Mobile Payments 101
How do they work?
Richard A. Gibbs
Karen Ross
Andrew Lorentz
June 1, 2011
Agenda
 What is a mobile payment?
 Mobile payment technology
 Near field communications
 Value proposition and challenges
 Critical issues
2
What is a mobile payment?
 Mobile payment
 a payment (transfer of funds in return for a good or service) where the
mobile device is involved in the initiation and confirmation of the
payment
 includes P2P transfer of funds
 Mobile banking
 access to banking functionality (query + transaction) via the mobile
device
 includes the provision of part or all of the banking functionality already
provided by banks over the Internet in the form of online banking
 Mobile transaction
 transaction where the mobile phone is used simply to initiate an order
but not make a payment or to receive delivery of goods or services
(e.g., event ticket bar code)
3
Mobile payments technology
 Short Message Service (SMS)
 SMS is a communication protocol
allowing interchange of short text
messages
 Problems as a mobile payment
platform
 Slow, store-and-forward operation
 No security or encryption, sent in clear
text only (except during transmission
over the air)
 No inherent proof or confirmation of
receipt or delivery
 Generally used to purchase digital
goods (ringtones, avatars, games) or
send money P2P or P2B
Send money
 Send a text to 729725
(PAYPAL). Specify the
amount and the
recipient’s phone
number or email
address.
Send money
 Request money
Send a text to 729725
(PAYPAL). Include the
words get and from, and
then specify the amount
and the phone number
of the person you’re
requesting money from.
4
Mobile payments technology
 Unstructured Supplementary Service Data (USSD)
 USSD is a mechanism for transmitting information via a
GSM network
 Unlike SMS, USSD offers a real-time connection during a
session which makes it faster
 Used extensively overseas for mobile financial services
such as remittances and bill
payment
 Examples: M-Pesa in Kenya,
TchoTcho Mobile in Haiti
5
Mobile payments technology
 Quick response (“QR”) two-dimensional barcodes
 Popular for closed-loop applications
 Starbucks, Target, other retailers
6
Mobile payments technology
 Near field communication (NFC)
 NFC is a short-range high frequency
wireless communication technology that
enables the exchange of data between
devices over about a 4 cm. distance
 Allows emulation of existing contactless
payment standards (MasterCard
PayPass, Visa payWave, American
Express ExpressPay, Discover Zip)
 Allows P2P transfers (NFC device to
NFC device)
 Can read “tags” from smart posters for
offers or coupons
7
NFC applications
Source: Essentials for Successful NFC Mobile Ecosystem, NFC Forum (Oct. 2008)
8
NFC business models
 Mobile network operator centric model




MNO independently deploys mobile payment service
Can bypass financial institutions or develop open “wallet” application
Challenged by lack of connection to existing payments networks
Generally limited to remittances and P2P
 Financial institution centric model
 Financial institution develops a mobile payment application to be used
on any mobile device
 Ensures merchants have necessary POS capabilities
 MNO involvement may not be necessary
 Collaborative model
 Financial institutions, MNOs, and trusted service managers collaborate
to deliver mobile payment
 Model favored by the Federal Reserve
 P2P model
 Third party develops application to provide P2P or other form of mobile
payment
9
NFC stakeholders
Key Stakeholders
 Consumer
 Financial Institutions
(FI)/Banks
 Mobile Network Operators
(MNO)
 Merchants
 Trusted Service Managers
(TSM)
Supporting Stakeholders
 Payment Card Associations
 Handset Manufacturers
 Secure Element
Manufacturers
 Technology Providers (NFC
Chipset, POS Terminals)
 Third Party Application
Providers
 Standard Bodies
10
NFC mobile payment ecosystem
Issuing
Processors
App Issuers
App Developers
Chip/Handset
Manufacturers
TSM
MNO
“You have banks competing with
carriers competing with Apple and
Google, and it’s pretty much a goat
rodeo until someone sorts it out.” Drew
Sievers, chief executive of mFoundry
(developer of mobile payment software
for merchants and banks)
Acquiring
Processor
Banks
Payment Network
Consumer
Acquirer
Merchant
11
NFC stakeholder roles
 Consumers who use the mobile payment device
 Issuers and Acquirers who are regulated financial institutions with access
to payment networks (banks and money transmitters)
 Merchants who can accept contactless payments
 Mobile network operators who ensure a supply of NFC-capable mobile
devices and may be gatekeepers for secure elements
 Payment networks who set standards and promote acceptance of payment
cards
 Chip and handset manufacturers of NFC-capable mobile devices who




