Nº 9 2013 > Technology Watch
The mobile money revolution
Near-field communication mobile payments
Mobile money refers to financial transactions and services that can be carried out using a mobile device such as a mobile phone or tablet. These services may or may not be linked directly to a bank account. Now you can add money to your mobile, keep all your credit cards and loyalty coupons on it, access your bank account and use it like your ordinary wallet for payments. Mobile money may soon change the way we pay for goods and services.
This article surveys innovations in the mobile payments landscape and their likely impact on future standardization activities. It is based on “The Mobile Money Revolution: Part 1: NFC Mobile Payments”, a Technology Watch Report published by ITU’s Telecommunication Standardization Sector (ITU–T).
An electronic account held on a mobile device is known as a “mobile wallet” and may feature deposit accounts, credit accounts, loyalty accounts, merchant accounts, gift cards and coupons.
The mobile wallet is actually a menu on the smartphone. Built-in near-field communication (NFC) wireless technology is one of the ways of enabling payment for goods and services using a mobile device. Google Wallet, for example, works with an NFC-enabled device and is available on major mobile networks in the United States such as T-Mobile, Sprint, AT&T and Virgin Mobile.
Google Wallet has partnered with outlets where consumers can shop and just use their phones to tap payments on point-of-sale devices that are PayPass-enabled. The mobile wallet can also be used to make online payments to partner merchants by accessing the Google Wallet account through a wireless application protocol (WAP) browser. When a user makes a payment using Google Wallet, Google actually pays the merchant and then processes the transaction with the customer’s selected credit or debit card (Visa, MasterCard, American Express, Discover), so neither the merchant nor the phone operating system ever obtains the customer’s payment card information. Google Wallet is PIN protected against fraud, and if the phone is stolen, the customer can remotely manage the Google Wallet to disable the account by logging online.
Credit card companies MasterCard and Visa are also active in this field. MasterCard in August 2012 signed a five-year deal with Everything Everywhere in the European market to develop a co-branded, contactless NFC payments service. MasterCard is partnering with Deutsche Telekom in Germany and elsewhere in Europe, and with Turkcell in Turkey, and has been working with Orange on QuickTap, the first commercial NFC payment service in the United Kingdom.
The ISIS mobile wallet is being promoted by AT&T, T-Mobile and Verizon Wireless. It holds virtual versions of credit and debit cards on the mobile device and can be accessed only via a PIN code. All sensitive data are stored on a chip on the mobile phone. The ISIS mobile wallet was launched in October 2012 in the United States.
Apple’s Passbook is another type of digital wallet designed for storing tickets, coupons, cards or boarding passes on the user’s iPhone. Unlike Google Wallet, it is not used for making payments. Passbook also sends alerts and pop-ups to be readily accessed at the user’s location. For example, in the case of a boarding pass for a flight, if the boarding gate has changed, the system will push the new information to the user’s lock screen. In the United States, Passbook is already being used for digital ticketing. The ticket bought using the iPhone is kept in the Passbook wallet and the user scans the phone to get access.
China UnionPay, owned by banks, is the dominant player in China for NFC mobile payments. Its agreements with 157 banks provide a good basis for its mobile payment services. China UnionPay and China Mobile signed a partnership agreement on mobile payments, promising to collaborate in this field. China’s leading mobile carriers — China Mobile, China Telecom and ChinaUnicom — have each established their own mobile payment subsidiaries. All three have strong mobile subscriber populations, control access to millions of mobile devices, and see mobile payments as an additional revenue stream. E‑commerce service providers Alipay, Tenpay and YeePay all have large active user bases and are looking to use the power of smartphones and applications as a way to break into mobile payments.
In the Republic of Korea, SK Telecom and Korea Telecom (KT) are the main players in NFC mobile payments. SK Telecom has partnered with Visa while KT joined with MasterCard to launch NFC mobile payment services. Grand Korea Alliance, which includes mobile network operators, handset manufacturers, card issuers and government agencies, opened an NFC shopping mall in the Myeondong area in Seoul where shoppers can make NFC-based payments at 200 outlets, order drinks, and download coupons.
