CSE-302 Mobile Payment
Dr. R. B. Patel
What is Driving Mobile Payment?
• Maximization of revenue from wireless
• The handset as personal trusted device
• Encouraging adoption of next
generation mobile devices
What is payment?
• A payment is the transfer of wealth from
one party (such as a person or company)
• A payment is usually made in exchange
for the provision of goods, services, or
both, or to fulfill a legal obligation.
• The simplest and oldest form of payment
is barter, the exchange of one good or
service for another.
• In modern age a payment system is a set of
procedures and associated computer networks
used to settle financial transactions in bond
markets, currency markets, and futures,
derivatives and options markets, and to transfer
funds between financial institutions.
• Due to the backing of modern fiat currencies
with government bonds, payment systems are a
core part of modern currency systems
• Barter is a type of trade in which goods or
services are directly exchanged for other goods
and/or services, without the use of money.
• It can be bilateral or multilateral, and usually
exists parallel to monetary systems in most
developed countries, though to a very limited
• Barter usually replaces money as the method of
exchange in times of monetary crisis, when the
currency is unstable and devalued by
• In the modern world, common means of payment by an
individual includes money, check, debit, credit, or bank
transfer, and in trade such payments are frequently
preceded by an invoice or result in a receipt.
• However, there are no arbitrary limits on the form a
payment can take and thus in complex transactions
between businesses, payments may take the form of
stock or other more complicated arrangements.
• In law, the payer is the party making a payment while
the payee is the party receiving the payment.
What is micropayment?
• Micropayments are means for transferring very small
amounts of money, in situations where collecting such
small amounts of money with the usual payment
systems is impractical, or very expensive, in terms of
the amount of money being collected.
• Micropayment originally meant 1/1000th of a US dollar,
meaning a payment system that could efficiently handle
payments at least as small as a tenth of a cent, or few
paisa to rupees.
• but now is often defined to mean payments too small to
be affordably processed by credit card or other electronic
transaction processing mechanism.
• The use of micropayments may be called Micro-
• A micropayment is an online transaction of
a small denominations e.g. $2, £3.50, or
€4, and can be used for digital content
purchase such as music, news or
• A micropayment can also be used to
charge for digital services such as P2P
applications and access to website
• A micropayment system is an online payment
systems which supports charging relatively small
amounts for online content or services.
• Here the speed and cost of processing
payments are critical factors in assessing a
• Fast user response is essential if the user is to
be encouraged to make a large number of
• Processing and storage requirements placed on
micropayment providers and vendors must be
economic for low value transactions.
What is a macropayment system?
• A macropayment is an online transaction
of higher denominations e.g. €10.
• Macropayments play a key role in the
billing of tangible goods but are also
commonly used for digital content and
services e.g. subscriptions, software,
games and more.
• A macropayment system is an online
payment system specialized on the
processing of higher amounts in
comparisn to micropayment.
• Apart from speed and costs a high degree
of protection is essential such as scoring
and creditworthiness checks, risk
management and fraud protection.
Evolution of Online Payments
• Mobile payments can be split into three categories- mobile content,
out-of-band and proximity.
• Because of their expertise in the area of billing, network operators
are suited to deliver - payment services for mobile content.
• This type of payment is sometimes referred to as in-band where the
content and the payment channel are the same.
• An example is a chargeable WAP service over GPRS. Users will
either be offered subscription or per usage payment models.
• For per-usage users, the nature of the technology and services
means that transactions will be small, so operators need to
implement low-friction micropayment.
• Applications that could be covered by in-band transactions included
video streaming of sports highlights or video messaging.
• Out of band refers to the fact that the payment channel is
separate to that used for a shopping phase.
• For example, a credit card holder may use their mobile device
to authenticate and pay for a service they consume on the
fixed line Internet or interactive TV.
• In order to make the wireless device suitable for
authenticating payments, financial institutions are especially
interested in wireless PKI, shared secret (or symmetrical key)
schemes, or best of all merging with their chip card programs
via dual slot or dual chip devices.
