About The Blog

Debate at the intersection of business, technology and culture in the world of digital money, both commercial and government, a blog born from the Digital Money Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

140 posts categorized "Mobile & Wireless"

Day zero

By Dave Birch posted May 20 2011 at 9:16 AM

Today is rather an interesting day in our tiny corner of the digital money universe. Today, the first NFC mobile phone with a contactless EMV application on the SIM goes on sale in the UK. It's the Samsung Tocco Quick Tap, a version of the best-selling Samsung Tacco Lite with NFC, a product developed by Orange and Barclaycard.

Before I go any further let me make an explicit declaration of interest. Consult Hyperion has provided paid professional services to companies mentioned in this post in connection with the development of the products and services discussed in this post. As you may well remember...

...the public launch of a product that Consult Hyperion has been working on for some time for Barclays: Mobile operator Orange UK and credit card company Barclaycard have announced a long-term strategic partnership to develop m-payments technology including mobile wallet handsets.

[From Digital Money: Some real mobile, nfc and payment stuff in the UK]

Back to the story. Today, (well, yesterday, actually) I used one of these phones to buy a cup of coffee in Eat. And it worked. Perfectly. You might not think that's amazing, but I do, because I know how much work has gone in to implementing a standard contactless EMV application in a standard mobile handset with a standard SIM for use in a standard terminal on a standard network. And it's for use by normal people, not geeks like me.

The phone has a J2ME "Orange Wallet" that is connected via JSR177 to a Barclaycard MasterCard pre-paid EMV card application on the SIM. The application uses SWP to access the NFC interface. You can either connect this prepaid card to one of your existing Barclaycards or an Orange Credit Card that you apply for on the spot. There's no "untethered" version that you could not link to an existing card but simply top-up online or in store. It works as you would imagine: for payments under £15 you just tap and go. The wallet contains the basic services you would expect: you can look at transactions, top up the card (I have my phone linked to my Barclaycard OnePulse with the built-in Oyster card) in a simple one-button plus PIN action

MMP_6301 logoNO EAT_pay_scr

Though I say so myself (as a big fan of stickers!!) the integration is nice. The phone implements the usual NFC tag reading, so you can tap things and have URLs or phone numbers pushed on to the phone (the phone comes with a bunch of tags for you to try it out on) and I'm sure that people will find fun things to do with these. I suppose like a lot of people I'd rather have my Orange Wallet running on my iPhone, but this is a great first step and, most importantly, it actually works, it's not just some Powerpoint at a conference. It will be spreading to smartphones soon and the knowledge and experience gained by Orange and Barclaycard ought to stand them in good stead.

Last week Google confirmed that Android 2.3 will support Near Field Communication, as will Nokia and RIM smartphones, starting next year. And judging from Apple’s recent hiring of an NFC expert , and patent filings for a probably-NFC-powered iTravel app, the iPhone 5 will boast NFC too.

[From I Have Seen The Future, And It Looks A Lot Like Bump (Without The Bump)]

When I took the phone home last night and showed it to a statistically-invalid sample group of four teenagers, I was quite surprised as to how much they liked it. They were familiar with the handset and they like prepaid instruments and all wanted to try it out.

According to the recently released results of a survey from MasterCard; it looks like the public, especially the younger generation, are willing to embrace NFC if it ever becomes the standard method of payment in the future... From their findings, 63% of the US population aged 18-34 would be at ease with using mobile phones to make payments, while in the 35 or older age group, only 37% are comfortable with the idea.

[From MasterCard says NFC will be embraced by the younger generation in the US | Ubergizmo]

All in all I had rather an exciting day of contactless activity, because I popped into Tesco Express to buy a cold drink and noticed that they had installed contactless terminals. But more importantly, they've installed them properly. What I mean by this is that when you buy something, the checkout operators scans it and then contactless terminal lights up automatically. You tap and go. Or you tap and wait for a receipt to print out, and go. I was so shocked to see contactless payments implemented so well that I made a video:

Put these two things together: contactless rails and the mobile carriage and you finally have a genuinely new and attractive customer experience. No-one is mad enough to believe that people are so wild about payments that they will buy these phones just because of the on-board Barclays MasterCard (the mass market needs a portfolio of interactive services), but it's a super first step. Today was a good day and naturally I'd like to share the excitement. I happen to have on my desk a spare pay-as-you-go Samsung Tocco Quick Tap, so if you'd like to dip your toe into the ocean of future payments, all you have to is be the first person to respond to this post telling me what the acronym SWP -- used above -- stands for. (Hint: it's not the Socialist Workers Party).

In the traditional fashion, this competition is open to all except for employees of Consult Hyperion and members of my immediate family, is void where prohibited and has a new and improved formula. The prize must be claimed within three months. Oh, and no-one can win more than one of the Digital Money Blog prizes per calendar year.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

I see your 14443 and raise you 18092

By Dave Birch posted May 12 2011 at 1:56 PM

A couple of people asked yesterday about the comments from Google concerning "card emulation" in Android phones. The twitterverse had noticed these remarks from Nick Pelly, the Android lead for NFC, concerning the lack of API support for NFC card emulation.

The problem is that the hardware out there today, you know, if you buy an NFC controller, it typically is only going to be able to emulate one of those RF-level technologies. So as an application developer, you don't know which — when it's getting deployed to a phone, which one is on the phone. So I guess until we see the industry standardize around maybe one RF-level technology or until we see NFC controllers able to support multiple of those

[From Google raises concerns over the viability of NFC card emulation mode for mobile payments • NFC World]

At first I just thought... wow, that's smart. If Android phones won't allow ISO 14443 card emulation (which is part of the NFC standard) then that means that Visa and MasterCard won't be able to use them for payments, thus locking them out of the POS terminals that Google is developing for retailers. As I thought about it, however, and actually read what Nick had said, I realised that I couldn't understand his comments, since phones are perfectly capable of dispatching to different applications depending on which card they read, so I thought I'd go and ask a couple of the world's leading experts on implementing secure NFC applications in mobile phones. Fortunately Stuart Fiske and Neil Livingston both work for Consult Hyperion, so it was easy to find them. They told me...

We know that NXP and Inside Secure NFC controller devices support A, B, B’ and Mifare, all on the same chipset. GP provides mechanisms to manage protocol conflicts, etc., when multiple applets relying on incompatible protocols are trying to be active on the interface at the same time.

I thought this must be true, since I had in my office a Nokia handset with NFC that supports both contactless EMV transactions and contactless Oyster (ie, MiFare) transactions and it worked perfectly. I read a little further, and once again became confused. Due to my lack of experience, I was unable to determine what this means:

Typically, the hardware is set up to do card emulation through the secure element. Right now, we don't have any APIs to talk to the secure element. And we think that we probably won't be getting APIs to do that anytime in the near future in the SDK.

There are a bunch of different reasons. Again, the secure element is a very limited resource. It can't hold a large amount of data in there. And if we open it up to any third-party application, there's going to be a huge resource contention over the secure element.

Additionally, to talk to the secure elements, even from applications on the phone, you need to authenticate yourself properly.

