Mobile Payments: Alternative Platforms and Players

Gérard Carat, IPTS


Issue: Wireless phones are becoming an attractive alternative platform for accessing the Internet, and therefore e-commerce. Thus, they are also starting to integrate innovative electronic purse functions for both real-world and online payments. Understandably, telecommunications operators are seeking to ensure a stronger role by capitalizing on their historical strength in network billing and supervision and have started numerous payment initiatives over their mobile networks.

Relevance: In view of the fact that technical developments in telecommunications could involve non-bank players in some traditional banking functions, regulators will need to follow progress as it unfolds. Prudential supervision of the new entrants may be justified to ensure financial integrity and consumer protection, but this will need to be carried out in a way that does not hinder innovation.


Introduction

With the soaring success of the Internet and the huge potential it represents for electronic commerce, Internet actors are working on new and secure methods of payment. These include electronic banking, electronic purses, electronic cash, electronic cheques, Electronic Bill Payment and Presentment, loyalty schemes, peer to peer payments and mobile payments.

The rapid growth of mobile phone use makes these devices look attractive as a vehicle for a payment system

Regarding the last of these schemes –payment carried via a mobile phone– the business case looks enticing if we take into account the (fast growing) penetration rate of mobile phones (over 45% in Europe). In comparison, personal computers, the traditional gateway to online services, have a 33% penetration rate in Europe and their installed base is growing more slowly than mobile phones. The portability feature of the mobile phone (the fact that people carry it with them) also makes it practical to incorporate cashless payment mechanisms that can be used in the real world as well. Whether through the highly advertised WAP (wireless access protocol) technology1 or the third generation of mobile communications due to come onto the market in 20022, wireless is indeed becoming increasingly important as a means of accessing the Internet and therefore as an access device to purchase goods over the internet.

Mobile payment solutions

The most immediate and easy-to-implement payment system is to transform cellular phones as a means to buy goods or services either through the prepaid phonecard for low-value purchases or the monthly phone bill for both low-value and larger amounts. More refined solutions include, among others, offering a real time gateway to bank transactions, a wireless internet banking service, or an additional security channel for PC-based online purchases to verify the identity of the payer and confirm a transaction through his/her mobile phone (see Table 1 for examples of mobile payment alternatives).

Table 1. Examples of mobile payment offerings3

Name, Country, Partners How it works Comments
Real world payments via mobile phone
Mobile Pay (Finland), Sonera Payment via mobile phone currently used for fast food services and vending machines.The payment is invoiced on the phone bill as a call to a service number. The service can be used by customers of all operators, and it can be used from all mobile phones currently on the market. Parking payment is a recent addition and is being run as a pilot in Helsinki.
Movilpago. 50% joint
venture Telefonica & BBVA
bank (Spain
)
Low-value payments via a mobile phone. Compatible with prepaid phonecards and traditional phone bills. 1) the merchant enters the phone number of the consumer and the code of the product to be purchased via an ad hoc merchant terminal 2) consumer mobile phone screen shows the product description and price 3) consumer confirms the transaction by entering a PIN (personal identification number) 4) a confirmation message is sent to both the mobile phone and the merchant terminal. This system does not require adaptation of either the SIM card or the mobile phone. In its initial phase, GSM users can access this service by subscribing to the services of Movilpago. It is not necessary to change banks or bank accounts. The PIN is sent over the SMS (Short Message Service)channel using USSD (Unstructured Supplementary Service Data) technology. Available in Spain in autumn 2000 and introduction in 30 countries is planned over the next two years.
Paybox. Experian, Oracle,
  arcom Deutsche Bank (50%),
  Lufthansa, HP, (Germany)
Payment via mobile phone, but not suitable for micropayments. Buyer and seller respectively need a mobile phone and a contract with Paybox. Paybox provides the user with a PIN. 1) Payer communicates his phone number to the merchant 2) The Merchant communicates this phone number + price to paybox 3) Paybox calls payer and asks for authorization of payment 4) Payer authorizes by his PIN 5) Paybox informs Deutsche Bank as credit institution to settle the payment using a common payment instrument (at the moment: direct debit). Paybox is an open and neutral payment intermediary aiming at banks independent from telecom operators.