• Public Key Infrastructure (PKI) enables the implementation of
legally binding virtual transactions using digital signatures
critical to stem the losses suffered by financial institutions
through payment repudiation and other fraud.
• A promising payment application for mobile
commerce is proximity transactions using the
device to pay at a point of sale, vending
machine, ticket machine, tolls, parking, etc.
• By leveraging parallel technologies, such as
Bluetooth and 802.11, mobile devices can be
transformed into sophisticated payment devices
that can process both micro and macro
• Pilots are already under way in Japan and
Scandinavia using technologies such as SMS,
infrared and contact fewer chips (RFID).
Evolution of mobile payments
Mobile payment types
Payment Mobile Content Out of band Proximity
Example Anne is on holiday, An SMS notifies Anne that U2 Back at home , Anne is at
and uses her concert tickets have just gone her photo and imagine
Nokia 7650 to on sale. From an Internet café shop; she transfers her
take a photo, she browses to the ticket holiday photos from her
adds audio vendor site, books her tickets digital camera to the
comment, and and pays with her Visa card. store computer over as
sends it via MMS The payment authentication Bluetooth link; the
to Robert. She is request payment request is sent
charged $1 to Appears on her mobile phone via to telephone, also over
her prepay SMS, and she authenticates Bluetooth, where she
account using a personal PIN, digitally accepts it, and her
signing the order. A receipt is credit card information
sent to her phone. is returned to the store
point of sale device.
Technology EMS, MMS SMS, SIM Toolkit application, WAP Bluetooth 802.11b, IrDA
Enablers 2.5G (Eg. GPRS) 3G Push, WPKI, Dual slot, Dual
Payment Meditation system Wallet server with SMS and Payment Java applet on
Features integrated with wireless PKI support, Acquiring mobile phone and point
real time stored gateway of sale device.
Phases of Mobile Payment Transaction
Secure Electronic Transaction (SET)
• Secure Electronic Transaction (SET) is a system for
ensuring the security of financial transactions on the
• It was supported initially by Mastercard, Visa, Microsoft,
Netscape, and others.
• With SET, a user is given an electronic wallet (digital
certificate) and a transaction is conducted and verified
using a combination of digital certificates and digital
signatures among the purchaser, a merchant, and the
purchaser's bank in a way that ensures privacy and
• SET makes use of Netscape's Secure Sockets Layer
(SSL), Microsoft's Secure Transaction Technology (STT),
and Terisa System's Secure Hypertext Transfer Protocol
• SET uses some but not all aspects of a public key 19
• To meet the business requirements, SET
incorporates the following features:
• Confidentiality of information
• Integrity of data
• Cardholder account authentication
• Merchant authentication
A SET system includes the following
– Payment gateway
– Certification authority
1. The customer obtains a credit card account with a bank
that supports electronic payment and SET
2. The customer receives an X.509v3 digital certificate
signed by the bank.
3. Merchants have their own certificates
4. The customer places an order
5. The merchant sends a copy of its certificate so that the
customer can verify that it's a valid store
6. The order and payment are sent
7. The merchant requests payment authorization
8. The merchant confirms the order
9. The merchant ships the goods or provides the service to
10. The merchant requests payment
Mobile Payments: Trends in Enabling
• A number of mobile payment models
have been proposed, piloted and
• They use a range of technologies
including SMS, WAP, SIM application
toolkit (SAT), USSD, IVR, dual slot
phones, dual SIM phones, Bluetooth,
Infrared, bar code readers and contactless
Mobile operator payment systems
• A Server Wallet: This is an encrypted store of
users, personal data- payment data, addresses,
personal preferences, receipts.
• An Acquiring Gateway: This system, used as
an electronic point of sale (ePOS), is capable
of routing or switching payment transactions
for multiple merchants and currencies to
different backend systems. For example, the
same system might process a prepay top-up
request for a Visa card and a purchase with a
debit card. This module also provides online
merchant/content provider reporting and
• Prepay Top-Up System: This allows top up
requests originating from multiple sources .
