Mobile payments - reloaded

Document Sample
Mobile payments - reloaded Powered By Docstoc
					  services new regulation opens doors

  Mobile payments – reloaded
  After much hype in the late s, mobile payments again stand out as one of the most interesting
  options for enabling a new breed of non-voice mobile services. This is especially true in Europe,
  owing to a regulatory breakthrough that is liberalizing the payments sector and encouraging new
  players – namely, telecom operators – to enter this new area.

  ▶ MOBILE PAYMENTS have been hyped since                               enabled through mobile phones. Another                        cases worldwide. Felica Mobile in Japan is
  the late s, but only Japan and a few                              way to describe the service is “peer-to-peer                  probably the best-known case. Two
  other countries have successfully launched                            (PP) payments.” Based on this definition,                     important reasons for its success – not
  this service. Many attempts by operators,                             it is possible to imagine an m-payment                        easy to replicate elsewhere – are the pre-
  especially in Europe, have failed because of                          transaction as a basic service that enables                   sence of a pre-existing, pervasive contact-
  regulatory barriers; lack of interoperability                         more complex value-added services such                        less infrastructure (Felica readers/writers,
  with banks and other operators; service                               as m-commerce, m-banking, or mobile                           used by contactless cards, for example, at
  complexity and bad user experience, in                                remittance. The obvious analogy is with                       railway gates), and the possibility for ope-
  turn generating weak interest from consu-                             sms, which as a basic service allows text                     rators to define handset specifications.
  mers.                                                                 messaging but can also enable premium                            Felica apart, many m-payment cases can
    In the last two years, however, m-pay-                              services such as ringtones.                                   be defined as first-generation m-payments,
  ments have become a hot topic again, as                                  The idea of mobile payment dates back                      based on legacy service request and
  gsma initiatives show. To understand why                              to the early days of global mobile commu-                     authentication methods such as interactive
  mobile payments are again resurfacing, let                            nications, when it became clear that a                        voice response (ivr) callback or sms.
  us review the status of worldwide deploy-                             mobile handset – being a personal yet net-                       PayPal has been an innovator in the pay-
  ment, and then focus on new options                                   worked device – could be the ideal way to                     ments area during the last decade, choos-
  available to operators.                                               authenticate end users and generate mone-                     ing to be as operator-independent as pos-
    There is no accepted definition of mobile                            tary transactions. This is exactly what hap-                  sible in order to facilitate a global
  payments across the telcom or banking                                 pens in real-time, prepaid charging sys-                      approach.
  industry, or even among analysts. In the                              tems. But regulatory constraints have                            Europe has seen several other attempts
  following, the term “mobile payments” or                              almost everywhere left a rigid separation                     to launch mobile payment services. Most
  “m-payments” will mean a basic service                                between “(prepaid) phone credit” and elec-                    of them failed because of immature regula-
  involving an electronic money transaction                             tronic money.                                                 tion and high protective barriers, the clo-
  between two peers (human or machine),                                    Table  shows relevant m-payments                          sed approach pursued by some operators,

    [TABLE 1]
    M-payment cases worldwide

       Service           Country          Year of         Type        Invoved                       Key supported                  Service request         Results
       Name                               Launch                      MNO(s)                        use cases                      method

       Felicia           Japan            2004            proximity   NTT Docomo,                   Contactless payments,          physical interaction    50% enabled
        mobile                                                        KDDI, Softbank                transport ticketing, m-        (proximity)             handsets (end 07)
                                                                                                    commerce, acces, etc.
       M-Pesa            Kenia            feb-07          remote      Safaricom                     DMT, IMT                       SMS, IVR                14% penetration (Q1 -08),
                                                                      (Vodafone)                                                                           generating ar. 50% of non-
                                                                                                                                                           voice ARPU end -08
       G-Cash            Philippines      2004            remote      Globe                         DMT, IMT                       SMS, IVR                1.5Mil subs

       PayPal            US, UK,          2006            remote      MNO-                          client-merchant,               IVR call-back           57.3 Mil adaptive Paypal
       Mobile            (EU)                                         independent                   m-commerce, charity            (initiated via SMS,     accounts, end -07
                                                                                                                                   IVR or POS), WAP
       Paybox            Austria          2003            remote      Mobilkom, ONE, (T-mobile      Client-merchant, transports,   IVR call-back ,         4 Mil subscriberbs (end-08)
                                                                      and tele. ring from end-08)   parking, vending machines      IVR or POS)             1 Mil active users (end -07)

