Mobile Payments 101

How do they work?

Richard A. Gibbs Karen Ross Andrew Lorentz June 1, 2011

Agenda
What is a mobile payment? Mobile payment technology Near field communications Value proposition and challenges Critical issues

22

What is a mobile payment?

Mobile payment
a payment (transfer of funds in return for a good or service) where the mobile device is involved in the initiation and confirmation of the payment includes P2P transfer of funds

Mobile banking
access to banking functionality (query + transaction) via the mobile device includes the provision of part or all of the banking functionality already provided by banks over the Internet in the form of online banking

Mobile transaction
transaction where the mobile phone is used simply to initiate an order but not make a payment or to receive delivery of goods or services (e.g., event ticket bar code)

33

Mobile payments technology

Short Message Service (SMS)
SMS is a communication protocol allowing interchange of short text messages Problems as a mobile payment platform

Send money Send a text to 729725 (PAYPAL). Specify the amount and the recipients phone number or email address.

Slow, store-and-forward operation No security or encryption, sent in clear text only (except during transmission over the air) No inherent proof or confirmation of receipt or delivery
Send money Request money Send a text to 729725 (PAYPAL). Include the words get and from, and then specify the amount and the phone number of the person youre requesting money from.

Generally used to purchase digital goods (ringtones, avatars, games) or send money P2P or P2B

44

Mobile payments technology

Unstructured Supplementary Service Data (USSD) USSD is a mechanism for transmitting information via a GSM network Unlike SMS, USSD offers a real-time connection during a session which makes it faster Used extensively overseas for mobile financial services such as remittances and bill payment Examples: M-Pesa in Kenya, TchoTcho Mobile in Haiti

55

Mobile payments technology

Quick response (QR) two-dimensional barcodes Popular for closed-loop applications Starbucks, Target, other retailers

66

Mobile payments technology

Near field communication (NFC)
NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices over about a 4 cm. distance Allows emulation of existing contactless payment standards (MasterCard PayPass, Visa payWave, American Express ExpressPay, Discover Zip) Allows P2P transfers (NFC device to NFC device) Can read tags from smart posters for offers or coupons

77

NFC applications
Click to edit Master text styles Second level Third level Fourth level Fifth level

Source: Essentials for Successful NFC Mobile Ecosystem, NFC Forum (Oct. 2008)

88

NFC business models

Mobile network operator centric model
MNO independently deploys mobile payment service Can bypass financial institutions or develop open wallet application Challenged by lack of connection to existing payments networks Generally limited to remittances and P2P

Financial institution centric model

Financial institution develops a mobile payment application to be used on any mobile device Ensures merchants have necessary POS capabilities MNO involvement may not be necessary

Collaborative model
Financial institutions, MNOs, and trusted service managers collaborate to deliver mobile payment Model favored by the Federal Reserve

P2P model
Third party develops application to provide P2P or other form of mobile payment

99

NFC stakeholders
Key Stakeholders
Consumer Financial Institutions (FI)/Banks Mobile Network Operators (MNO) Merchants Trusted Service Managers (TSM)

Supporting Stakeholders
Payment Card Associations Handset Manufacturers Secure Element Manufacturers Technology Providers (NFC Chipset, POS Terminals) Third Party Application Providers Standard Bodies

1010

NFC mobile payment ecosystem

You have banks competing with carriers competing with Apple and Google, and its pretty much a goat rodeo until someone sorts it out. Drew Sievers, chief executive of mFoundry (developer of mobile payment software for merchants and banks)

1111

NFC stakeholder roles

Consumers who use the mobile payment device Issuers and Acquirers who are regulated financial institutions with access to payment networks (banks and money transmitters) Merchants who can accept contactless payments Mobile network operators who ensure a supply of NFC-capable mobile devices and may be gatekeepers for secure elements Payment networks who set standards and promote acceptance of payment cards Chip and handset manufacturers of NFC-capable mobile devices who comply with standards Trusted service managers who provision and manage the applications on NFC-capable mobile devices Issuing and acquiring payment processors who process payments on behalf of issuing and acquiring banks Application issuers who offer applications for specific purposes (e.g., proximity payment cards, transit, vending, person-to-person payments) Application developers who develop applications for use on NFC-capable mobile devices

1212

Standards bodies involved in NFC

Develops, maintains, and drives adoption of its programming language and APIs, which provide an open and interoperable infrastructure for applications and secure communications within devices. Develops specifications for NFC devices that are based on ISO/IEC standard 18092 for contactless interfaces, ensuring interoperability among devices and services. Engages in technical, commercial, and public policy initiatives to ensure that mobile services are interoperable worldwide. Drives adoption of its technical standards, which provide an open and interoperable infrastructure for transactions performed using smart cards, systems, and devices.