comply with standards
Trusted service managers who provision and manage the applications on
NFC-capable mobile devices
Issuing and acquiring payment processors who process payments on
behalf of issuing and acquiring banks
Application issuers who offer applications for specific purposes (e.g.,
proximity payment cards, transit, vending, person-to-person payments)
Application developers who develop applications for use on NFC-capable
mobile devices
12
Standards bodies involved in NFC
Develops, maintains, and
drives adoption of its
programming language
and APIs, which provide an
open and interoperable
infrastructure for
applications and secure
communications within
devices.
Develops specifications for
NFC devices that are
based on ISO/IEC
standard 18092 for
contactless interfaces,
ensuring interoperability
among devices and
services.
Maintains, evolves, and
promotes standards for
payment account security.
Engages in technical,
commercial, and public policy
initiatives to ensure that
mobile services are
interoperable worldwide.
Drives adoption of its
technical standards, which
provide an open and
interoperable infrastructure
for transactions performed
using smart cards, systems,
and devices.
Establishes international standards,
including standards applicable to
financial transactions and contact and
contactless smart cards.
Develops mobile serviceenabler specifications to
promote interoperability.
13
Overview of NFC device components
NFC DEVICE
User Interface
Cellular &
WiFi Modem
Operating System
Environment
SECURE ELEMENT
UICC/
SIM
Root Secure Domain
Secure
Element
Application
Secure Domains
Transit
Application
Secure Domain
Bank Application
Secure Domain
NFC Controller
P2P
Interface
Tag R/W
Interface
Card
Emulation
Interface
14
Securing NFC mobile payments
 Security critical applications that require payment
and account credentials need secure hardware
storage and a secure execution environment
 Role is handled by the secure element (SE)
 A secure element is a platform where applications can be
installed, personalized and managed, which consists of
hardware, software, interfaces, and protocols that enable
the secure storage of credentials and execution of
applications for payment, authentication, and other
services
15
Secure element location options
 On the universal integrated circuit card (or UICC)
 Typically this is the phone’s subscriber identity module or
SIM.
 MNOs have control of the UICC.
 On a separate chip or SD card inserted in the
phone.
 Financial institutions have the option to be MNO
independent.
 Embedding the secure element in the phone itself.
 Preferred option for the location of the Secure Element
16
Deployment scenarios
Simple Mode—A MNOcentric model where only the
MNO performs SE lifecycle
management functions but
TSM can monitor and verify
loading of applications
Simple Mode
SE
MNO
OK?
TSM
17
Deployment scenarios – closed model
MNO
One MNO – One TSM
TSM
Financial
Institution/Bank
Loyalty
Transit
18
Deployment scenarios
Delegated Mode—TSM is
authorized to load
applications and perform
application lifecycle
management functions
Delegated Mode
SE
Can I?
MNO
TSM
19
Deployment scenarios
Authorized Mode—Several
entities are authorized to load
applications and perform
application lifecycle
management functions
Authorized Mode
MNO
TSM
SE
20
Deployment scenarios – open model
Financial
Institution/Bank
Multiple MNOs – Multiple TSMs
Loyalty
Transit
MNO1
TSM
Shop
Controlling Authority
TSM
Financial
Institution/Bank
MNO
Loyalty
Transit
21
Collaborative business model for NFC
TSM delivers card account
information over mobile network to
secure element
Subscriber’s
NFC Device
MNO
TSM interfaces with mobile
network via OTA platform
Use card stored in handset
TSM
Account information
download
Financial
Institutions
Merchant
Authorization and
settlement through existing
financial networks
22
Collaborative security model for NFC
GlobalPlatform Secure Channel
Protocol + TLS/SSL + MNO air
encryption
Subscriber’s
NFC Device
MNO
GlobalPlatform Secure
Channel Protocol + TLS/SSL
Dynamic encryption
TSM
TLS/SSL
or
VPN
Financial
Institutions
Merchant
Existing security
technology
23
NFC advantages…
 Security
 Multiple layers of security (secure element, PIN, additional
authentication factors [phone number, SMS challenge],
information never passed as clear text
 Lower merchant liability costs
 Mag-stripe data exposure is eliminated
 Lower issuer costs
 No physical card distribution
 Reduced fraud due to lost cards
24
Value proposition and challenges
Customer is always “on-line,” which allows for


