Smart Card Talk

November 2007 • Volume 12 Number 11

Feature of the Month

Business Case Challenges for Implementing Proximity Mobile Payments

Mobile payments implementations are still in their infancy, with business models still being defined and tested through numerous pilots in the market. The business case for proximity mobile payments is complicated. There are, of course, the typical concerns about the rate at which both consumers and merchants will adopt a new payment type. However, the fundamental barrier to widespread adoption of proximity mobile payments is the requirement that multiple players cooperate. Many of these players claim both a relationship with the customer and a share of transaction revenue. Any new business model this complex faces considerable challenges.

During the next several years, thousands more merchants in the United States are expected to be able to accept contactless payments. However, certain critical requirements must be met by all stakeholders before high volumes of consumers can actually start using mobile phones for payment at a physical POS.

Stakeholders

There are a wide variety of stakeholders in a proximity mobile payments system. Depending on the implementation scenario, stakeholders will change and additional stakeholders with varying degrees of involvement may also be involved.

Stakeholders may include:

Consumers, who use the contactless mobile payment devices
Issuers, who issue mobile payment capabilities and support easy management of proximity mobile payments
Merchants, who accept contactless payments
Acquirers, who support merchant acceptance of contactless payments
Mobile operators, who ensure a supply of mobile phones with NFC technology and support payment services on their networks
Payment networks, who set standards and promote acceptance by all parties throughout the network
Chip and handset manufacturers, who support branded financial applications
SIM/payment software developers, who support branded financial applications
Trusted service manager, including OTA personalization bureaus who provision the payment application to the memory of the phone
Issuing and acquiring payment processors, who process payments acting on behalf of acquiring and issuing banks and who are involved in almost every case
Proprietary payment application providers, who offer payment applications for specific services (for example, transit agencies' fare payment systems).
Specialty application provider, who can add additional value to proximity mobile payments (e.g., PayPal enabling person-to-person payments)

Definition of a Business Model

A variety of questions must be answered to define a business model:

How do stakeholders share the customer? This is an essential question for issuing banks and mobile operators, both of whom have relationships with the same customers today.
Is the business model bank- or mobile-operator-centric? Some connected with the financial services industry suggest that only a bank-centric model makes sense. But in alternative models, purchases appear on a consumer’s telephone bill; however, with NFC-enabled proximity mobile payments, these alternative models would still require that the mobile operator work with the current financial payment acquiring infrastructure.
How can ubiquitous consumer choice work? Early pilots involved a single mobile operator and a single bank card. In the future, consumers will demand choices of payment providers, handsets, and mobile operators. A bank- or mobile-operator-centric model would appear to limit consumer choice, while models that rely on the payment networks setting security and interoperability standards will enable choice.
Who runs the operation? To answer this question, stakeholders must decide who loads the application on the chip and handles personalization, and who selects and manages the applications on the chip.
What are possible revenue models for banks and mobile operators? Both banks and mobile operators need to see revenue benefits from deploying proximity mobile payments. The debate over the revenue model is a source of discussion and negotiation among stakeholders. Two example models are the “pay-as-you-go” model and the so-called “landlord-tenant” model. It is useful to consider real-world analogies to determine an appropriate model. In a pay-as-you-go model, the bank would pay for personalization and provisioning, just as it currently does when it issues plastic cards. A landlord-tenant model, analogous to a bank branch with secure vault, might require banks to pay an annual fee for reserving space on an NFC chip.
How are risks and other liabilities accounted for? Banks have traditionally served in the role as “trusted agent” in delivering financial services. Mobile devices offer to banks yet another channel to deliver such services to consumers. It would appear likely then that banks will continue to take on the financial liabilities associated with the services they offer via mobile phones (i.e., credit risk for contactless credit or debit payments made with an NFC-enabled phone) and will be able to charge for such services accordingly. However, banks rely on secure back-end processes and trusted service providers to deliver their services. Mobile operators and other services providers in the mobile ecosystem must be able to certify and, to a certain extent, “guarantee” secured services that protect the privacy of consumers and their financial information. Operators and service providers may need to be able to take on any "pass through" risks and liabilities related to the services they provide so that banks are able to fulfill their "trusted agent" promise to consumers.