Terminals over PSTN or X.25, IVR systems,
Web and WAP, ATM to be processed, and
routed to multiple prepay systems for on-line
top-up of voice or other stored value. It can
also handle off-line top-up by storing and
managing top-up codes, which is more cost
effective than using scratch cards.
A Prepay (stored value) System:
• This system manages the user’s accounts, maintaining
their balance, and providing features such as parent
and child accounts.
• Transactions may debit the system in real-time, or an
external application may draw funds and refund any
• This module also facilitates managing loyalty
programs and private label on us, telco cards, and
some operators may even issue their own plastic
• A Merchant Accounting System: This is
used to maintain merchant accounts, calculate
commissions and generate settlements for the
merchants, such as writing checks or
performing EFT file transfers.
Internet and Content
Operator Data Provider
Operator Payment System
Merchant Stored Prepay Wallet
A/C Value Top-up Server
Financial Institution Payment Systems in
• Wallet Server - In the past, banks deployed wallets to
their customers in an effort to maintain a relationship
with their customers in an on-line environment.
• Most wallets were stored on the users desktop and were
difficult to install and use.
• The wallet server plays a similar role as in the operator
environment-as a secure repository of personal data.
Financial institutions choose various models for
authenticating payments- such as via SMS and SIM
toolkit applications, WPKI, single use passwords, pseudo
numbers, Visa 3-D Secure and MasterCard SPA.
Risk Management Modules:
• For avoiding fraud- authentication of cardholders (by
User ID and password/PIN, chip cards and digital
• The use of pseudo numbers in place of real card
numbers, and the implementation of protocols
devised by Visa (3-D Secure, or
• Verified by Visa) and MasterCard SPA. These
security mechanisms are normally implemented as
part of a wallet server type platform
This is an essential system for an acquiring
bank, allowing payment transactions to be
routed to multiple backend interfaces.
Payment transactions based on credit cards,
debit cards, corporate purchase cards and
loyalty cards are routed onto private financial
networks through a payment gateway.
The types of transactions include topping up a
voice or other stored value system, paying for a
transaction, subscription or settling a bill.
Card Management System
Essential for a payment card issuer, this
system handles the cardholder accounts,
manages the account creation process,
interfaces to card embossing systems,
real-time authorizations, and settlements.
For risk control using pseudo numbers and
MasterCard SPA, the Card Management
System is linked with the Wallet Server.
• Merchant Accounting System-
Acquiring banks use merchant account
systems to manage their merchant base,
including commission calculation and
• Dispute Resolution System- A critical
component for both issuers and acquirers,
this automates the management of
disputed payment transactions and is
applied to both issuing and acquiring
Internet and Operator
Data Service Network
Bank payment System
Risk Management Control e.g.
Pseudo Numbers, MasterCard 3D Pseudo M/C
SPA, Visa 3D Secure Secure Numbers SPA
Open and Closed Systems
• The question of open and closed systems often arises in mobile
• An open payment system is one in which the payment instrument
can be issued by one or more. Issuers-and can be acquired by one
or more Acquirers.
• Typically an Interchange Association exists to set the rules and
administer an interchange network-for example, Visa or MasterCard
in the case of payment cards, or NACHA in the case of US direct
• In a closed payment system, the payment issuing and
acquiring are performed by the same entity. American
Express, Diners Club and Discover Card are examples of
Trintech Payment Systems-PayWare
Internet and Operator
Data Service Network
Trintech Payment System
PayWare PayWare Prepay eAcquire
3D Secure Pseudo M/C
Point of Sale (POS) Payment
POS provides the following to Strategic Partners:
• A turn-key solution.
• Assistance with the bankcard Association of co-branding application and
subsequent card order.
• Assistance with applying for a PIN for the new card if applicable.
• Card and account management for all POS VISA debit cards issued by the
Bank. Settlement services.
• Transaction processing, including-
– Loading Visa Electronic Card accounts.
– Account maintenance.
– Visa Electronic Card authorization.
– Customer Support.
– Second level customer support – using IVR, call center and Web based
– Continued product and service innovation.
– The ability to leverage the POS brand as we continue to expand in the
global prepaid marketplace.