And if you improperly authenticate yourself a certain number of times, there are secure elements out there that will physically destroy themselves and can never be recovered. So that's something that we really think would be a bad experience for users

[From Google raises concerns over the viability of NFC card emulation mode for mobile payments • NFC World]

I have absolutely no idea what he's talking about. I have never heard of a handset secure element (SE) that will physically destroy itself if authentication fails. I've checked the SmartMX data sheet this morning and I can't see any such logic.

Screen shot 2011-05-12 at 11.03.45.png

If I put the wrong PIN into an EMV application in the secure element three times, it will lock and then require an over-the-air PIN unlock from the application issuer, but that's a good thing. It's certainly true that there's a problem with secure applications controlling the screen and keyboard during authentication, but that's because the Nexus doesn't have any form of trusted execution mode and this is a well-known and well-understood (at least it's well-known and well-understood by Consult Hyperion) constraint that feeds into the kind of risk analysis that we do for organisations who are thinking about developing transactional applications. The authentication itself is done within the SE, naturally, but you may have a virus that's capturing the PIN, for example.

Meanwhile, I was thinking about the SE more. If I buy a Nexus S, how would an application provider request a Security Domain (SD) from Google? How would it be provisioned? Is Google building a Trusted Service Manager (TSM) to sell such a service? I haven't got a clue. The guys told me (these are edited highlights, by the way)...

In J2ME, it’s typically the SE issuer (ie, Google, in this instance) that decides who can access the SE from apps in the phone, and sets up the access conditions on the SE to manage this (the ACF file). Essentially, what we need the Android stack to do is deliver what J2ME (and it’s JSRs) have been doing for several years now. That is, include APIs that provide the app with a mechanism to access an applet in the SE, and for Android to interact with the SE to manage access condition verification. You can’t block the SE if you can’t access it!...

...These comments from Google make it sound like Google won’t be doing anything with card emulation any time soon. If that’s the case, then what’s with all these stories about Google trialling contactless card payments in SF with MasterCard and Citibank, uing Verifone and Ingenico POS terminals? These POS terminals implement 14443 to read contactless cards, and I doubt that Google are going to develop custom terminals that implement P2P ISO 18000 instead. But who knows - it would be cool if they did...

...Perhaps the Android stack doesn’t need to implement card emulation mode if the underlying hardware implements it, i.e. if the NFC controller and SE together support 14443 and card emulation mode, then they can talk to the reader via the antenna independent of the Android stack. The stack needs to provide an access API to allow phone apps to access applets over the contact interface (if there is one, e.g. SIM), or the wired interface for embedded, or via the SD interface....

...So perhaps there is no need for a card emulation stack in Android after all? But we still need ot be able to switch the PN544 into card emulation mode and an SE access API supporting a decent access control mechanism...

That's the actual problem, then. Developers can get to the SE interface but they can't do anything with it (eg, load a payment card into it).

As of the 2.3.3 release of Gingerbread the Secure Element functionality has been enabled (but the API Hidden). You can confirm that there is a Secure Element (SmartMX) in the Nexus S just by looking at the debug log using adb logcat and switching on NFC via settings... That said I'm assuming that the keys etc are controlled by Google so actually doing anything with the embedded SE will be difficult/impossible at the moment.

[From Secure Element - SmartMX - seek-for-android | Google Groups]

What has happened is that Google used an NXP NFC stack when building the Android operating system image for the Nexus S, but switched off the card emulation using compiler switches. (There's nothing to stop you, by the way, from recompiling the stack with those switches set to allow card emulation.) My interim conclusion is, then, that I have no idea what is going on. I don't understand what Google mean and I don't see how they can stop anyone from accessing secure elements. Sure, they can stop you for doing anything with the embedded SE (theirs) by not giving out any keys, but if there's a UICC SE (from the operator) you can access that and if there's an external SE (eg, a DeviceFidelity SD card) you can access that. If there's no Google Android API elements for any of these, someone else can simply add their own.

After all, Google ordered the Nexus S with embedded secure chips, the PN65 from NXP Semiconductors, which can store applications. The NFC controllers in the phones also support applications for card emulation on SIM cards.

[From Card Emulation Expected Soon Despite Doubts from Google Engineers | NFC Times – Near Field Communication and all contactless technology.]

Indeed. So why the fuss? What does it matter whether Google want to provide card emulation APIs or not? The things is that Google's opinions about NFC have taken on more and more significance recently as it has become clear that whatever mobile operators and banks may think about NFC, Google thinks that it is important and will drive it into the marketplace.

Google has obviously made a decision that NFC is an opening into something more interesting and lucrative than transforming a phone into a payment card– advertising and marketing opportunities at the point of sale – the physical point of sale. And, it has done a deal with VeriFone that takes the economic sting away from the merchants who need to buy into their vision to make it work – and who have by and large turned their noses up at NFC up to this point. Layer on top of that their Google Checkout asset and their newly launched One-Pass wallet application and you have the makings of an interesting new payments player.

[From Google Takes on NFC, Will They Crack the Code? at The Catalyst Code]

Karen is, as usual, spot on with this analysis. But I'm not so sure about this...

What’s amazing is that Google was the first to connect all of these dots

[From Google Takes on NFC, Will They Crack the Code? at The Catalyst Code]

This doesn't seem amazing to me, because I've been involved in numerous attempts to develop mobile proximity payments for banks and operators. A month before the Google announcement, I wrote on Quora that "I'm sure [loyalty and rewards] will be Google's strategy too. Payments are not an interesting enough application to persuade people to go out an get an NFC phone." Years ago, I made a presentation (I think at NFC World but I can't find it!) in which I said that no consumers will go into retail outlets and buy an NFC phone because of payments. They will buy the NFC phone so that they can read tags, swap Facebook profiles or (now, it seems) play proximity Angry Birds. But once they have that handset, then we need to make it easy and attractive for them to use it for payments.

Incidentally, Dean Bubley, who is in my opinion one of the very best analysts out there, called these non-payment applications "valueless" in a twitter exchange. He's referring to things like "0-click" checkins and similar.

Starting tomorrow, just tap your NFC-enabled phone (most newer Android devices have it) against the poster, it’ll check you in with foursquare

[From Experimenting with NFC check-ins for Google I/O | Foursquare Blog]

I'm convinced that valueless is the wrong word. If Google (or Apple) or whoever track where you are via mobile location and then send you special offers, it's creepy. But if you reach out tap when you enter the shop, or restaurant, or hotel, or office, that's what advertising folk label "a call to action" that gives them permission to send you things, to steer you, to deliver added value. That's what retailers will pay for -- they'll get the payments part for free -- and that's why the ecosystem will deliver real value.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Licensed operators

By Dave Birch posted Apr 13 2011 at 5:36 AM

France has been in the forefront of the NFC revolution, with an early commitment to cross-industry co-operation, considerable work on standards and models and an aggressive timetable for getting phones into the market. Remember this?

A dozen French cities plan to launch wide-scale contactless payment and information service on mobile phones with the backing of the ministry of industry, reports Les Echos. The city projects approved under the initiative will receive state assistance for consultancy and engineering, but no other subsidies are planned at this stage.

[From Aid from French Ministry of Industry for mobile contactless cities. « Contactless & NFC City League]

You will undoubtedly recall that a few months later, the French mobile operators decided to get together with a processor and form a mobile payments proposition to launch a serious assault on the banks' retail payment franchise.

