February 13
th, 2014
2
Outline
Definitions
1
Introduction to Mobile Payments
2
Non-NFC Payment Methods
4
Near Field Communication and Payment Methods
3
Security
4
5
Mobile Payments in North America
Term
Definition
Bar code
An optical machine-readable representation of data about the object to which the bar
code is attached. Originally, bar codes represented data by varying the widths and
spaces between parallel lines, referred to as linear or one-dimensional (1D) bar codes.
They evolved to use rectangles, dots, hexagons, and other geometric patterns in two
dimensions (2D). Mobile payments can use QR codes or other 2D barCodes
Cloud
A reference to using cloud computing to access services and applications. Cloud
computing is a model for enabling ubiquitous, convenient, on-demand network access to
a shared pool of configurable computing resources that can be rapidly provisioned and
released with minimal management effort or service provider interaction
ISO/IEC 14443
ISO/IEC standard “Identification Cards—Contactless Integrated Circuit(s) Cards—
Proximity Cards.” The international standard for contactless smart chips and cards that
can be read from or written to at a distance of less than 10 cm (4 in.). This standard
operates at 13.56 MHz
Mobile Remote Payments
Mobile payment transactions in which consumers use a smartphone or mobile phone to
make purchases without interacting with a physical POS
Mobile Wallet
A software application that is loaded onto a mobile phone to manage payments made
from the mobile phone. A mobile wallet application can also hold and control a number of
other applications (for example, payment and loyalty), much as a physical wallet holds a
collection of physical cards
Near Field Communication
A standards-based wireless communication technology that allows data to be exchanged
between devices that are a few centimeters apart. NFC-enabled mobile phones
incorporate a smart chip (called a secure element) that allows the phone to store the
payment application and consumer account information securely and use the information
as a virtual payment card
Point of Sale
The merchant’s physical location where the payment transaction takes place. This term is
also used to describe the equipment used by the merchant to complete the payment
transaction
3
Definitions to Know
4
Introduction to Mobile Payments
Mobile Payments is a new venue for consumers to purchase their goods and services that has seen emergence in recent years Consumers have began embracing their phones and tablets to make a number of purchases, primarily in retail segments Mobile payments transactions allow the transfer of value from one entity to another:
person to person, person to merchant or merchant to merchant
These purchases are done mainly through two different methods: NFC and in store over cloud
The service is particularly attractive to small businesses and merchants, as the service is free or cheap to use and can be used to provide a payment point for a workforce on the move, such as with taxi companies
Third-party processors (TPPs) typically serve as an intermediary between a retailer and a merchant bank. These processors manage many transaction processes including authorization routing, settlement processing, merchant statement preparation and chargeback processing
The market is currently very fragmented with banks, credit card companies and mobile providers all fighting for market share Technology hurdles, such as the lack of NFC devices, have been overcome and now most resistance come from safety uncertainty
Overview
Gross Value of Mobile Payment Transactions ($ MM)
Mobile Payments Offerings From 13 Leading Banks.
14%
31% 55%
P2P Mobile RDC Bill Pay
5
Near Field Communications
Near Field Communication (NFC) is a technology for the wireless connection of devices which links the online and offline worlds It is based on the development of RFID (Radio Frequency Identification) technology, in which data on a transponder can be read and stored contactlessly
The range for NFC has deliberately been limited to a maximum of between 10 -20 cm so that the user can keep the communication under the best possible control
Supporting infrastructure is not in place to help make the most of NFC (Primarily in US). However 86% of point-of-sale terminals will be NFC enabled in North America by 2017
The two types of mobile contactless payment methods Device Centric
The contactless application runs on an Secure Element chip. This chip is embedded in the phone SIM Centric
The contactless application runs on the SIM which acts and the Secure Element of the NFC Front End
Overview
Device Centric NFC Approach
SIM Centric NFC Approach
Source: Samsung, Single Wire Protocol, Deutsche Bank, GSMA
6
NFC Dependence on Card Terminal Technology
Cash-less transactions showing major growth, with digital purchases as a key driver for the industry Major trend in the rise of payment with cards to meet this demand
Cards are popular in the US and Canada where they account for 60.8% and 72.&% of the total number of cash-less transactions Currently US lags behind the rest of the world in adopting EMV (“chip and PIN”) cards
Card companies trying to phase in EMV cards with retailer incentives after wide spread fraud in major US retailers as the current stripe cards are easy to copy sensitive data
Push back from companies as EMV cards require major changes to their current payment system
NFC mobile contactless payment transactions between mobile phone and a POS terminal use the same technology as contactless EMV credit and debit cards
NFC mobile payment growth in US is dependent on acceptance of EMV cards to piggyback on its technology
Overview
EMV Adoption Rates by Region
Value of Mobile Payments
7
Non-NFC Methods
Bar Code
Outside of NFC payments there are many other ways people can make payments using mobile devices
The highly fragmented mobile payment markets have led to many different solutions arising to address the needs of users
These methods are generally less secure than NFC payments, but allow for different capabilities and the ability to be more tailored For example payments over the cloud allow for a much wider range of devices
