Bangkok, Thailand – Global security technology giant Giesecke+Devrient (G+D) is strategically intensifying its focus on Thailand, positioning itself to capitalize on the nation’s burgeoning digital economy by introducing advanced payment and security solutions. Highlighting the potential of Host Card Emulation (HCE) for “tap-to-pay” mobile transactions as a more convenient and secure alternative to prevalent QR codes, and advocating for the adoption of robust FIDO-based Passkeys to replace vulnerable OTP authentication, G+D aims to secure its first commercial banking client in Thailand this year. Hanspeter Jsler, Managing Director APAC for G+D Netcetera, G+D’s digital arm, outlined the company’s vision and strategy during an exclusive interview at the Money20/20 Asia event in Bangkok, emphasizing Thailand’s “Digital First” trajectory as a key market opportunity.
Thailand’s rapid digital transformation, accelerated significantly during and after the COVID-19 pandemic, has created a fertile ground for innovative financial technology. With a large population base – “If I’m right, it’s a 70 million country here, so it’s a large population,” noted Jsler – and government initiatives like the PromptPay infrastructure fostering widespread digital transaction adoption, the Kingdom presents a compelling market. “Thailand is a very interesting market because we see Thailand is very digital. It’s digital first,” Jsler stated. “We saw a huge increase in transactions during COVID, but also later on… And that’s where we come into the picture.”
However, this digital success brings inherent security challenges, making the market attractive to fraudsters. G+D aims to address these risks by introducing next-generation solutions tailored to the Thai ecosystem, focusing initially on partnerships with banks, payment solution providers (PSPs), and domestic schemes like ITMX.
HCE: Ushering in the Era of Tap-to-Pay Convenience
While QR codes dominate the current Thai payment landscape, G+D foresees a shift towards the superior user experience offered by Host Card Emulation (HCE). This technology enables banks to embed virtual payment cards directly into their own mobile banking applications, allowing customers to simply tap their NFC-enabled smartphones at contactless terminals – a process Jsler describes as significantly smoother than scanning QR codes.
“We feel that QR code is not here to stay,” Jsler commented. “Because if you have your mobile phone, if you want to pay with QR code, it’s a bit tedious. You have to scan the QR code, you have to click and so on. With HCE as a technology, you only tap, right? … It’s actually similar to Apple Pay, but it’s the bank’s app.” He further elaborated that the technology is advancing to the point where users might not even need to unlock their phone or open the app for seamless payments.
G+D provides the underlying technology and platform for banks to implement HCE securely. The company already boasts successful HCE deployments with banks in Brunei, Japan, and notably, a two-year collaboration with the Commonwealth Bank of Australia (CBA). “Here in Thailand, we’re starting the discussion to activate it,” Jsler confirmed, indicating active engagement with local financial institutions.
Securing Transactions with Tokenization
Complementing HCE, G+D is also promoting network tokenization as a crucial security layer for digital payments. Instead of transmitting or storing sensitive Primary Account Numbers (PANs), tokenization replaces the PAN with a unique, secure “token” specific to a device, merchant, or transaction type. This significantly mitigates the risk associated with data breaches.
“We act as a platform asking for this token [from network TSPs like Visa, Mastercard, ITMX] and then providing it to the merchant,” explained Jsler. “So instead of saving the Clear Text PAN, they can request us to get a token… and only store the token.” G+D also supports banks by enabling them to provide customers with visibility into where their tokens are active via their banking apps, enhancing user control.
Moving Beyond OTP: The Imperative for Stronger Authentication with Passkeys
A major area of concern highlighted by Jsler is Thailand’s continued reliance on One-Time Passwords (OTPs) delivered via SMS for transaction verification and login authentication. “I understand that Thailand has still a lot of one-time passwords. And one-time password is very dangerous. It’s not secure. We all know that this is not secure,” he stated unequivocally. The risks associated with SMS interception and phishing make OTP a weak link in the security chain.
While some markets are transitioning to out-of-band methods (like push notifications with biometric confirmation), Jsler revealed an interesting insight from G+D’s discussions with Thai companies: “We’ve heard that a lot of Thai companies… want to go for the next level. They want to skip this step and they want to go to passkeys.”
Passkeys, based on the FIDO (Fast Identity Online) standard, offer a passwordless and far more secure authentication method. They utilize public-key cryptography, where a private key stored securely on the user’s device (protected by biometrics like fingerprint, Face ID with liveness detection, or voice) cryptographically signs a challenge sent by the relying party (e.g., bank or merchant). Only the signed response is sent back, verifying the user and device without transmitting any secrets.