Improved customer relationship management


Increased yield from marketing spend


Receipts sent to phone after purchase
Co-marketing – purchase concert ticket and get a e-gift card
for purchase of music on iTunes
Targeted offers



Messages and offers can be sent to customer in
conjunction with a transaction (e.g., rebate coupons, map to
event just purchased)
Paperless coupons
Smart offers – customized offers sent to customers based
on customers’ demographics and transaction history
25
Value proposition and challenges
 Stakeholders have varying motives for pursuing mobile
payments
 Financial institutions
 Mainly a defensive play to protect current payment products
 Prevent further disintermediation of the financial institution by
keeping financial institution involved in any solution developed
 Reduction of transaction costs of existing payment methods,
especially cash and checks
 Mobile network operators
 Provision of value-added services to subscribers to reduce
churn and increase average revenue per unit through
associated increases in airtime and data usage
26
Value proposition and challenges
 Merchants
 Faster checkout
 Ability to send directed marketing messages
 Reduced transaction costs and fraud liability
 Increased customer satisfaction and loyalty through offers
and reward programs
 Consumers
 Faster checkout
 Security
 Convenience
27
Value proposition and challenges
 High cost for merchants
 POS terminal updates or replacement
 New systems may need development
 Adoption by consumers
 Consumers averse to change
 No incentive to use contactless payment card (even if they
have such a card)
 What is the revenue model?
 More players in the revenue food chain
 Untested technology
28
Critical issues – privacy and control
 Whose customer is it?
 Whose data is it?
 How can I market to these customers?
 How can I help others market to these customers?
 Google Offers, mobile couponing
 How can I use information about these customers?
 Geo-location, etc
 Who controls collection?
 Who controls communications with customers?
 Who safeguards the customer data? (liability for breach)
29
Critical issues – financial services
 Who powers the payments and how?
 What payment instruments? Debit instruments
subject to possible Fed rate cap
 What authority? (bank or money transmitter)
 How does the financial institution meet its
compliance obligations?
 If the MNO wants control – how does it comply with
financial services laws and regulations?
30
Critical issues – technology and operations
 How should the solution be implemented?
 Whose intellectual property is used?
 Is the business model financial institution- or mobile
operator-centric?
 Who manages the secure element and applications
on the secure element?
 Will the application be open or closed (or somewhere
in the middle?)
 Consumer choice and ubiquity
31
Critical issues - economics
 What are some possible revenue models?
 Incremental revenue attributable to NFC
 Pay-as-you-go model
 MNO or TSM obtains revenue from application issuers for
personalization and provisioning
 Landlord-tenant model
 MNO obtains revenue from charging application issuer “rent” for
space of secure element
 Interchange and transaction revenue
 Banks obtain revenue through current interchange process
no matter which business model is chosen, however,
interchange usage fee must be shared with more parties
 MNO obtains revenue from increased data usage
32