Mobile is a channel very similar to the internet for providing commerce, payments and banking to end consumers. However, unlike the internet, the platform, technology, applications and the range of services for mobile are still being piloted and the last decade has seen many initiatives with varied degrees of success across the globe. Hence, mobile financial services are continuously being reinvented as a service, solution, technology, platform or a combination of all these. While mobile banking is widely considered as part of the mainstream, other areas, such as mobile payments and mobile commerce, are largely more hype than reality. In a recent research report, Gartner has identified money transfer and mobile payments as among the top 10 consumer mobile applications for 2012. One of the reasons for such a promise is that, in spite of being a late entrant compared with other telecommunication technologies, mobile has now become equally ubiquitous across both the developed and emerging markets.
Most of the large banks across the globe have adopted some form of mobile banking, either as an additional feature to their banking channels or as an alternative channel to the existing ones. Telecom providers have also shown their financial intermediation capability through examples such as g-cash, m-pesa. An interesting aspect is the convergence of banking, telecoms and e-commerce. International money transfer companies, card scheme issuers, handset manufacturers, retailers and other similar organisations have teamed up to exploit the latent revenue opportunities coming out of this. Due to disparate standards, infrastructure and regulations across different countries, consumer demand hasn’t really picked up. In the last few years the government and central banks have issued varied sets of guidelines concerning mobile financial services. While some countries, such as India, Japan, and the Philippines have issued detailed guidelines, countries in North America and western Europe have left a lot of grey areas that are preventing volumes from increasing. Some of the global trade bodies, such as the GSM Association, are working with established and experienced players in the industry to define a common framework. A recent Deloitte report cites the need for well-defined industry standards to enable mobile financial services to really take off.
Using mobile, consumers can safely and conveniently receive alerts on their accounts, buy goods and services and immediately make the payment, transfer cash to peers and access a host of personal financial services such as loans, mortgages, wealth management, etc.
Constituents in a Mobile Transaction
Typical channels on the mobile (i.e. SMS, browser or the client application on the mobile device) provide the user interface for banking, payments and commerce transactions. As shown in the figure below, the mobile application engine powers the end-user presentation, integration with back-end applications and the security of the content on the telecom network or the internet.
The most commonly used mobile SMS transactions are defined as ‘push’ (transaction sent by the service provider) and ‘pull’ (services requested by the end consumer). A mobile financial SMS transaction is achieved using a combination of push and pull messages. These messages are interpreted by the mobile application server and relayed to the back-end core application. The push/pull gateway manages the integrity of messages by ensuring that a proper health check is carried out with the mobile operator prior to sending/ receiving messages, and then the messages are sent/received and proper acknowledgements are maintained. This architecture allows any kind of financial transaction, right from the basic account alerts to complicated account maintenance activities and financial transactions to be performed using SMS.
Financial transactions made through the phone browser are very similar to their desktop counterparts. The mobile application engine understands the GUI of the phone for presentation of the content and communicates with the mobile device through the WAP gateway. With the advent of new generation phones such as iPhone, downloaded applications are increasingly gaining popularity. The architectural basics of mobile transactions remains the same – however, there is the added flexibility of choosing from SMS, GPRS or the internet for communication with mobile application engine. Besides that, the downloaded application is more convenient to use, while a lot of other useful functions that do not require any network can be built around the application.
Irrespective of the communication channel, the mobile application engine controls and manages the security, business logic, presentation, personalisation and integration with the client application and the back end core applications. Typically, the mobile application engine integrates with payment gateways, bank’s core applications, merchants, ATM networks and enterprise systems to provide a complete service to the end consumer. This shows that there is high degree of maturity required from the mobile application solution provider, since knowledge of multiple technologies and industries is expected.
A mobile transaction uses wireless (i.e. public or self-managed wireless LAN (WLAN)) or mobile networks (i.e. GSM, CDMA, etc.) as part of the communication channel. Based on the application type, mobile transactions can be broadly classified as follows:
- Anonymous transaction.
- Non-anonymous transaction.
- Critical transaction.
Similar to e-transaction on the internet, measures are applied on mobile transactions to achieve security objectives such as Access Control, Confidentiality, Data Integrity and Non-repudiation. These are achieved through digital certificates, virtual private network (VPN), mobile device management, WLAN management, personal firewall and anti-virus software.
For new mobile devices with built-in WAP 2.0 browser, end-to-end encryption is established with SSL. For transactions not requiring the end-to-end encryption, wireless transport layer security (WTLS) is applied to secure the content over the transmission between the mobile device and WAP gateway with equivalent security strength of SSL. The connection between the WAP gateway and back-end server is protected by either VPN or SSL connection.
Strong authentication requirements are met through 128-bit SSL encryption while more critical mobile transactions demand public key infrastructure (PKI) technology and two-factor authentication solutions (e.g. PIN-based password, J2ME-based mobile application one-time password and SMS-based one-time password). Tailor-made secure client applications with better application focus are also increasingly being deployed on mobile devices equipped with the necessary platform capabilities (e.g. Symbian, Android, Blackberry etc.).
Take-up in Financial Services
In spite of strong technology, there are many issues around security, lack of interest, viability, return on investment (ROI), regulation and the fact that mobile financial services are more relevant for emerging markets. Depending on which metric we choose, there is something for both the developed and emerging markets, and the issues will be sorted once consumer demand starts picking up. Last year’s financial crisis has also helped in shifting the whole focus back to the retail customer base and the initiative is around offering innovative low cost banking. That is probably the reason why most of the large banks, such as HSBC, Citi, Bank of America and Santander, have put mobile as one of their priority areas for personal financial services. Companies such as Visa, Barclays and Nokia have already completed pilots around near field communication (NFC), embedded memory cards and RFID. Some of these have been already put to limited commercial use, although it is too early to suggest which one of them will be a winner.
From a technology standpoint, there are many technology providers – however, there are very few who have followed the emergence of mobile-based technology throughout its growth curve. Some of these have spent much time in maturing the technology and business models in emerging markets and could be of valuable help in cross-fertilisation and innovation for the next wave of uptake. There is no doubt that there is a potential revenue opportunity. However, because of the diverse landscape, banks, financial institutions and merchants, irrespective of size, should spend sufficient time on understanding a suitable business model and technology for their customers.
Tim de Knegt, treasurer for the Port of Rotterdam, discusses how he is looking to bring more value to the Port's clients using blockchain.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.