Bar code payments build upon the already mature traditional bar code system which is widely used
Mobile phone can now display either a 1 or 2 dimensional bar and have it scanned at a point of sale
The best known example of this is Starbucks. Which implements a closed system which applies to one merchant and allows for the execution of a payment on a proprietary system. This does not allow for dynamic data A more open bar code
implementation would allow
consumers to register accounts with a third party provider that would then hand more transactional data on behalf of both the customer and the merchant
Mobile payments over the cloud work by enabling customers to manage credentials using an app. Payment is handled by a third part in which both the customer and the merchant are subscribed to These apps can be accessed through either a browser or a proprietary installed app on the device
The best known example of payments over the cloud is PayPal which has been widely successful and was bought by eBay
Mobile devices as a point of sale is a very different solution
Mobile devices can now serve as a point of sale terminal and process transactions replacing traditional terminals
Apple has removed registers in favour of this model
This technology has many
application ranging from restaurants to lodging services
Square has been a very successful provider of software for this method of payment
Overview
Payments over Cloud
Mobile as a POS
Mobile Wallet payments include security such as: Wallet PIN protection
Remote activation and suspension via phone call to wireless carrier Full account numbers of credit cards and debit cards are not visible Unique ID sent with each transaction
If phone lost or stolen, it would be very difficult for unauthorized user to access a consumer’s payment card information
With NFC the card CVV (Card Verification Value) changes every time you use it Only one verification value can be used once which makes it easier to track stolen However, the signals transmitted by NFC-enabled devices can also be detected from a distance of several meters, which is further than originally assumed
Data Type Acquirer Credential Issuer Wallet Provider Merchant End User MNO or SDM Loyalty Issuer Other Apps
Amount YES NO NO YES YES NO YES NO
Time YES NO NO YES YES NO YES NO
Merchant YES NO NO YES YES NO YES NO
Product (i.e. Which Credential)
YES NO NO YES YES NO YES NO
Location YES NO NO YES YES NO YES NO
Transaction
Details NO NO NO YES YES NO NO NO
Electronic
Receipt NO NO NO YES YES NO NO NO
8
The Main Concern – Security
Overview of Mobile Payment Security
Who Has Access to Financial Data for Mobile Payments in Canada
Source: ISIS Mobile Wallet, IBM, Canadian Federal Government
The default for ecosystem
participants should be to protect the end user and merchant data. Access to and usage of data must be
disclosed to the end user and the end users permission explicitly granted Payment Products in Wallet - Only the wallet provider and the end user may access the list of payment
products that are in a wallet, all others must not have access to the list of payment products
Market Description Transaction Mechanism Pros Cons
Emerging Markets: No data connection and basic devices
SMS MNO-agnostic
Global reach across MNOs and devices
Low-income customers already familiar with technology
Low Security Poor customer service Limited to 160 characters
Unstructured
Supplementary Service Data (USSD)
More secure than SMS (no data stored on phone) Available on all devices
Requires MNO participation Requires customers to learn
“short” codes to initiate transactions
SIM-based application Simple, secure, and fast for end user
Deployable on all GSM devices
Requires MNO participation Requires loading the menu
onto the SIM card
Developed Markets: Data connection and smart phones
Wireless Application Protocol (WAP) browser
Does not require MNO participation
Browser functionality available on all smart phones As secure as online banking
Requires several steps to complete transaction Highly dependent on network
speed
Java application on the device
Richest customer experience Most secure of all transaction mechanisms when combined with encryption capabilities of the SIM card
May require MNO or device manufacturer participation when they control content on phone
Requires client to download application
9
Security – Pros and Cons of Various Mobile Security Options
Source: ISIS Mobile Wallet, IBM, Canadian Federal Government
Market Description Transaction Mechanism Pros Cons
Emerging Markets: No data connection and basic devices
SMS MNO-agnostic
Global reach across MNOs and devices
Low-income customers already familiar with technology
Low Security
Poor customer service Limited to 160 characters
Unstructured Supplementary Service Data (USSD)
More secure than SMS (no data stored on phone) Available on all devices
Requires MNO participation Requires customers to learn
“short” codes to initiate transactions
SIM-based application Simple, secure, and fast for
end user
Deployable on all GSM devices
Requires MNO participation Requires loading the menu
onto the SIM card
Developed Markets: Data connection and smart phones
Wireless Application Protocol (WAP) browser
Does not require MNO participation
Browser functionality available on all smart phones
As secure as online banking
Requires several steps to complete transaction
Highly dependent on network speed
Java application on the device Richest customer experience
Most secure of all transaction mechanisms when combined with encryption capabilities of the SIM card
May require MNO or device manufacturer participation when they control content on phone
Requires client to download application
Data Type Acquire r
Credential Issuer
Wallet Provider
Merchant End User MNO or SDM
Loyalty Issuer
Other Apps
Amount YES NO NO YES YES NO YES NO
Time YES NO NO YES YES NO YES NO
Merchant YES NO NO YES YES NO YES NO
Product (i.e. Which Credential)
YES NO NO YES YES NO YES NO
Location YES NO NO YES YES NO YES NO
Transactio n Details NO NO NO YES YES NO NO NO Electronic Receipt NO NO NO YES YES NO NO NO
10
Tokenization – New Mobile Payments Technology
