The new payment system combines the direct debiting system (German: Lastschriftverfahren) with SMS payment confirmation through mobile phones. That means:
1. you order a product on a mobile portal or web shop[From PavingWays – web applications on (mobile) devices : O2 and Vodafone starting new payment system]
2. then you type in your mobile phone number and password
3. following you will receive a text message (SMS), which you have to confirm in order to debit the amount from your bank account via direct debiting system.
The system is open to all mobile phone users and anyone can register but of course the registration is much simplified for Vodaone and O2 subscribers who already have bank details filed with their operators ready for direct debiting (because there existing phone subscription works that way). I spoke to Vodafone about it and they said that they anticipated two revenue streams: additional text messaging for one, a merchant service charge for the other. I got the impression that the MSC would be pitched around the same as for credit card acceptance. As for the future, they said that
We hope to have more NFC-enabled POS-Systems in the future to combine both technologies.
Security is the key requirement in germany
This might well be the way in for mobile phones: yes, they are more functional than cards but they are potentially far more secure as well. Look at Japan again: remote application locking, 24/7 shutdown, location services. These are all security capabilities that come with the mobile environment to deliver a level of security far above the card platform. It’s 9am, do you know where your cards are?
Thinking about the phone as a secure token opens up other possibilities as well. Might it be possible that decoupled debit could spread but without debit cards, if you see what I mean? In other words, with some form of token (such as a mobile phone) instead of traditional debit card. It could be that the SEPA zone sees just this kind of experimentation. In the U.S. as well. There was an excellent post by Carol Coye Benson over at Payments News the other day. She highlights the new rules interpretation around decoupled debit in the US. The three key points are:
First, the transactions must be classified as “POS” transactions, rather than using other ACH transaction codes.
Second, the transactions cannot represent an aggregation of underlying consumer purchases – e.g. three separate purchases at one (or more) merchants on a given day cannot be combined into a single ACH debit transaction.
Third, the “payee” in the ACH transaction, which is carried through to the consumer’s bank (and therefore appears on the consumer’s statement or online transaction listing) must be the underlying merchant, and not the card issuer: in other words, “Capital One” could not be the payee shown on the consumer’s statement.[From Glenbrook Partners: ACH @ POS]
I’ll leave you look at the article, but I wanted to highlight another angle on the the second golden rule. One of the reasons why merchants might want to do this is because they are authenticating the customer themselves and want to minimise payment costs. An example of how this might happen is through REAL ID in the U.S. and through identity cards in the U.K. You go to the supermarket and buy something, you use your identity card to authenticate, and off you go. The retailer doesn’t even bother authorising the transaction — why would you cheat them when they have your identity card details and are already a member of their loyalty programme etc – but simply saves the transactions up for an overnight ACH run. They would obviously want to combine multiple payments into one transfer. If a retailer issues their own decoupled debit loyalty-cum-payment card or uses some other 2FA token to front-end such a service (eg, a mobile phone), surely they would want flexibility on how to structure the relationship between the transactions and the payments, so rule no.2 might cause some friction if I’ve understood it properly.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]