MNO-led or bank-led?

[Paul Makin] This is one of the most common areas of discussion in the world of mobile money: should financial regulators allow mobile money to be offered by new market entrants, typically mobile operators – or should they restrict it only to those established financial service operators, the banks? And then there are markets such as Nigeria, where anyone BUT a mobile operator can apply for a licence.

At Consult Hyperion, we do not have firm views on this question. Each operator type has its advantages and disadvantages:

Scheme Type

Advantages

Disadvantages

Mobile Operator-Led

Agility

Proven ability to develop and manage agent networks

Limited financial service discipline (processes, security, etc)

Tendency to pursue customer numbers at the expense of service quality or security

Bank-Led

Financial service discipline: adherence to process, attention to security, etc.

Poor understanding of mobile phone infrastructure and process, leading to security issues

Poor understanding of agent acquisition and management

Limited understanding of the mobile money market and the typical customer’s needs

Third-party-led

Agility

Potentially all of the above!

 

So, which is the best? Well, as the table suggests, ‘none of the above’ would appear to be the answer. Mobile operators are often refreshingly keen to deploy the new service as quickly as possible, and embrace the challenges with gusto, which can be a very effective approach when developing a new business. They also have a proven ability to develop networks of agents, and to manage them effectively once they’re in place, which is a key element of a successful mobile money service. But they often also have a culture that allows them to cut corners, particularly in following processes, which can lead to the undermining of elements of security.

In contrast, banks are naturally risk-averse, and will only launch a new service once it has been proven to be secure. This can be a strength, as it leads to a robust service, but it also has the potential to lead to a service that meets the bank’s needs, and not the customer’s. The unfamiliarity in dealing with networks of agents can lead to poor availability of agents and liquidity problems. And we are aware of a number of occasions when a bank’s lack of understanding of the normal operating procedures of mobile operators has resulted in apparently impossible (to the bank) frauds being perpetrated without any attack against the bank’s systems being necessary.

But conversely we would suggest that ANY of these can operate a mobile money network successfully, if they are prepared to take a dispassionate look at their weaknesses and address the issues that are uncovered.

Mobile money platform migration

[Paul Makin] In recent months we have started seeing an increasing number of mobile money operators seeking to move on from their existing platforms, and migrating to new platforms. In general, rather than any capacity issues, this appears to be due to dissatisfaction with the existing platform, be it functionality, or reporting, or security, or any of a myriad of other concerns. Unfortunately, these replacement platforms seem to be selected too hastily, often giving the impression of mild panic rather than careful consideration.

As a consequence we are being asked more and more often to recommend a platform.  This puts us in a difficult position, because frankly we are not aware of a platform out there that we can wholeheartedly recommend. Consider the two broad classes of platform: those specifically aimed at, and developed for, this emerging sector of mobile money; and those that are adapted from the banking sector usage for which they were developed.

Pure mobile money platforms are often supplied by technology-focused organisations, whose roots are in the mobile industry – these can be suppliers of (for example) prepaid airtime systems, or network infrastructure, or billing systems, though pure mobile money technology startups are also prominent in this category. These organisations generally understand the technology at a deep level, and can (usually) supply you with a reliable transaction engine. But these platforms are generally deficient in the more mundane areas that, whilst not sexy, are absolutely crucial to the success of a service – areas such as:

·         Sophisticated reporting tools, for general management of the service, and for active fraud and money laundering detection and management;

·         Proper bank-grade security features, such as role-based access controls and countersigning of value movements;

·         Support for, and integration with, internal management processes, in order to develop institutional robustness;

·         Tools for the management and training of agents and agent networks.

In contrast, platforms evolved from the banking sector have many of these features already (with the exception of the mobile money-specific features, obviously), but they fall down in their adaptation to this new sector:

·         They are too closely fitted to the conventional operational and management structures of a bank;

·         The terms on which they are offered generally mirror the conventional business models of banks, for example by tying costs directly to customer numbers, which makes the platforms unattractive to mobile money operators (including banks wishing to offer mobile money services).

So what is to be done? Well ideally I’d like someone to offer Consult Hyperion and its Associates the chance to specify and manage the building of a second generation mobile money platform  – after all, we have probably unrivalled experience in this sector, amassed since 2004, across a range of mobile money operators and platforms. But back in the real world, I’d recommend that mobile money operators follow the conventional path of service development the world over:

·         Work out precisely what your organisation wants and needs, and document it in a detailed, formal Requirements Specification. And don’t limit this to just the technical requirements.

·         Use the Requirements Specification as the basis of an RFP, and issue it to as many reputable suppliers as you can identify.

·         Formally score the responses you receive, in order to establish an audit trail of decision making.

Generally, I’m hoping to see mobile money move over the next few years from the current ‘gold rush’ state, to a more prosaic ‘business as usual’ state of mind.

The mobile money paradox – if everyone wants it, why is it doing so badly?

