Mobile Payments 101 How do they work? Richard A. Gibbs Karen Ross Andrew Lorentz
June 1, 2011
Agenda What is a mobile payment?
Mobile payment technology Near field communications Value proposition and challenges
Critical issues
2
What is a mobile payment? Mobile payment a payment (transfer of funds in return for a good or service) where the mobile device is involved in the initiation and confirmation of the payment includes P2P transfer of funds
Mobile banking access to banking functionality (query + transaction) via the mobile device includes the provision of part or all of the banking functionality already provided by banks over the Internet in the form of online banking
Mobile transaction transaction where the mobile phone is used simply to initiate an order but not make a payment or to receive delivery of goods or services (e.g., event ticket bar code)
3
Mobile payments technology Short Message Service (SMS) SMS is a communication protocol
allowing interchange of short text messages Problems as a mobile payment platform Slow, store-and-forward operation No security or encryption, sent in clear text only (except during transmission over the air) No inherent proof or confirmation of receipt or delivery
Generally used to purchase digital goods (ringtones, avatars, games) or send money P2P or P2B
Send money Send a text to 729725 (PAYPAL). Specify the amount and the recipient’s phone number or email address.
Send money Request money Send a text to 729725 (PAYPAL). Include the words get and from, and then specify the amount and the phone number of the person you’re requesting money from.
4
Mobile payments technology Unstructured Supplementary Service Data (USSD) USSD is a mechanism for transmitting information via a
GSM network Unlike SMS, USSD offers a real-time connection during a session which makes it faster Used extensively overseas for mobile financial services such as remittances and bill payment Examples: M-Pesa in Kenya, TchoTcho Mobile in Haiti
5
Mobile payments technology Quick response (―QR‖) two-dimensional barcodes
Popular for closed-loop applications Starbucks, Target, other retailers
6
Mobile payments technology Near field communication (NFC) NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices over about a 4 cm. distance Allows emulation of existing contactless payment standards (MasterCard PayPass, Visa payWave, American Express ExpressPay, Discover Zip) Allows P2P transfers (NFC device to NFC device) Can read ―tags‖ from smart posters for offers or coupons
7
NFC applications
Source: Essentials for Successful NFC Mobile Ecosystem, NFC Forum (Oct. 2008)
8
NFC business models Mobile network operator centric model
MNO independently deploys mobile payment service Can bypass financial institutions or develop open ―wallet‖ application Challenged by lack of connection to existing payments networks Generally limited to remittances and P2P
Financial institution centric model Financial institution develops a mobile payment application to be used on any mobile device Ensures merchants have necessary POS capabilities MNO involvement may not be necessary
Collaborative model Financial institutions, MNOs, and trusted service managers collaborate
to deliver mobile payment Model favored by the Federal Reserve
P2P model Third party develops application to provide P2P or other form of mobile payment
9
NFC stakeholders Key Stakeholders Consumer Financial Institutions (FI)/Banks Mobile Network Operators (MNO) Merchants Trusted Service Managers (TSM)
Supporting Stakeholders Payment Card Associations Handset Manufacturers Secure Element Manufacturers Technology Providers (NFC Chipset, POS Terminals) Third Party Application Providers Standard Bodies
10
NFC mobile payment ecosystem Issuing Processors
App Issuers
App Developers
Chip/Handset Manufacturers
TSM
MNO
―You have banks competing with carriers competing with Apple and Google, and it’s pretty much a goat rodeo until someone sorts it out.‖ Drew Sievers, chief executive of mFoundry (developer of mobile payment software for merchants and banks)
Acquiring Processor
Banks
Payment Network
Consumer
Acquirer
Merchant
11
NFC stakeholder roles Consumers who use the mobile payment device Issuers and Acquirers who are regulated financial institutions with access
to payment networks (banks and money transmitters) Merchants who can accept contactless payments Mobile network operators who ensure a supply of NFC-capable mobile devices and may be gatekeepers for secure elements Payment networks who set standards and promote acceptance of payment cards Chip and handset manufacturers of NFC-capable mobile devices who comply with standards Trusted service managers who provision and manage the applications on NFC-capable mobile devices Issuing and acquiring payment processors who process payments on behalf of issuing and acquiring banks Application issuers who offer applications for specific purposes (e.g., proximity payment cards, transit, vending, person-to-person payments) Application developers who develop applications for use on NFC-capable mobile devices
12
Standards bodies involved in NFC Develops, maintains, and drives adoption of its programming language and APIs, which provide an open and interoperable infrastructure for applications and secure communications within devices.
Develops specifications for NFC devices that are based on ISO/IEC standard 18092 for contactless interfaces, ensuring interoperability among devices and services.
Maintains, evolves, and promotes standards for payment account security.
Engages in technical, commercial, and public policy initiatives to ensure that mobile services are interoperable worldwide. Drives adoption of its technical standards, which provide an open and interoperable infrastructure for transactions performed using smart cards, systems, and devices.
Establishes international standards, including standards applicable to financial transactions and contact and contactless smart cards. Develops mobile serviceenabler specifications to promote interoperability.
13
Overview of NFC device components NFC DEVICE User Interface Cellular & WiFi Modem Operating System Environment
SECURE ELEMENT UICC/ SIM
Root Secure Domain Secure Element
Application Secure Domains
Transit Application Secure Domain
Bank Application Secure Domain
NFC Controller
P2P Interface
Tag R/W Interface
Card Emulation Interface
14
Securing NFC mobile payments Security critical applications that require payment
and account credentials need secure hardware storage and a secure execution environment Role is handled by the secure element (SE) A secure element is a platform where applications can be
installed, personalized and managed, which consists of hardware, software, interfaces, and protocols that enable the secure storage of credentials and execution of applications for payment, authentication, and other services
15
Secure element location options On the universal integrated circuit card (or UICC) Typically this is the phone’s subscriber identity module or
SIM. MNOs have control of the UICC.
On a separate chip or SD card inserted in the
phone. Financial institutions have the option to be MNO
independent.
Embedding the secure element in the phone itself. Preferred option for the location of the Secure Element
16
Deployment scenarios Simple Mode—A MNOcentric model where only the MNO performs SE lifecycle management functions but TSM can monitor and verify loading of applications
Simple Mode SE
MNO OK?
TSM
17
Deployment scenarios – closed model MNO
One MNO – One TSM TSM
Financial Institution/Bank
Loyalty
Transit
18
Deployment scenarios Delegated Mode—TSM is authorized to load applications and perform application lifecycle management functions
Delegated Mode SE
Can I?
MNO
TSM
19
Deployment scenarios Authorized Mode—Several entities are authorized to load applications and perform application lifecycle management functions
Authorized Mode
MNO
TSM
SE
20
Deployment scenarios – open model Financial Institution/Bank
Multiple MNOs – Multiple TSMs
Loyalty
Transit MNO1 TSM
Shop
Controlling Authority
TSM
Financial Institution/Bank
MNO Loyalty
Transit
21
Collaborative business model for NFC TSM delivers card account information over mobile network to secure element
Subscriber’s NFC Device
MNO TSM interfaces with mobile network via OTA platform
Use card stored in handset
TSM
Account information download
Financial Institutions
Merchant
Authorization and settlement through existing financial networks
22
Collaborative security model for NFC GlobalPlatform Secure Channel Protocol + TLS/SSL + MNO air encryption
Subscriber’s NFC Device
MNO GlobalPlatform Secure Channel Protocol + TLS/SSL
Dynamic encryption
TSM
TLS/SSL or VPN
Financial Institutions
Merchant
Existing security technology
23
NFC advantages… Security Multiple layers of security (secure element, PIN, additional
authentication factors [phone number, SMS challenge], information never passed as clear text
Lower merchant liability costs Mag-stripe data exposure is eliminated
Lower issuer costs No physical card distribution Reduced fraud due to lost cards
24
Value proposition and challenges Customer is always ―on-line,‖ which allows for
Improved customer relationship management
Increased yield from marketing spend
Receipts sent to phone after purchase Co-marketing – purchase concert ticket and get a e-gift card for purchase of music on iTunes
Targeted offers
Messages and offers can be sent to customer in conjunction with a transaction (e.g., rebate coupons, map to event just purchased) Paperless coupons Smart offers – customized offers sent to customers based on customers’ demographics and transaction history
25
Value proposition and challenges Stakeholders have varying motives for pursuing mobile
payments Financial institutions Mainly a defensive play to protect current payment products Prevent further disintermediation of the financial institution by
keeping financial institution involved in any solution developed Reduction of transaction costs of existing payment methods, especially cash and checks
Mobile network operators Provision of value-added services to subscribers to reduce churn and increase average revenue per unit through associated increases in airtime and data usage
26
Value proposition and challenges Merchants Faster checkout Ability to send directed marketing messages Reduced transaction costs and fraud liability Increased customer satisfaction and loyalty through offers
and reward programs
Consumers Faster checkout Security Convenience
27
Value proposition and challenges High cost for merchants POS terminal updates or replacement New systems may need development
Adoption by consumers Consumers averse to change No incentive to use contactless payment card (even if they
have such a card)
What is the revenue model? More players in the revenue food chain
Untested technology
28
Critical issues – privacy and control Whose customer is it? Whose data is it? How can I market to these customers? How can I help others market to these customers? Google Offers, mobile couponing How can I use information about these customers? Geo-location, etc Who controls collection?
Who controls communications with customers? Who safeguards the customer data? (liability for breach)
29
Critical issues – financial services Who powers the payments and how?
What payment instruments? Debit instruments
subject to possible Fed rate cap What authority? (bank or money transmitter) How does the financial institution meet its compliance obligations? If the MNO wants control – how does it comply with financial services laws and regulations?
30
Critical issues – technology and operations How should the solution be implemented? Whose intellectual property is used? Is the business model financial institution- or mobile
operator-centric? Who manages the secure element and applications on the secure element? Will the application be open or closed (or somewhere in the middle?) Consumer choice and ubiquity
31
Critical issues - economics What are some possible revenue models? Incremental revenue attributable to NFC Pay-as-you-go model MNO or TSM obtains revenue from application issuers for personalization and provisioning
Landlord-tenant model MNO obtains revenue from charging application issuer ―rent‖ for space of secure element
Interchange and transaction revenue Banks obtain revenue through current interchange process no matter which business model is chosen, however, interchange usage fee must be shared with more parties MNO obtains revenue from increased data usage
32