Mobile Payments 101 How do they work? Richard A. Gibbs Karen Ross Andrew Lorentz June 1, 2011 Agenda What is a mobile payment? Mobile payment technology Near field communications Value proposition and challenges Critical issues 2 What is a mobile payment? Mobile payment a payment (transfer of funds in return for a good or service) where the mobile device is involved in the initiation and confirmation of the payment includes P2P transfer of funds Mobile banking access to banking functionality (query + transaction) via the mobile device includes the provision of part or all of the banking functionality already provided by banks over the Internet in the form of online banking Mobile transaction transaction where the mobile phone is used simply to initiate an order but not make a payment or to receive delivery of goods or services (e.g., event ticket bar code) 3 Mobile payments technology Short Message Service (SMS) SMS is a communication protocol allowing interchange of short text messages Problems as a mobile payment platform Slow, store-and-forward operation No security or encryption, sent in clear text only (except during transmission over the air) No inherent proof or confirmation of receipt or delivery Generally used to purchase digital goods (ringtones, avatars, games) or send money P2P or P2B Send money Send a text to 729725 (PAYPAL). Specify the amount and the recipient’s phone number or email address. Send money Request money Send a text to 729725 (PAYPAL). Include the words get and from, and then specify the amount and the phone number of the person you’re requesting money from. 4 Mobile payments technology Unstructured Supplementary Service Data (USSD) USSD is a mechanism for transmitting information via a GSM network Unlike SMS, USSD offers a real-time connection during a session which makes it faster Used extensively overseas for mobile financial services such as remittances and bill payment Examples: M-Pesa in Kenya, TchoTcho Mobile in Haiti 5 Mobile payments technology Quick response (“QR”) two-dimensional barcodes Popular for closed-loop applications Starbucks, Target, other retailers 6 Mobile payments technology Near field communication (NFC) NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices over about a 4 cm. distance Allows emulation of existing contactless payment standards (MasterCard PayPass, Visa payWave, American Express ExpressPay, Discover Zip) Allows P2P transfers (NFC device to NFC device) Can read “tags” from smart posters for offers or coupons 7 NFC applications Source: Essentials for Successful NFC Mobile Ecosystem, NFC Forum (Oct. 2008) 8 NFC business models Mobile network operator centric model MNO independently deploys mobile payment service Can bypass financial institutions or develop open “wallet” application Challenged by lack of connection to existing payments networks Generally limited to remittances and P2P Financial institution centric model Financial institution develops a mobile payment application to be used on any mobile device Ensures merchants have necessary POS capabilities MNO involvement may not be necessary Collaborative model Financial institutions, MNOs, and trusted service managers collaborate to deliver mobile payment Model favored by the Federal Reserve P2P model Third party develops application to provide P2P or other form of mobile payment 9 NFC stakeholders Key Stakeholders Consumer Financial Institutions (FI)/Banks Mobile Network Operators (MNO) Merchants Trusted Service Managers (TSM) Supporting Stakeholders Payment Card Associations Handset Manufacturers Secure Element Manufacturers Technology Providers (NFC Chipset, POS Terminals) Third Party Application Providers Standard Bodies 10 NFC mobile payment ecosystem Issuing Processors App Issuers App Developers Chip/Handset Manufacturers TSM MNO “You have banks competing with carriers competing with Apple and Google, and it’s pretty much a goat rodeo until someone sorts it out.” Drew Sievers, chief executive of mFoundry (developer of mobile payment software for merchants and banks) Acquiring Processor Banks Payment Network Consumer Acquirer Merchant 11 NFC stakeholder roles Consumers who use the mobile payment device Issuers and Acquirers who are regulated financial institutions with access to payment networks (banks and money transmitters) Merchants who can accept contactless payments Mobile network operators who ensure a supply of NFC-capable mobile devices and may be gatekeepers for secure elements Payment networks who set standards and promote acceptance of payment cards Chip and handset manufacturers of NFC-capable mobile devices who comply with standards Trusted service managers who provision and manage the applications on NFC-capable mobile devices Issuing and acquiring payment processors who process payments on behalf of issuing and acquiring banks Application issuers who offer applications for specific purposes (e.g., proximity payment cards, transit, vending, person-to-person payments) Application developers who develop applications for use on NFC-capable mobile devices 12 Standards bodies involved in NFC Develops, maintains, and drives adoption of its programming language and APIs, which provide an open and interoperable infrastructure for applications and secure communications within devices. Develops specifications for NFC devices that are based on ISO/IEC standard 18092 for contactless interfaces, ensuring interoperability among devices and services. Maintains, evolves, and promotes standards for payment account security. Engages in technical, commercial, and public policy initiatives to ensure that mobile services are interoperable worldwide. Drives adoption of its technical standards, which provide an open and interoperable infrastructure for transactions performed using smart cards, systems, and devices. Establishes international standards, including standards applicable to financial transactions and contact and contactless smart cards. Develops mobile serviceenabler specifications to promote interoperability. 