Does not depend on PKI (public key infrastructure) structures and transmits the PIN via DTMF (Dual tone multifrequency) procedures but could migrate to PKI if widely available. Internet payments as well as other POS (point of sale) payments are possible. Peer to Peer payments between paybox users are also possible.

Online payments: extension of the Internet to the mobile device
Lloyds. Lloyds and BT Cellnet (UK) Online banking on mobile phones from November 2000. The online PC service is adapted to WAP phones. The venture will offer customers a free mobile handset, free off-peak Internet access and other incentives.
PayPal. X.com (USA) Email-based money transfer and payment, eventually paid with credit card or bank debit but without divulging card or account numbers. Currently available through PC-based email, Palm organizers and Internet-enabled mobile phones in the US. X.com plans to introduce PayPal in Europe soon. Customer base of over 2.7 millions in the US.
Hybrid payment solution using the specificity of the mobile phone to secure payment over the internet
CB. France Telecom Mobile, CB (France) Allows customers to shop at home on their PCs or fixed-line phones, then pay by inserting the debit/credit cards into smart card readers in dual-slot mobile phones, avoiding the need to type their card numbers and sending them over the air. Also solution to reload prepaid mobile phone accounts and pay bills using the CB charge cards. Payment solution using dual slot mobile phones, one of the slots being for chip-based Cartes Bancaires charge cards. France Telecom is also extending the service to WAP phones, letting customers shop and pay securely on the same wireless device.
GiSMo /(G Internet) S M open. Millicom International Cellular (USA) Like credit card purchases on the Internet, except that GiSMo technology uses your GSM phone to verify your identity at the time of the transaction. When paying with GiSMo, you will receive a transaction-specific code on your GSM phone that you must enter on your computer screen to complete the transaction within a limited period of time. It also offers online access to customer’s account details. The mobile phone is used as a complementary tool for extra security in an internet transaction since a hacker getting your GiSMo account number will also need to steal your mobile phone.

Security of mobile payments

To play a role as the payment device of the future, the mobile handset needs to improve security and user trust. The WIM card is one approach

Beyond these innovative services, wireless payment will have a bright future only if the mobile phone has inherent, built-in security hardware and software that users can trust. This is why additional security features will be integrated into the mobile handset (and network) to transform wireless communication devices into a secure means of payment (see Box 1).


Box 1: SIM and WIM – Identification at the core of the process

Two types of identification cards can be integrated inside mobile phones:


Whereas the SIM-card plays a central role in the GSM network in identifying the subscriber, the WIM-card is being introduced to convert phones into payment devices5. But the way these two chip cards are linked is not a trivial matter. Banks, operators and handset manufacturers face a choice of at least five potential handset designs that will be able to accommodate, amongst other things, bank debit schemes, electronic purse payments and credit card applications6. These options are:

Banks, operators and handset manufacturers face a choice of at least five potential handset designs intended to allow the incorporation of secure payment technology

Exploring bank and non-bank interaction

The decision to choose one payment architecture rather than another has major implications for the respective role of banks, telecoms operators, retailers, and other intermediaries

 As we can see in the list of handset design, the decision to choose one architecture rather than another has major implications for the respective role of banks, telecoms operators, retailers, and other intermediaries. The central role of telecom operators in the mobile telephony networks gives them a privileged entry point to increase their role in payment solutions to the detriment of the banks. It is therefore not a surprise to see that banks and telecoms operators have started to back a number of distinct standardization initiatives9.

One of the battlegrounds among the numerous and complex standardization debates is on where to stop the application layers on the SIM card: presumably operators will want higher layers (to allow scenario 4 and combine WIM into SIM10), whereas banks will not (favouring scenario 2 to keep WIM and SIM separate).

However, bank disintermediation can take place in many other ways. "Brick and mortar" retail chains (such as Tesco in the UK) have started to expand their core retailing activity to include petrol, pharmaceuticals, funerals, online banking, credit card (co-) issuance and insurance to offer a "one stop-shopping service" to their customers. When it comes to banking or insurance, they outsource these services to existing banks or insurance firms who have the expertise, but who agree to waive their brand and cede control over the interaction with customers11 to the retailer.

