There has been a lot of activity and media focus on mobile payments (m-payments) over the past 12 months. This has included handset manufacturers announcing the future release of near field communication (NFC)-enabled mobile phones, to platform providers launching electronic payment wallets. The widespread industry engagement is important to establish confidence in this emerging ecosystem. It is, however, important to acknowledge that much work is still required. Without doubt, it takes time to transition from a trial within a contained environment with defined stakeholders and limited risk, to a global mass market deployment that requires significant investments and multiple commercial relationships. Making the mobile effective takes time but it will happen.
Given the proliferation of mobile phones and related rich service levels throughout the EU, the mobile channel is also the ideal launch pad for single euro payments area (SEPA) payment instruments. The European Payments Council (EPC), representing the European banking industry in relation to payments, is willing to contribute to the development of the necessary standards and business rules with regard to the initiation and receipt of SEPA payments by mobile. The EPC works together with all stakeholders active in the m-payments ecosystem to promote this objective.
This article provides readers with an overview of the challenges faced by m-payment stakeholders and reports on the most recent contributions of the EPC. In November 2011, the EPC published the ‘Mobile Contactless SEPA Card Payments Interoperability Implementation Guidelines’. In February 2012, the EPC released the second edition of its ‘Whitepaper on Mobile Payments’ for public consultation.
A Challenging Market
To understand the priorities of the EPC in the area of m-payments, it is important to understand the challenges faced by this industry, some of which can be summarised as follows:
The establishment of a new cohesive ecosystem
As with any emerging technology, different approaches need to be taken by organisations to test the market and understand what works and what does not. At the same time, however, this can create proprietary ‘closed’ solutions and the implementation of ‘bridging’ technologies which support short-term goals, but are not necessarily scalable. The result, however, should be long-term sustainability and flexibility allowing retailers, treasurers, banks and everyone involved in the field to meet future market and regulatory needs.
The continual and rapid advancement of the technology
Mobile technology offers vast potential and is evolving at a significant pace; no-one quite knows the ultimate offering of this platform yet. From a business planning perspective this creates two problems:
- Due to the resource investments made, organisations need to be sure that an implementation is profitable.
- The solution has to be adaptable to future market requirements, regulatory changes and unknown malicious threats.
In addition to the advancement of the technology, the way people communicate and interact with each other is also changing. Social media is an example of this. Payment technology will also need to support financial transactions on this medium, such as person-to-person (P2P) payments, and typically the mobile device will be one of the preferred platforms.
The integration of new market participants
As a new ecosystem, m-payments present opportunities for new technical and business stakeholders. For example, the role of the trusted service manager (TSM), which is a technical partner(s) that supports banks and mobile operators by facilitating the secure management and provisioning of m-payment applications. TSMs facilitate the distribution, configuration and activation of a bank’s payment application on the universal integrated circuit card (UICC, also known as a SIM card), within bank customers’ NFC handsets. The integration of these stakeholders requires clear roles and responsibilities, as well as the highest level of service and security to the end user.
The EPC and the GSM Association (GSMA), which represents the worldwide mobile communications industry, published a joint paper in 2010 entitled ‘Mobile Contactless Payments Service Management Roles – Requirements and Specifications’. The paper describes the provision and lifecycle management – including distribution, configuration, activation, maintenance and deletion – of banks’ mobile contactless payment (MCP) applications when integrated with a mobile phone. It outlines the role of the TSM, which is to support banks and mobile operators aiming to promote mobile contactless payments. The paper also recommends a minimum set of requirements for a TSM to interface with banks and mobile operators.
The need to develop the whole package
To ensure m-payment technology reaches its full potential it is important that all elements of the ecosystem are considered. As an example, the ability to make m-payments is important but the solution offers so much more in terms of advertising and brand engagement. For instance, loyalty points can automatically be aligned with payments with no need to carry a separate plastic card, or an NFC-capable poster can be used to promote a local retail outlet, sending a short message service (SMS) with directions and a discount directly to the mobile handset.
With all these factors to consider, it is important to remember that the key focus needs to centre on the end user and their expectations; consumers want to make payments when and where it suits them and mobile technology has the potential to achieve the ultimate user convenience. Corporations and treasurers can use the mobile channel too, but the consumer field is leading the way for now. Tracking mobile payments in the supply chain will be challenging enough for some. To ensure an attractive ecosystem is established and convenience delivered, interoperability has to be achieved. For example, from a contactless m-payment perspective, every m-payment enabled handset needs to work with every contactless point-of-sale (POS) terminal. If such choices are restricted, it will limit the appeal of the technology.
