In all conscience

I’m giving a keynote at the Smart Card Alliance conference in Chicago in a couple of weeks. It’s going to be about EMV in the USA. I’ve just been mulling it over, and once again looked at Deborah Baxley’s neat summary of the immediate future for the US cards business:

Banks scrambling to replace lost fee revenue will likely shift focus to credit and prepaid, impose DDA and other fees, along with new account services and comprehensive pricing packages.

[From Changing the Game in Cards – pymnts.com]

It’s not just banks who have to rethink their strategies because of developments in the payment sector. I note that in the UK, according to the Centre for Economics & Business Research reported in Fraud Watch 6(18), nearly 100,000 people were victims of direct debt fraud last year, a direct consequence of the use of chip and PIN at retail POS. As card fraud has become more difficult, the criminals have shifted their focus. Direct debit fraud was one basis point of identity fraud cases a decade ago, now it is a tenth of all cases. Criminals have to adapt to chip and PIN just as banks and merchants do.

A GROUP of seven postmen intercepted letters containing credit cards, switched the microchips of the cards with fake ones and then delivered them to the applicants… the syndicate also had the help of a National Registration Department (NRD) officer who supplied them with the names of the mothers of the real credit card applicants

[From 7 M’sian postmen nabbed for credit card fraud]

It’s interesting to think like a criminal. Well, sometimes. In Chicago, two men were shot by guards while trying to rob a cash transit.

The dead suspect was identified as Jimmy Townsend, 52… a convicted felon and was sentenced to 10 years in prison for two separate armed robbery convictions.

[From 2 suspects shot, one fatally, in armored truck heist – Chicago Breaking News]

Armed robbery is a bizarre crime. I think I’m right in saying that in the UK the average sentence is longer than that for murder. In the US, Mr. Townsend spent years in jail for it, and then got killed doing it again. How dumb did he have to be go back to trying to rob armoured cars. If only he read the Digital Money Blog, he would have known that there are much easier targets.

The heavily-armed gang made off with the tournament jackpot of 242,000 euros ($327,000; £217,000) in early March. Police said a 28-year-old Lebanese man, the fourth arrested in connection with the raid, had been detained on Sunday.

[From BBC News – German police arrest poker tournament heist suspect]

OK, so not all of them got away, but casinos are not a bad idea for enterprising criminals. They do have lots of cash, and often the people in them will not report cash as stolen.

Masked men have stormed a packed casino near the Swiss border city of Basel, making off with hundreds of thousands of francs, prosecutors say.

About 10 raiders pulled up at the Grand Casino in two cars just after 0400 (0200 GMT) and smashed their way in, brandishing machine-guns and pistols. The French-speaking gang ordered the 600 guests and employees to the floor while they emptied registers.

[From BBC News – Switzerland casino is robbed by armed gang]

Criminals follow the path of least resistance. I hope Bankerstuff don’t mind me quoting from a marketing e-mail they sent me concerning a forthcoming webinar.

A Former Bank Robber Shares Security Insights During Live Webinar on April 28 from 2:00 – 3:00pm Eastern

Troy Evans pursued a career as a self-employed addict, drug dealer, gambler and thief for more than 15 years. Ultimately, his disregard of values and discipline resulted in a 13 year federal prison sentence. Facing the obstacles, pressures and violence of prison life, he was determined that his time behind bars would not be wasted… Having met and interviewed over 300 bank and credit union robbers he is able to give us a “look into the mind of the enemy”. Troy answers questions such as… What can financial institutions do to deter a desperate criminal?

I would have thought than an obvious idea would be to not have any cash since, as another bank robber famously remarked, he went “where the money is”? When it comes to card payments, the money is in getting hold of card details and (because of the switch to chip and PIN) PINs. Here, the criminals soon adapted their strategies to deal with the new instruments.

Victorian Police believe international crime syndicates are bribing shop workers in return for access to EFTPOS terminals as part of an elaborate scam. They believe criminals have stolen as much as $80 million from Australian bank accounts over the past year…

The syndicates install cameras in ceilings to film people entering their identification numbers.

[From EFTPOS scam costs Australians $80m – ABC News (Australian Broadcasting Corporation)]

They’re using these PINs (since they can’t make counterfeit chip and PIN cards) with the card details to withdraw cash from ATMs. Once all of the cards and ATMs are chip-only, this avenue will be closed to them. Thus while chip and PIN isn’t perfect, it’s good enough to push criminals into other channels. So: a thought experiment…

Suppose we improve the security of payment systems to the point where they cannot, effectively, be broken. Theft, fraud and hacking are not possible. Where would criminals go next? I think they’re spoilt for choice, so relatively small improvements in payment security would send them off to pasture news.