 

[Susie Lonie] Ever since the launch of M-PESA in Kenya in 2007 the payments world has looked upon mobile money (MM), the precocious newcomer to financial services in anticipation.  There are in excess of 160 live MM services being operated around the world right now, but despite high expectations created by success in Kenya, only a handful have thus far reached critical mass.  (It is generally accepted that a MM service is successful, i.e. can break even and move into profit, when it has about one million active subscribers who are each performing at least one transaction per month.) To have less than 10% of these services successful by this standard six years later is pretty dismal and is the mobile money paradox: consumers want to buy it and businesses want to sell it; yet the industry is neither flourishing nor profitable.

So what is going wrong?

The runaway success of M-PESA in Kenya led many companies to believe that MM is an easy win at relatively low cost and with little effort.  Dazzled by huge customer numbers (for several years M-PESA recruited over 50,000 customers every week) and millions of transactions every day, most have failed to understand that M-PESA’s success in Kenya was neither cheap, nor easy.

The greatest cause of poor performance stems from the culture of the companies offering MM. Grounded in the assumption that it is closely aligned with their core business, telcos treat MM as a value-added service (VAS) akin to launching a mobile internet portal, blithely expecting it to fit within their normal operations.  Meanwhile, banks assume that it is just another kind of mobile banking service, closely aligned to their core business, and able to fit easily into their existing infrastructure.  Whilst MM shares many characteristics with both telecoms and banking, these assumptions are profoundly incorrect.  Companies that have succeeded, whether telcos or banks, have recognised that operating an MM service requires a dedicated team of specialists and operational procedures which depart significantly from their normal practices.  They have also recognised the need to invest significant sums of money into both internal operations and to marketing a new service to traditionally hard-to-reach consumers.

Launching MM is an expensive business.  Creating an agent (branch) network, training it, and maintaining the agents’ engagement in the early days when they have few customers, and therefore little revenue, is not a task for the fainthearted.  Each agent must be persuaded to invest their cash in an e-money float account; cash which could otherwise be used to buy traditional stock for their outlet.  Agents must be incentivised to provide a return on this investment which is sufficiently attractive for them to divert resource from their core business until the service reaches critical mass and becomes a significant income stream.  

Meanwhile, most target customers are utterly unfamiliar with the concept of MM and significant marketing effort is required to educate them on what the service does, how they use it, and why they should trust it.  This requires a hands-on “below the line” approach to marketing which is a far cry from the bank/telco preferred approach of offering high value customers the latest technology via large-scale multimedia advertising campaigns.

Another factor inhibiting success is a regulatory environment which is usually unclear and can be highly restrictive.  Most regulators are just starting to learn about MM, the opportunities to improve governance offered by the technology, and where the risks lie.  Meanwhile, the banking culture tends to be cautious and risk averse.  If in doubt they will err on the side of over-interpreting regulation and imposing restrictive practices unsuited to the low risk associated with low value transactions.  Further, banks nurture their relationship with the regulator very carefully and are disinclined to challenge inappropriate regulation for the new and unproven MM service and in doing so, potentially put their core banking relationship at risk.  Telecoms companies, on the other hand, generally do not have a relationship with the financial regulator and many do not understand the complexities of adhering to their requirements.  By nature telcos are entrepreneurial and willing to make mistakes and they have more appetite to push back to the regulator, if they have the internal expertise to fully understand their options.  Sadly, many do not have this resource and just accept a poor interpretation of the law as the way they must operate. This then becomes their excuse for lacklustre performance.  When regulation requires banks and telcos into formal partnerships, the cultural dissonance can lead to misunderstanding, delays, and excessive regulatory controls as the two compliance teams try to out-do each other as worthy upholders of the law.  

The MM industry is still underdeveloped and largely unproven. The opportunity it provides to serve the large segment of un- or under-represented “poor” is clear and the success in East Africa demonstrates just how transformational it can be.  However, many organisational and regulatory challenges need to be overcome for it to reach its full potential.  If these are not grasped and resolved, mobile money stands in danger of being written off as a niche product with specific application in just a few markets which “just happen to have the right conditions”.

 

Susie Lonie is an associate with Consult Hyperion. If you are interested in becoming an associate too, contact lindi.friel@chyp.com

Regulation of mobile money in emerging markets

[Paul Makin] There have been many articles written in recent months about the regulation of mobile money in emerging markets, and to those of us who work in this field every day of our lives much of the talk sounds remarkably misinformed. For example, the suggestion is that mobile money has not taken off in some markets because of the failure of the key players to “define, articulate and communicate the benefits of using the service to prospective customers”.

On this analysis, it seems that we in the industry have simply failed to develop services that meet customers’ needs. I beg to differ. There are shortcomings, yes, but I strongly argue that the effect we’re seeing is the result, in most cases, of misguided regulation.

There is one country that illustrates this well. For the most well-intentioned of reasons, Nigeria has ended up with mobile money regulation that is spectacularly far from what the market needs. Consider the following points.

First, the question of sustainability.  More than almost any other business, mobile money depends on scale – so licensing 19 operators in Nigeria (9 yet to launch), all of whom have to start from scratch, almost guarantees that all will struggle for a long time to build a self-sustaining business. Surely what we all want is a healthy mobile money sector, and if that means limiting licences to three or four, at least in the early years, would that not be a price worth paying?

