It is known to provide a virtual payment product (for example a virtual credit card or a virtual debit card) on an electronic device (such as a mobile telephone) to enable the electronic device to perform a contactless payment process (for example using near field communications (NFC)). Current implementations of this use a hardware device, known as a Secure Element (SE)—the SE could be, for example, a subscriber identity module (SIM), a so-called “Chip in Handset”, a MicroSD card, etc. The SE stores data relating to the virtual payment product (such as a virtual card number). SEs are seen to provide protection of payment data with the same level of security as a standard physical “chip and PIN” card as the SE has the same security properties such as hardware, operating system and procedures to provision the payment product.
However, utilising SEs has a number of problems and undesirable constraints. These may include: a large upfront investment cost; a high cost of ownership; and a large variety and number of different entities who are required to work in synchronisation to effect the technology, particularly when those entities may wish to keep their processes secret/secured.
Furthermore, managing SEs may be very complicated as a consequence of at least one of: unstable technology across the whole system due to continual technological evolution; the technology across the whole system being controlled by multiple different standards bodies (for example, EMVco, GSMA, NFC Forum, GlobalPlatform); non-standard deployments being used on the SEs (for example in Mobile Network Operators (MNOs), Wallets, Registration, Eligibility and Operations); the need continually to cater for new models of electronic devices, SIMs, Operating Systems and standards; and sensitivities over customer ownership, for example with Wallets, and loss of end to end customer experience.