There’s a first time for everything, as they say. That’s certainly the case for Interac as it breaks from tradition to bring its latest project to a hybrid cloud model. Driving this decision was the company’s commitment to make mobile payments mainstream.
A key element of the initiative is the Interac Token Service Provider (TSP), which runs on the IBM Cloud. This proprietary token generation and management service is the first ever to be built by a domestic debit network; and it is already enabling secure Interac transactions using Apple Pay, with more applications to follow. In simple terms, TSP works by replacing a consumer’s financial information with a secure digital token unique to each individual, and specific to a single device or account.
While securing mobile device transactions may be the starting point for TSP, the impact of this reaches much further, said Avinash Chidambaram, VP product and platform development, Interac Association and Acxsys Corporation. “Today, we’re moving to a new digital future where tokenization will become the new standard for not just mobile but digital payments. With the numbers of devices and transactions out there, the number of tokens that will get processed and credentials that have to be delivered will scale exponentially.”
Given the regulatory requirements in the payment industry, implementing such a mammoth program could not be managed through use of internal resources ad previous projects at Interac. With its hybrid model, Interac selected the hardware to install in IBM’s cloud infrastructure, and manages this remotely, Chidambaram explained. “It’s no longer strategic for us to have folks focused on core infrastructure. With this model, we can rotate keys with the frequency we need to; and get to do the kinds of things we traditionally have needed to do when managing our own infrastructure. At the same time, we have the benefit of not having to worry about how to scale for a super peak event.”
While enabling Apple Pay may have been a trigger for this move, Interac has every expectation that the move to mobile payment will accelerate considerably in the months to come, Chidambaram said. “With IBM Cloud, we can internally manage our keys and insert them into the infrastructure, which means we will be able to support the IoT space and browser-based technologies as well. To do that we needed to have an infrastructure to securely enroll on all devices and manage keys for every transaction whether it’s Apple Pay, POS or online. Now we have a core system that will enable the future of digital payments.”
A key factor in Interac’s ability to work with IBM was the global provider’s enterprise-level compliance services, including ISO, SOX and PCI – capabilities that have not traditionally been available in cloud models in the market, he added. “We have very specific defined requirements in terms of how we protect and store data so we have to be sure we trust that the infrastructure has the operations and support mechanisms to secure it.”
Alon Kronenberg, partner, IBM Interactive Experience and mobile lead for Canada noted that one of the unique features of IBM’s cloud model is that enterprises can use the software layer to direct work to specific pods throughout the world. “In the case of Interac, it was essential that their workloads remain in Canada from both a privacy and regulatory perspective; so we are able to direct them to our Toronto and Montreal pods. This ensures their data is resident in Canada and not exposed to any legal requirements from foreign countries, while offering redundancy and resiliency.”
Within the cloud, users gain full flexibility, and the ability to create virtual machines as required. Some loads are housed on virtual or dedicated servers; others require specialized hardware that can be brought into the cloud centre and managed as one entity.
Kronenberg added that these types of hybrid deployments have picked up significant momentum over the last two years; much of that has been dictated by the need for managing high business critical loads. “The early days of cloud involved small companies and startups. With enterprises, you are looking at compliance and regulatory issues, not to mention high customer expectations in general, so they have been very reluctant to shift to a cloud-based model. That being said, they have been willing to move QA and production-type loads. But we arenow seeing that they are more and more are willing to shift some of their mission critical workloads onto the cloud as they gain confidence that their data will be protected.”
Working with Interac represents an exciting new direction for cloud services, Kronenberg said. “We see great opportunities to open up the tap on the number of devices that will have payment credentials without exposing user to many of the security flaws that exist in current systems. We’re already seeing lots of clients asking questions about how to leverage tokenization technology for themselves for payment and other things. There is a clear value to both the end user and to the enterprise as we shift to digital payment.”
Ultimately, Kronenberg concluded, it’s not a matter of if, but when. And when that time comes, enterprises need to be prepared. “Any organization looking at payments or loyalty programs needs to figure out how they are going to play in this space and fit into this ecosystem.”