       MobilPay          Spain            2002            remote      Telefonica,                   m-commerce,                    SMS, IVR                N/A
                                                                      Vodafone, Orange              client-merchant

       PayForit          UK               2006            remote      Vodafone, Orange,             m-commerce: mobile and web     WAP                     N/A
                                                                      O2, T-Mobile, H3G             check-out for micro-
                                                                                                    payments (<10£)
       Poste             Italy            nov-07          remote      PosteMobile (MVNO)            PA payments                    SIM based               200k subscribers (mid-08)
       Mobile                                                                                       (taxes bulletines),
                                                                                                    DMT m-banking etc.
      Sourrce: Ericsson based on Ovum, Juniper, Pyramid                                                                                                            SVENSKA GRAFIKBYRÅN

54 • EBR #3 2008
                                                                                           new regulation opens doors services

and being too cumbersome to use.
                                                 [FIGURE 1]
SimPay’s attempt to build an ecosystem           Remote payments partnership models
resulted in a major failure that caused the
consortium to collapse in , spreading
skepticism about the whole area.                    Scenario 1         Scenario 2       Scenario 3              Scenario 4                    Scenario 5
                                                     Operator »       Operator driven    3rd party              Bank-driven                       Bank »
  However, something survived from these          E-money institute     partnership        driven               partnership                       MVNO
early attempts:
▶ The PayBox model in Austria (recently
  being promoted also in Germany) is
  showing good results, as a consequence              TELCO CENTRIC
                                                      TELCO CENTRIC                                                BANK CENTRIC
                                                                                                                 BANK CENTRIC
  of clear vision, ability to execute, and a
  cooperative operator-approach led by
  Mobilkom Austria.                                                                                                            Poste

▶ PosteMobile in Italy is an interesting,
  early example of second-generation
  remote payments, coupling payments
  with a mobile digital signature              becoming increasingly popular in other            a business that only banks and established
  infrastructure able to support new,          developing countries.                             financial institutions are allowed to con-
  advanced mobile services.                                                                      duct. This approach limited operators wil-
                                               N EW PARTNERING OPPORTUNITIES                     ling to enter the business, and in many
PROXIMITY AND REMOTE PAYMENTS                  One of the key issues with m-payments has         countries the only monetary transactions
M-payments can be broadly categorized          always been the hybrid nature of “mobile”         that can be handled by mobile operators
into two classes: proximity payments and       and “payments” service. That is, m-pay-           are those related to prepaid top-up, and
remote payments.                               ments are a family of financial services that      the sale of digital content such as ringtones
   Proximity payments require the payer        in principle could be provided by a mobile        or music.
and payee to be a short distance apart. The    operator, a bank/financial institution, or a          The situation continues to change,
most common and promising form is con-         combination of them in partnership.               however. Since the late s the European
tactless payment, in which the mobile             Figure  summarizes the possible part-         Commission and the European Central
handset communicates with a reader/wri-        nership models between mobile network             Bank (ecb) have envisioned the need to
ter (for example, a Point of Sale, pos) or     operators and banks.                              progressively deregulate and open the pay-
with another handset with similar capabili-       Scenario  is at one extreme: An opera-        ments market. Two important reasons for
ties, through a short-range radio interface,   tor acquires a financial license (in Europe,       this change are the “war on cash” concept;
usually at a distance under .m. Felica in    a license such as E-Money Institute [emi]         the political will to sharply decrease cash
Japan is the most prominent example of         would be required) in order to provide            transactions in favor of electronic transac-
contactless payment service.                   m-payment services on its own. Scena-             tions and the will to encourage competi-
   In the area of contactless applications     rio  is at the other extreme: A bank acqui-      tion in a payments market dominated by
(including payments, but also other servi-     res an operator license, or most likely           banks and financial institutions.
ces such as access control, identification,     becomes a Mobile Virtual Network Opera-              The first sign of deregulation has been
and ticketing), mobile-nfc (near-field          tor (mvno), in order to autonomously pro-         eu regulation on electronic money, (eu
communication) is the forthcoming stan-        vide the service.                                 directive //ce ), which now allows
dard being promoted by the global trade           The scenarios in between include differ-        nonbank entities called E-Money Institutes
association (gsma), plus standardization       ent degrees of partnership between one            (emi) to be licensed as e-money issuers,
bodies, bank associations, card companies,     operator or more, one bank or more, and           able to perform a wide range of financial
and handset makers.                            eventually (Scenario ) a third party such        operations for their customers.
   Remote payments are a mobile service        as a service broker, decoupling operators            The second step – and a bold one –
through which monetary transactions are        from banks and effectively allowing for            toward the sector’s liberalization has been
performed remotely, typically via interac-     multi-operator, multi-bank interaction.           the adoption of the Payment Services
tive voice response or sms. Because               The third scenario allows maximum              Directive (psd), at the end of  (eu
remote payments do not require a new           interoperability between players,¹ while          directive //ce). The psd constitutes
infrastructure (unlike contactless pay-        being the most complex in terms of trans-         the legal infrastructure for the Single Euro
ments) and enable payment transactions         action handling, service provisioning, acti-      Payments Area (sepa) process, and defines
regardless of distance, this service is gro-   vation, assurance, and – above all – secu-        a new legal entity that will be allowed to
wing in developing countries as the best or    rity management, because three parties are        offer payment services: the Payments Insti-
only way of performing domestic or even        involved in each process.                         tute, or pi. New players will not be
international money transfer, in areas                                                           requested to set up ad hoc legal entities as
where there is little – if any – bank          BARRIERS LIFTED
infrastructure.                                Unfavorable regulation has always been a
   The two most interesting remote-pay-        barrier for operators wanting to enter the       . A possible alternative to a Trusted Third Party (TTP), in order to gua-
                                                                                                rantee interoperability, would be to leverage peering agreements such as
ment success stories so far are G-Cash,        payments market. In many countries, pay-         roaming agreements. However, while in the telco world the peering
commercialized in the Philippines by ope-      ments have been considered a financial            model works due to limited number of potential peers, realizing an
rator Globe, and M-Pesa in Kenya (pro-         service with a level of risk requiring heavy-    interoperable ecosystem encompassing both operators and banks based
moted by Safaricom), with the service          handed prudential regulations – basically,       on peering agreements would be difficult, owing.

