The Challenges In Driving Commerce Through The Connected Car

September 24, 2015  |  By John Jasper  |       

Connected cars represent a new and highly lucrative market for everyone, not just carmakers. Drivers will now be able to make purchases from behind the wheel, buying audiobooks, music, gas, food, movie tickets, or anything else. Being able to make easy, secure transactions from your car is going to be the next step in the evolution of connected car technology, but there are going to be some hurdles to overcome first.

The market for mobile apps continues to expand. Mobile app sales generated $34.99 billion in 2014 and are expected to reach $76.52 billion by 2017. Many of those apps are being targeted for commuters and in-car use, but the user experience of using your mobile device while driving represents a major safety concern.. As the technology evolves, drivers will be able to purchase apps, music, content, and other in-car transactions while they are driving using their IVI system.

For example, you are on you way to work and have just finished an audiobook and want to listen to the next book in the series. Rather than waiting until you get to a computer to make a purchase, you will be able instruct your car to download the next book and pay for it with a secure credit card transaction. Or consider that you need to pay for parking. With a verbal command, you can make a payment to the garage, or add cash to your transponder account for the garage to debit when you leave. There are endless possibilities, but they have to be supported by a secure and safe payment and transaction system.

Securing Credit Card Transactions from Your Car

In order to facilitate in-car transactions, there has to be a means of securely handling purchases without distracting the driver. Carmakers aren’t going to add a credit-card reader into the dashboard, nor can drivers stop and use their infotainment system as a web browser to enter purchase information every time they want to buy an app or a song. Instead, there will be some pre-arranged payment system with the transaction data already stored. Driver safety is going to be a key consideration, so audio-driven menus and simple heads-up catalog content will have to be part of the buy-while-you-drive infrastructure.

The connected-car industry will likely start by extending the transaction model already used at the Apple iTunes and Google Play online stores. Users will set up an account in advance and transactions will be automatically charged to a credit card, bank account, or secure transaction system such as PayPal. More online app and media stores specifically designed for connected cars will undoubtedly emerge as connected cars gain in popularity, complete with an in-dash interface that can support verbal commands or a simple transaction system.

Visa is already experimenting with a secure connected car payment system that uses various digital payment platforms, including Visa Checkout, Visa payWave, HCE, Apple Pay, and Samsung Pay. Visa is testing the system in Northern California anticipating consumers will use it to buy gas, food, transit services, and parking.

To handle impulse purchases or transactions not covered by the driver’s registered payment platforms, credit card data will be stored in the cloud and encrypted for ease of use and security measures. Transactions would be handled using audio or simple touch commands and the transaction using the stored credit card data. With the potential of credit card data access through our vehicles, transactions will have to be encrypted and use a dual-factor authentication method to confirm purchases, but also keep the drivers sole focus on driving at the same time.

PCI and the Connected Car

The Payment Card Industry (PCI) standard has become the most widely adopted standard for secure credit card transactions and will certainly be used to support purchases from the connected car.

The PCI Data Security Standard (PCI DSS) is a set of requirements used by any company that handles credit card transactions for the safe processing, storage, and transmission of credit card information. In essence, the PCI-DSS standard was created to maintain a secure transaction environment to protect user and credit card data, and it is supported by all the major credit cards.

The PCI standards are designed to secure credit card transactions in various settings, such as at the cash register, via a call center, etc. There also is a wireless LAN standard, which may serve as the model for secure connected car transactions.

These standards require developers to:

  • Protect stored cardholder information
  • Provide secure authentication
  • Log payment application activity
  • Protect wireless transmissions
  • Facilitate secure remote access to the payment application
  • Encrypt sensitive data traffic that travels over public networks (like the Internet)
Manufacturers of secure PCI systems have different criteria, including secure support for terminal integration and PIN access, which may be important for the connected car. For example, credit card data security should be associated with the driver, rather than the vehicle, to control spending in multi-driver families. The methodology for personal data security, whether it’s a PIN, biometrics, or some other authentication system, has yet to be defined, but manufacturers will need to find a means to make the transaction specific to an individual cardholder.

As in the retail industry, credit card companies like Visa will show the auto industry what to expect in the way of connected car transaction security. It will be up to the OEMs to work with industry leaders to interpret PCI standards for in-car use, and to work with credit card companies to create a common set of secure transaction standards to sell more goods and services to connected car drivers.

What other challenges in e-commerce do you see with the connected car industry?

Topics: Connected Car - Technology

John Jasper

John is the President and COO of Abalta Technologies. Abalta Technologies, Inc. is an emerging leader in the connected car landscape. Abalta has developed an innovative platform to enable car companies, automotive electronic firms and tier 1 suppliers to bridge the gap between the smartphone and the car’s infotainment system.

Leave A Reply