“We provide the FIDO server for the bank and we provide an SDK for the customer, for the merchants or for the issuers for the login,” Jsler explained. “And we secure that there is no password exchanged, it’s really a private, public key, secure FIDO authentication.” The use cases extend beyond login to include step-up authentication for high-risk transactions (e.g., large transfers) and legally binding electronic signatures for contracts, potentially combined with second factors like tapping a physical card or using a dedicated secure key fob.
Addressing the Spectrum of Cyber Threats
Jsler emphasized that Thailand’s digital vibrancy makes it a prime target for various cyber threats. “You’re a victim of your success in Thailand,” he remarked. “Because so many people went digital and the transaction level is so high, you’re attractive for fraudsters.” Key threats include:
- Cyber Attacks: Used as a primary tool to steal credentials or financial data for fraudulent purposes. Defending against these daily attacks is critical.
- Identity Theft: The use of fake documents (passports, invoices) to impersonate individuals and open accounts or conduct illicit activities.
- Social Engineering: Manipulating individuals through psychological tactics (phishing calls, exploiting social media information) to divulge sensitive data or gain account access.
Robust security measures, including strong authentication like Passkeys and secure Electronic Know Your Customer (e-KYC) processes, are essential countermeasures. Jsler pointed to Singapore’s secure government ID system integrated with biometrics as an example of effective e-KYC that streamlines onboarding while preventing fraud.
Physical Cards: Resilient, Innovative, and Still ‘Cool’
Despite the digital wave, Jsler firmly believes the physical payment card is far from obsolete. “Since I’m in the business, people say that the physical card will disappear. Still, we have a growth,” he observed, noting that while growth is flattening, it persists. “People like to have something in their hands.”
The physical card has evolved beyond mere utility into a tool for branding, differentiation, and personal expression. G+D is at the forefront of this innovation:
- Premium Materials: Metal cards continue to appeal, especially to younger demographics seeking status and a “cool” factor. G+D also offers unique ceramic cards known for their smooth finish and durability.
- Sustainability: Responding to environmental concerns, G+D produces cards from recycled ocean plastic (in partnership with Parley for the Oceans), 100% certified wood (even retaining the wood scent), and biodegradable cornstarch.
- Personalization & Novelty: G+D recently launched AI-powered card design, allowing customers to generate unique card artwork based on text prompts. They also offer scented cards.
- Embedded Security: Bridging the physical and digital, G+D offers biometric cards featuring fingerprint sensors that unlock a dynamic CVC code displayed on the card surface for secure online payments.
“I think it will co-exist [with digital] for many more years to come,” Jsler predicted. “But we have to have nice designs, special.”
G+D’s Global Strength and Thai Market Strategy
G+D’s approach to entering the Thai market involves active participation in industry events, direct engagement with potential banking and PSP clients, and leveraging global partnerships with networks like Visa and Mastercard. While currently operating from its regional hub in Singapore without a local legal entity, Jsler emphasized frequent travel and in-person meetings. “That’s how we attacked the market… We plan to be regularly here,” he said.
The primary objective for the current year is clear: “The goal for this year is to acquire the first banking customers. So really commercial banks… help them in security, be it in the cards, security like 3D secure, or maybe in tokenisation or maybe in HCE.”
G+D differentiates itself through several key strengths:
- Longevity and Trust: Over 170 years in security-focused industries (starting with banknote paper).
- Global Scale & Reach: 14,000 employees worldwide, strong relationships with central banks globally.
- Comprehensive Portfolio: A “one-stop shop” covering the entire value chain from currency and SIM technology to payment cards and advanced digital security solutions (Tokenization, HCE, FIDO, AI-driven fraud prevention).
- Resilient Business Model: Three balanced pillars (Currency Technology, Mobile Security, Card & Digital Payments), each generating roughly €1 billion in revenue (total €3 billion last year), providing stability.
- Sustainability Commitment: Extending beyond products to operations, utilizing cloud data centers and developing energy-efficient AI.
- Strategic Production: Manufacturing presence in both the US and China, mitigating geopolitical risks.
“I feel that our differentiators is we are on a global scale… We’re here to stay. We’ve been around for a very, very long time,” Jsler concluded. G+D is poised to leverage this global expertise and comprehensive solution suite to become a key player in securing Thailand’s rapidly evolving digital payment ecosystem.
#GnD #Netcetera #DigitalPayment #CyberSecurity #HCE #TapToPay #Tokenization #Passkeys #FIDO #Authentication #OTP #Fintech #DigitalBanking #PhysicalCards #SustainableCards #FraudPrevention #eKYC #Thailand #DigitalEconomy #Money2020Asia #PaymentSecurity