Orange, SFR, Bouygues Telecom et Atos Origin créent une société commune pour proposer une plate-forme unique de paiement en ligne, sécurisée par le mobile.

[From Union sacrée des opérateurs mobiles dans le paiement sur Internet - OPERATEUR DE TELECOMMUNICATIONS SERVICES INFORMATIQUES ATOS ORIGIN FRANCE TELECOM SFR BOUYGUES TELECOM]

Well they've made their first assault on the enemy positions and have been granted a PI licence. Why would they bother, you might wonder, when polls show that the majority of consumers don't want to use mobile payments?

The 59% of consumers who were against the idea, meanwhile, gave their reasons as: Security (79%)

[From Most French consumers not in favour of mobile payments • NFC World]

The answer is, of course, that consumers don't know what they are talking about and it's a waste of time asking them about anything new. Whatever they might say a priori, in all of the pilots and trials that we have been involved in, they really, really, liked mobile proximity.

But there are some real issues, and we need to address them.

Dead phone batteries. Wrong merchant terminals. Terminals turned off. Terminals unrepaired. No terminals at all.

These and other, less obvious glitches suggest contactless technology may not be the mobile payments panacea for tattered magnetic stripes and other problems with plastic cards.

[From Mobile Payments Inheriting the Problems of Contactless - American Banker Article]

Well, yes and no. (I am a consultant, after all). Let's have a look at these

Dead phone batteries. NFC is interoperable with the existing contactless payments and ticketing systems. As you may have noticed, your Oyster card doesn't have a battery in it: that's because it is powered through the electromagnetic field of the terminal you touch it to, and the same is true for the NFC interfaces in phones: if the phone has no battery you may not be able to access your m-wallet to check your transactions, redeem coupons and so on, but you will be able to to use it pay in a shop and ride the subway.

Wrong merchant terminals. I don't think this will an issue. Right now there are some problems with some cards not being accepted in some terminals, but this is the result of standards problems three or four years ago. The contactless EMV standard should interoperate seamlessly. Some of the terminals are certainly "wrong" from the point of view of consumer experience, but that's a different thing.

Terminals turned off. Fair enough, I do see this from time-to-time. But it's a teething problem. There is a problem with terminals being turned off after the merchant has rung up the purchase and then having press some more buttons to turn it on, but that's an implementation issue.

Terminals unrepaired. I don't think this is a long term problem. Contactless terminals (since they have no slot or contacts) are considerable more reliable in practice than contact or stripe terminals. Experience from other sectors suggests to me tha tthe cost of maintaining an estate of contactless terminals is less than half the cost of maintaining an estate of conventional terminals.

No terminals at all. This, I think, is the real problem. When I was last in the US, I saw contactless terminals in places where they didn't really have much impact, like in CVS. But in the places where contactless would have really helped and speeded things up -- BART machines, airport carts, Coke machines and so on -- nothing.

The point is, that those are real issues that do need dealing with, whereas what the public says are their concerns, such as about the security are, in my opinion, not real issues and it should be handled through marketing communications. Oh, wait...

85% of users said they considered the protocols for operating with the NFC system to be sufficiently secure.

[From Sitges trial results: Consumers pay more often and spend more with NFC phones than with cards • NFC World]

This must be a translation from Spanish, because I'm not sure that "protocols for operating with the NFC system" translates properly in English, but it's good news all the same. I'm not saying that everything is perfect in the NFC world. Even in France, where progress has been slow despite the commitment of major banks and operators. It's still a new technology.

The problems are one of the main reasons bank Crédit Mutuel-CIC has held back on launching its m-payment service, according to Patrice Hertzog, payment systems manager for Crédit Mutuel-CIC. He said it has been difficult for the bank’s trusted service manager, Gemalto, to set up and manage the bank’s PayPass application on SIM cards produced by other vendors, such as Oberthur Technologies.

The problems have occurred despite much standards work by the French Association Française du Sans Contact Mobile, or AFSCM, and prior trials involving multiple French banks, mobile operators and vendors.

[From ‘Open’ Battles Break Out Among NFC Vendors Over Android | NFC Times – Near Field Communication and all contactless technology.]

To be honest, this suggests that vendors are not building TSMs from scratch based on the new standards but are putting wrappers around their existing card personalisation systems. That sort of thing is, to me, more of a real issue than incorrectly worrying about what the public think, but whatever. Things are moving. Even in the US, the new technology is getting a foothold and there will soon be TSMs there too.

The joint venture formed by U.S. mobile carriers to launch NFC-based mobile payment... has selected France-based Gemalto to download and manage payment and other secure applications on NFC phones to be used in pilots expected to be held in three to four cities during the second half of 2011

[From U.S. Carrier Joint Venture Chooses a Trusted Service Manager | NFC Times – Near Field Communication and all contactless technology.]

There's plenty of activity in the US as elsewhere, and since I've been looking at the US for clients recently I was interested to read about the work done by the Federal Reserve Banks of Atlanta and Boston. This work suggests that the success factors for the US will rest on the evolution of an open eco system for NFC.

The mobile infrastructure would likely be based on Near Field Communications (NFC) contactless technology resident in a smart phone and merchant terminals.

Ubiquitous platforms for mobile should leverage existing rails, including the ACH network for non-card payments, and support new payment types that meet emerging needs.
Some form of dynamic data authentication would be at the heart of a layered mobile payments security and fraud mitigation program.

Standards would be designed, adopted, and complied with through an industry certification program to ensure both domestic and global interoperability, including a standard to ensure that devices used to facilitate mobile payments do not create any electronic interference problems.

A better understanding of a regulatory oversight model should be developed in concert with bank and non-bank regulators early in the effort to clarify compliance responsibilities.

Trusted Service Managers should oversee the provision of interoperable and shared security elements used in the mobile phone.

[From Mobile Payments in the United States Mapping Out the Road Ahead - Boston Fed]

On that final point, things are already moving.

The joint venture formed by U.S. mobile carriers to launch NFC-based mobile payment... has selected France-based Gemalto to download and manage payment and other secure applications on NFC phones to be used in pilots expected to be held in three to four cities during the second half of 2011

[From U.S. Carrier Joint Venture Chooses a Trusted Service Manager | NFC Times – Near Field Communication and all contactless technology.]

So there's plenty of activity in the US as elsewhere and plenty of organisations are looking at how the move to mobile proximity may impact their businesses.

A white paper that outlines the survey findings, including how the most forward-thinking financial institutions are building a business case for mobile payments, is available at www.fiserv.com/mobilestrategy.

[From Forward-Looking Financial Institutions Focused on Mobile Payments Business Case, Says Fiserv Survey - pymnts.com]

I couldn't help but think, as I read this, that the very act of building a business case for something like this is fundamentally backward-looking, trying to shoehorn something that is the basis of a new value network into the existing business models. The report says that the factors that the FIs evaluated across these business lines included customer retention and profitability, cost reduction, revenue generation and retention, increased customer engagement and competitive parity. When I looked at the revenue generation part of it, though, it only referred to revenue generation in terms of debit card transactions and keeping the connection to the DDA. This isn't how forward-looking organisations are thinking about revenue generation from mobile payments, they are thinking about delivering entirely new products and services that are simply not possible in conventional (ie, card) environments, generating revenue from things that banks don't do.

Google is to run tests of mobile payments at stores in New York and San Francisco in the summer, according to anonymous sources cited by Bloomberg. The search engine giant will pay for installation of thousands of NFC cash-register systems from VeriFone Systems at merchant locations, one source told the wire.

[From Finextra: Google to run commercial trials of NFC at the POS - Bloomberg]

Well, well. So while financial institutions are agonising over the business case, Google is giving out the terminals for free. It's not hard to see why: they don't care about the miniscule margins on the payment transaction and arguing about how to slide and dice the merchant fee, they care about building new business around knowing who is buying what and where. So leadership in the NFC space is may well shift away from the payment incumbents. Perhaps the answer to the age-old question about whether banks or operators would control the mobile payments space is... neither.

"We already have a perfectly fine way to make non-cash payments"

By Dave Birch posted Apr 2 2011 at 12:11 AM

On "Slate" there was an article entitled "Paying With Your Phone Is Awesome, Because … Because" with a sub-headline

We already have a perfectly fine way to make non-cash payments.

[From Paying by phone is insecure and unnecessary. - By Farhad Manjoo - Slate Magazine]

Really? That didn't seem to be the case in my household this morning when my wife was hunting for the chequebook because she needed to pay for a school trip and settle a dentist bill. I wanted to pay my son's school £20 on Thursday morning because he was going on a school trip, and I turned the house upside down looking for the chequebook, which I couldn't find. I couldn't pay them with a debit card, or cash (I didn't have £20), or credit card, or bank transfer or any of the other "perfectly fine" ways to make the payment. Which boring tale illustrates the real point, that is, not that...

We already have a perfectly fine way to make non-cash payments.

[From Paying by phone is insecure and unnecessary. - By Farhad Manjoo - Slate Magazine]

...but that we don't have a perfectly fine way to take non-cash payments. Mobile payments will be a disruptive force because the devices will serve both roles. Richard Johnson of Monitise made this point very well at the Intellect Payments Workstream meeting that I chaired last week. But it isn't only the cheque that is set for extinction because of mobile. Anthony Jenkins, the chief executive of Barclaycard (Britain's biggest card issuer), said that

"In 50 or maybe even 10 years' time, we will still be using cash but I don't think we'll have plastic. It is comparable to the move from CDs to MP3 music files," he said. "If I had said 10 years ago that you couldn't pay with a cheque at the supermarket, you wouldn't have believed me. That is now the reality, and we see plastic cards going the same way."

[From End of the road for flexible friend as Barclaycard goes 'contactless' - Telegraph]

Now this seems a little far-fetched on first reading. But perhaps, once mobile payments cross the cusp into the mainstream (at, I would guess, around a 25% penetration in the consumer market), the move away from plastic could take place in a generation, much as the move into plastic did from the introduction of the magnetic stripe in the early 1970s.

Coins, paper money and plastic cards are going to be the next casualties. Don't believe me? Then visit Korea. The only people who own a plastic credit card there are the ones who travel abroad; everyone else uses their mobile phone.

[From Peter Cochrane's Blog: Near-field tech edges closer | CIO Insights | silicon.com]

The combination of mobile and contactless seems to accelerate the transition: individually they are great, but together they are something special. Mobile payments by themselves have been around forever and have made little impact in the physical world (except for special niches like car parking). I still can't use my mobile to buy a bottle of cold water from a machine in the Tube.

The first case of a mobile phone being able to be used to handle a payment was in 1998 as an experiment in Espoo Finland just outside of Helsinki, where two Coca Cola vending machines were installed with a mechanism to accept payment by SMS text messaging

[From Communities Dominate Brands: End of Cash? First blog in a series examining the pending doom of minted coins and printed banknotes]

Adding contactless transforms the proposition from fiddling about sending text messages to a quick tap. As far as I can tell, from the pilots that we have been involved in, customers are not a barrier. They like it. So why doesn't my phone have NFC in it right now, and why doesn't the drinks vending machine on the Tube have a reader?

Why is it taking so long? As with Faster Payments, the problem lies with the marketing teams in the major banks.

[From The innovative world of UK payments]

I disagree. I'm no fan of marketing departments, but the problem with mobile payments is different. Banks have never had to deal with payments in this way before: they can control ATMs and POS terminals, EMV cards and FPS. But they don't control mobile, and in particular they don't control the Secure Element (SE), the tamper-resistant hardware that transforms mobile phones from being content devices to transaction devices. There are different ways of dealing with this, but I think it is fair to reflect that the specific tension between banks and mobile operators remains problematic. In some countries they are joining forces, in others they are forging bilateral agreements, in others they are going their own.

while credit card companies might need the carriers to get into mobile payments, they might soon learn that the carriers don't need them.

[From In mobile payments, credit card companies might be a third wheel | Econsultancy]

Indeed they don't, but that has no relevance to the Isis initiative that is the subject of that post because

Verizon, T-Mobile and AT&T are entering into an agreement to let customers pay for products with their smartphones... they are not working with Visa, MasterCard, or American Express on this venture. They're not working alone either, instead partnering with Discover and Barclays on this venture.

[From In mobile payments, credit card companies might be a third wheel | Econsultancy]

Hhmmm. So in this particular case, the carriers are partnering with a credit card company and a bank. So do they have somewhere to go? Well, let's return to the point. We don't have a perfectly fine way of taking non-cash payments, but soon we will because of mobile phones. And there are some dynamic go-ahead organisations that have already recognised this.

the local Girl Scout group there has teamed up with Intuit to accept credit cards using the company's GoPayment app (and accompanying card reader) for iOS and Android

[From Teh Gay Geek: GIRL SCOUTS IN OHIO TAKING MOBILE PAYMENTS FOR COOKIES]

Back in the 1980s, there were people who said that mobile phones would never sell because there were payphones everywhere (eg, McKinsey). The POS terminal of 2011 is the payphone of 1981.

NFC in the real world

By Dave Birch posted Mar 22 2011 at 12:33 PM

Nick Holland from Yankee Group made a good point in their recent webinar on "NFC Not Just for Cards". I'm probably only saying it's a good point because it's a point that I make too, but nevertheless the addition of an NFC interface to a mobile does change the relationship between the real and virtual worlds.

Put the two things together, in the form of near-field communication (NFC) handsets, and you have something special... Over the coming decade, the mobile phone will shift from being a network end-point to being a pivot between local and global environments, an indispensable and personal security token that bridges physical and virtual commerce.

[From Digital Money: Ten more years of technology]

Nick talked about this "hyperlinking" to the physical world and made the sensible point that while dull persons such as myself are obsessed with payments, the use of NFC will be far wider. This is perfectly correct, and I happened to see an excellent illustration of this general point in NFC World this very morn.

Some 35,000 households in Haiti are receiving 'clean water' buckets — which consist of a chlorine solution and an RFID-tagged five-gallon bucket to treat and store water — from the charity Deep Springs International (DSI). On each bucket is an RFID tag which is read during regular visits by community-based health workers who carry NFC-equipped Nokia 6212 phones. Just holding the phone up to the bucket reads the tag and records the visit, then they measure the amount of chlorine in the water and key it in to the handset

[From NFC phones help provide clean water to Haiti earthquake victims • NFC World]

In fact we have consistently advised clients that payments will be a niche. Anyway, Nick is correct, and on the Digital Identity Blog I've repeatedly made the point that the use of NFC to support digital identity applications will, in the long run, be far more important than digital money applications. A big step forward in assembling this infrastructure went almost unnoticed last year when the NFC specifications were extended to include the digital signing of data.