Second, no mobile operators have been licensed, though they may operate a platform as suppliers to a licensee. This is reportedly because the Nigerian Regulator has seen the success of M-PESA in Kenya, and does not like what he sees. I have heard similar comments from regulators a number of times in the past, and I really struggle to see precisely what harm M-PESA has done to Kenya.

Third, the hot topic of interoperability. Almost all regulators love this one (and the Nigerian Regulator is no exception), as it sounds so good; make sure that everyone can send money to everyone, regardless of operator, and try to enforce efficiency by making all the operators share agents. But this is simply nonsense. The “send to everyone” requirement is most efficiently met by allowing all schemes to implement a “send to unregistered customer” capability (which, by the way, is not a money laundering risk if it is implemented properly, as a message to the recipient to tell them there is money waiting for them, and all they need to do in order to withdraw it is to register – the promise of money is always a good incentive). Further, it is common for people in sub-Saharan Africa to carry multiple SIMs, so the idea of being registered for multiple mobile money schemes will hardly be a shock to them.

The other aspect of interoperability that regulators seek to enforce is agent sharing. Let’s pick that apart for a moment. I, as a mobile money operator, must invest money in equipping an agent, in ensuring that their premises are suitable, that they have sufficient cash on hand, and (most importantly) in training them and their staff, together with regular refreshers as they turnover staff. Once I’ve spent all that money, all of my competitors can then come along and use that agent without making any investment, because interoperability requires it. Please tell me then, why is anyone surprised that there has been insufficient investment in agent networks?

There is one aspect of interoperability that neither the regulators nor the mobile money industry have so far addressed in any meaningful manner, and that is in ensuring mobile money acceptance in shops and at small merchants. As a mobile money customer, the utility of any scheme is vastly increased as the number of places I can spend my money increases – would anyone in Western Europe be impressed with a scheme that could be loaded at a local shop, but all you could then do with the money is to send it to a relative, or pay a bill?

Shop/merchant acceptance is the next frontier of mobile money. I just hope the regulators don’t enforce solutions based on the old technology of switches and acquiring networks – but that’s a subject for another post.

Hammering out an app at the Digital Wallet Foundry

[David Hearn] The purpose of the Digital Wallet Foundry events is to inspire disruptive ideas about digital wallets in a variety of sectors, and to encourage those ideas to be developed into demonstrators or proof of concepts. These entries are judged at the end of each event to see who has the best business case and proof of concept. The event I attended was on payments.

I had intended to attend just the first two days, to hear the industry leaders, and to grow my technical knowledge about Microsoft Wallet and Azure. What actually happened was quite different.

Day one was all about ideas and thinking around payments, mobile and wallets. The speakers included Tim Jones (CEO NEST), Shaun Terry (Head of Mobile Development, Barclays UK), Ricardo Varela (BlueVia, Telefonica’s global developer platform), John Conlon (Barclaycard) and Steve Ellis (Metia). Towards the end of the day the talks became more technical, including sessions from Fortuma and FreedomPay, before switching to Andy Wigley from Microsoft who gave a good technical overview of the Microsoft Wallet included in Windows Phone 8. We also heard Shaun Terry talk about how Barclays, for the Pingit project, had adopted a start-up culture and pushed everything through in 90 days, much faster than the normal development cycle in banks. I enjoyed the day and felt I’d learnt a lot by the end of it.

Day two was to include a talk on Azure, Microsoft’s cloud computing platform. The rest of the time was for the ‘hackathon’, free time to develop your app, with support available from Microsoft. When I was at home in the evening I was having second thoughts about returning for Day two. Andy Wigley’s “Digital Wallet 101 for developers” session had been very thorough and I’d gained the knowledge I’d hoped for. Being able to spend the day on outstanding development work would be really helpful as I was very much focused on some development work using the Miura Shuttle Chip& PIN device to create a demonstrator that our business development teams could show off to potential customers.

As part of this work with Miura, to allow us to produce relevant software for iOS and Android, we wanted to as much code-reuse as possible – between these two platforms, and from existing libraries we have developed in-house over the years. We had decided to use Xamarin.iOS and Xamarin.Android (formerly MonoTouch and MonoDroid) for the apps, allowing us to have a common core library for the payment processing and Miura Shuttle reader logic. The core library would be developed as a Portable Class Library in C# using Visual Studio 2012. The applications would then be native applications built with Xamarin tools. These would consume the core library whilst implementing user interfaces and Bluetooth connectivity using native iOS/Android APIs and UI elements, making the apps look just like any other iOS/Android application despite being written in C#.

So I had a dilemma – continue with this pressing demo work, or return to the Digital Wallet Foundry? It was then that I had the idea of porting this work to Windows Phone and trying to have a working demo for the Friday.