                                                                                                                                                         EBR #3 2008 • 55
  services new regulation opens doors

  pis but will be allowed to become licensed      mobile service. A payment transaction              infrastructure. Thus, having one logical
  pis themselves.                                 should request only basic information,             platform that supports both payments
    The psd is being implemented by natio-        such as destination, amount, and a security        and mobile digital signature seems the
  nal authorities across the Eurozone, and        pin number. Making payment transactions            right combination.
  will become effective by November ,             should be as similar as possible to sending      ▶ Interoperability through a Payments
  .                                           an sms.                                            Broker. Interoperability and openness
    The entry barriers to becoming a pi are          Because mobile transactions are a target        are crucial for long-term market deve-
  expected to be relatively low. Conversely,      for frauds and malicious applications, the         lopment. In order to achieve them easily
  once the new regulation is in place, pis will   proposed payments platform should offer             and effectively, it is suggested to select a
  be allowed a rich range of operations, such     high security protection for transactions,         broker-centric approach (see Scenario 
  as:                                             including the capability of ensuring               in Figure ). In this scenario, a Payments
  ▶ Performing direct debit and money             authentication, confidentiality, integrity,         Broker acting as Trusted Third Party
    transfers.                                    and nonrepudiation of transactions. As an          (ttp) ensures open connectivity and
  ▶ Retaining and operateing payments             example, standard Wireless Public Key              interoperability among all involved par-
    accounts.                                     Infrastructure (wpki) technology can be            ties.
  ▶ Issuing debit cards, when associated          used.                                            ▶ Payments Broker as Payments Institu-
    with the payment account.                        From a merchant perspective, transac-           tion for quick time-to-market. This is
  ▶ Provide credit and implementing revolv-       tion fees should be comparable to the cost         probably the key choice of business
    ing reimbursement schemes (limited to         of other electronic transactions performed         model, and the most critical one. Defi-
     months when operational at eu level        with traditional methods such as payment           ning the Payments Broker as a pi would
    and strictly related to payments).            cards. Fees for micropayments are expec-           allow the Payments Broker to quickly
  ▶ Operateing a payment system (e.g. a           ted to decrease from the current .–             offer a broad range of services without
    financial clearinghouse).                      percent to –. percent. Mobile operators         having to implement complex agree-
                                                  can be expected to have an advantage of            ments between operators and banks; for
     In order to operate in an effective way, it   scale over traditional players in their real-      example, on the revenue-sharing level
  is likely that Payment Institutes will access   time charging systems.                             for each transaction. This choice would
  relevant banking infrastructures, such as                                                          simplify the value chain and improve
  inter-bank networks and circuits.               A MOBILE PAYMENTS ECOSYSTEM                        time to market. Furthermore, being able
     Based on the previous considerations, it     The first strategic choice to be made is            to capture the largest part of the whole
  is possible to identify key requirements for    which service concept to focus on. While           transaction fee for mobile payments
  success, and sketch a proposal for next-        most of the attention in the past has been         would improve the overall business case
  generation mobile payments such as sim-         on proximity payments and nfc techno-              for the Payments Broker.
  based PP payments.                             logy, most analysts now agree that nfc
                                                  technology will require at least five years       THE NEXT- GENERATION SERVICE PLATFORM
  K EY REQUIREMENTS FOR OPERATORS SUCCESS         to become widely available. Setting up a         These requirements and choices lay the
  Interoperability is clearly a precondition      mobile nfc ecosystem will require the            groundwork for a Next-Generation Service
  for market development. As shown in             replacement of mobile handsets, sim              Platform (ngsp), the technical infrastruc-
  Figure , models based on a trusted third       cards, and pos infrastructure. This implies      ture on which a Payments Broker should
  party seem to be the best solution in order     a long deployment cycle.                         rely, in order to launch and operate sim-
  to guarantee interoperability between all          Payment services currently available are      based PP payments.
  players in the value chain. Consumers           usually based on “legacy” technologies              The key feature to be provided by an
  would be able to use their mobile to pay        such as sms or ivr. Web browsers or Java         ngsp is the ability to support money trans-
