Automotive Payments: Driving to Secure Transactions
The car has always been more than just a vehicle, a method to get us from point A to point B. Its role in culture as a status symbol and indispensable tool for families has made it much more than a steel box on four wheels, and now with the emergence of automotive payments, the car is broadening its usefulness in modern life. Imagine your vehicle itself paying for the gas you just pumped into it or the energy you just charged it with. On your way home from a hard day’s work and craving some fast food, you can order it and your vehicle can pay for it when you pull up to the restaurant. Going through a tollbooth? Your vehicle can pay the toll automatically without your intervention.
Constellation of technologies coming together
Automotive payments are part of a larger ecosystem of in-vehicle commerce. They offer the most customer value for vehicle-related use case ecosystems, such as parking, tolling, refueling and electric charging. In-vehicle payment use cases represent a subsection of the use cases that connected vehicles can bring. Automotive payments which are not directly related to the vehicle itself — making an order from Amazon while stuck in traffic, for example — do not bring significant benefit over traditional payment methods (e.g., payment card or mobile phone). As it is the general trend with payments, for in-vehicle payments the emphasis is on the experience and not simply about the payment.
Technology is enabling the possibility of the vehicle itself making payments, without the need for the driver to have a mobile phone or other device connected to it, via Bluetooth® or some other method. This has become possible because of a convergence of a constellation of technologies, enhanced security features and consumer demand. This confluence of science, high tech and identifiable uses include:
- Automotive connectivity and security
- Mobile payments interoperability and security
- Identity management security
Without any one of these, automotive payments would not be possible, secure or something consumers would even consider.
Automotive connectivity and security
Vehicles have been connected to the cellular communication system for decades. The first usage was for communications, anti-theft and roadside assistance services. More recently, Bluetooth connections to the driver’s and passengers’ phones have been used for media and mapping functions. The next step in this evolution includes a payment authentication solution as part of the vehicle’s systems, usually integrated into the infotainment modules. To ensure the security of the payment process, the driver of course needs to be authenticated. This ensures that the payment solution is only used by authorized users, for example the owner of the vehicle but not someone the owner has let use their car but is not authorized to make purchases, such as a teenager borrowing the family car.
Mobile payment technology has grown dramatically in the last decade. The use of a smartphone to purchase goods is becoming more widely accepted by all sectors of the economy and by wider groups of consumers, to the point where in many places the phone is the primary method used for online commerce. This has been made possible with the trust built into the payment system, with EMV and tokenization as well as the security features of mobile devices, such as facial recognition and fingerprint authentication. As consumers become more reliant and trusting that this technology can be used securely, the transition to vehicle payments will be more likely. To differentiate vehicle payments from mobile payments, the term ‘in-vehicle commerce’ indicates transactions that are initiated from within a vehicle, for example vehicle payments, or selling items within a vehicle such as through an voice-controlled infotainment system. The same security features that apply to mobile payments today would be transferred to the vehicle itself so that a consumer would not necessarily have to go through an authentication process for every purchase once the system is onboarded.
Identity management security
As mobile Driver’s License (mDL) programs become more accepted throughout the U.S. and around the world, connecting to a vehicle owner’s mDL will become key to identify a driver to a car. Utilizing a mobile Driver’s License can guarantee the identity of a driver for in-car payments. However, this technology is not embraced by all jurisdictions just yet. So interim solutions need to be developed that will ensure that once a vehicle owner’s identity and banking details are onboarded, they will remain secure.
As the risk of hacking automobile software rises, cybersecurity has increasingly become a critical aspect of product design and development. Functional safety and security standards such as ISO 21434 and ISO 15118 already dictate some of the cybersecurity management prerequisites that exist for road vehicles. Once consumers trust that driver identity management is secure once onboarded, the adoption of automotive payments will be swift.
How UL can help
Identity is only part of the solution. For payments, it’s important to validate the consumer’s intent to make the payment, the amounts and accounts that will be used and transferred to, and the integrity and non-repudiation of the process. Unfortunately, at this point in time, there does not seem to be any clear definition in the market for automotive payments. We propose a discussion towards a definition — let’s not put the internal combustion engine before the wheels, so to speak.
First and foremost, we need to determine if the definition of automotive payments should only cover payments. With solutions such as connected vehicles or cars, voice-driven purchases installed in vehicles, or mobile devices connected to infotainment systems capable of purchases are connected to automotive payments, we need an industrywide acceptance if they’re part of the definition or something that sits outside of this new realm of automotive payments.
UL is committed to advancing the field of automotive payments and helping ensure that tested, secure and compliant solutions are rolled out into the market. We’ve already hosted automotive payments roundtables and are in discussion with several industry players globally. We are looking for collaborations and partnerships to help us advance the field. Want to get involved? Want to know more? Contact us now.