I could progress the software I was working on, whilst having a submission for Digital Wallet Foundry that would be able to show off our software development competencies. It would mean a huge amount of work – I was nowhere near completing the core library and hadn’t yet processed any responses from the reader, nor even attempted initiating a transaction. After all, the demo wasn’t due to be completed until mid-April! In addition to greatly progressing the core library, I’d need to develop some Windows Phone specific parts – the Bluetooth connectivity along with the user interface. I thought it might be good to somehow include some Microsoft Wallet integration, but with the amount of work already needed, I thought it would be too much.

Therefore, I returned to Modern Jago for Day two, attending the Azure session and working on-site, knowing that Andy Wigley was around should I need any developer support. As it turned out I was able to make good progress, and got the basic Bluetooth communication between the Windows Phone and the Miura reader working before leaving. Thanks to a kind and understanding wife, I worked through the evening adding more functionality to the core library. Days (and evenings!) three and four were spent in Guildford at our office working on the demo and by the end of Thursday I had a demo which would accept Chip & PIN and magstripe cards, and display the (masked) card details in-app. The transaction amount was dynamic and displayed on the Miura reader’s display, and the card details displayed in-app were actually being read off the card.

On the Thursday I managed to add Wallet integration as well, creating a custom payment instrument card which represented the merchant’s account. Whenever a transaction was ‘approved’ (as this was a demonstrator, no host communications or approvals take place), the amount of the transaction gets added to the merchant’s balance in the Wallet. Additionally, the transaction details (amount, description and customer) get added to the history of the Wallet, allowing the merchant to quickly identify the transactions.

On Friday morning, just before I left, I discovered a bug when using a different card type, but thankfully I managed to get a seat on the train and by the end of the journey to Waterloo I had identified the problem and nearly completed a fix for it. I arrived at Modern Jago with about an hour to go before judging was meant to start and had time to complete the fix, perform additional testing and be confident the application would work as expected when presented. There would still be more work to do to complete the demonstrator for our sales team, but I had made significant progress with the core library.

There were four entries, and I was the third. As the purpose of my entry was to demonstrate our development skills and the technology in action, my presentation was very much focused around the app I had created – I had no PowerPoint or charts. I spoke about Hyperlab and what we produce, particularly how our demonstrators aim to really work with the technology they demonstrate. Basically if our consultants say something can be done with a technology, then Hyperlab can prove it. The demonstration worked without any hiccups, and I felt pleased with what I had presented.

After the judges returned from their discussions they declared that judging had been difficult, particularly with the difference in team sizes and experience, but that the winner was the six man Barclays team, with a payments app called Zoosh. They had produced a good business case and presentation, and had done well producing a Windows Phone app coming from an iOS background. Their prizes included a generously funded meal for the team, and Finnovate tickets, where the judges hoped the team would present an enhanced and improved Zoosh to attendees there. All entrants received a Nokia Lumia 620 as well, so I think everyone left happy!

Overall, it was an excellent week – great speakers and a chance to learn useful and exciting new skills. My thanks to Microsoft for organising it.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Mad man, for a day

[Dave Birch] As part of Advertising Week Europe, I was invited by Weve (the UK mobile commerce joint venture between EE, O2 and Vodafone) to come along and take part in the festivities at BAFTA. Tony Moretta from Weve asked me if I would, in a Jesuit tradition of being able to stand in your opponent’s shoes, argue that NFC has no future. Tony knows that I don’t actually believe that, but he wanted someone well-versed in all of the pros and cons to step up to the plate as a “hard but fair” debate opponent in front of the assembled hordes of people in designer spectacles.

Untitled

It turned out to be a fun day. In the morning I went along to the breakfast, sponsored by Weve, with David Sear (the new CEO of Weve), Olaf Swantee (the CEO of EE), Ronan Dunne (the CEO of Telefonica O2) and Guy Laurence (the CEO of Vodafone UK). Over the muesli and herbal tea I listened to a very enjoyable (and educational) conversation about how the CEOs saw the company evolving and what its propositions would be. They spent a lot of the time talking about advertising and location-based SMS targeting and such like. They did mention payments a couple of times, but as David pointed out the whole payments thing seems a bit complicated so they’re not focusing on it for the time being. The one comment that did make my ears prick up was when someone from the floor added the elephant to the room by asking how the UK MNO joint venture would deal with competition from the OTTs (ie, Facebook, Google etc). Guy made a very interesting and strategic point: he said that the key thing that Weve had that the OTTs didn’t was authenticated identities with billing relationships.

NYC Montage

When it came to the debate I decided on a two-pronged attack, so I stood up and (using the montage of a New York coffee shop above as my backdrop) argued that NFC has no future because

  1. It doesn’t work. I rather ungenerously used the example of Transport for London’s landmark implementation of contactless technology. You can ride a London bus using an NFC phone. Or at least you would be able to if you could go to any of the mobile operators that are part of Weve and buy an NFC-capable handset with an active Visa, MasterCard or Amex payment application on it that will work on a London bus. Which, at the time of writing this piece, you can’t. Despite the fact that the first (very successful) pilot of phone use for Visa payment and Oyster transit was six years ago. So why no progress? Because it is so complicated and so expensive to implement that no-one is bothering.
  2. Even if it did work, it’s irrelevant. This is because the mobile revolution in retail isn’t about getting rid of cards, it’s about getting rid of POS. Look at the montage. That corner coffee shop in New York accepts more methods of payment than you can shake a stick at (and almost all of them have nothing to do with cards). They have an iPad and when they press the “pay” button I couldn’t even tell you how many choices come up. The picture shows me using PayPal, but I could have paid with LevelUp. Either way, I paid using my phone without a proximity interface. So, I argued, even if you lot (ie, the mobile operators) ever do get your act together and put out a working mobile wallet with an NFC interface, it will never be used.

