Skip to main content

Alone at the top: RBC and the mobile payment coup

There aren't as many banks in Canada as there are in the United States, which has allowed the top ones — namely RBC Royal Bank, TD Canada Trust, CIBC, Scotiabank and BMO — to maintain a relatively large share of customers, and of regulatory influence.

But sprawling, monolithic organizations tend to get fat and lazy on their piles of presumed profit, and for years the Canadian banks didn't do much to brace for the impact of mobile computing.

Things changed in late 2011 with partnerships between two sets of Canada's leading companies in their respective categories: Rogers and CIBC; and RBC and Bell. The pilot projects were meant to bring mobile payments to Canadians at a time when few phones supported the necessary technologies, such as NFC and Secure Element SIM cards. For years, the banks relied on the carriers because there was no other way to store confidential PAN (primary account number) credentials — they had to stay on the SIM card itself.

But in late 2013, alongside Android 4.4 KitKat, Google unveiled a new initiative, Host Card Emulation, with the goal of moving those all-important credentials from a physical SIM card to the cloud. Working with Visa and MasterCard, banks like RBC could take ownership of their mobile payment strategies, removing the need for per-device certification and the need to educate the customer on these strange SIM cards that looked the same but cost significantly more.

Now, after being the first to release Host Card Emulation-based payments for all Android devices, RBC has revamped its Android app suite with new, modern designs, separating its unified banking app into two: one for core mobile banking; the other for all payment and wallet-related activities.

According to Linda Mantia, Executive Vice President of Digital, Payments and Cards at RBC, despite competitors like TD Canada Trust recently moving to HCE-based solutions for their Android mobile payments, her company is still way ahead of the pack, both in Canada and the rest of the world.

"We are the leader in North America in fraud [prevention]," says Mantia, referring to the multiple levels of security developed for the solution. The first is the mere use of Host Card Emulation, which allows for more efficient remote improvements of credential storage standards. The other is RBC's own patented dynamic tokenization method, which takes those of the payment networks, namely Visa and MasterCard, and amps the security. Tokens are numeric representatives of a customer's PAN, exposed to the merchant and network in lieu of an actual credit card number. Should that number be stolen or intercepted, the number is almost impossible to decipher.

But regular tokens, like IP leases, can last for days, months or even years if desired, depending on the needs of the issuer. RBC generates a unique token for each transaction — a one-time cryptogram, according to Mantia — that is never reused.

"We are the leader in North America in fraud prevention"

The third advantage to RBC's Secure Cloud, which encompasses the company's mobile payment environment, is the use of a so-called digital master key is generated when the RBC Wallet app is installed on an Android device. When the phone is registered with Secure Cloud, it forms a trust network between the phone itself and the payment network, protecting the dynamic token the entire way through the transaction.

These are all valuable security features, sure, but the reality is that only a small number of people in Canada care about mobile payments right now. Mantia says that number is growing quickly, and the industry is primed for services like Apple Pay, Samsung Pay and Android Pay to bolster the mindshare.

In the meantime, Mantia says that Android-based RBC customers are well served with this two-tiered app approach, which now allows customers to check balances without logging in (in the core app) and purchase gift cards directly from the Wallet app.

Mantia tells me that she sees the smartphone as the future of banking, not just payments, where customers will be able to open accounts, apply for credit, transfer money to friends, make in-store and in-app payments, and do comprehensive budgeting, in the same place.

"We are in the early innings of mobile banking"

She separates mobile payments — the physical act of paying for items using a smartphone instead of a physical credit card — from the rest of the ecosystem, because she acknowledges that Canada's payment infrastructure is already so mature, and that there needs to be a continuous benefit cycle, which involves more than just the lateral displacement of payments from plastic to phone, to entice mainstream customers.

Many millions of Canadian smartphone users engage in some form of mobile banking. According to a Canadian Banking Association survey done in mid-2015, 31% of Canadians used mobile banking in some form in the previous year, and nearly half anticipated migrating to a predominantly mobile banking future in the next five years.

For Mantia, who says that we are in the "early innings" of mobile banking, the most important place her company can be is as far ahead of her competitors as possible. That won't translate to overnight success, but in the meantime there are fancy new Android apps to peruse.

Daniel Bader was a former Android Central Editor-in-Chief and Executive Editor for iMore and Windows Central. 