Banks and payment institutions also need to ensure that the right framework is in place to support the delivery of 24/7 m-payment services. This includes consideration of regulatory expectations, security, real-time availability and the over-the-air (OTA) lifecycle management of applications once live in the field. For many stakeholders this will require additional resource investment.
Contributing to the Evolution of a Sustainable Mobile Ecosystem
The EPC, working together with all stakeholders active in the mobile payments ecosystem, is willing to contribute to the development of the necessary standards and business rules with regard to the initiation and receipt of SEPA payments by mobile. The intention is to help establish a framework, which enables potentially all payers and payees to make m-payments across the European Economic Area (EEA), and to create a secure environment for the multiple stakeholders active in the field.
Looking to the future, the EPC recognises the importance of this ecosystem and the rapid evolution of the technology. It will therefore continue its efforts to reach out and intensify its dialogue with relevant m-payment stakeholders including other industry and standardisation bodies, and to engage in public consultations.
M-payments are typically divided into two areas of activity:
- Remote m-payments, where two parties are able to send and receive or exchange funds using the mobile channel, irrespective of where they are located.
- Contactless m-payments, where the mobile device needs to be ‘waved’ in close proximity to a POS terminal.
The EPC aims to support the advancement of both types of m-payments to ensure the development of a sustainable infrastructure.
Mobile Contactless SEPA Card Payments: Interoperability Implementation Guidelines
In November 2011, the EPC published the ‘Mobile Contactless Payments Interoperability Implementation Guidelines’. This document builds on the EPC’s previous work to focus on the interoperability of processes in the contactless m-payment application lifecycle management, when the m-payment application is stored on one of three secure element (SE) types:
- Embedded SE.
- Secure micro secure digital (SD) card.
The document also deals with aspects of a mobile contactless payment transaction and the technical and security requirements. After an analysis of specifications and guidelines from industry bodies such as EMVCo, GlobalPlatform and Mobey Forum, to ensure that existing work in this area was leveraged, a preliminary version of this document was made available for public consultation in April 2011.
These mobile guidelines will enable the quick development and implementation of mobile solutions by: promoting the use of open standards:
- Describing the roles of stakeholders.
- Outlining the position of the EPC in relation to other industry bodies.
- Recommending an adequate level of security for the whole mobile payment value chain in order to establish confidence in this environment.
Interoperability and security of the m-payments infrastructure across Europe continues to be a key concern for the EPC. In a similar approach to the contactless m-payments interoperability implementation guidelines, the EPC will contribute to the development of a framework for remote m-payments in 2012 covering both SEPA Credit Transfers (SCT) and SEPA cards. With regard to contactless m-payment activity, the EPC will maintain its interoperability guidelines to ensure appropriate alignment with the SEPA Cards Framework and to keep its content state-of-the-art in the rapidly evolving market.
Whitepaper on Mobile Payments
In February 2012, the EPC published the second edition of its ‘Whitepaper on Mobile Payments’ for public consultation. This whitepaper, which was first published in July 2010, presents an overview on m-payments for SEPA. It focuses on the usage of the mobile channel for the initiation of SEPA payment instruments. The whitepaper also explores how m-payment services can be delivered through co-operation between service providers in the payment industry and players within the mobile ecosystem. It offers an informative read to any party interested in m-payments, and aims to foster a common understanding by using non-technical language. This second edition of the EPC’s ‘Whitepaper on Mobile Payments’ describes mobile wallets at a high level. In addition, the document has been updated to cover both contactless and remote m-payments. In particular, it analyses use cases for mobile remote card and SCT payments.
The EPC’s ‘Whitepaper on Mobile Payments’ responds to changing needs in the payments area and demonstrates how m-payments can increase efficiency, effectiveness and convenience. To ensure that the EPC’s work in the area of m-payments best meets industry and consumer needs, all interested parties are invited to review the second edition of the whitepaper and share their comments by 23 March 2012. The document will be further updated based on the feedback received. The documentation relevant to the 2012 public consultation on the EPC’s ‘Whitepaper on Mobile Payments’ is available on the EPC website.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Despite all the automation and improvements that digital banking has the potential to achieve, customers and their needs still form the very core of the banking sector.