I don’t think it’s unrealistic to be so bullish. For one thing, MasterCard Worldwide has announced the availability of a $2.99 smart card with both the conventional contact interface and a contactless interface for use with the MasterCard PayPass contactless application. The card has 32 kilobytes of memory and a Multos operating system, developed from Keycorp of Australia. Our good friends at Keycorp say they will guarantee the price for three years.
Falling prices and merchant demand are combining to generate a healthy market for contactless card issuing. A recent report from London-based IDTechEx predicts huge growth over the next decade in contactless cards and phones with contactless interfaces. The authors (Peter Harrop, Ning Xiao and Raghu Das) predict 40 million contactless payment cards will be issued in 2007, of which 20 million will carry such leading brands as Visa and MasterCard, while others will be bank-backed stored value cards. (The canonical example of the latter being, of course, EDY in Japan.) The report also predicts 29 million NFC phones sold in 2007, rising to 600 million in 2017. Personally, I think 27m may be a little optimistic this year, because I still think it will take time for the operators and service providers to agree a mutually-acceptable architecture and value network (on which topic, as an aside, I will be running a workshop at Mobile Payments in Amsterdam in March).
Another development that will become significant over the coming year is the realignment of payment standards (such as EMV) in the new environment. There are elements of these standards — and, as we have found in some of our work for card issuers, their certification — that are either inappropriate or meaningless in the NFC world. One rather obvious example of a change that will come is in the nature of PIN entry. If you have something with no keypad (ie, a card) then you need to enter the PIN on someone else’s device (ie, the retailer’s POS terminal) even if you know that that device may be untrustworthy (see, for example, the notorious Shell breach). But if you have something with a keypad (ie, a phone) then why do you need to use anyone else’s keypad? In fact, Crédit Mutuel in France have begun a trial to explore just such an architecture. The 200 bank customers in the trial use the phones NFC interface to effect a payment by waving their phone over the POS then view the amount on the handset display and enter their PIN on the mobile keypad. Crédit Mutuel says that consumers seem to like entering the PIN “in the palm of their hand and not on the counter in front of everyone.” So not only is it more secure and better from a systems perspective but customers actually prefer it.
Taken together, these developments show the outline of the new e-payment experience at retail POS: the retail POS shrinks to a button on the shop counter, whereas all the “smarts” migrate into the mobile.
My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public. [posted with ecto]