  for services or to transfer money, regard-      clients have been proposed as convenient         actions between two peer entities, ensur-
  less of which operator they subscribe to        ways to create payment services. Software        ing mutual authentication as well as inte-
  and which bank holds their checking             clients may present some advantages, but         grity, confidentiality, and nonrepudiation
  account.                                        we propose instead to use a sim-based            of transactions. The ability to support
     Interoperability is not only between ope-    approach because it is handset-indepen-          these transactions in real time, and to pro-
  rators and banks. A mobile payments eco-        dent, more secure (two-factor authentica-        vide timely notifications of transaction sta-
  system should be open to external service       tion) by supporting strong authentication        tus to all involved parties, is another
  providers so they may easily develop new        methods and mobile digital signaturs. It         important feature.
  vertical applications – of course being         also paves the way to mobile nfc evolu-             The ngsp should be the central hub in a
  compliant with a standard and common            tion.                                            multi-operator, multi-bank environment,
  set of rules for user identification, authen-       For operators, a sim-based approach           allowing interoperability and supporting
  tication, and transaction authorization.        would solidly anchor m-payments evolu-           innovative services. This infrastructure
     One must consumers a clear reason why        tion within the telecom industry space.          should combine payments transaction pro-
  they should pay using their mobile, instead     ▶ M-payments and mobile digital signa-           cessing and mobile digital signature capa-
  of using cash or debit or credit cards. For        ture in one platform. Integrating a basic     bilities into one interoperable framework.
  example, a key reason why Felica has been          payment transaction capability with ver-         The ngsp should include four technical
  successful in Japan has been the conve-            tical applications such as parking, trans-    capabilities into one integrated, logical
  nience when paying for public transport.           portation, or m-government may                platform:
     As well, a simple and effective user expe-       acquire strong authentication methods,        ▶ dynamic sim management
  rience is mandatory for success in every           or even a legally binding digital signature   ▶ mobile digital signature support (e.g.,

56 • EBR #3 2008
                                                                                                                                                  new regulation opens doors services

  [Figure 2]                                                                                                                                               The Single Euro Payments Area:
  Next Generation Service Platform                                                                                                                         SEPA
                                                                                                                                                           ▶ SEPA is a self-regulation effort un-
                                                                                                                                                           dertaken by European banks to har-

                                         money transfer

                                                                                                                                                           monize all electronic payment transac-


                                                                                                                                                           tions and related procedures across an
                                                                                                                                                           area encompassing EU 27 countries
                                                                                                                                                           (Austria, Belgium, Bulgaria, Cyprus, the
                                                                                                                                                           Czech Republic, Denmark, Estonia, Fin-
                                                                                                                                                           land, France, Germany, Greece, Hunga-
                                                                                                                                                           ry, Ireland, Italy, Latvia, Lithuania, Lux-
                                                                                                                                                           embourg, Malta, the Netherlands,
                                                                                                                                                           Poland, Portugal, Romania, Slovakia,

                                                                                                      Inter-bank network
                                                                                                                                          Banks            Slovenia, Spain, Sweden, and the Unit-

