Mobile phone operators missed the mobile payments boat, and card schemes and retail banks are now finding themselves in the position where they could soon rule the waves. It was inevitable that they would eventually arrive; it wasn’t necessarily inevitable for the telcos to give way, but whilst there was a taste for it, and the telcos wanted to have a go, they did give way. All things considered, however, the voyage has only just begun.
How do you make mobile payments work? You stick a chip with an antenna inside a mobile phone case (maybe incorporate it into the battery) and off you go. Wave the phone at a POS and Wooosh!! Instant payment. Had the telcos managed to develop a viable (and exciting!!) alternative payment system, this would have been just the job: the payment system would be operated by the telco, and would be delivered as part of the overall mobile proposition – 200 minutes, 500 texts and a payment application – thank you very much. Now that’s exciting!
In the banking world, the contactless card issuer is responsible for each and every component of the issued plastic, and for the plastic lifecycle (and the acquirers are also responsible for the terminals!). They may be manufactured and personalised by a variety of third parties, but all the components must work together, and must continue to do so for the life of the card, and that is the responsibility of the bank. The banks have also considered the possibility of operating multi-application cards, and whilst the technology exists to support their operation, the business dynamics always let down the overall proposition – because the cards would be issued by the banks, and the banks (and the card schemes) are highly protective of their brands. An RBS card carrying an HBOS application just wasn’t going to happen! The alternative could have been an unbranded card, which could have been paid for by the cardholder (but this doesn’t fit comfortably with the UK consumer’s expectation of free banking), but then who would have managed the applications? Again, wasn’t going to happen, because banks do not allow competitors to mange their own applications.
Whilst the plastic payment card is well known and now the form factor is almost universally recognised, it still has to be issued, and issuing implies some degree of corporate ownership, which in turn implies branding; payments also inevitably imply banking, and branding, and banks don’t share. The mobile phone does not look like a card, the mobile phone is not manufactured like a card – all obvious, but worth stating nevertheless – the mobile phone is as universally recognised as a payment card. Potential?
The mobile telcos have lost out on payments (if you believe that they were ever serious, which I do), but realistically, they were never a part of the payment world, and did not operate the financially robust cash management systems that would have allowed them to enter the world of merchant acquiring. Telcos move voice and data, not cash; telcos provide the transport and support mechanisms (and do it very well), and have done all along.
The relationship between cardholders, banks and telcos is complex, and there is no room for a trivial one-size-fits-all solution. Cardholders choose to align themselves with one or more banks; they also choose to align themselves with one (or more) telco(s). But they do not choose to align themselves with the bank the telco has chosen to align itself with! The banks would like their customers to have a choice, and similarly, the telco proposition is weakened when consumer choice is restricted.
Here then lies the opportunity, and it is really more than an opportunity because it logically sits within existing telco propositions and relationships. The opportunity is the support and management potential of a universal contactless payment proposition. A universal contactless specification will provide a framework for the development of universal compatibility between mobile handsets and contactless POS. The scene is set for a one-size-fits-all approach, and because the common denominator (the handset) is not card scheme affiliated, there is no underlying competition. The telcos certainly have nothing to gain by introducing multiple standards, and other supporting standards will be required to complete the picture: the interface to the screen; the interface to the keypad; the interface to the payment application and the control processes that keep the whole thing together. These are al technology processes that sit outside of the banking sector, but they do sit inside the telco ringfence, and these applications are what the telcos do best. Leave the authorisation and the settlement to the banks and leave the support and transport mechanisms to those who know best.
To have a look at this from a different angle, are the banks really interested in the technology that connects the payment application to the POS? Are the banks really interested in the technical operation of card systems, or are they really just interested in providing a payment system to their customers? Call Centres aren’t core business, why should payment technology be so? Merchant and cardholder propositions are not based on technology; the propositions are based on margins and risk and the potential to turn a profit. Technology, in the payment relationship, is an enabler, and the banks are only in the technology loop because there are no alternatives. The banks and the card schemes have seized and moulded the technology because they have had to. There has been no business model that would allow a card issuer to issue cards without them being in control and managing the whole card issuing process. I would say that banks do banking – they do technology because they need to do that in order to do banking.
Are we then to find ourselves looking at a business proposition where the telcos manage the technology and banks manage the money? In payment heaven, then, a customer buys a phone and can then choose whichever payment instrument best suits their requirements; or they may choose to allow their phone to host multiple payment applications. It’s their choice, and it’s not restricted by schemes, and it’s not restricted by bank: the phone interface allows the customer to choose between applications as necessary. And the banks must think this is great, because they don’t have the expense of issuing and reissuing physical plastic.
So far, everyone is winning! Maybe card schemes will lose out a bit because brand awareness may diminish as your flexible friend moves over for Moby, but this is easily outweighed by the revenue potential in converting cash payments to contactless payments.
The telco infrastructure has one significant, incontrovertible and uncopyable (is that a word?) feature: the ability to enable the issuing bank to maintain constant contact with the payment application, should that be necessary for any reason. Current technology, as advanced as we may be led to believe it is, only allows for communication at the POS, and then only in a specific and limited way. Chip and PIN has secured the transaction to a level commensurate with the average value of a transaction; however, contactless transactions cast the values of chip and PIN to one side – no PIN – except when they “fall forward” to chip and PIN, for security! The value of the contactless payment is that it is a cash replacement and that it is quick, that quickness fades if one in ten transactions needs to be re-played with a PIN.
Contactless card security is based on limiting the value of the contactless transaction and applying a 1 in n full chip and PIN authentication requirement. If this chip and PIN “fall forward” requirement appears in the middle of a contactless queue, it negates the whole contactless proposition, because the cardholder then has to be verified by the POS. This is simply “playing” at transaction processing, but then it’s still early days for the banks and there is a long way to go – possible point of competition for the telcos, who knows?
Chip and PIN “fall forward” is not required if the application is hosted on a mobile phone, and transaction limits disappear too. On the one hand, because of the bank-to-application interface, should the phone be lost – and most phone users will notice a missing phone very quickly – the payment applications can be disabled over the air, as too can the phone. On the other hand, whenever the application requires confirmation that it is still in the hands of its rightful owner, instead of requiring a “fall forward” transaction at the point of sale, the phone application can prompt the user for a PIN or passcode at any time (thereby removing the time-consuming, and potentially embarrassing queue hold-up requirement of the contactless card). On the third hand (should we get to the stage where a third hand is appropriate) transactions could be authorised in the “other” direction, and not via the merchant and the acquirer – I can see some potential here.
The industry is currently working towards some level of common standards. EMVCo, probably having seen their contribution to the mainstream payment standards waning a little, have recognised the opportunity and grasped the mobile standardisation nettle. The nettle has been grasped in an effort to ensure that all mobile devices are able to support EMV based contactless payment applications safely and securely, and they are already well advanced. The GSMA is also doing its bit, but their solution appears to pit the telcos in direct competition with the banks by simply turning phones into credit cards – the telcos then become credit card issuers and the applications available to the customers are the telco’s own, or that belonging to the telco’s issuing partner.
Opportunities abound for the mobile operators. They may have missed the original payment boat, but were they ever really going to set sail? I don’t think so. The mobile telcos were never going to be in a position to tickle a transaction like a bank, and the same is probably still true. However, they do have a solid and secure infrastructure, and can easily position themselves to add value to the contactless payment proposition in a way that the banks can only dream of; and they don’t even need to compete with the banks. The telcos naturally fit into the contactless multi-application infrastructure: they might not be able to tickle a transaction but they can certainly supply the feather.