I thought that my terrific one-two would lay Tony out flat, but he ducked and weaved with some fancy footwork around the fact that NFC is simply more convenient than pfaffing about with apps, and in the end that’s what counts. I thought he might go below the belt and say that I was focusing on payments and that advertising people can have fun with NFC without sorting out the secure element (SE) issues that none of us went into in front of the mad men (and women). I suspect he may well be wrong about this, since I’ve written before about the need for security even in simple tagging applications, but he had a good point. NFC has come to mean “EMV over an NFC interface via SWP access to an SE” in industry parlance whereas it is simultaneously much more, and much less, than that.

Tony and I didn’t get in to this in detail in the debate, but Weve’s shift away from payments makes a lot of sense. If the industry focuses on payments only, there are problems. Look at the numbers. In 2008, Frost & Sullivan said that NFC would be “widely popular” by 2015. Juniper in 2011 put the global NFC mobile payments market at $50 billion by 2014. A115 said mobile payments in Europe could reach €250 billion by 2014. In 2010, Frost & Sullivan quantified and said that they expected the total payment value for NFC globally to reach €111 billion in 2015, with €42 billion of that in the EU. They are now projecting that almost half of all mobile payments in Europe will be NFC by 2015 (while TSM revenues would reach €330m) and that by 2018, more than a third of the phones in Europe will ship with NFC. Last year, Gartner estimated the global mobile payment market at $670 billion in 2016, with the market 80-90% non-NFC (that’s still €100 billion+ NFC). Now

Forrester forecasts that US mobile payments will reach $90B in 2017, a 48% compound annual growth rate (CAGR) from the $12.8B spent in 2012.

[From US Mobile Payments To Reach $90B By 2017 – Forbes]

They also forecast that nearly half of this will be mobile proximity ($41 billion). So is that a market to start chasing? Tough question. In the UK, there is only one NFC proximity payments handset on sale (the Orange/Barclaycard QuickTap) and virtually no transactions. In the US, where ISIS is getting off the ground, the market is nascent. The volume is taking a lot longer to arrive than was originally thought. Yet, as observer after observer is saying, there is little point in chasing it if the fees are the goals. The value of payment data is far greater than payment fees, which are in any case trending asymptotically to zero. This is, of course, where people like Weve can make a new business. Payments (NFC or otherwise) are a necessary but not a sufficient component of a successful wallet infrastructure. Can Weve deliver that component? I go back to David Evans’ characteristically accurate summary of the situation, which is surely correct.

The source of my skepticism is—I think that the likely role of the carriers in payments is basically being a pipe. It’s not clear that they really have any relevant skills needed for running mobile payments, and I think that it’s more likely that they’re going to turn out to be a very important source of pipes for other people developing mobile payments alternatives.

[From The Future of Mobile Payments]

What the carriers should be doing is coming together to provide common wallet infrastructure, not the wallet itself. (And one of the most important elements of that infrastructure, per Guy’s comment at breakfast, is token-based identity management and two-factor authentication.) Hence my response to the last question in the debate session. I don’t see me walking into to Waitrose and paying with a “Weve wallet” in five year’s time, but I can see me paying with my “Waitrose app powered by Weve”, which is why I am enthusiastic about it.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Social-ism

[Dave Birch] Someone asked me the other day what the big trends are in identity, so I told them the same that everyone else is telling them. We all know what the deal is here…

But four megatrends are ripping that reality apart – cloud, social, mobile and big data. The world looks very different today than it did even five years ago.

[From 4 Megatrends That Will Transform Online Identity – Forbes]

I had these trends at the back of my mind yesterday when I had the honour to chair the GSMA’s session on “Mobile Identity: Opportunities and Challenges for Service Providers” at the Mobile World Congress in Barcelona. I had the great good fortune to have a first-class set of speakers, each putting forward a different perspective:

  • Harm Arendshorst who is Head of ID Services, EMEA from Verizon Business Services.
  • Sabine Mcintosh, Director, Managed Identity Business in EMEA for Global Transaction Services.
  • Doug Daberius from NokiaSiemensNetworks.
  • Patrick Fischer, who I mentioned in a previous post when he was at Deutsche Telekom.
  • Daniel Gurrola from Orange.

The discussion that followed, driven by questions tweeted in to me live during the session, was pretty wide-ranging. A couple of points stood out and I wanted to flag them up before I move on to my main point.

First, and I will come back to this on the blog, was the issue of security. Once again, the first set of questions that I saw pop up on my iPad were about mobile devices being lost or stolen. The panel agreed with me that actually this should be a strength for the mobile proposition, not a weakness, but the proposition needs to be refined and communicated with this in mind. Secondly, there was a fascinating discussion about M2M security (or, more properly, lack thereof) which I think has important implications for the development of the sector. And finally, Sabine made some points about the distribution of liabilities which while they might be familiar to people who spend their lives in the identity space are new to mobile stakeholders and deserve amplification and investigation.

The main point that I was left thinking about, though, came from Daniel Gurrola. This is a telecoms-centric event, so Daniel’s warning to his fellow operators that they risked giving the identity opportunity away to the “over-the-top” (OTT) players went to the heart of their strategic concerns in this area. The risk, essentially, is that OTTs such as Facebook will become the consumer’s preferred means of identifying and authenticating themselves for mobile services and bypass the operators.

There was a presentation by Denis Joannides from “Innovation District” on the use of these social networking identities at Identity.Next in The Hague. They showed a slide from Gartner which predicted that within a decade we would be using our social network identities for corporate, consumer and government log in. Can this really be true? The audience in the The Hague seemed sceptical but the strategic implications ought to form part of the discussion in any organisation planning for the medium term. In its December 2012 research briefing “Where Social Networks, Payments and Banking Intersect“, the Federal Reserve Bank of Kansas City’s Payment System Research Department rightly caution that “just as social networks create opportunities for commerce, they may also unintentionally introduce risks such as breaches of privacy, fraud and even money laundering”.

Denis was talking about the “Gini” platform, which takes the mechanisms of social networking identities (OpenIDConnect, OAuth and multiple identities) and wraps them with some other stuff to turn them into “trusted” (put to one side what that means for a moment) identities that can be useful to financial services organisations. The system went live last September for the Aegon life insurance company in the Netherlands.

While the security guys in audience didn’t think much of PIN codes and mailing activation codes in the post and such like (and I’m not sure about these either), I understand exactly the point that Innovation District and Aegon were making: if you add some strength to the social networking identity, then it could well become a trusted identity in some way. But is this wise?

As people tie their social networking identities more closely with their in-real-life personas, the idea of cross-referencing social identity data to authenticate users on the Web and in the enterprise continues to gain steam. The Secretary of State in Washington offered a prime example of this drive earlier this month by unveiling a new voter registration Facebook app developed by Microsoft that cross-references Facebook identity data with state information to confirm potential voters are who they claim to be before entering them in the voter rolls.

[From Security Snags Loom Over Social Login – Dark Reading]

I’m uncomfortable with this. Even if you completely trust Facebook and LinkedIn and Google and Twitter do you really want them to know everything you are logging in to? Surely we need to use the same underlying mechanisms as them but use them to deliver a different kind of identity. These mechanisms already exist — we don’t need mobile operators to invent them — but they haven’t become pervasive yet. Perhaps the role of the operators is to implement this stuff in a better (ie, both more convenient and more secure) way.

It is already four years ago that Google announced that all Googlers could use their account as OpenID to login to (an)other website(s). Supported by major providers such as FaceBook, Google, Microsoft and PayPal, OpenID was intended to become the worldwide standard to set the consumer free from his or her massive number of passwords. Now, in 2012, all consumers are still using many different passwords on different website(s).

[From How is your OpenID doing? | Papierloos informatie over digitale identiteit elektronische handtekening en betrouwbare uitwisseling]

I’d really like to have a handful of identities — perhaps my personal (ie, Passport) identity, my work identity, my family identity and my play identity — that I could use to log in everywhere. If web sites want to track my play identity around different games, then fine. I don’t care, so long as they cannot connect that play identity to my personal identity except with my explicit permission. My mobile phone is the obvious mechanism for me to manage those identities, authentications and permissions. If the operators don’t enable this, other people will. There may be some challenges, but I’d prefer the mobile operators to focus on the opportunities and get moving: there are many stakeholders who could benefit from 

Fighting technology with technology seems most promising—by replacing ID cards with phones.

[From Fake ID cards: Identity crisis | The Economist]

One final point about mobile. Long ago, we said that the disruption in mobile payment would come because of the acquire side, because cashlessness is about universal terminals. Similarly, the disruption on the mobile identity side will come about because mobile phones can check identities, so let’s not forget about that side of the mobile operator business model.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Identity is an opportunity for mobile operators in an API world

[Dave Birch] Yesterday I was invited along to a pleasant get-together amongst payment luminaries. It turned out to be an excellent evening and gave me an opportunity to bore some important people at great length.

Untitled
Explaining the offside rule to Sean Park from Anthemis.

After a couple of glasses of champagne I found myself talking to a senior payments executive. He asked me what I thought the next big things in payments would be: I said identity is the new money (as I always do), payments data is worth more than payments (as everyone always does), and that APIs were the new competitive front (as I have begun to in last few months). I was working on a report on APIs for one of our clients this morning, and I googled something and discovered just how unoriginal my perspective is:

At the Defrag conference in Broomfield, Colo., this week, three themes came in the forefront: APIs, identity and data.