Network access providers with critical mass and, more importantly, permanent access to their customers through easy-to-carry wireless devices, will be able to integrate a whole range of services like banking, insurance, ticketing, stock trading, advertising etc. into their portals. The financial aspects of this are significant as savings obtainable by using the Internet channel for activities such as buying airline tickets or performing banking transactions may be as high as 87-89% (OECD, 199912). Some mobile operators may choose to capitalize on their partnering bank’s brand but others will prefer to act as the sole service provider and deal with banks who will waive their visibility in the transaction (cf the Tesco example). This scenario is of course not specific to mobile operators but actually started in the PC-based Internet world. However, as mentioned above, the portability feature and the high penetration of wireless devices make them a convenient platform to bring together these online services under one brand (assuming that their currently excessively small screen will be progressively adapted to these new interactive services).

With the advent of the new forms of online and offline payment, a payment transaction can no longer be summarized as a four-tier relationship between payer, payee, and their respective banks

With the advent of the new forms of online and offline payment mentioned in the introduction, a payment transaction can no longer be summarized as a four-tier relationship (payer, payee, and their respective banks). New intermediaries are appearing and it is not simply a case of telecoms operators stealing business from the high street banks. At the same time, credit card companies’ business is also at risk. If we consider the case of the Paybox system shown in table 1, mobile payment transactions are currently cleared by direct debit but could perfectly be allocated to a credit line granted by the bank13. The 3% fee currently charged by Paybox is lower than that credit card companies generally charge merchants. If we weigh credit card fees’ unpopularity amongst merchants against their strong and recognized brand, which is their major asset, there is a window of opportunity for services like Paybox to become an alternative to credit cards. Although Paybox’s strategy does not aim to compete directly with credit cards, the original intention to replace cash could hit credit cards as a side effect. Understandably credit card companies have initiated alliances with wireless device manufacturers (i.e. Visa and Nokia) and in other fora such as the Global Mobile Commerce Interoperability Forum, Electronic Mobile Payment Services and Mobey to extend their services to the mobile platform.

The fact that telecom operators could potentially implement an offensive strategy in mobile e-payments should not overlook the fact that most of the mobile payment services currently offered in the marketplace are actually partnerships between banks (and/or credit card companies) and mobile operators. The two sectors being so specific and complex, they may see it as being in both their interests to collaborate. Network operators have expertise in billing but banks havemore experience in cash-flow and card management.

In general, mobile phone operators seem to be trying to enter the payments business in partnership with the traditional players rather than in competition with them

Mobile phone operators could also look to the banks to help them increase customer loyalty and so reduce churn (i.e. the tendency to switch between mobile operators). The remote banking collaboration which started in 1997 between UK operator Cellnet and Barclays has enabled Cellnet to reduce its churn rate by 10% to 15%. This is a powerful argument, given that 25% of European mobile phone subscribers change networks every year (the consultancy firm Andersen Consulting estimates the cost of churn to be around 20 billion euros a year). After all, it is unlikely that banks will be bypassed by new intermediaries in the new electronic payments systems. One of their trump cards is that they will keep control of the settlement part of the payment transaction14.

Nevertheless, some mobile phone companies do seem to be interested in competing directly with the banks (for instance, MobilCom AG has been granted preliminary approval by the Federal Banking Supervisory Authority to set up a banking unit). Considering the high price paid by mobile operators in the recent auctions for third generation services spectrum, one can indeed imagine that the successful bidders (and Mobilcom AG is among them) will be looking to as many strategies as possible to recoup their licence costs, and that could include a more aggressive strategy in mobile payment services.

Conclusions

One might argue that what is threatened by new technologies is not so much banking per se, but perhaps some of the established banks. Regulators may opt to screen new entrants to ensure they meet a checklist of requirements before they are authorized to carry out certain banking-type functions. For the sake of consumer protection, these might include security and data integrity requirements. However, if the regulatory burden is heavier than necessary, it risks slowing down innovation from non-banks in the mobile sector where Europe needs to fully capitalize on its competitive edge.