The poll of 533 firms shows that 55% experienced fraud in the last 12 months, with 61% of these hit more than once, a similar picture to the previous year. In total, 75% of the businesses participating in the study experienced online account takeover and/or online fraud.

[From Finextra: Account takeover fraud plaguing US small businesses]

SME account takeover seems much easier than armed robbery and much more profitable. The so-called man-in-the-middle attacks on OTP systems for remote access to baking accounts are an established attack vector.

According to BillingScore, 19.4% of the value of all transactions in the U.K. premium rate sector are fraudulent, or roughly £1 on every £5 spent. “With the premium rate sector in the U.K. mobile industry currently worth in the region of £700 million, this equates to £135.8 million per year being lost to fraud in the U.K. alone,” the company said.

[From UK mobile operators ‘hide’ £136m annual fraud loss]

A fifth? As opposed to a few bp in cards? I predict that any forward-looking criminal in this scenario will be eyeing up the telecommunications opportunities. So let’s look at what some forward-looking criminals are doing. I think criminals in eastern Europe are a useful barometer, because they tend to be well-educated and computer-savvy. And they get arrested for time to time so we can see what they get up to. Here’s the stash of Romanian hackers arrested last year. You will, of course, note that it does not include low maximum balance prepaid cards or accounts.

77,350 euros, 49,000 U.S. dollars, 64,860 pounds, 60,645 lei, a luxury watch, a rifle, three pistols and 150 grams of gold. 70 laptops, 165 mobile phones, 35 desktop computers, 15 modems, new servers, 10 blank cards, 2425 SIM cards…

[From CyberCrime & Doing Time: Nicolae Popescu, Romanian hacker, at large!]

So not only the usual euros and dollars, but also gold (clearly the hackers were diversifying) and also two-and-a-half thousand SIM cards. Two-and-a-half thousand! Here are people taking the messages of convergence, future-proofing and cloud payments quite seriously. As Eric Schmidt said when still with Google, if you don’t have a mobile strategy then you don’t have a strategy. Now, if you’re like me, you will wonder what on Earth they are going to do with these SIMs. Then I remembered something that I’d read a while ago.

Only days after almost two million Bulgarians registered their SIM cards, the Interior Ministry warns that new forms of abuse are appearing. According to the ministry, two cases had recently been uncovered in which telephone fraudsters had allegedly offered 50 leva to Romas for registered SIM cards, Bulgarian daily Standard reported… the Interior Ministry as saying that it expected a flood of SIM cards, registered to Romas and homeless people, to appear on the market in the coming weeks.

[From Interior Ministry warns of trade in registered pre-paid SIM cards – Bulgaria – The Sofia Echo]

Mystery solved. The answer to why there should be a significant value attached to SIM cards that you can buy for virtually nothing in any shop is, naturally, government policy. After pocketing their windfalls from selling their SIM cards, the homeless and Roma presumably went off to celebrate their good fortune, whereas the criminals went off to figure out how to create a mass supply instead of having to negotiate with individuals.

…only four months into 2010, and organised crime groups already have found ways of beating the system. In fact, there are unsuspecting people right now who are completely unaware that their mobile phones, or names and registration, are being used for serious criminal activities… Radio host Borislav Borissov found out that he was the “proud owner” of about 200 different SIM cards, all registered to his name and personal social security number.

[From Bulgarian criminals ‘beating the system’ of pre-paid SIM card registration – Bulgaria – The Sofia Echo]

I know where I’d invest my criminal dollars! Mobile is the future! No, of course, I’m just joking to make a point. If I really was going to invest dollars in a criminal enterprise, it would be in Somali pirates, except for one sticking point. I’m afraid my strict ethical position will not allow me to deal with these people.

The al Shabaab group, which professes loyalty to al Qaeda, said mobile money transfers (MMT) helped feed Western capitalism and were turning Somalia’s Muslims against Islamic banking practices.

[From Somalia’s al Shabaab bans mobile money transfers | Top News | Reuters]

I cannot do sufficient violence to my conscience to support a group who are against mobile payments.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

Licensed operators

France has been in the forefront of the NFC revolution, with an early commitment to cross-industry co-operation, considerable work on standards and models and an aggressive timetable for getting phones into the market. Remember this?