[From 3 Pillars Of The New Business World: APIs, Identity, and Data | TechCrunch]

I agree with this analysis wholeheartedly and I will be posting endlessly about all three in the year to come, naturally, but first I want to make a point about APIs. We need more than just payment APIs to make mobile commerce work. The December 2012 edition of the TM Forum‘s Digital Life report has a nice piece by Annie Turner looking at ten hot areas for innovation (focusing on the telecommunications industry, of course) across the coming year. A couple of them I agree with very strongly, such as the transition to prosumer networks and the rise of the machine-to-machine business opportunities. Some I’m not sure about, such as the need for innovation in execution. But it’s her last point that interests me the most. She says that communications service providers (CSPs), just like a great many other businesses, will find themselves in API-based businesses. Observers are already saying that this will be $100 billion plus business within a couple of years, so learning how to compete in an API world is an immediate priority for a great many organisations and, I have to say, a great many of our clients. It’s particularly interesting to me that the second-largest category of API in the market projections she uses (in this case, from Alan Quayle’s webcast) is the billing of non-digital goods by CSPs.

Given that many of us think that mobile wallets are going to be hot, and that these mobile wallets will want to access fairly standard APIs, I think the track record in the telecommunications sector is fairly poor the moment. The GSMAs “OneAPI” initiative hasn’t really taken off yet and the other Tier 1 operator’s own API programs (such as those from AT&T and Telefonica) are in their early phases. Naturally, given my perspective, I see the API-powered smart pipe in simple terms, exposing digital identity, digital money and digital network APIs. It’s another matter whether the CSP or third-parties provide the services that sit behind those APIs.

We already have carrier billing and location-based services, so we can imagine what the digital money and digital network APIs might look like, but we don’t yet have any identity-based services, which might suggest to some observers that for the CSPs at least, a strategy toward identity ought to be a priority. It might be preferable to have a sector-wide approach that helps mobile operators, in particular, to provide network-centric identity services. Actually, I’ve already one such approach put forward: Operator-ID. Operator-ID was proposed at the GSMA Mobile Identity meeting in Nice last year. The proposal is based on the use of OpenID Connect to deliver a basic, practical and interoperable federated identity solution for mobile operators.

OpenID Connect performs many of the same tasks as OpenID 2.0, but does so in a way that is API-friendly. OpenID Connect can also be extended to include more robust mechanisms for signing and encryption. Integration of OAuth 1.0a and OpenID 2.0 required an extension (called the OpenID/OAuth hybrid); in OpenID Connect, OAuth 2.0 capability is built into the protocol itself.

[From Connect | OpenID]

The GSMA have very kindly invited me to chair a panel on “Mobile Identity: Opportunities and Challenges for Service Providers” at the Mobile World Congress in Barcelona next month (at 2pm on Tuesday 25th February) and I’m delighted to say that Patrick Fischer, who presented the Operator ID proposal in Nice, has kindly agreed to one of my panelists, along with representatives from Verizon, Citi and Nokia Siemens Networks. Look forward to seeing you there.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Mad men

[Dave Birch] My prediction for 2013? We’ll be in New York a lot more! Consult Hyperion have been Mad Men for a couple of months and CHYP USA Inc. is open for business. We’re at 535 Madison Avenue, New York, NY and our new joint Managing Directors there, Lanny Byers and Howard Hall will be happy to hear from you.

madave

Lanny and Howard bring more than half a century of expertise in digital money and digital identity between them and we’re delighted that they agreed to come on board.

  • Lanny Byers brings over 20 years of experience in the electronic payments industry in card program management and consulting. Having held SVP and GM positions within Card Groups at Bank of America and Western Union, he has since gained 11 years’ consulting experience, first at MasterCard and more recently with his own independent consultancy delivering payment and loyalty solutions.
  • Howard Hall, a veteran of the start-up and early stage technology arena, has extensive background in electronic security and identity having built and sold several companies including Vericept to Trustwave and most recently Riverglass to ASG Software.

As many of you probably know, Consult Hyperion has had customers in the USA for many, many years and these have included industry leaders in the retail electronic transaction space such the major payment schemes, innovators in the mobile payment space and key players in transit ticketing. But we’ve decided to take the extra step of creating a US presence and bring on board as US team at this time because we think there are a great many organisations in the US who will want to take advantage of our wholly independent (we are not tied to any suppliers, nor do we develop our own products) help to design, develop and deploy transactional solutions.

Oh, say can you see... etc etc

So why now? There are three main reasons for making the decision to create a US subsidiary now:

  1. The US liability shift and EMV migration. We know how to help organisations go from stripes to chips without wasting money. In particular we already have experience as independent consultants to US banks migrating from stripe to chip in Europe as well as experience helping Canadian organisations (including Interac) do the same. And we have specific experience in helping transit operators move to chips too.
  2. The explosion in mobile. We know how to help organisations go from chips to devices following flexible product and service strategies. We’ve worked on mobile payments and mobile identity for some of the world’s largest telecommunications companies, including Vodafone, Verizon and Telefonica.
  3. The escape to the cloud. We know how to help organisations go from devices to clouds without opening up cracks in the systems that might be catastrophic downstream. We’ve been chosen by start-ups and legacy providers alike to help develop new online transaction systems and perform the crucial risk analysis that such systems demand.