As with many emerging technologies and businesses, it will take time for all stakeholders to discuss and agree on a business model. Mobile payments trials and pilots are currently providing real-world input to stakeholders to answer the key business model questions.

Application Control

One issue critical to developing a business model is the issue of who controls the proximity mobile payment application on the handset chip. A leather wallet may be a useful metaphor for addressing this issue. Consumers fill their wallets with whatever cards they want to carry. No one buys a separate wallet for each different card.

Mobile operators take the position that they own the applications that reside on the phone, and therefore want to control what applications can be loaded into the wallet. Mobile operators might then control how the wallet functions and what applications can be loaded onto phones and marketed to customers.

However, banks and payment associations must certify the security of the wallet software, and therefore they would prefer to control the wallet itself. Financial institutions fear that the presence of an electronic wallet gives mobile operators a chance to insert themselves between banks and their customers. Continuing the leather wallet analogy, when consumers open their wallets, they choose which payment device to use based upon the merits of the products they carry and the nature of the relationship that they have with the financial institution. By allowing another entity to control the wallet, the products may no longer compete on a level playing field. For example, a bank could pay a mobile operator more to give that bank’s card prominence in the wallet when the consumer would prefer to dictate the ranking and placement of accounts.

In addition, banks may shy away from integrated SIM chips, due to concerns about security and visibility of applications. Combining applications will make it easier for mobile operators but harder for banks.

Technology Selection

Another consideration in defining a business model is the question of selecting from among competing (and confusing) standards for proximity mobile payment systems. Rapid developments and pilots wrapped in non-disclosures thwart efforts to understand what is available. For example, for OTA secure personalization, standards are proposed by the NFC Forum, the International Standards Organization, the Mobile Payments Forum, MasterCard (a variation of ISO/IEC 14443), and EMVCo.

Another question is what standards apply to the secure element (in which the payment application is stored) or the SIM. The 29 members of GSMA have agreed to the SIM single-wire protocol (SWP), leaving the question open for CDMA-based mobile operators such as Sprint and Verizon.

Until these questions are resolved, banks and mobile operators will continue to struggle with the challenge of how to get started.

Value Proposition

No new payment type can succeed without a compelling reason for issuers, merchants, and consumers to change. The devices and the personalization process must meet the requirements of speed, convenience, and security.

Stakeholder Dependencies

Consumer acceptance is key to the success of proximity mobile payment at the physical POS. Both pilot studies and successful programs running in Asia have shown that consumers like using their mobile phones as a payment device. The success of proximity mobile payment depends on the mechanism being easy to acquire, use, and manage.

Card issuers will need to implement the infrastructure required to issue mobile payment cards securely. Consumers must be able to add payment functionality to their mobile phones and move that functionality easily. Most pilots involved only one card issuer per pilot; card issuers and mobile operators must support and provide the management tools required for one consumer to have multiple payment cards and perform transactions from multiple mobile phones. Mobile phones are becoming fashion accessories, with relatively short useful lives. Consumers are likely to want to carry multiple credit, debit, and prepaid cards in all of their mobile phones and replace them often.

Bank Dependencies

In order to drive adoption, financial institutions should attempt to make proximity mobile payment as easy to use as a standard debit/credit card, if not easier. To gain broad consumer acceptance, the process of issuing proximity mobile payment devices must be easy and straightforward.

When consumers change mobile phones or travel to locations that are not supported by their current mobile operator, they should be able to transfer their financial data, payment card information, and corresponding transaction data easily to a new phone without financial institution or mobile operator intervention.

Merchant Dependencies

Proximity mobile payment faces a chicken-and-egg problem. For such payments to be adopted, consumers not only need mobile phones that support such payments, they also need to be able to make payments at a wide variety of merchants. But merchants must see sufficient consumer demand to justify investing in new POS equipment that supports contactless payment.