The Signature RTD candidate technical specification helps users verify the authenticity and integrity of data within NDEF messages by specifying the format to be used when signing single or multiple NDEF records. It defines the required and optional signature RTD fields, and also provides a list of suitable signature algorithms and certificate types that can be used to create the signature

[From NFC Forum : NFC Forum Announces Specifications to Support Peer-to-Peer Device Communication and Verify Data Authenticity ]

This is important, because if you want to go round touching real world things and have them connect to virtual world things, you need to be sure that they are what you think they are and they are part of the right infrastructure. When I tap on the poster in the restaurant window, I want to be sure that it is a legitimate hyperlink that will take me to a menu and not to a porn site. With this infrastructure in place, all sorts of new businesses become possible (and desirable). It means that someone if going to have organise how exactly the key, certificates and signatures are going to work and interoperate and that someone probably won't be the mobile operators but a new entrant.

These "pivot" functions, that link the local and remote environment will, I firmly predict, lead to some incredible new applications. Fortunately, some of them will involve payments, which will be really good news for some of our clients.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Mobile payments are good for mobile banking

By Dave Birch posted Feb 23 2011 at 2:41 AM

Mobile payments and mobile banking are not the same thing at all and, as I have long maintained, there is no reason to think that mobile payments should be provided by banks, nor that mobile operators want to get in to banking. This is why I maintain the much of the comment around these topics is misleading. For example:

Geo-strategic and political consultant at Nova-Comm Strategy Group, Brett Goldman, says: "With M-Pesa... Essentially, what you are doing is eliminating the need for a bank,"

[From Near field comms: How are mobile payments changing traditional banking? - 2/22/2011 - Computer Weekly]

Well, up to a point. They are not eliminating the need for a bank, they are eliminating the need for banks to run payment services. And this is not bad for banks, or customers, because M-PESA don't need to eliminate banks in order to improve the banking infrastructure as it demonstrates with the example of the M-KESHO service, launched with Equity Bank, that allows M-PESA customers to transfer money to and from savings accounts.

With the M-Kesho Account, customers will be able to get pre-qualified personal accident insurance, access to short-term loan facilities ranging from KES 100, and interest on the mobile account from as little as KES 1. The application is built with the ability to score a customer's credit rating using a six-month history of his M-Pesa balances.

[From Safaricom, Equity Bank launch M-Pesa bank account - Telecompaper]

How interesting is that? The transaction history built up inside M-PESA provides a straightforward mechanism for financial inclusion, simply not available in a cash economy, and an apparently entirely viable alternative to credit history. The service has been tremendously successful.

He noted that some 21 percent of M-PESA users in Kenya now use the service simply to store money and earn interest. The savings service – branded as M-KESHO and in partnership with Kenya’s Equity Bank – has effectively set-up 750,000 new bank accounts in Kenya since launching in May with deposits totalling KES900 million (US$10.7 million).

[From Vodafone, Telenor To Expand Their Financial Services | Telecom Recorder]

Scatchamagowza! They're on their way to creating a million new bank accounts. Far from taking customers away from banks, M-PESA is bringing customers to them! As far as I can see, this is pretty conclusive proof that banks are wrong to lobby regulators to insist that mobile payments can only be provided by banks and that regulators are wrong to listen to them. (In Europe, fortunately, this is not true because of the Payment Services Directive: O2 have applied for a payments licence in the UK, for example). So, an efficient and effective mobile payments platform adds value to mobile financial services by making those financial services more accessible at lower cost. And while stimulating this, operators can make money too.

Aite says mobile payments will account for $214 billion in gross dollar volume by 2015, up from only $16 billion in 2010

[From The Smartphone Payments Train’s Leaving the Station - Bank Technology News]

That means lots of transaction fees. It's interesting to note how M-PESA's transaction fee income has held up.

As the use of M-Pesa spread, Kenyans started using it for smaller and smaller transactions. The average amount sent through M-Pesa declined from the equivalent of about $50 in March 2007 to less than $30 by March 2009.

[From Fascinating Stat and Lesson for the US About Mobile Payments in Africa]
So Kenyans are sending smaller amounts and are paying transaction fees that amount to larger fraction of the transaction (around 7%) because they still find it more convenient to do this than to use any of the alternatives. Once again, we see the mobility premium in action and a new value network that enables mobile operators to provide profitable payment services (because of that mobility premium) while simultaneously enabling bank, insurance companies and others to provide profitable financial services using mobile payments as a conduit.
More important than the mobile payments business itself will be the businesses that it enables. Just like M-KESHO, there will be new financial services businesses that only make sense on the mobile payments platform. In the UK, initiatives such as O2 Mobile Money and Orange Cash should provide some useful early indications as to how the market might evolve: if third-party financial services offer new products using these payments (eg, SME payments, media subscriptions, that kind of thing), then I think that will show that the pie will get bigger instead of getting sliced.

P.S. By way of an experiment in the service of readers, I have instructed no.1 son to go mystery shopping for an Orange Cash card and will report here in a couple of weeks.

Will they or won't they pay?

By Dave Birch posted Feb 21 2011 at 1:58 PM

The outsourcing company Accenture conducted a survey to find out if consumers want to use their mobile phones for payments. Unsurprisingly, there is a strong correlation between countries where people have already used their mobile phones for payments (eg, China) and where people wanted to use their mobile phone for payments (eg, China).

Overall, 69 percent of survey respondents in Asia indicated they favored using mobile phones for most payments, led by Chinese consumers (76 percent) and India (75 percent), followed by Korea (56 percent) and Japan (47 percent). Outside of Asia, the next highest positive response was in Brazil, where 70 percent of consumers favored using mobile phones for most payments... asked if they had used a mobile phone to make purchases in the past six months, nearly half (47 percent) of tech forward consumers in China indicated they had, followed by Korea (42 percent) and Japan (33 percent).

[From Interest in Mobile Phone Payments Strong Among Most Active Mobile Users Despite Security and Privacy Concerns | Business Wire]

Now, the figures cannot represent a desire for mobile out of a lack of alternatives. I'm in China right now, where China UnionPay already has gazillions of cards out there and I've been using my splendid Travelex prepaid Visa card all day without a problem (some shops just wanted signature, some wanted online PIN and signature, I don't know why). Meanwhile, back home, the situation looks rather different.

In the U.S. and Europe, combined, however, only 26 percent of respondents favored using mobile phones for most payments.

[From Interest in Mobile Phone Payments Strong Among Most Active Mobile Users Despite Security and Privacy Concerns | Business Wire]

Oh well, I guess there's no need to spend much money on m-payment solutions in Europe or the US then, when only a 100 million or so people will want to use them, especially so in the US where another survey shows that few consumers are prepared to pay for m-payments.

However, the [Yankee Group] consumer survey results also indicate that less than 10% of respondents would be willing to pay extra for mobile transaction services such as mobile banking, mobile coupons and mobile payments

[From Less than 10% of US consumers willing to pay for mobile payments • NFC World]

But hold on, I thought. If you asked consumers in the US if they were prepared to pay for debit cards then only 10% would have said yes. Yet everyone has (and uses) a debit card. Hhmmm...

So who does pay for debit cards then? In the US, where the merchant fees are much higher than in Europe, transaction fees are the major source of income. But the economics of debit are different in Europe where the already lower debit interchange and fees mean that in some countries (eg, the Netherlands) the banks lose money on every debit transaction, whereas in some countries (eg, the UK) they make a small but vanishing margin. Yet debit is profitable for banks. Why? It's because the major component of income from debit schemes is not the transaction fee but

  • The interest foregone on current accounts. Consumers who use their debit cards keep money in their current accounts to fund and the bank earns interest on that money.
  • The fees earned from unauthorised overdrafts and such like. If you are out spending on your debit card and you see something that you want, you might go into the red to get it. Or you might make a mistake.

This led to an interesting twitter conversation with Forum friend Scott Loftesness. As Scott pointed out, people do, of course, pay for debit cards, but they just don't see explicit pricing. But they might, if the "Durbin debate" ends with issuers being forced to reduce interchange. The National Retail Federation (NRF) in the US has told Congress that delay to debit card swipe fee reform will save banks and their customers more than a billion dollars for every month of delay. Actually, that's not quite what they said...

A postponement of the debit card swipe fee reform could cost US retailers and their customers more than $1bn per month, the National Retail Federation (NRF) warned Congress.

[From Debit fees regs delay could cost $1bn]

I wrote before that if retailers think that they are being so grotesquely overcharged for debit schemes then they should start their own, and I do have to say that I am puzzled that more of them haven't already gone down the decoupled debit route, especially those with strong loyalty databases (eg, Tesco).

My wife’s visit to Target this week prompted a revisit to the decoupled debit space. Target’s value proposition: hand me your check and sign a release form, you will then receive a RedCard linked to your checking account and good for 5% off all future purchases

[From Decoupled Debit « FinVentures]

Retailers in the US, it seems, prefer a different kind of competition. A little while ago I read a piece in the Financial Times, which I couldn't find given five minutes googling, that said that the regulatory capture of $1 billion a month, most of it going to America's biggest retailers, wouldn't make any difference to the prices that consumers pay. I'm sure that's true, and I don't suppose banks pass on all of that billion to customers any more than retailers would, but let's face it: someone has to pay.

Banks have never lost out because of their gracious generosity in allowing customers to use cheque books, debit cards or cash machines for free.

[From The end of free banking would be another slap in the face | Chris Leslie | Comment is free | guardian.co.uk]

This is what people in the UK genuinely believe. As Scott says, they see debit cards as free. There's no way you can now charge them for them. So why wouldn't mobile payment cost be bundled into the bank account fee just as the debit card cost is? Actually, I suspect that it won't be, for the simple reason that I don't believe that consumers won't pay. Mobility has value. If you had asked me whether I would be happy to pay an 8% transaction fee for using mobile payments a few months ago then I would have told you no way. But that's exactly what I did last week when I went and parked at Woking station, cheerfully paying a 40p extra charge for using RingGo (a mobile payment for parking scheme) rather than use cash for a £5 parking charge.

Scott asks how mobile payments can deliver additional value to the merchants. I would say that in my recent dealings with issuer/acquirer/merchants, three general themes have emerged (I stress that these are general: they don't relate to any specific project we are involved in).

  • The first is that retailers like mobile wallets. anticipate lower online abandonment rates with mobile wallets and I suspect they may also anticipate a higher average sale than with cash in physical environments.
  • The second is that retailers expect to be able to use these mobile wallets to interact directly with consumers through loyalty products, coupons, special offers and so on.
  • The third is that mobile should mean fewer disputes and chargebacks, which cost retailers time and money.

All of which means that the retailers will incentivise customers to use mobile, so customers will use it even if it costs them an explicit fee versus the implicit fee associated with debit. Ultimately, I'm pretty sure, that the fact that only 10% of consumers say they will pay doesn't mean anything.

How d'ya like them Apples?

By Dave Birch posted Jan 30 2011 at 5:27 PM

WIth Apple's domination of media mindshare almost total, the fact that you can already buy other handsets with NFC in them (eg, the Google Nexus S and the Nokia C7, although both are currently software-limited) and that the first Blackberry handsets are imminent has been overlooked. All press comment (I know, because I contributed to some of it) has been about the iPhone. One of the questions that I was asked, repeatedly, was about iTunes morphing into a new payment scheme.

“They have 160 million users with digital wallets in iTunes accounts. They don’t have to do anything other than to NFC-enable their phones,” Litan said.

[From Analysts: Apple could disrupt mobile payment industry | BappProducts | iOS Central | Macworld]

They do have numbers on their side, that's true. But as we all know, payments is a two-sided market, so there has to be a reason for the merchants to get on board too.

For merchants, an Apple payment system could prove attractive. Many merchants are raring for alternative payment systems, to avoid having to pay the hefty fees that credit card companies charge for every transaction.

[From Analysts: Apple could disrupt mobile payment industry | BappProducts | iOS Central | Macworld]

Yes, but how will Apple avoid them? Everything I buy on iTunes goes to my MasterCard. Sure, Apple aggregates the payments, but the banks don't provide this service for free, even for Steve Jobs. In order to avoid having to pay credit card fees, Apple would have to do what PayPal does and start persuading people to sign up with their bank account details, which would in turn mean building the kind of anti-fraud platform that PayPal have been building for a decade. And why would they do that? It seems like a lot of non-core investment to commit to.

This investment is needed because the biggest problem will be security. So long as my iTunes password only allows you to buy music tracks for my iPod or games for my iPad or note-taking applications for my Macintosh, to risk is manageable. But if my iTunes password allows you to walk out of a store with a pair of shoes or a telly, then my iTunes password will become valuable. Microseconds after extending iTunes payments to retail stores, Apple would be dealing with millions of customers calling up because their passwords had been phished, copied, guessed.

Japanese police have arrested two people suspected of stealing virtual goods from players of online game Lineage II. The pair tricked victims via a booby-trapped program that claimed to help people play the game. Instead of boosting a character's abilities the program stole account names and passwords.

[From BBC News - Lineage II pair arrested for stealing virtual goods]

I'm sure Apple are perfectly well aware of this kind of crime and know that were iTunes to become a general payment paltform, then it would become widespread. This is hardly wild projection, since the phishing of iTunes accounts is already widespread.

It least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, “My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised.”

[From Fraudsters Drain PayPal Accounts Through iTunes]

I'm sure Apple already has lots of people working on this problem but ultimately it's very difficult to stop people from giving away their passwords and I'm sure the phishers will soon learn to send out the right kind of e-mail messages.

Roughly 50,000 Apple iTunes accounts stolen by hackers are said to be for sale on China's largest auction site.

[From 50,000 Stolen iTunes Accounts On China Auction Site -- Apple iTunes -- InformationWeek]

The underlying problem is, of course, that passwords are not security and no-one should be allowed to use the phrase "password security" in any serious context. So long as the cost of phishing, guessing or actually breaking passwords is fantastically less than the value of the account that they give access to, there is no solution.

Thomas Roth of Cologne, Germany told Reuters he used custom software running on Amazon's Elastic Compute Cloud service to break into a WPA-PSK protected network in about 20 minutes. With refinements to his program, he said he could shave the time to about six minutes. With EC2 computers available for 28 cents per minute, the cost of the crack came to just $1.68.