A dozen French cities plan to launch wide-scale contactless payment and information service on mobile phones with the backing of the ministry of industry, reports Les Echos. The city projects approved under the initiative will receive state assistance for consultancy and engineering, but no other subsidies are planned at this stage.

[From Aid from French Ministry of Industry for mobile contactless cities. « Contactless & NFC City League]

You will undoubtedly recall that a few months later, the French mobile operators decided to get together with a processor and form a mobile payments proposition to launch a serious assault on the banks’ retail payment franchise.

Orange, SFR, Bouygues Telecom et Atos Origin créent une société commune pour proposer une plate-forme unique de paiement en ligne, sécurisée par le mobile.

[From Union sacrée des opérateurs mobiles dans le paiement sur Internet – OPERATEUR DE TELECOMMUNICATIONS SERVICES INFORMATIQUES ATOS ORIGIN FRANCE TELECOM SFR BOUYGUES TELECOM]

Well they’ve made their first assault on the enemy positions and have been granted a PI licence. Why would they bother, you might wonder, when polls show that the majority of consumers don’t want to use mobile payments?

The 59% of consumers who were against the idea, meanwhile, gave their reasons as: Security (79%)

[From Most French consumers not in favour of mobile payments • NFC World]

The answer is, of course, that consumers don’t know what they are talking about and it’s a waste of time asking them about anything new. Whatever they might say a priori, in all of the pilots and trials that we have been involved in, they really, really, liked mobile proximity.

But there are some real issues, and we need to address them.

Dead phone batteries. Wrong merchant terminals. Terminals turned off. Terminals unrepaired. No terminals at all.

These and other, less obvious glitches suggest contactless technology may not be the mobile payments panacea for tattered magnetic stripes and other problems with plastic cards.

[From Mobile Payments Inheriting the Problems of Contactless – American Banker Article]

Well, yes and no. (I am a consultant, after all). Let’s have a look at these

Dead phone batteries. NFC is interoperable with the existing contactless payments and ticketing systems. As you may have noticed, your Oyster card doesn’t have a battery in it: that’s because it is powered through the electromagnetic field of the terminal you touch it to, and the same is true for the NFC interfaces in phones: if the phone has no battery you may not be able to access your m-wallet to check your transactions, redeem coupons and so on, but you will be able to to use it pay in a shop and ride the subway.

Wrong merchant terminals. I don’t think this will an issue. Right now there are some problems with some cards not being accepted in some terminals, but this is the result of standards problems three or four years ago. The contactless EMV standard should interoperate seamlessly. Some of the terminals are certainly “wrong” from the point of view of consumer experience, but that’s a different thing.

Terminals turned off. Fair enough, I do see this from time-to-time. But it’s a teething problem. There is a problem with terminals being turned off after the merchant has rung up the purchase and then having press some more buttons to turn it on, but that’s an implementation issue.

Terminals unrepaired. I don’t think this is a long term problem. Contactless terminals (since they have no slot or contacts) are considerable more reliable in practice than contact or stripe terminals. Experience from other sectors suggests to me tha tthe cost of maintaining an estate of contactless terminals is less than half the cost of maintaining an estate of conventional terminals.

No terminals at all. This, I think, is the real problem. When I was last in the US, I saw contactless terminals in places where they didn’t really have much impact, like in CVS. But in the places where contactless would have really helped and speeded things up — BART machines, airport carts, Coke machines and so on — nothing.

The point is, that those are real issues that do need dealing with, whereas what the public says are their concerns, such as about the security are, in my opinion, not real issues and it should be handled through marketing communications. Oh, wait…

85% of users said they considered the protocols for operating with the NFC system to be sufficiently secure.

[From Sitges trial results: Consumers pay more often and spend more with NFC phones than with cards • NFC World]

This must be a translation from Spanish, because I’m not sure that “protocols for operating with the NFC system” translates properly in English, but it’s good news all the same. I’m not saying that everything is perfect in the NFC world. Even in France, where progress has been slow despite the commitment of major banks and operators. It’s still a new technology.

The problems are one of the main reasons bank Crédit Mutuel-CIC has held back on launching its m-payment service, according to Patrice Hertzog, payment systems manager for Crédit Mutuel-CIC. He said it has been difficult for the bank’s trusted service manager, Gemalto, to set up and manage the bank’s PayPass application on SIM cards produced by other vendors, such as Oberthur Technologies.

The problems have occurred despite much standards work by the French Association Française du Sans Contact Mobile, or AFSCM, and prior trials involving multiple French banks, mobile operators and vendors.

[From ‘Open’ Battles Break Out Among NFC Vendors Over Android | NFC Times – Near Field Communication and all contactless technology.]

To be honest, this suggests that vendors are not building TSMs from scratch based on the new standards but are putting wrappers around their existing card personalisation systems. That sort of thing is, to me, more of a real issue than incorrectly worrying about what the public think, but whatever. Things are moving. Even in the US, the new technology is getting a foothold and there will soon be TSMs there too.

The joint venture formed by U.S. mobile carriers to launch NFC-based mobile payment… has selected France-based Gemalto to download and manage payment and other secure applications on NFC phones to be used in pilots expected to be held in three to four cities during the second half of 2011

[From U.S. Carrier Joint Venture Chooses a Trusted Service Manager | NFC Times – Near Field Communication and all contactless technology.]

There’s plenty of activity in the US as elsewhere, and since I’ve been looking at the US for clients recently I was interested to read about the work done by the Federal Reserve Banks of Atlanta and Boston. This work suggests that the success factors for the US will rest on the evolution of an open eco system for NFC.

The mobile infrastructure would likely be based on Near Field Communications (NFC) contactless technology resident in a smart phone and merchant terminals.

Ubiquitous platforms for mobile should leverage existing rails, including the ACH network for non-card payments, and support new payment types that meet emerging needs.
Some form of dynamic data authentication would be at the heart of a layered mobile payments security and fraud mitigation program.

Standards would be designed, adopted, and complied with through an industry certification program to ensure both domestic and global interoperability, including a standard to ensure that devices used to facilitate mobile payments do not create any electronic interference problems.

A better understanding of a regulatory oversight model should be developed in concert with bank and non-bank regulators early in the effort to clarify compliance responsibilities.

Trusted Service Managers should oversee the provision of interoperable and shared security elements used in the mobile phone.

[From Mobile Payments in the United States Mapping Out the Road Ahead – Boston Fed]

On that final point, things are already moving.

The joint venture formed by U.S. mobile carriers to launch NFC-based mobile payment… has selected France-based Gemalto to download and manage payment and other secure applications on NFC phones to be used in pilots expected to be held in three to four cities during the second half of 2011

[From U.S. Carrier Joint Venture Chooses a Trusted Service Manager | NFC Times – Near Field Communication and all contactless technology.]

So there’s plenty of activity in the US as elsewhere and plenty of organisations are looking at how the move to mobile proximity may impact their businesses.

A white paper that outlines the survey findings, including how the most forward-thinking financial institutions are building a business case for mobile payments, is available at http://www.fiserv.com/mobilestrategy.

[From Forward-Looking Financial Institutions Focused on Mobile Payments Business Case, Says Fiserv Survey – pymnts.com]

I couldn’t help but think, as I read this, that the very act of building a business case for something like this is fundamentally backward-looking, trying to shoehorn something that is the basis of a new value network into the existing business models. The report says that the factors that the FIs evaluated across these business lines included customer retention and profitability, cost reduction, revenue generation and retention, increased customer engagement and competitive parity. When I looked at the revenue generation part of it, though, it only referred to revenue generation in terms of debit card transactions and keeping the connection to the DDA. This isn’t how forward-looking organisations are thinking about revenue generation from mobile payments, they are thinking about delivering entirely new products and services that are simply not possible in conventional (ie, card) environments, generating revenue from things that banks don’t do.

Google is to run tests of mobile payments at stores in New York and San Francisco in the summer, according to anonymous sources cited by Bloomberg. The search engine giant will pay for installation of thousands of NFC cash-register systems from VeriFone Systems at merchant locations, one source told the wire.

[From Finextra: Google to run commercial trials of NFC at the POS – Bloomberg]

Well, well. So while financial institutions are agonising over the business case, Google is giving out the terminals for free. It’s not hard to see why: they don’t care about the miniscule margins on the payment transaction and arguing about how to slide and dice the merchant fee, they care about building new business around knowing who is buying what and where. So leadership in the NFC space is may well shift away from the payment incumbents. Perhaps the answer to the age-old question about whether banks or operators would control the mobile payments space is… neither.

