using to build and validate our model for all wearable devices (eat our own dog food). Your backing helped us fund Pagaré, but as you know this is a complex project that’s breaking new ground. Pagaré will be one of the first devices utilizing a platform to enable a wider range of wearables to transact payments. The process has not been easy, but the team developing Pagaré brings decades of payments experience to this project and has the technical expertise and relationships necessary to make it happen. 

Thank you again for your support. We’ll keep providing updates on our progress and more details about Pagaré.


The FitPay Team

Dave Dyer, Charles Cooper, and 15 more people like this update.


Only backers can post comments. Log In
    1. Eric Ponvelle on

      I really wish Kickstarter had some method of requesting a refund when deadlines are missed.

      I'm pretty sure this project will just end up as vaporware, especially since by the time this does actually ship, we'll see all new Pebble watches.

      Lesson learned for sure.

    2. Missing avatar

      Michael Humphreys on

      All I read was more externalized excuses. Pagare has mentioned in almost every update, including the initial campaign, that the Pagare team "brings decades of payments experience to this project and has the technical expertise and relationships necessary to make it happen". This was one of the reasons why I backed this project because it didn't seem like the vaporware that is so prolific on Kickstarter. The date was early Q2 2016, now it is between July 2016 and November 2016 based on the pledges. Thanks for taking my trust and flushing it down the toilet. If I could cancel, I would.

    3. Jim Roberts on

      I appreciate the details in update #17. I had no idea so many organizations were involved. I also appreciate the more frequent and detailed updates, so we feel we know what’s happening and not left in the dark. While I am disappointed that the update had been pushed back to Jan ’17, I get it that all this has to be baked in before manufacturing can begin. BTW, my new Time came in 3 days to WI from CA.

    4. Hoder Jensen on

      Thanks for the explanation. While it might not be your fault directly, it still your responsibility to deliver on time and not be delayed by 250%. These changes are shitty timing and while some of your backers, might not be affected by this delay, some of us, who switches to PT2 in the fall will receive a watchband for a watch we don't use anymore.

      I was hoping, you would be understandable for those who has the problem and offer a solution. But sadly you are hiding behind the excuse, that the delay was caused by a third party and therefore you have no responsibility. Disappointing.

    5. Missing avatar

      Tony Shakeshaft on

      Appreciate the amount of work you guys are putting into getting this perfect.
      I am happy to wait for it to be right

    6. Jim on

      @Andrew - I have a 1955 Ford Crown Victoria and I can certainly sell it as is - without adding airbags! I don't even have to have seat belts installed. I appreciate your analogy though. ;-)

    7. Andrew Curtin on

      Think of it like cars. You can't sell a car now without an airbag, but you could in the 50s. You can still use the car from the 50s without an airbag, but you couldn't sell it that way.

    8. Missing avatar

      Karen Landers on

      Thanks for the detailed explanation. Being in technology I get it and appreciate the level of security and complexity going into this project. As a backer I am not surprised nor disappointed just excited that you are working on breaking new ground for the future of wearable payments. I will happily wait for my Pagare.

    9. Fit Pay Inc. Creator on

      @Eneko - The Apple watches won't be useless because of the backwards compatibility.

    10. Fit Pay Inc. Creator on

      @Ed - Correct. We won't be able to certify on the older version.

    11. Ed Bond on

      One question jumps to mind, if it's backward compatible why do you need to re engineer? Can you not deploy an old version? Or can you not get certified with older OS / Applet?

    12. Eneko Muñoz Hornillos on

      So, does Apple use a different payment system or are all the Apple watches going to be useless for payments in a few months?