Establishes international standards, including standards applicable to financial transactions and contact and contactless smart cards. Develops mobile service-enabler specifications to promote interoperability.

Maintains, evolves, and promotes standards for payment account security.

1313

Overview of NFC device components

1414

Securing NFC mobile payments

Security critical applications that require payment and account credentials need secure hardware storage and a secure execution environment Role is handled by the secure element (SE) A secure element is a platform where applications can be installed, personalized and managed, which consists of hardware, software, interfaces, and protocols that enable the secure storage of credentials and execution of applications for payment, authentication, and other services

1515

Secure element location options

On the universal integrated circuit card (or UICC) Typically this is the phones subscriber identity module or SIM. MNOs have control of the UICC. On a separate chip or SD card inserted in the phone. Financial institutions have the option to be MNO independent. Embedding the secure element in the phone itself. Preferred option for the location of the Secure Element

1616

Deployment scenarios
Simple ModeA MNO-centric model where only the MNO performs SE lifecycle management functions but TSM can monitor and verify loading of applications

1717

Deployment scenarios closed model

One MNO One TSM

1818

Deployment scenarios
Delegated ModeTSM is authorized to load applications and perform application lifecycle management functions

1919

Deployment scenarios
Authorized ModeSeveral entities are authorized to load applications and perform application lifecycle management functions

2020

Deployment scenarios open model

Multiple MNOs Multiple TSMs

2121

Collaborative business model for NFC

2222

Collaborative security model for NFC

2323

NFC advantages
Security Multiple layers of security (secure element, PIN, additional authentication factors [phone number, SMS challenge], information never passed as clear text Lower merchant liability costs Mag-stripe data exposure is eliminated Lower issuer costs No physical card distribution Reduced fraud due to lost cards

2424

Value proposition and challenges

Customer is always on-line, which allows for Improved customer relationship management

Receipts sent to phone after purchase Co-marketing purchase concert ticket and get a e-gift card for purchase of music on iTunes Messages and offers can be sent to customer in conjunction with a transaction (e.g., rebate coupons, map to event just purchased) Paperless coupons Smart offers customized offers sent to customers based on customers demographics and transaction history

Increased yield from marketing spend

Targeted offers

2525

Value proposition and challenges

Stakeholders have varying motives for pursuing mobile payments Financial institutions
Mainly a defensive play to protect current payment products Prevent further disintermediation of the financial institution by keeping financial institution involved in any solution developed Reduction of transaction costs of existing payment methods, especially cash and checks

Mobile network operators

Provision of value-added services to subscribers to reduce churn and increase average revenue per unit through associated increases in airtime and data usage

2626

Value proposition and challenges

Merchants Faster checkout Ability to send directed marketing messages Reduced transaction costs and fraud liability Increased customer satisfaction and loyalty through offers and reward programs Consumers Faster checkout Security Convenience
2727

Value proposition and challenges

High cost for merchants POS terminal updates or replacement New systems may need development Adoption by consumers Consumers averse to change No incentive to use contactless payment card (even if they have such a card) What is the revenue model? More players in the revenue food chain Untested technology
2828

Critical issues privacy and control

Whose customer is it? Whose data is it? How can I market to these customers? How can I help others market to these customers?

Google Offers, mobile couponing

How can I use information about these customers?

Geo-location, etc

Who controls collection? Who controls communications with customers? Who safeguards the customer data? (liability for breach)

2929

Critical issues financial services

Who powers the payments and how? What payment instruments? Debit instruments subject to possible Fed rate cap What authority? (bank or money transmitter) How does the financial institution meet its compliance obligations? If the MNO wants control how does it comply with financial services laws and regulations?

3030

Critical issues technology and operations

How should the solution be implemented?
Whose intellectual property is used? Is the business model financial institution- or mobile operator-centric? Who manages the secure element and applications on the secure element? Will the application be open or closed (or somewhere in the middle?)

Consumer choice and ubiquity

3131

Critical issues - economics

What are some possible revenue models? Incremental revenue attributable to NFC

Pay-as-you-go model

MNO or TSM obtains revenue from application issuers for personalization and provisioning

Landlord-tenant model

MNO obtains revenue from charging application issuer rent for space of secure element

Interchange and transaction revenue

Banks obtain revenue through current interchange process no matter which business model is chosen, however, interchange usage fee must be shared with more parties

MNO obtains revenue from increased data usage

3232