Mobile Payment

Assoc.Prof. Dr. Thanachart Numnonda

Director
Software Park Thailand
22 November 2010

Agenda
Mobile Financial Services
Banking 2.0
Mobile 2.0
Mobile Banking
Mobile Payment
M-Payment Technology & Applications
Security
Examples
Suggestion & Conclusion

Mobile Financial Services

The convergence of payments

and mobile communications is not just logical
it is inevitable

John Philip Coghlan, Visa USA CEO

March 2007

What is Mobile Financial Services ?

Source: Mobile Payment series 2009: www.mpayconnect.com

Mobile Financial Services Video

Mobile Payment Platforms

Mobile

Banking: This will enable users to transfer money

from account to account, pay bills, manage/monitor account
e.g. spending limits, credit fraud. . e.g. Mobile banking
platform providers Promptnow, mFoundry and Firethron.
Remote Purchase: Using the mobile phone to purchase
goods through a secure portal, instead of a computer on the
internet. e.g. PayPals "Text-to-Buy" enables users to make
remote purchases.
Person to person mobile payments: Where a mobile
device can be used to complete a person-to-person transaction.
Point-of-Sale: Using a mobile device at a physical store front,
at the cash register to purchase inexpensive products quickly
and easily.

Mobile Money Transfer

1.7 Billion unbanked mobile users (2012)

Business Model
High

Banks involvement

Bank-Centric Models

Collaborative Models
Point-of-sale NFC payments
Mobile Banking - Multiple Banks

Customer->Bank->Vendors
Operators

High

Low

Customer->ISP->Merchants
Operators

Operators
involvement

Customer->Mobile Operator->Merchants
Banks

Independent service
provider models

Operator Centric Models

Low

Mobile Payment Evolution

What does it take to replace cash?

Banking 2.0

Technology & Social Shift

New Business Rules

Communication Shift

Social Networks

Socializing & Sharing

Internet Bank

Internet

Internet Banking : Example

Farmer Internet Banking Advertise

State Bank of India

Social Finance

Social Lending is already Global

The Bank of Facebook

Did you know Bank 2.0?

Branch of the Future

Mobile 2.0

Next Major Computing Cycle

Source: Morgan Stanley 2009

Source: Morgan Stanley 2010

Tablets

SmartPhones

New Trends
Web 2.0
Web as a Platform
OS/Device independence
Large scale computing
Software as a Service
Cloud Computing

4 Billion Mobile Phones

Mobile 2.0

Smartphone v.s. PC

Mobile .0

3G Network

Mobile 2.0

IT
Trends and Social Impact
PricewaterhouseCoopers

24 August 2010
Slide 40

4G Advertise

WiMax
fixed and fully mobile internet access.
40 Mbps IEEE802.16m

1Gbps fixed speed

Wi-Fi IEEE802.11
WiMax ..

WiMax

Speed Comparison

WiMax Advertise

Mobile Banking

Mobile Banking : Example

Bank of America Advertise

Mobile Payment

Some Key Concepts

Mobile Remote Payment It covers payments that take
place online, in which the mobile phone is used as a device
to authenticate personal information stored remotely
Mobile Proximity Payment It refers generally to
contactless payments in which the payment credential is
stored in the mobile and is exchanged over the air, based on
NFC technology, with a dedicated and compatible payment
terminal.
Near Field Communication It is a short-range radio
frequency communication technology that enables NFC
devices located no more than a few centimeters from each
other to exchange data. NFC devices are totally compatible
with existing contactless technologies like smart cards and
contactless stickers.
Source : Binary Mantra Systems

Mobile Payments 1.0 in Europe 2000-2005

Many early European mobile payment initiatives have failed
Main reasons for failure are lack of usability and lack of availability

Mobile payments 1.0 in Europe is dominated by Premium SMS

20%-40% revenue share for telecom operators
In 2006 1 Billion Euro purchased through Premium SMS
Used by 60% of young consumers

Increasing consumer acceptance in niche areas such as mparking

In Croatia more than 50% of all parking fees are paid by mobile
phone .
Europe is far behind Japan and South-Korea
Source : Status of Mobile Payments RFID : Europe 2007

Contactless M-Payment in some countries

Source: Contactless Mobile Payment: ITIF Report 2009

Growth of M-Payment acceptance in Japan

Mobile Payment Japan Video

Mobile Payment Taiwan Video

Mobile Payment 2.0 : 2006- 2010

Mobile Network Operators
Perspective

Mobile devices

Mobile Payment Applications

Physical
payments
SMS based
Public
Transport

Access
Control

Ticketing

Physical
payments
NFC based

NFC Applications

Transport
Cards

Digital
payments

Remote
payments
Identification
Authentication

Mobile
banking
Person
To Person

Banks Perspective

Contactless
payments

Contactless cards

Mobile Payment Value Chain

End Customers More convenience
Operators - They have fared well in becoming part of
mobile commerce transactions where the items being sold
are delivered on the mobile devices (Ring tones, wall
papers, etc..). Most of the discussed payment systems do
not benefit an operator beyond driving increased usage of
SMS and data services. Revenue share model from Near
field communication (RFID) payment would be a challenge.
Merchants and Vendors - If already registered on eBay,
merchants may provide remote purchase or text-to-pay but
brick-and-mortar merchants will need to see reduced
transaction and implementation cost, and access to
precious customer data to track spending habits.
Source: Mobile Payment Value Chain Slideshare.net

Mobile Payment value Chain

Technology Vendors - Opportunity to sell mobile payment
products and expert advice to operators and financials
institution. Independent service providers will have to
establish trusted brands before they will ever get any
money.
Device Vendors - Opportunity to sell mobile payment
products and expert advice to operators and financials
institution.
Financial institution- Financial transaction fees

Source: Mobile Payment Value Chain Slideshare.net

Mobile Payment Market

1 Billion Unbanked Users

M-Payment Technologies &

Applications

Mobile Payment Technologies

Near Field Communication (NFC) : is an
evolution of contact-less and short range RFID
technologies.
FeliCa : Sony developed the FeliCa integrated
circuit chip for contactless payments made via
smart cards
SMS: Text based transaction
Over the air data connectivity: Https, SSL, web
browser, XML. Security is comparable to the
internet model.

Technologies Behind NFC

Contactless payment readers
Network connecting them to transaction
processors
NFC-equipped phones
Network for providing mobiles with personal
account information
Software for mobile device UI and back end
server application.

Source : Binary Mantra Systems

RFID
RFID : Radio Frequency Identification
RFID Tags: Store and retrieve data (with a distant
reader)
History : radar technology, cow identification (year
1970).
Use case examples: road taxes, trace books in
libraires, access card, shops (Wall-Mart).
RFID tags types
Active
Passive (without battery)
Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

From RFID to NFC

Can communicate with objects

Magnetic field induction

Contactless technology based on RFID 13,56MHz
NFC is standardized ECMA-340 and ISO/IEC
18092
Backward compatibility with ISO14443 and
SmartCard
Millions of readers
Easy to use
Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

Contactless Cards
FELICA (sony) encryption key
generated dynamicaly at each auth.
Topaz Tag Innovision
MIFARE Standard:
512bits UL (no security) used for tickets

MIFARE DESFire
preprogrammed card
Example: Oyster Card in London

Gemalto: Mifare 4 Mobile

Contactless Java Card
Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

Visa Paywave Video

MasterCard Paywave Video

NFC
NFC allows a device to read and write a contactless card,
act like a contactless card and even connects to another
NFC device to exchange data.
3 modes :
Card reading (MIFARE )
Peer to peer (initiator & target)
Card emulating

Distance : 0 - 20 centimeters
Bandwidth to 424 kbits/s
NFC Forum : NDEF specs
N-Mark: http://www.nfc-forum.org/resources/N-Mark
Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

Near field communication (NFC)

NFC is a type of radio frequency identification
(RFID) technology
NFC standard is an extension of the ISO 14443
RFID proximity-card standard.
NFC communicates via magnetic field induction
Japan and South Korea use RFID standards that are
not currently interoperable with NFC standards.
Japan uses FeliCa, a proprietary standard. South
Korea uses a passive

NFC

POS

Mobile station
holder

Service
provider

Application
owner

SIM

OTA NFC Service Management

Contactless service management
platform

Trusted Service
Manager (MNO or TTP)

Card Issuer MNO

(SIM Card management system)

SIM Card Manufacturer

(Smart Card provider)

NFC on a Mobile Phone

GPS

Screen with a user

interface

Security
Keyboard

Contactless

Loudspeaker and
Microphone

TV

Camera
Network
Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

Contactless Payment Applications

Payment Transaction
Payment and Information-Based
Transaction
Authentication / ID

Source: Contactless Mobile Payment: ITIF Report 2009

Payment Transaction
Mobile payments replace cash/ credit cards
No information component required beyond
exchanging payment details
Includes contactless payments for goods and services
purchased from:
Big Box Retailers
Quick Service Restaurants
Convenience Stores
Taxis
Automated Devices
Source: Contactless Mobile Payment: ITIF Report 2009

Payment & information-based transactions

Transactions involving exchange of both payment details and
information pertain- ing to the transaction. Data component is
stored on mobile phones electronic walllet.
Enables mobile phones to replace cards, tickets, passes, etc.
Enables personalized merchandising and advertising
Uses mobile phones electronic wallet to manage, update, pay
for, or check into:
Public Transit (Tickets)
Airport Check-in (Tickets)
Parking Garages (Tickets)
Movie Theatres (Tickets)

Source: Contactless Mobile Payment: ITIF Report 2009

Authentication/ID
Authentication/identification credentials are stored in the
mobile phones electronic wallet
Electronic wallet can be used as ID to check into:
Schools
Hotels
Health Clubs
Office Complexes
Apartment

Source: Contactless Mobile Payment: ITIF Report 2009

Paypal M-Payment Library

Make it easier for developers
Library design to be integrated less
than 5 mins

Make it better for customers

More convenience than entering
credit card
Don't need to share financial
information

A growing feature set

Payment settled immediately to
PayPal account

Paypal M-Payment Video

Security

SMS Security
The initial idea for SMS usage was intended for the
subscribers to send non-sensitive messages across
the open GSM network.
Mutual authentication, text encryption, end-to-end
security, non-repudiation were omitted during the
design of GSM architecture.
SMS Spoofing
SMS Encryption

Source: Contactless Mobile Payment: ITIF Report 2009

GPRS Security
GPRS security functionality is equivalent to the
existing GSM security.
GPRS solutions are already in use for mobile payments
across the globe. Application level security should be used
to provide end to end transaction security. Even though
most of the mobile phones support GPRS, not all the phone
user activates the GPRS connection

Source: Contactless Mobile Payment: ITIF Report 2009

Security &memory for RFID

tags vs cost

National
ID card

Passport
label / page

Security
and/or
memory
size

Aircraft
part tag

Secure
access or
credit card

Transit
ticket

Retail
pallet
/ case
label

Item
drug
label

or
3
4
4
4
1
)
m
O
c
S
ly I to 50
l
a
ic
e
p
c
y
n
t
n dista
o
i
t
fica (read
i
c
Spe 5693
1

Transit
card

Library
book
label

Source: Contactless Mobile Payment: ITIF Report 2009

7cents

Chip cost

3dollars

Industry Groups

http://www.mobiletransaction.org

http://www.mobeyforum.org

http://www.mobilepaymentforum.org
http://www.openmobilealliance.org

Use cases Examples

The Indian Scenario

Currently registered no. of m-payment users is
close to 3.5 million users
Two types of payment systems are in use at
present;
Text/SMS based service Paymate, mChek,
Obopay
GPRS based service JiGrahak

In next 3 years, the number is expected to grow to

9 million users due to increase in quality and
adoption of handsets
Source : Binary Mantra Systems

NFC on iPhone

http://www.nearfield.org/
NFC already on iPhone:
Stickers, 30-pin RFID readers, SIM add-on
Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

Added value services

Exchange data, P2P
Configuration (bluetooth pairing)
Vending machines, service maintenance
Loyalty, couponing
NFC poster, get information
Ticketing
Medical, home care
Web applications
Payment solution
Access control
Mobile signature
Etc.
Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

NFC Use cases

Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

Mobile Ticketing

A customer books two tickets for a concert.

He pays and downloads his tickets on his

mobile phone with a simple touch.

He meets with his girlfriend and transfers

the ticket on her mobile.

They arrives and unlock security gates

thanks to their NFC mobile phone.

Mobile tcketng will become more popular over the next few
years, with 2.6 billion tckets worth $87 billion, delivered by
2011
Juniper Research (April 2008)

14 millions RFID tickets

were produced by ASK
for Olympic Games in
China http://www.ask-rfid.com

NFC in the World (2009)

http://www.nearfieldcommunicationsworld.com

Japan with Sony FeliCa, NTT DoCoMo

NTT Docomo reports 10 million mobile credit card
customers
StoLPaN Store Logistics and Payment with NFC is a
pan-European consortium supported by the European
Commissions Information Society Technologies program:
http://www.stolpan.com
Akbank and Turkcell test NFC in Istanbul
Visa launches NFC trial in Brazil
Citi launches NFC trial in India
Telefnica launches O2 Money, says it is ready to deploy
NFC
Nokia Money
41 NFC-related trials and launches in the Asia-Pacific
region so far
etc.

Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

NFC in France
(2009)

Disneyland Paris to test NFC and contactless cards

from October 2009, with Crdit Mutuel and CIC
banks.

Smart-Park with VINCI Park and Monext.

Paris Metro: Paris transport operators to launch NFC

ticketing from the end of 2010. STIF will coordinate the
Paris transport operators (Optile, RATP and SNCF
Transilien) and the participating telecoms operators
(Orange, Bouygues Telecom and SFR).

Pegasus workgroup: multi-operator (Orange,

Bouygues Telecom, SFR), multi-bank (BNP Paribas,
Groupe Crdit Mutuel-CIC, Crdit Agricole, Socit
Gnrale) with MasterCard, Visa Europe and Gemalto
for mobile payment in two cities: Caen and Strasbourg

Nice NFC city

http://www.afscm.org/entreprises/nice-ville-nfc

Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

Case Study: NFC Transport

Ticketing in Hanau and Frankfurt
Description:
NFC based ticketing for public transport
passengers in Hanau and Frankfurt. Now
expanding into broader information, loyalty,
payment and ticketing applications, for example
with the Erlebnis card
Start:
2005, now commerically
available
Users:
Inititially 200, but growing.
Key Words:
public transport ticketing
Handsets:
Nokia 3220
Operator
Vodafone
Chip:
NXP
Others:
RMV (Rhein-MainVerkehrsverbund), T-Systems
Source : Status of Mobile Payments RFID Europe 20099

Case Study: NFC Consumer

services in Cinema, Thailand
Description:
NFC based consumer applications such as
information, ticketing and marketing at cinema
complex in Bangkok, Thailand

Start:

2007

Users:

Inititially 200, but growing.

Key Words:

marketing, ticketing

Handsets:

Nokia 3220

Operator
Chip:
Others:

PayZy

Source : Status of Mobile Payments RFID Europe 20099

NFC Devices
NFC Phones using single wire Protocol and UICC
(08/2008)
The Sagem my700X

The LG L600V

The Nokia 6131 SWP

The Motorola SLVR L7

All devices are more or less concept devices and come

with an InsideContactless NFC Chip.
In order to develop applications with these devices a Dev
Kit (like the Gemalto Developer Suite) and a SWP UICC is
required. All four devices are already capable of using
SCWS.

Press release:
Alcatel-Lucent partners with Clear2Pay for mobile
payment framework
Banking
Subscribers

Profile
server

Points of sale

Interactive Billboard

Application
Correlation
Server
Stored Value
Accounts
Server

Gateway

Telco Non Banking

Post Pay
Systems
Voucher BO

APIs

PingPing SVA

107

Suggestion & Conclusion

Issues
Trust
Standards
Privacy
Regulation

NFC keys of success

Reach and availability
The availability of NFC phones and SIM card
Variety of use
Ease of use
See iphone
Security
Be able to lock payment card
Added value services
Advantage for customer ?
Infrastructure
NFC access points in shops

Complex value
chain
+
Mobile OTA B2C
battle

Source : ARCHITECTURE & DEVELOPMENT OF NFC APPLICATIONS Smart-University 20099

Suggestion
Governments should assume a leadership role in
promoting and adopting mobile payments.
Ensure senior government leaders highlight the benefits
of contactless mobile payments.

Articulate clear consumer protections for mo-bile

payments.
Address legitimate security and privacy concerns, but
recognize mobile wallets are likely to be more secure
than physical wallets
Encourage competition and do not favor en- trenched
interests.
Source: Contactless Mobile Payment: ITIF Report 2009

Thank you
thanachart@swpark.or.th
twitter.com/thanachart
www.facebook.com/thanachart
www.swpark.or.th