16 Comments
  • i've been depositing cheques with the TD mobile app for over a year now, its a great feauture and time saver! i wish i could use mobile payment, but im on Fido and they still dont offer NFC sim cards, and even if i try to add a credit card for mobile payment in the app "something went wrong, try again later" pops up :( Posted via the Android Central App
  • Depending on what device you have running the TD app, you won't need a NFC SIM card to use the mobile payment, it's working via NFC and using your TD Visa Card (but TD has said that TD Debit Card support in mobile payments is coming) Posted via the Android Central App on my Nexus 6
  • I was going to try the mobile payment app last week, but it's getting horrible reviews in the store. Not that I believe everything I read, but I'll pass for now... Maybe in a few months I'll have another look. Mobile payments in general still have a ways to go regardless of where you live....
  • It's been updated. I held off as well but I've been using the updated app for about 3 weeks now and it's nearly flawless. By that I mean, I could use a little less pin verification but it's quick and loads fast, and to date, I've not had one issue related to the app malfunctioning. Give it a try, you'll love not pulling your wallet out......save for the cheap store owners who refuse to upgrade their POS machines and thus force us to take a few extra seconds and use the damn chip system. (HATE CHIP CARDS HATE HATE HATE) Posted via Priv
    STV100-3 on Rogers
  • That's the main issue for me, actually. Until mobile payments are as ubiquitous as chip and pin here, and as standardized, it doesn't matter. If I need to pull out my card 20% of the time, probably more, then why bother. But, I'll take your reco and play around with at some point.
  • "as ubiquitous as chip and PIN" [jealous glare from the US] Posted via the Android Central App
  • .. What's the problem with chip cards? Anyways, here it's pretty much tap to pay or the chip, and I honestly can't remember last time I had to swipe a card. Serious question though, what's wrong with chip cards? Posted via the Android Central App
  • I don't understand what problem people have with it, either. When it comes to paying with my phone, if I have to pull it from a pocket and open an app to use it, it's no more convenient than pulling my wallet from my pocket, removing a card and tapping it. I don't see any advantage to paying by phone. Posted via the Android Central App
  • How has Priv been relative to mobile payments? Does Tim Hortons have an NFC app? I've used the CIBC and Ugo apps for BB10 up to this point. Posted via the Android Central App on my BlackBerry Passport
  • Even the old app was fine. I was using NFC to make payments until Android 6.0 came to my device. At that point the old banking app which had wallet integrated ceased to function for the wallet portion. Since then they've separated the banking app and the wallet app. It works on 6.0 now, although I kind of preferred the old method. Just open one app and it's all there including wallet. I can't really fault the new app though. Quite a few of the reviews are probably due to that reason. That the app stopped working in 6.0. Posted via the Android Central App
  • Canadian banks might have been slowish on NFC payments but they arrived on the scene with nation wide debit a few decades before the USA. Not to mention that Canadians have had chip (and pin - why does USA not do this!!) Cards for a decade. Posted via Nexus 6p
  • I use the Scotiabank app with my Visa card to make mobile payments but it's still limited to transactions under $100 and the retailer has to support tap to pay, which is less common than I had expected. I also make deposits within the app which is actually a far bigger convenience than tap to pay.
  • I'm using the latest apps from RBC and definitely a huge improvement but still need work, mobile payment does not support the Master Cards, only Visa. Also some crashes when scanning checks and problems showing balances when you move back and forth between business and personal accounts... they just need to Polish those apps and add MC support and some other features and the apps will be perfect, keep up the good work.... The Web interface though, Horrible!!!, that one need a serious overhaul... they recently released a new GUI that did more harm than good, really bad and inconsistent experience, it's a mash of crappy old with ****** new that's really confusing to use... first rule of a good GUI, make it consistent. If the new one is not ready to take over everything don't half release it... Posted via the Android Central App
  • Had the RBC mobile wallet app installed, my non-techie friends asked me "you really trust that thing?"... I got nervous and deleted it lol. I'll wait for a whilw to see if anyone complains... But the design and layout is nice, simple. Posted via the Android Central App
  • No different than carrying around your cards in a wallet, really. If something happens, RBC has you protected against fraud etc.
  • I think its great. All of my cards now just on my phone, and just pay using your phone, don't have to carry my wallet then either! great!