Also, the fact that mobile operators can implement electronic wallet schemes makes them fall within the scope of the Directive on Electronic Money Institution15 to the extent that the value stored on a prepaid card is accepted as means of payment by establishments other than the issuer. But, given that the EMI-directive specifically covers pre-paid forms of payment solutions, it is not entirely clear what would happen if the mobile payment is actually invoiced on the monthly phone bill (and is therefore not pre-paid). In some member states a bank licence may be needed. In other member states issuing a payment instrument does not in itself constitute banking and does not lead to additional supervision.16 Clearly, these varying regulatory scopes and regimes may add a climate of uncertainty for innovating firms.

Finally, financial institutions are trying to influence the ongoing standardization initiatives and to circumscribe the innovation potential of mobile phone technology with a view to combining it with existing payment instruments. Because of their central role in the mobile networks, telecom operators are among the few outsiders powerful enough to push alternative options. The result is that banks, credit card companies and telecom operators are in some instances involved in parallel standardization initiatives for mobile e-payment. These differing agendas could slow down a process of development across industries in an area where Europe could benefit a great deal from fully capitalizing on the GSM success story.


Keywords

mobile payment, mobile commerce, mobile banking, mobile finance, wireless internet, electronic purse, smart card, credit card companies, bank desintermediation

Notes/References

1. See http://www.wapforum.org

2. See http://www.umts-forum.org

3. These examples are taken from an inventory database of European electronic payment solutions, market actors and web-links. The inventory (under development) is part of the IPTS-led ePSO project (European Payment Systems Observatory) accessible at http://epso.jrc.es/inventory ePSO is part of a European Commission DG-ENTREPRISE project whose primary objective is to become an independent reference point for information on e-Payment Systems.

4. A public key encryption algorithm is one in which one key is made public and the other kept secret. Applications for this technology include digital signature, authentication and encryption of the message, document integrity, network access control and non-repudiation. More information in: http://www.pkilaw.com/

5. Even if the SIM is a prepaid card and the mobile phone user is anonymous, the network operator only needs to know how much pre-paid airtime is left, and the actual identification of the buyer will take place through the WIM card. In the case of a micropayment, the anonymous user of a prepaid card can either choose to use the monetary value of its pre-paid airtime as anonymous electronic purse or (for larger amounts) go through the more secure bank-account-based WIM transaction where he/she will be identified as a buyer.

6. See also Erik Dahlström’s article in the ePSO newsletter number1: http://epso.jrc.es/newsletter/newsletter.html

7. http://www.francetelecom.fr/vfrance/actualite/commdosp/actu200600_2.htm

8. http://www.merita.fi/E/Merita/sijoita/uutta/990524.ASP

9. Among them we can mention the Mobey Forum –backed by European banks and Visa– focusing on financial aspects of payment over mobile phones; and the ETSI Smart Card Platform (SCP) –backed by operators and manufacturers– aiming at developing a common standard for m-commerce. See also: http://www.totaltele.com/view.asp?articleID=26214&Pub=CWI&categoryid=705

10. See for instance the announcement by iD2 Technologies and Across Wireless of how a standard SIM card can perform digital signatures, http://www.acrosswireless.com

11. See for instance: http://www.tesco.com/finance/home.htm

12. As quoted by the UK Government Ecommerce task force report (p.53), http://www.foresight.gov.uk/servlet/DocViewer/doc=1155/

13. For more information, see interview of Paybox COO in the ePSO newsletter number1, http://epso.jrc.es/newsletter/newsletter.html

14. See the BIS September 2000 report on Clearing and settlement for retail payments, http://www.bis.org/publ/cpss40.htm

15. Status of Codecision procedure on electronic money directive, http://register.consilium.eu.int

16. See Simon Lelieveldt’s article on the topic in the ePSO newsletter number1: http://epso.jrc.es/newsletter/newsletter.html

Contact

Gérard Carat, IPTS

Tel.: +34 95 448 83 53, fax: +34 95 448 82 79, e-mail: Gerard.Carat@jrc.es

About the author


  • Gérard Carat holds an MBA from ENST (Ecole Nationale Superieure des Télécommunications). Before joining the IPTS Communications Technologies unit, he worked at DG INFSO Information Society) on the team of the Advisor to the Director General on Economic and Strategy Aspects, Analysis and Forecasts, where he focused on market analysis of the telecoms and multimedia sector. Previous to this, he worked with France Telecom and British Telecom.


Contents Report 49

About The IPTS Report

Subscriptions

E-Mail: ipts_secr@jrc.es