[From Researcher cracks Wi-Fi passwords with Amazon cloud • The Register]

Ah, you might say, but suppose Apple implements a Secure Element (SE) for NFC and that SE uses standard PKI applications on industry-standard Global Platform in an industry-standard JavaCard. Then a thief would have to steal the iPhone as well as the password, and this indeed true. Apple could implement an identity-based payment mechanism and persuade merchants to install the contactless terminals, implement the new scheme and pay Apple instead of paying the banks (whose fees have just been capped by the Durbin amendment.

Again, why bother. You may as well do a deal with a bank to put a contactless EMV application in the SE. But suppose you are not going to care about anything at retail POS -- except in your own stores -- but instead want to improve security and convenience for customers in general? Imagine this scenario a year from now: I log in to iTunes and it gives me the option of switching to two-factor authentication. (Apple wouldn't call it that, they have better marketing people - suppose they call it Apple Passport or something like that, maybe iMe or whatever.) I accept. From then on, when I log in to iTunes on my iPhone, I don't noticed anything different, but under the hood iTunes is sending a digitally-signed challenge to a digital signature application in the SE. It's decoded using Apple's public key, and signed using my public key (which, of course, Apple know) and sent back. Sorted. Now with this strong authentication, Apple can have higher-priced items for sale via iTunes. When I log in on my PC, a message pops up on my iPhone and I have to enter my passcode. Under the hood, the same process. Now you have to steal my passcode and my iPhone.

A little later, I'll be given the option of making my OSX login "iMe only" and so on.

If anyone can bring PKI to the masses, Apple can. Soon, other companies will negotiate with Apple to join "iMe Connect" and because it is more secure than a password, they will pay to use it. There are payments applications for this (it means that mobile payments can be lifted beyond ringtones and music tracks, and at a lower margin than operators) but I don't see them as being central to the business proposition, because people will be using their iPhone to log in to everything (internet banking, shopping, government) and then, because of the NFC interface, they will begin to use it to "log in" in Apple retail stores and then, soon, enough, other places. Meanwhile, credit cards and Bling, Amex and PIN debit will all be loaded into the SE anyway, so customers will find themselves using their iPhones to get on BART and pay in CVS. This will save the issuers money, because they don't need to issue the plastic, so they can offer a good deal. Andrew Johnson was surely right to point this out in American Banker.

In the end, banks have a lot to gain by being willing to give pricing concessions to Apple in exchange for getting their payment card information directly located in Apple's mobile wallet service. Doing so could give those banks a first-mover advantage.

[From In Apple Mobile Pay Plans, a Possible Opening for Banks - American Banker Article]

Apple doing the identification and micropayments, leaving larger payments to the finance sector who will in turn pay Apple. Now we can see the real play, and a first-rate strategy for the next phase of online evolution: own identity and authentication. ITunes as a payment scheme to rival cards, PayPal, iDeal? No. iTunes as a payment scheme to get people used to logging into things with their iPhones? Plausible. iTunes as something that delivers a variety of customer communication and management option of real value to merchants (a cross between Barclaycard Freedom, Bling and Taggo)? Yes. Why? Because knowing who someone is is so much more valuable than a small slice of their payments, a fact that informed industry observers have pointed to since the Apple/NFC rumourmongering began.

the real revenue streams to Apple will not be from “interchange” but from advertising as iAD provides the “Yang” to the NFC’s “Ying”. Creating a new payment ecosystem means having incented partners. The timing on Apple’s iAD and NFC developments are not accidental, my belief is that they are part of a very solid mCommerce expansion strategy.

[From Apple’s NEW NFC Patent « New Ventures in Financial Services]

Look, I don't know what Apple's strategy is any more than you do, but from the perspective of helping clients to formulate their own broad strategies for NFC, payments, value-added payment services and identity, this is a reasonable strawman, which is why we've been using it.

Mobile challenges to the financial sector

By Dave Birch posted Jan 20 2011 at 2:24 PM

What's big in payments right now? I don't think we have to guess. Our good friends at PaymentsNews have already pointed out that

Two payment-related themes are emerging from NRF conference being held this week in New York: POS encryption/tokenization and mobile payments acceptance.

[From Payments News from National Retail Federation BIG Show 2011]

One of these themes is all about reducing costs (the costs of PCI-DSS compliance are very high, but I don't want to talk about them in this post), the other about creating new opportunities. It's hard to argue with this prioritisation: mobile has to be the no.1 strategic issue. But new opportunities for who? The mobile operators? The international payment schemes? The banks? Chetan Sharma's survey says that it will be the schemes. I'm not so sure, because it would mean that current value networks will be substantially unchanged through the transition, which doesn't seem right to me.

Can the current payments landscape of banks issuing cards being accepted at merchants being acquired by other banks translate into the mobile environment? We (the industry) used to think that banks and mobile operators would eventually get around to being pals and would sort things out to set the new value network in motion. Will they? Who knows: but the barbarians are at the gate. Eric Schmidt, the Google CEO, writing in the Harvard Business Review, set out Google's strategic priorities for the coming year:

Second, we must attend to the development of mobile money.

[From Preparing for the Big Mobile Revolution - HBR Agenda 2011 - Harvard Business Review]

Wow. Mobile money is Google's second-highest priority. In fact, as Eric notes, Google top three strategic priorities are all about mobile. They are going to be a big part of the mobile marketspace from now on.

In last year’s survey, Google/Android narrowly missed out to be the biggest story of the year but this year, the verdict was clear that Google will continue to dominate the headlines with Android devices and new updates and apps.

[From Always On Real-Time Access » 2011 Mobile Predictions Survey Results]

There's a particular interest there for those of us who have long thought that NFC is going to be a gamechanger because customers find the convenience of contactless so attractive: it energises all sorts of applications, not only payments (actually, payments are rather dull - probably not the application that drives people into the stores to get NFC handsets).

Google is building a mobile wallet nicknamed "Cream," which it plans to integrate with Android NFC phones that consumers could tap to pay in stores

[From Google Building an NFC Mobile Wallet; U.S. Banks Are Interested | NFC Times – Near Field Communication and all contactless technology.]

You can see where this is going. Banks will be offered a choice of loading their payment applications to the operator-controlled UICC or to the embedded secure element in Android phone, iPhones (rumoured to have NFC soon) and Blackberries (the first Blackberry devices with NFC are about to launch). Not only will these not be controlled by the bank, they won't be controlled by the operator either. If the infrastructure for accepting NFC payments is simply more mobile phones, even mobile phones with knobs on, there's no barrier to new types of payments sitting in those secure elements.

Anyway, back to the competitive landscape. If you were being negative about mobile operators, you might conclude that they've blown it: a couple of years ago they had the chance to get NFC moving on their terms, but they wouldn't order the handsets. Now they're going to have to work hard to get back into the value network. And a particular issue will be the basis of competition: what are they going to offer on their NFC platforms? I've mentioned before that I think identity is an area where innovation might generate something new for them, so perhaps the operators are developing new propositions around digital identity (the mobile passport or whatever), or couponing and loyalty, or sports, or event ticketing and management.