Transactions are hard. They have to work every time, at scale and in the face of everything that people and technology can throw at them. Making them secure means understanding the technology, the business and the social context. We have track record of doing this, stretching back to our very first assignment for the Bank of England Central Gilts Office in 1986, and are looking forward to support organisations in the US who want to do the same.

You can follow CHYP USA Inc. at @chypUSA and continue to keep up with the latest thinking at the intersection of digital identity, digital money and digital networks at Tomorrow’s Transactions, where our US team will soon be posting their perspectives on the evolution of the secure electronic transactions in the US..

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Lessons vs models

[Dave Birch] The “Mobile Wallet Report” article about NFC that I just blogged about has a key takeaway that I wanted to mention: that the US market is not a blueprint for other developed markets. This has been a central element of the mobile roadmaps that Consult Hyperion has developed for clients for the last decade. The US market and the European market can, and will, learn from each other and swap ideas and innovations. But they are very different markets. This is also true, in my opinion, of the Japanese market.

In Japan, where handsets featuring Felica contactless technology account for more than 60% of the total number of handsets, takeup of the technology is relatively low – reportedly around 15% of Felica handset users – and is largely confined to public transport. It is not used much to pay for goods in shops – even though leading Japanese carrier NTT DoCoMo made a huge investment in helping retailers pay for the rollout of Felica-enabled payment terminals.

[From Mobile industry too focused on NFC: part 1 | Telecom Asia]

Oh man. So mobile proximity is toast. But wait a moment. At SIBOS this year, Dr. Kiyoyuki Tsujimura of NTT DoCoMo said that

They have 120 million NTT customers and 60% are using mobile payment enabled handsets. Of those, 60% are using mobile payments at least one a week, which means that around 50 million Japanese people are making a mobile payment on a regular basis.

[From The Financial Services Club’s Blog: NFC has been strangled at birth]

He also said that people do use it in shops. A paradox? Not really. Dr. Tsujimura clearly indicates that the Japanese public do not use it in shops because of payments. Instead he confirms the general meme that non-payment identity-centric services are the things that shift consumer behaviour.

They use it for convenience and financial benefits as the merchants are issuing ecoupons at the point of sale (POS) with additional discounts if they use mobile payments.  Merchants also like it, as they have no cash to deal with, and they can get 1:1 marketing benefits by having the customer’s mobile details.

NTT also provide money transfer via mobile, but it’s not competitive with banks as money transfer is limited to a maximum of 120,000 yen (about £1,000 or $1,600) in a single transaction.

[From The Financial Services Club’s Blog: NFC has been strangled at birth]

We’ve always said, in our analysis and roadmapping work for clients, that the Japanese market is a special case that may contains lessons for us but is not a template for us (i.e., US and European markets). There are obvious structural reasons for this.

When asked why mobile payments had succeeded in Japan, Tsujimura-san said that “we are the largest operator in japan with 50% market share in mobile, so we set the standard for how customers deal with mobile payments”.  In a fairly typical Japanese statement of the world, he then asserted that “we are leading how customers use mobile payments”.

[From The Financial Services Club’s Blog: NFC has been strangled at birth]

Some people draw a similar conclusion from Kenya, pointing out Safaricom’s huge market share, although they forget that it was nothing like as huge before M-PESA launched. Kenya could be a template for other emerging markets, in a way that Japan could not be a template for other developed markets, but it won’t be.

Back in March 2012, Citi’s Global Perspectives & Solutions (GPS) published a report called “Upwardly Mobile: An Analysis of the Global Mobile Payments Opportunity“. The report actually highlights the two cases of Japan and Kenya and looks at them in some detail. They present one as the obvious case study for the developed world and the other as the obvious case study for the developing world and says that they are likely to “serve as prototypes the future mobile wallet initiatives” although I have to say I find this unlikely. The market conditions, and the regulatory environment, were in both cases unique. And, as Citi point out, the Japanese merchant funded mobile wallet and the Kenyan user funded mobile wallet are completely different beasts. They have almost nothing in common and frankly the 9.5 million acceptance points in Japan and the 32,000 agents in Kenyan are apples and oranges: there is no reason why both system should not exist in parallel, sitting inside the same consumer mobile wallet.

There is doubt that we can find interesting lessons from the evolution of mobile payments in Japan but I cannot see the market conditions there being replicated in other developed economies and certainly not in the US. In the case of Kenya, we’ve already seen how the regulatory environment in other emerging markets has served to hold back the development of mobile payments and the idea that another similar scheme could sneak past the regulators to achieve scale is far-fetched.  It’s important to study these cases and learn the lessons from them to take into other markets but we mustn’t be too superficial in our analysis. If we going to learn any lessons that they have to be the right stop

 

 

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.