A growing number of major retailers are introducing contactless payment programs and installing POS terminals that support American Express ExpressPay™, Discover® Network ZipSM, MasterCard® PayPass™, and Visa payWave™. Some retailers are rolling out contactless payment with one particular contactless payment program. However, by installing the new contactless POS terminals that support all of the contactless programs, merchants can add other programs in the future.

Merchants who are currently replacing their POS systems should evaluate their need for contactless payment capability. Most of the POS system vendors now offer contactless payment acceptance capability as an option. Merchants who want to upgrade their current POS systems to start accepting contactless payments can do so by adding intelligent contactless readers.¹ By investing in a POS infrastructure that supports contactless payment today, merchants can prepare to accept proximity mobile payments in the future.

Mobile Handset Manufacturer and Operator Dependencies

For proximity mobile payment to be widely accepted, a sufficient supply of mobile phones must be available that support payment. In addition, low-cost models must be available to consumers. NFC-enabled phones are now starting to be introduced by major handset manufacturers, including recent announcements from Nokia, Motorola, Samsung, Kyocera, Sagem, and LG.

Financial institutions rolling out contactless programs have already selected standard ISO/IEC 14443-based technology for contactless payments. American Express ExpressPay™, Discover® Network ZipSM, MasterCard® PayPass™, and Visa payWave™ products allow the same interface to be used between mobile phones and contactless POS systems, allowing proximity mobile payments to leverage the thousands of contactless readers being deployed at merchant locations.

However, for mobile phones to support branded financial applications, additional specifications are required that address the following questions:

How will contactless payment card information be securely loaded into mobile phones?
What is the most viable secure personalization process?

For example, several organizations have proposed their own solutions as trusted third-party personalization bureaus for OTA personalization. However, both the financial institutions and mobile operators have requirements for personalization. In addition, issuers and mobile operators must decide how to manage the static or dynamic security keys associated with their applications to protect the financial payment data.
How can the issuance and payment processes be made simple for consumers?

For example, when payment applications are integrated with other mobile phone features, mobile phone manufacturers must provide an easy way to launch the payment application from the phone’s top screen menu. Proximity mobile payments must be easy to use to gain full consumer acceptance; having to press numerous buttons is an inhibiting factor.
How can proximity mobile payment transactions use existing mobile operator text messaging capabilities to eliminate paper receipts?
How can the issuance and activation process be designed to minimize the impact on handset inventory requirements for mobile operators?

Summary

There are many open questions about how proximity mobile payments will be implemented in the U.S., with pilots testing various business relationships and technical solutions. While these challenges should not be minimized, the combination of contactless financial payments and NFC technology offers opportunities for convergence. In North America, the current convergence of contactless payment adoption by consumers and merchants, financial industry promotion and support for a standards-based approach to contactless payments using traditional credit and debit cards, and new NFC-enabled mobile devices that are compatible with financial payment standards is driving increased interest in mobile payments and pilot implementations. This convergence provides opportunities for the mobile and financial industries to overcome the challenges to deploying mobile payment at the physical POS and to make mobile payment a reality that delivers compelling benefits to consumers and business stakeholders alike.

¹Smart Card Alliance, "Contactless Payments: Delivering Merchant and Consumer Benefits,” report, April 2004

About this Article

This article is an extract from the new white paper, Proximity Mobile Payments: Leveraging NFC and the Contactless Financial Payments Infrastructure, developed by the Smart Card Alliance Contactless Payments Council. The full white paper describes what is necessary to implement and deploy proximity mobile payment systems, discusses the relevant technical and business issues from the perspective of the various stakeholders (e.g., mobile operators, the financial industry, end-users, providers and vendors), and outlines the potential opportunities and barriers that may impact its market adoption. It is available from the Smart Card Alliance web site, at no charge.

About the Smart Card Alliance Contactless Payments Council

The Contactless Payments Council is one of several Smart Card Alliance technology and industry councils. The Contactless Payments Council was formed to focus on facilitating the adoption of contactless payments in the U.S. through education programs for consumers, merchants and issuers. The group is bringing together financial payments industry leaders, merchants and suppliers. The Council’s primary goal is to inform and educate the market about the value of contactless payment and work to address misconceptions about the capabilities and security of contactless technology. Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects.