Mobile Payments: Creative Chaos or Just Chaos?
The day is nearing, many say, when your smartphone will be your wallet, letting you make purchases as stored cash or credit that will be wirelessly accepted by stores or soda machines. Merchants, in turn, will use smartphones like modern point-of-sale devices to process your plastic credit cards.
And smartphones could just "bump" together to transfer money between them.
"Everybody likes the smartphone," says Jerome Svigals, author of a number of books predicting the future of banking and a former IBMer. "Every major bank in the world has announced a smartphone effort," he says, adding that it appears likely that the wireless "contactless" technology known as near-field communication (NFC) will be a foundation in the new age of mobile payments in the U.S.
But not so fast, say others. While mobile payments in other parts of the world, including Japan and Europe, appear to be taking shape though coordination among major wireless carriers selling smartphones, the banks and local retailers, the U.S. sometimes resembles more of a behind-the-scenes brawl.
"The business model has been an active debate," says James Anderson, vice president of mobile-product development at MasterCard, whose constituency is the banks that use its payment-processing services as well as merchants accepting MasterCard. The technology, he says, is not the issue. NFC, which uses the shared 13.56 MHz band, is an ISO standard that MasterCard, among many others, has backed since about 2005 for mobile-payment use.
"In the U.S., the debate is between the banks and the telcos, and it's an adversarial debate," says Anderson.
The wireless carriers and banks are fighting over transaction revenues and the sense of who "owns" the customer.
The wireless carriers argued "they were bringing tremendous value to the new transaction," whereas the banks argued this is already their payment customer. "And they couldn't find a middle ground," which is slowing innovation, Anderson says.
Part of the fight centers on the Subscriber Identity Module (SIM) card in the smartphone, "a secure element" expected to play a role in managing NFC-based contactless payments, he says. The banks and telcos are at loggerheads, which is why the carriers went off late last year to form their own mobile commerce network called Isis.
Under the Isis banner, T-Mobile USA, AT&T Mobility and Verizon Wireless joined forces late last year to work with Discover Financial Services and Barclays PLC to create a national payment infrastructure for mobile payments based on NFC technology.
NFC is supported today in the Android-based Samsung Nexus S smartphone and is expected to be added to at least some Nokia Symbian and RIM Blackberry phones. Apple is still leaving everyone guessing about its plans for NFC.
"They want that transaction revenue," says Yankee group analyst Nick Holland about Isis and its NFC-based mobile-payment network plans. "They are currently working on getting merchants to sign up, but they'll have a hard time."
The obstacle, he says, is likely that Isis presents too closed of a system. "The assumption with Isis is it assumes they own the SIM card and own the transaction," says Holland. But Isis "now seems to be back-peddling" and "talking about more open systems" with a proposal called Open NFC from InsideSecure.
Dave Wentker, head of the mobile product development group at Visa, calls mobile payments "an incredibly important and strategic channel for the future" for Visa's bank and merchant customers. "It's the marriage of card-payment systems and mobile."
Bank of America, Chase, Wells Fargo and US Bank are testing out one type of mobile payment based on MicroSD card functionality, but with "NFC, you need a new phone," Wentker points out. "Banks are not hardware companies," he says, and "banks were never going to start selling phones to people."
Nevertheless, enormous work behind the scenes has already produced payment-card terminals that support both NFC and MicroSD cards, he says. Visa points out 10,000 New York City cabs can accept NFC-based mobile payments and that 200,000 retailers in the U.S. -- still a small percentage to be sure -- have changed their terminals to accept mobile payments.
Last week, a Bloomberg report based on anonymous sources said Google would start testing an NFC-based mobile payment service at stores in New York and San Francisco, paying for the installation of specialized cash registers from VeriFone Systems to accept payments from NFC-based mobile phones.
According to Gartner analyst Avivah Litan, the only mobile-payment system of any magnitude in the U.S. today is the one undertaken by Starbucks in its coffeehouses. It doesn't depend on NFC but a prepaid card for mobile phones based on a barcode system. However, the banking industry is eyeing a day that NFC will be widely used for mobile-payment processing, with Bank of America, JP Morgan, Chase and US Bancorp today all testing terminals supporting NFC.
You know there's got to be a lot of money at stake when CEOs at two firms explode into public feuds, angrily denouncing each other's technology and remarks.
And that's what happened earlier this month when payment-terminal manufacturer VeriFone's CEO Douglas Bergeron lobbed insults at the Square credit-card reader for smartphones which is manufactured by the company Square founded by CEO Jack Dorsey, also the inventor of Twitter.
In an open letter, Bergeron criticized the security in the Square, said to be used by hundreds of thousands of merchants, saying it's "poorly constructed and lacks all ability to encrypt consumers' data, creating a window for criminals to turn the device into a skimming machine in a matter of minutes." He added, "Consumers who hand their plastic to merchants using Square devices are unwittingly putting themselves in danger."
Dorsey fired back, calling it "not a fair or accurate claim and it overlooks all of the protections already built into your credit card," noting the waiter "could easily steal your card details if he wanted to -- no technology required."
But beyond this slugfest, which pits an industry veteran against a newcomer, fateful decisions on mobile-payment security are expected to be made by the Payment Card Industry Security Standards Council, which sets rules for merchants and processors.
Earlier this year, the council quietly "de-listed" all approved applications for mobile payments that had included in its PA-DSS certification program -- including the VeriFone smartphone-based product for the iPhone. The council says it made this decision to de-list them entirely because it is embarking on a total review of mobile-payment security.
"The rapid development and deployment of these new and innovative mobile payment technologies has brought a level of complexity to the industry never seen before and has introduced a new set of risks and threats that may affect the security of cardholder data," said Bob Russo, general manager of the council. He said the "technology is still evolving, and there hasn't yet been any standardization when it comes to securing the applications and devices."
Read more about anti-malware in Network World's Anti-malware section.