13 Overview of NFC device components NFC DEVICE User Interface Cellular & WiFi Modem Operating System Environment SECURE ELEMENT UICC/ SIM Root Secure Domain Secure Element Application Secure Domains Transit Application Secure Domain Bank Application Secure Domain NFC Controller P2P Interface Tag R/W Interface Card Emulation Interface 14 Securing NFC mobile payments Security critical applications that require payment and account credentials need secure hardware storage and a secure execution environment Role is handled by the secure element (SE) A secure element is a platform where applications can be installed, personalized and managed, which consists of hardware, software, interfaces, and protocols that enable the secure storage of credentials and execution of applications for payment, authentication, and other services 15 Secure element location options On the universal integrated circuit card (or UICC) Typically this is the phone’s subscriber identity module or SIM. MNOs have control of the UICC. On a separate chip or SD card inserted in the phone. Financial institutions have the option to be MNO independent. Embedding the secure element in the phone itself. Preferred option for the location of the Secure Element 16 Deployment scenarios Simple Mode—A MNOcentric model where only the MNO performs SE lifecycle management functions but TSM can monitor and verify loading of applications Simple Mode SE MNO OK? TSM 17 Deployment scenarios – closed model MNO One MNO – One TSM TSM Financial Institution/Bank Loyalty Transit 18 Deployment scenarios Delegated Mode—TSM is authorized to load applications and perform application lifecycle management functions Delegated Mode SE Can I? MNO TSM 19 Deployment scenarios Authorized Mode—Several entities are authorized to load applications and perform application lifecycle management functions Authorized Mode MNO TSM SE 20 Deployment scenarios – open model Financial Institution/Bank Multiple MNOs – Multiple TSMs Loyalty Transit MNO1 TSM Shop Controlling Authority TSM Financial Institution/Bank MNO Loyalty Transit 21 Collaborative business model for NFC TSM delivers card account information over mobile network to secure element Subscriber’s NFC Device MNO TSM interfaces with mobile network via OTA platform Use card stored in handset TSM Account information download Financial Institutions Merchant Authorization and settlement through existing financial networks 22 Collaborative security model for NFC GlobalPlatform Secure Channel Protocol + TLS/SSL + MNO air encryption Subscriber’s NFC Device MNO GlobalPlatform Secure Channel Protocol + TLS/SSL Dynamic encryption TSM TLS/SSL or VPN Financial Institutions Merchant Existing security technology 23 NFC advantages… Security Multiple layers of security (secure element, PIN, additional authentication factors [phone number, SMS challenge], information never passed as clear text Lower merchant liability costs Mag-stripe data exposure is eliminated Lower issuer costs No physical card distribution Reduced fraud due to lost cards 24 Value proposition and challenges Customer is always “on-line,” which allows for Improved customer relationship management Increased yield from marketing spend Receipts sent to phone after purchase Co-marketing – purchase concert ticket and get a e-gift card for purchase of music on iTunes Targeted offers Messages and offers can be sent to customer in conjunction with a transaction (e.g., rebate coupons, map to event just purchased) Paperless coupons Smart offers – customized offers sent to customers based on customers’ demographics and transaction history 25 Value proposition and challenges Stakeholders have varying motives for pursuing mobile payments Financial institutions Mainly a defensive play to protect current payment products Prevent further disintermediation of the financial institution by keeping financial institution involved in any solution developed Reduction of transaction costs of existing payment methods, especially cash and checks Mobile network operators Provision of value-added services to subscribers to reduce churn and increase average revenue per unit through associated increases in airtime and data usage 26 Value proposition and challenges Merchants Faster checkout Ability to send directed marketing messages Reduced transaction costs and fraud liability Increased customer satisfaction and loyalty through offers and reward programs Consumers Faster checkout Security Convenience 27 Value proposition and challenges High cost for merchants POS terminal updates or replacement New systems may need development Adoption by consumers Consumers averse to change No incentive to use contactless payment card (even if they have such a card) What is the revenue model? More players in the revenue food chain Untested technology 28 Critical issues – privacy and control Whose customer is it? Whose data is it? How can I market to these customers? How can I help others market to these customers? Google Offers, mobile couponing How can I use information about these customers? Geo-location, etc Who controls collection? Who controls communications with customers? Who safeguards the customer data? (liability for breach) 29 Critical issues – financial services Who powers the payments and how? What payment instruments? Debit instruments subject to possible Fed rate cap What authority? (bank or money transmitter) How does the financial institution meet its compliance obligations? If the MNO wants control – how does it comply with financial services laws and regulations? 30 Critical issues – technology and operations How should the solution be implemented? Whose intellectual property is used? Is the business model financial institution- or mobile operator-centric? Who manages the secure element and applications on the secure element? Will the application be open or closed (or somewhere in the middle?) Consumer choice and ubiquity 31 Critical issues - economics What are some possible revenue models? Incremental revenue attributable to NFC Pay-as-you-go model MNO or TSM obtains revenue from application issuers for personalization and provisioning Landlord-tenant model MNO obtains revenue from charging application issuer “rent” for space of secure element Interchange and transaction revenue Banks obtain revenue through current interchange process no matter which business model is chosen, however, interchange usage fee must be shared with more parties MNO obtains revenue from increased data usage 32