Mobile Payments 101 Richard A. GibbsJune 1, 2011 Karen Ross Andrew Lorentz How do they work?

2 Agenda  What is a mobile payment?  Mobile payment technology  Near field communications  Value proposition and challenges  Critical issues

3 What is a mobile payment?  Mobile payment  a payment (transfer of funds in return for a good or service) where the mobile device is involved in the initiation and confirmation of the payment  includes P2P transfer of funds  Mobile banking  access to banking functionality (query + transaction) via the mobile device  includes the provision of part or all of the banking functionality already provided by banks over the Internet in the form of online banking  Mobile transaction  transaction where the mobile phone is used simply to initiate an order but not make a payment or to receive delivery of goods or services (e.g., event ticket bar code)

4 Mobile payments technology  Short Message Service (SMS)  SMS is a communication protocol allowing interchange of short text messages  Problems as a mobile payment platform  Slow, store-and-forward operation  No security or encryption, sent in clear text only (except during transmission over the air)  No inherent proof or confirmation of receipt or delivery  Generally used to purchase digital goods (ringtones, avatars, games) or send money P2P or P2B Send money  Send a text to (PAYPAL). Specify the amount and the recipient’s phone number or address. Send money  Request money Send a text to (PAYPAL). Include the words get and from, and then specify the amount and the phone number of the person you’re requesting money from.

5 Mobile payments technology  Unstructured Supplementary Service Data (USSD)  USSD is a mechanism for transmitting information via a GSM network  Unlike SMS, USSD offers a real-time connection during a session which makes it faster  Used extensively overseas for mobile financial services such as remittances and bill payment  Examples: M-Pesa in Kenya, TchoTcho Mobile in Haiti

6 Mobile payments technology  Quick response (“QR”) two-dimensional barcodes  Popular for closed-loop applications  Starbucks, Target, other retailers

7 Mobile payments technology  Near field communication (NFC)  NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices over about a 4 cm. distance  Allows emulation of existing contactless payment standards (MasterCard PayPass, Visa payWave, American Express ExpressPay, Discover Zip)  Allows P2P transfers (NFC device to NFC device)  Can read “tags” from smart posters for offers or coupons

8 NFC applications Source: Essentials for Successful NFC Mobile Ecosystem, NFC Forum (Oct. 2008)

9 NFC business models  Mobile network operator centric model  MNO independently deploys mobile payment service  Can bypass financial institutions or develop open “wallet” application  Challenged by lack of connection to existing payments networks  Generally limited to remittances and P2P  Financial institution centric model  Financial institution develops a mobile payment application to be used on any mobile device  Ensures merchants have necessary POS capabilities  MNO involvement may not be necessary  Collaborative model  Financial institutions, MNOs, and trusted service managers collaborate to deliver mobile payment  Model favored by the Federal Reserve  P2P model  Third party develops application to provide P2P or other form of mobile payment

10 NFC stakeholders  Key Stakeholders  Consumer  Financial Institutions (FI)/Banks  Mobile Network Operators (MNO)  Merchants  Trusted Service Managers (TSM)  Supporting Stakeholders  Payment Card Associations  Handset Manufacturers  Secure Element Manufacturers  Technology Providers (NFC Chipset, POS Terminals)  Third Party Application Providers  Standard Bodies

11 NFC mobile payment ecosystem “You have banks competing with carriers competing with Apple and Google, and it’s pretty much a goat rodeo until someone sorts it out.” Drew Sievers, chief executive of mFoundry (developer of mobile payment software for merchants and banks)

12 NFC stakeholder roles  Consumers who use the mobile payment device  Issuers and Acquirers who are regulated financial institutions with access to payment networks (banks and money transmitters)  Merchants who can accept contactless payments  Mobile network operators who ensure a supply of NFC-capable mobile devices and may be gatekeepers for secure elements  Payment networks who set standards and promote acceptance of payment cards  Chip and handset manufacturers of NFC-capable mobile devices who comply with standards  Trusted service managers who provision and manage the applications on NFC-capable mobile devices  Issuing and acquiring payment processors who process payments on behalf of issuing and acquiring banks  Application issuers who offer applications for specific purposes (e.g., proximity payment cards, transit, vending, person-to-person payments)  Application developers who develop applications for use on NFC-capable mobile devices

13 Standards bodies involved in NFC Maintains, evolves, and promotes standards for payment account security. Drives adoption of its technical standards, which provide an open and interoperable infrastructure for transactions performed using smart cards, systems, and devices. Engages in technical, commercial, and public policy initiatives to ensure that mobile services are interoperable worldwide. Develops mobile service- enabler specifications to promote interoperability. Establishes international standards, including standards applicable to financial transactions and contact and contactless smart cards. Develops, maintains, and drives adoption of its programming language and APIs, which provide an open and interoperable infrastructure for applications and secure communications within devices. Develops specifications for NFC devices that are based on ISO/IEC standard for contactless interfaces, ensuring interoperability among devices and services.