In Japan, NTT DOCOMO dominates the mobile contactless payments landscape. NTT DOCOMO and Sony jointly developed the contactless FeliCa (felicity card) chip which is being used to create the iD mobile wallet inside the phone. NTT DOCOMO has also subsidized the installation of readers at the national level and developed strategic partnerships with banks, retailers and merchants. NTT DOCOMO’s partnership with MasterCard aims to integrate the iD mobile wallet with MasterCard’s Paypass to enable NTT DOCOMO subscribers to make purchases overseas. NTT DOCOMO, KDDI and Softbank have formed the Japan Mobile NFC Consortium to align the country’s standards for NFC with international ones.
Mobile phone as a point of sale
Limited availability of NFC-enabled handsets is hampering widespread consumer adoption of mobile payment. Credit card and technology companies have therefore developed a contactless payment system as a transitional solution until NFC-embedded smartphones are widely introduced.
Square, a mobile payment service introduced by Twitter founder Jack Dorsey, has no elaborate hardware installations. Square offers a free credit card reader and application that connects to your iPhone, iPad or Android device. The Square card reader can simply be plugged into a mobile device’s standard 3.5 mm headphone mini-jack and can be used for swiping credit cards. Square has two main applications, “Pay with Square” and “Square Register”. Pay with Square allows customers to view merchant menus, make mobile payments and receive virtual receipts. Square Register is a point of sale software aimed at replacing traditional credit card terminals and cash registers. To buy items, customers just need to provide their name at the check-out. Merchants will know the customer’s name because they will see the name and a picture of the customer on their registers, and can accept payments with a simple tap of a button.
In Hungary, a cloud-based service is operated by mobile payments company Cellum in partnership with MasterCard and is handling 1 million transactions per month. Users scan Quick Response (mobile phone readable bar codes) to make payments authenticated with a PIN.
In the Czech Republic, the three mobile network operators partnered with the top four banks to launch a mobile-wallet service called Mobito. Retailers key in the user’s mobile number on their point of sale device and users receive a notification which they authenticate with a PIN.
Security of mobile payments
Mobile payments and mobile money transfers all require secure transactions to protect against eavesdropping or modification of the communication between the device and the server.
M‑money transactions (payments via a mobile phone) raise the concern of how to keep information secure if a mobile phone is lost or stolen. Currently, a two-factor authentication is used. Before making any m‑payment, the user will typically register the phone — which acts as the token — with the bank or mobile service provider offering the m‑money service (the first factor) and then confirm the payment with a PIN or password (the second factor). Securing the transaction requires a trusted user interface plus either a trusted execution environment or a secure element.
Cloud computing holds the potential to overcome some of the security challenges of m‑money, provided that network infrastructure is secure.
Although the way of accepting payments on point of sale terminals from NFC cards or devices has been standardized, the same cannot be said for loyalty points and vouchers. Each NFC point of sale deployment requires adaptation of the software on each payment terminal, and integrating each terminal with the retailer’s back-end loyalty scheme and the offers and customer relationship management systems. This is not only time-consuming but costly.
Mobile telecommunication operators have focused on driving the standardized deployment of mobile NFC, using the subscriber identification module (SIM) as the secure element to provide authentication, security and portability. The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
Work within ITU has already resulted in Recommendation ITU–T Y.2740 on approaches to developing system security for mobile commerce and mobile banking in next-generation networks, Recommendation ITU–T Y.2741 on the general architecture of a security solution for mobile commerce and mobile banking in the context of next-generation networks, and Recommendation ITU–R SM.1896 on frequency ranges for global or regional harmonization of short-range devices.
With the rapid adoption and growth in mobile technologies worldwide, mobile money services are being adopted all over the world, albeit in different ways in the developed and developing worlds. Mobile payment processing must be global, and the only way to ensure that processing is uniform is to develop and adopt global standards.
“The Mobile Money Revolution. Part 1: NFC Mobile Payments” is a Technology Watch report published by ITU–T in May 2013. Technology Watch reports assess new technologies with regard to existing standards inside and outside ITU–T and their likely impact on future standardization. This report, along with other Technology Watch reports, can be found at http://www.itu.int/techwatch.