                                                                                                           & circuits
                                                                                PI                                                                         ed Kingdom), EEA countries (Norway,
                                                             NGSP                                                                                          Iceland, Lichtenstein), and Switzerland.
    operators                                             Payments Broker                                                                                     As an effect of this regulation, be-
                                                                                                                             Merchants                     tween 2009 and 2012 all differences in
                                                                                                                             & acuirers                    costs, value days, procedures, and so
                                                                                                                                                           forth between national and interna-
                                                                                                                                                           tional (cross-border) banking transac-
                                                                                                                                                           tions will disappear within SEPA.
                                                    Certification                                                                 Card
        = Payments                                                                                                             schemes
   PI     institution                               Authorities
                                                                                                                                                           The PayPal case

                                                                                                                                                           ▶ PayPal, an eBay company and non-
  through a wpki technology infrastruc-                                         ces and infrastructure) make an ngsp the                                   bank entity, is one of the most interest-
                                                                                                                                                           ing cases of service innovation in the
  ture)                                                                         natural candidate to host – or integrate                                   payments industry in the last 20 years.
▶ transaction processing                                                        with – a “trusted service manager” (tsm)                                   PayPal was first to introduce P2P pay-
▶ financial clearinghouse.                                                       function in a mobile nfc ecosystem.                                        ments. In PayPal’s service concept,
                                                                                  For all these reasons, mobile payments                                   each payer creates his or her own wal-
   In addition, the ngsp would act as a                                         are becoming a hot topic once again.                                       let with multiple payments tools (debit
single integration and reporting point for                                      Operators can start focusing on remote                                     cards, credit cards, bank accounts),
                                                                                                                                                           then uses PayPal to transfer money to
operators, banks, service providers, certifi-                                    payments and defining a strategy to ensure                                  a peer entity, usually as the result of a
cation authorities (if needed), and relevant                                    long-term success. A credible strategy                                     commercial transaction on eBay.
security and surveillance entities. It is                                       must first address how to ensure that end                                      The real innovation is on the recipi-
worth considering that being based on                                           users will keep using their mobiles to pay                                 ent (payee) side, where the receiver
open-standards technologies makes the                                           for something, and then pave the way to                                    can easily receive the money in a Pay-
ngsp open to both fixed (internet) and                                           full interoperability at ecosystem level,                                  Pal account without having to use ex-
                                                                                                                                                           pensive and slow methods for interna-
mobile peers.                                                                   which is critical for long-term market
                                                                                                                                                           tional money transfer provided by
   The ngsp can assume a central role                                           growth. The ngsp concept may be consi-                                     banks, such as wiring money.
within a mobile secure-transactions eco-                                        dered a target model, and should be taken                                     Widely successful at the global level,
system, where m-payments are only one of                                        into account even for short-term tactical                                  with approximately 160 million per-
the services being provided. By combining                                       initiatives driven by a single operator. ●                                 sonal accounts worldwide, PayPal has
the abilities to process transactions in real-                                                                                                             since 2006 been trying to replicate this
                                                                                                                                                           success on mobile, both by enabling
time and support mobile digital signatures,                                      AUTHOR
                                                                                                                                                           mobile access to PayPal accounts (Pay-
the ngsp could enable several new servi-                                                                  ▶ Giorgio Andreoli is Direc-
                                                                                                                                                           Pal Mobile) and by introducing mobile-
ces, such as PP payments, m-parking,                                                                     tor, Strategic Marketing for                     specific payment services.
transportation and ticketing, m-govern-                                                                   Ericsson South-East Europe
ment, and m-commerce. It would also faci-                                                                 (SEE). He has 15 years of ex-
litate mobile gambling, a promising service                                                               perience in ICT and the inter-
that in many countries is hard or impos-                                        net, having worked in a variety of roles both in tele-
sible to launch because of strict regulations                                   communications and other industries, including
regarding user identification, age verifica-                                      finance and banking. Since 2007 he has been re-
tion, and traceability of money transac-                                        sponsible for a strategic program on mobile pay-
tions.                                                                          ments at the SEE level. Giorgio holds an MSc in Infor-
   Contactless payments can also be sup-                                        mation Technology from Cefriel, Polytechnic
ported on an ngsp platform, because some                                        University of Milan. (
of the capabilities requested (key
exchange/key management, dynamic sim
management, identity management, inte-
gration with relevant banks’ internet servi-

                                                                                                                                                                                           EBR #3 2008 • 57