And so it is that accountants, banks and mobile phone companies see themselves as engaged in intense competition while customers think they are all the same. Competition as businesses perceive it is not at all the same as competition as consumers perceive it.

[From John Kay - Radical innovation rarely comes from within]

John is typically thought provoking, and surely correct. In the specific case of mobile, though, there's another aspect: the operators ability to innovate, even if they wanted to, is being constrained.

The Verizon iPhone is exactly the same as the AT&T iPhone, just on a different network — and not even on Verizon’s fastest, latest network, which could have showcased Verizon’s strengths.

[From Why Verizon’s iPhone spells the end of the golden age for carriers | VentureBeat]

There's a difficult line to tread when blogging: after all, we provide consultancy services to the industry and I have to try to balance the display of corporate expertise and depth of understanding with sensitivity to clients plans. I hope I won't get in to trouble for saying that I think it is a real problem for some of our clients that their strategy people think about competition in conventional terms: operators, banks, schemes. These aren't the people who will put them out of business -- or, more likely, reduce them to pipes (for bits, money, data), which could still be a good business if they are operationally efficient -- if they do nothing to respond to the challenge coming from the outsiders. Its going to be a fun year in mobile.

If you're interested in learning more about this kind of thing, Consult Hyperion's Head of Mobile Money, Paul Makin, will be presenting on the challenges that mobile presents to the financial services sector at Mobile Financial Services in London on March 15th-16th 2011. Do come along and join in the discussion.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

iPown

By Dave Birch posted Dec 13 2010 at 7:53 PM

To understand why the fuss, and why this is of relevance to the digital money world, you need to understand a couple of technical architectures relating to mobile phones and the role of the Secure Element (SE). The SE doesn't exist in phones yet, but it's important because if we want to implement anything important (such as payments) inside a phone, we need somewhere to store cryptographic keys, and that somewhere needs to be tamper-resistant to a great degree. Thus we need a handset to have an SE. Ah! You might say: but handsets already have a tamper-resistant thingumy inside them, why not use that?

That's a good point. In the modern way of things, the tamper-resistant chip thingumy the handset is more properly called the UICC:

The UICC (Universal Integrated Circuit Card) is the smart card used in mobile terminals in GSM and UMTS networks. The UICC ensures the integrity and security of all kinds of personal data, and it typically holds a few hundred kilobytes. With the advent of more services, the storage space will need to be larger.

[From UICC - Wikipedia, the free encyclopedia]

Historically, we've tended to associate the UICC (in the form of a removable smart card) with one application only, and that application is the Subscriber Identification Module (SIM) that allows the phone to connect to a mobile network and refer to the combination as "the SIM". But...

A UICC may contain several applications, making it possible for the same smart card to give access to both GSM and UMTS networks, and also provide storage of a phone book and other applications

[From UICC - Wikipedia, the free encyclopedia]

It can also contain more than one of each. Thus, you could have multiple "soft SIMS" inside one UICC (that special case where the UICC contains only one application, and that is a SIM, we will refer to henceforth as the "hard SIM"). Now let's consider what happens when Apple add an NFC interface to their devices and therefore need an SE.

The filing also points to the inclusion of near-field communication (NFC) technology in upcoming iPhones — and, for that matter, in Macs and media devices such as the Apple TV.

[From Apple patent seeks to reinvent retail • The Register]

Where can the SE that makes the NFC interface useful go? Either we can plug in an SE (eg, a DeviceFidelity microSD) or we can add an SE to the UICC (the e GSM Association, GSMA, preferred option) or we can build an SE into the device by adding it to the motherboard. The GSMA want to put the applications that control the NFC interfaces to be on the UICC, which kind of makes sense because if you take your UICC out of one phone and put it in another, then you'd want your SE applications (eg, your MasterCard, Oyster etc) to go with it. But not everyone thinks that the SIM is the key to this picture.

Suppose that instead of adding an SE, Apple add a UICC and put the SE in that? What this means in practice is that the UICC will be inside the iPhone or iPad or Mac, on the motherboard. But the SE need not be the only contents of the UICC. Why not put soft SIMs in there as well and do away with fiddly microSIMs? If I walk into the Apple Store in London and buy a 3G iPad, say, then the UICC could come with a default SIM application. Let's say this is O2. When I take the iPad to France, instead of paying outrageous 3G roaming charges (and therefore leaving my iPad at home), my iPad will download a French operator's SIM application and start using that. I won't choose the operator -- in fact I won't even know this is going on, because Apple will simply negotiate with mobile operators to provide commodity service.

In other words, perhaps we move to a world in which the operators' SIM connectivity function becomes just software running on someone else's physical card.

[From Dean Bubley's Disruptive Wireless: Apple, embedded SIMs, NFC and mobile payments - some speculation]

Dean is spot on. And you can see plenty of positives in this architecture. If you're not a mobile operator, that is. If you're a mobile operator, this is another step towards being nothing more than a pipe. As a customer, I think I'd be quite happy with the mobile operators as a pipe, selected purely on a cost/QoS basis (and competing with each other on that basis). After all, they haven't (in Europe) got very far with "smart pipe" services such as, just to name two examples, digital money and digital identity. So the Apple UICC containing soft SIMs and an SE may not be such a bad architectural option for consumers. But...

The operators are privately saying they could refuse to subsidise the iPhone if Apple inserts an embedded subscriber identity module, or Sim card.

[From FT.com / Telecoms - Apple warned over built-in Sim cards]

There are other people in this value chain too, such as smart card manufacturer Gemalto who were rumoured to be making the Apple UICC.

Gemalto explained to us why such a deal, which involved a significant amount of devolution from the mobile phone operators to the mobile phone manufacturers, is unlikely to happen without the tacit approval of network carriers themselves.

Gemalto has been a strategic partner for mobile phone operators for more than a decade now (the company is the biggest SIM manufacturer in the world) and gets the majority of its revenue (more than 60 per cent of last year's 1.654 billion Euros).

[From Gemalto : No Apple iPhone 5 Deal On The Table Yet | ITProPortal.com]

Quite. But let's just go back over another main point: in order to provide payments, or other useful services, via NFC it is not necessary to have the co-operation of the carriers.

Visa's approach "shows that basically there's nothing that the carriers can do that the [payment] networks can't do without them," McPherson said.

[From Mobile Payments Set for Surge, But Who ll Set the Pace? - American Banker Article]

The mobile operators have no acceptance at retail POS so they have to work with payment scheme partners to reach scale, but other payments players don't need the operators. They can put stickers on the back of phones, plug microSD into handsets or use the NFC interfaces that will be built in by Google, Apple and RIM. Since customers will come to expect these services, they will eventually get built in to all handsets. Unless the operators can launch highly functional NFC platforms quickly (which they probably should have started doing a couple of years ago) then they will be out of the loop.

Issuing hard SIMs is expensive, so if the operator's connection with the customer is downgraded, there is no point in doing it and the operators would save money by providing soft SIMs to any UICC that they can bill to. So I think the situation is this: in the future, many devices will a UICC built-in. This UICC will function as an SE for NFC interfaces. The UICC will store a number of soft SIMs, not only for mobile phone communications but for future 4G and 5G communications. The UICC will also hold standard digital money and digital identity applications. And instead of Vodafone and Telefonica controlling the matrix, Apple and Google will.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]