Tokenization is a method for protecting card data by substituting a card’s Primary Account Number (PAN) with a unique, randomly
generated sequence of numbers and characters
The token is usually the same length and format as the original PAN, so it appears no different than a standard payment card number to back-end transaction processing systems, applications and storage
The random sequence, or “token,” acts as a substitute value for the actual PAN while the data is at rest inside a retailer’s system The token can be reversed to its true associated PAN value a any time with the right decryption keys
The token itself would be of little value to data thieves because there would be no way to link the token back to the PAN without the decryption key
Tokenization eliminates the need for merchants, e-commerce sites and operators of mobile wallets to store sensitive payment card data on their networks
Consumers would do nothing different when paying for purchases using a credit or debit card
Overview
Encryption vs. Tokenization
How Tokenization System Works
Encryption is the process of transforming information using an
algorithm to make it unreadable to anyone except those possessing special knowledge, or a key
Encryption implemented from point of entry to point of process (End to end)
Requires management of encryption keys
With Tokenization, data is neither stored nor sent in any form to its destination
Do not have to manage encryption keys
Provides greater flexibility in choosing what data to encrypt However company must be able to identify the specific data to encrypt, which requires intimate knowledge of its data profile
11
Mobile Payments in North America
Google Wallet
Overview
The mobile payment environment in North America is currently in a state if flux with many different models, companies and organizations pushing for conflicting mobile payment systems
On March 22 2012, the Congressional subcommittee on Financial Institutions and Consumer Credit hosted a hearing titled “The Future of Money: How Mobile Payments Could Change Financial Services” North America can actually learn a lot about implementing mobile payments from the developing world where it has been more successful
IBM believes there are 5 keys to success: Making mobile payments essential Partnerships
Creating interoperability Being scalable
Embracing regulation
Mobile payments in the United States are expected to generate $215 billion by the year 2015
Although highly fragmented across different methods and different companies the biggest players currently are Google Wallet through a partnership with
MasterCard and IsIs, a mobile payment platform being pushed by the major US telecoms
As North America has a stable financial system and strong regulations the main challenge to the progress will be trust in security, as there is no necessity for mobile payments
Google Wallet is a free digital wallet that securely stores credit cards, debit cards, offers and more
Google partnered with many companies including: Citi, MasterCard, FirstData and Sprint to gain control of the customer’s digital wallet Using Google Wallet allows for contactless payments at the POS
ISIS
IsIs is a mobile commerce venture Created by AT&T Mobility, T-Mobile USA and Verizon Wireless that is partnered with American Express, Chase and Wells Fargo
IsIs is a competing digital wallet to Google Wallet working on a similar business model and implementation
PayPal
Is the largest North American intermediary for P2P payments
Building on this strong background in financial payments PayPal has decided to enter the mobile payment market with “PayPal Here” Furthermore PayPal is beginning to partner with companies to take advantage of even more consumer transactions
12
Mobile Payments in Foreign Markets
Developing Market Value Prop & Provider Challenges
Alipay – China’s PayPal
M-PESA Overview
M-PESA allows consumers in Kenya to send money to one another (P2P) through text (SMS). No charge on depositing but leveled charges on sending and withdrawing e-cash
M-PESA customers have to identify themselves with an original identification document to open an account
Three step factor identification to complete a transaction (SIM card, your ID, PIN number)
Cash merchants are super users, who resell their own working capital balance, with no more access to the platform than other customers except they have higher transaction limits
After three years, over 70% of households in Kenya use M-PESA which accounts for 31% of the Kenyan GDP
Alipay operates as a third-party payments platform and is a business segment of China’s Alibaba, an online commerce site similar to Amazon and eBay
Processed $150 billion in mobile transactions in 2013. PayPal’s mobile transaction volume was just $27 billion in 2013
Payment volume greater than both PayPal and Square combined
Overtook PayPal in terms of mobile users which is now over 100 million
Alipay mobile wallet users made over 100 million transactions on their phones, accounting for 52% of total online payment deals. Recently waived newly introduced commissions for transactions
Value Proposition User Benefit Provider Challenges
Fast Instantly transfer money long distances
Pay bills without waiting in line at cash centers
Offer an optimized process for end user to complete transactions Ensure appropriate agent density to quickly serve customer cash in/out
requests
Guarantee network robustness for high volumes of traffic
Inexpensive Remit money without the cost of existing formal
payment networks and informal methods
Conduct e-payments without costly debit/credit cards
Price services for the mass market while creating financial viability
Safe Hold value that is safer than carrying cash Provide a secure network that does not have prohibitive end user device
requirements
Ensure security of mobile wallet in the event of theft Mitigate the risk of robbery of cash agents
Accessible Receive mobile money in remote areas and be able to
cash out
Know that e-value held is liquid
Create far reaching distribution networks
Design agent incentives that promote sales while ensuring profitability Manage cash and e-value float