14 Overview of NFC device components

15 Securing NFC mobile payments  Security critical applications that require payment and account credentials need secure hardware storage and a secure execution environment  Role is handled by the secure element (SE)  A secure element is a platform where applications can be installed, personalized and managed, which consists of hardware, software, interfaces, and protocols that enable the secure storage of credentials and execution of applications for payment, authentication, and other services

16 Secure element location options  On the universal integrated circuit card (or UICC)  Typically this is the phone’s subscriber identity module or SIM.  MNOs have control of the UICC.  On a separate chip or SD card inserted in the phone.  Financial institutions have the option to be MNO independent.  Embedding the secure element in the phone itself.  Preferred option for the location of the Secure Element

17 Deployment scenarios Simple Mode—A MNO- centric model where only the MNO performs SE lifecycle management functions but TSM can monitor and verify loading of applications

18 Deployment scenarios – closed model One MNO – One TSM

19 Deployment scenarios Delegated Mode—TSM is authorized to load applications and perform application lifecycle management functions

20 Deployment scenarios Authorized Mode—Several entities are authorized to load applications and perform application lifecycle management functions

21 Deployment scenarios – open model Multiple MNOs – Multiple TSMs

22 Collaborative business model for NFC

23 Collaborative security model for NFC

24 NFC advantages…  Security  Multiple layers of security (secure element, PIN, additional authentication factors [phone number, SMS challenge], information never passed as clear text  Lower merchant liability costs  Mag-stripe data exposure is eliminated  Lower issuer costs  No physical card distribution  Reduced fraud due to lost cards

25 Value proposition and challenges  Customer is always “on-line,” which allows for  Improved customer relationship management  Receipts sent to phone after purchase  Increased yield from marketing spend  Co-marketing – purchase concert ticket and get a e-gift card for purchase of music on iTunes  Targeted offers  Messages and offers can be sent to customer in conjunction with a transaction (e.g., rebate coupons, map to event just purchased)  Paperless coupons  Smart offers – customized offers sent to customers based on customers’ demographics and transaction history

26 Value proposition and challenges  Stakeholders have varying motives for pursuing mobile payments  Financial institutions  Mainly a defensive play to protect current payment products  Prevent further disintermediation of the financial institution by keeping financial institution involved in any solution developed  Reduction of transaction costs of existing payment methods, especially cash and checks  Mobile network operators  Provision of value-added services to subscribers to reduce churn and increase average revenue per unit through associated increases in airtime and data usage

27 Value proposition and challenges  Merchants  Faster checkout  Ability to send directed marketing messages  Reduced transaction costs and fraud liability  Increased customer satisfaction and loyalty through offers and reward programs  Consumers  Faster checkout  Security  Convenience

28 Value proposition and challenges  High cost for merchants  POS terminal updates or replacement  New systems may need development  Adoption by consumers  Consumers averse to change  No incentive to use contactless payment card (even if they have such a card)  What is the revenue model?  More players in the revenue food chain  Untested technology

29 Critical issues – privacy and control  Whose customer is it?  Whose data is it?  How can I market to these customers?  How can I help others market to these customers?  Google Offers, mobile couponing  How can I use information about these customers?  Geo-location, etc  Who controls collection?  Who controls communications with customers?  Who safeguards the customer data? (liability for breach)

30 Critical issues – financial services  Who powers the payments and how?  What payment instruments? Debit instruments subject to possible Fed rate cap  What authority? (bank or money transmitter)  How does the financial institution meet its compliance obligations?  If the MNO wants control – how does it comply with financial services laws and regulations?

31 Critical issues – technology and operations  How should the solution be implemented?  Whose intellectual property is used?  Is the business model financial institution- or mobile operator-centric?  Who manages the secure element and applications on the secure element?  Will the application be open or closed (or somewhere in the middle?)  Consumer choice and ubiquity

32 Critical issues - economics  What are some possible revenue models?  Incremental revenue attributable to NFC  Pay-as-you-go model  MNO or TSM obtains revenue from application issuers for personalization and provisioning  Landlord-tenant model  MNO obtains revenue from charging application issuer “rent” for space of secure element  Interchange and transaction revenue  Banks obtain revenue through current interchange process no matter which business model is chosen, however, interchange usage fee must be shared with more parties  MNO obtains revenue from increased data usage