And they vote, too

Last year, I read a Deutsche Bank Research note about mobile payments that was given to me in a meeting with one of our clients (E-Banking Snapshot 34, August 2010). It highlighted a Forrester Research finding that 74% of European consumers and 64% of US consumers are not interested purchasing goods or services via their mobile phones and said that this means there are substantial barriers to adoption of mobile payments. Well, there are certainly substantial barriers to the adoption of mobile payments, but in my experiences consumers are not one of them. Quite the reverse: in every project that I have been involved in, consumers have loved buying things using their mobile phones. The discrepancy comes, I think, because when you ask consumers about something in new in a field they don’t care about (let’s face it, consumers don’t really spend that much time thinking about payments) they will react conservatively. Say to the average British consumer “would you like to use your mobile phone to pay for cups of coffee” and they can’t envisage what you are talking about, especially if they don’t live in London and use Oyster all the time or use 2D barcodes for travel tickets or whatever.

In a survey of 2,500 members of Springboard UK, the market research experts, on behalf of Vision Critical, half of respondents (51%) reported being fairly or very uncomfortable at the prospect of mobile payments.

[From British ‘uncomfortable’ about making mobile payments – Marketing news – Marketing magazine]

When consumers are given a mobile payment system that works and is convenient, adoption is rapid. Incidentally, in that survey only a fifth of consumers said they were interested in a prepaid wallet. I’ve heard this over and over again: one of the arguments against substituting cash (which most consumers don’t see as a pre-paid product) with some form of “purse” product is that people don’t want to pay up front for good or services that they might use in the future. Fair point. Oh, wait…

Starbucks Corp. customers loaded a record $700 million on to the Seattle coffee chain’s prepaid card accounts during its most recent quarter, up 39% from a year earli

[From Starbucks Prepaid Loads Jump 39% – American Banker Article]

Turns out that if you know stuff about marketing, consumer behaviour, distribution, management, convenience, payment choices, advertising, incentives and, above all, retailing then customers are only to happy to go with mobile prepaid. That’s how come Starbucks went from a mobile payments experiment…

The ultimate goal of the program is to get customers to trade in their physical Starbucks Cards for the digital variety — it’s a time saving exchange for the customer and a cost saving exchange for the company. Already, one in five of all in-store transactions are paid for via Starbucks Card (mobile or physical), and more than $1 billion will have been loaded on to cards by year’s end.

[From Starbucks in New York Now Accepting Mobile Payments | The Total Footballer]

…to a national roll-out in a quarter. Our good friend Brett King gave the Starbuck’s national mobile payment scheme a try and said that

this is far superior to a current interaction using cash or a card for a number of reasons. This gives us a glimpse of what the cashless society will be like; it isn’t risky, it isn’t subject to fraud or theft, it is safe, secure and fast.

[From Brett King: Starbucks Mobile Payments — The Future Is Coming Fast (VIDEO)]

We all know that mobile will be the focus for the evolution of retail payments, and I think the message is getting out. Eric Schmidt’s talk at Barcelona — saying that NFC will be profitable — attracted a great deal of attention, mainly from people who didn’t listen to what he said when still CEO of Google.

Google wants the next generation of Android phones to replace credit cards, Eric E. Schmidt, Google’s chief executive, said Monday at the Web 2.0 Summit in San Francisco. The newest version of Android, Google’s mobile phone operating system, code-named Gingerbread, will come out in a few weeks, he said. It will include NFC…

[From Schmidt: Android Phones Will Be Credit Cards – NYTimes.com]

There’s still a long way to go in the mass market though, and it’s fair enough to comment on it. Consumers, journalists, commentators don’t yet understand how this new infrastructure is going to work. But I think that’s about to change. Britain’s biggest retailer is Tesco, so they are a benchmark for the acceptance of new technology, and they are going to go contactless this year.

Tony Saunders is the director of marketing for VeriFone in Europe, the Middle East and Africa… Saunders told us that within six months, Tesco will be rolling out near-field communications capabilities to its 35 – 38,000 checkouts across Britain

[From The future of the high street: near-field communication (Wired UK)]

This might be connected with a story that I touched on before in another context, illustrating the point about the ability of retailers to exploit the new contactless technologies in interesting ways.

Tesco will relaunch its Clubcard scheme as an online rewards programme as it gears up to reach customers in the digital age. Developing a ‘secure, multichannel’ smart card, the UK retailer will move the scheme to digital channels in an effort to simplify its rewards programme and cut down on direct-mail costs.

[From Tesco will relaunch Clubcard scheme in 2011 : WCJB]

Incidentally, I didn’t quite understand the rest of the Wired story, so I dropped an e-mail full of NFC articles to the reporter who had said that

The only obstacle could be similar, but proprietary, technologies set up by banks — which are known as “contactless” payment options. Barclays’ contactless cards are a good example, as are Visa’s PayWave cards, which are being trialled in Europe using an iPhone dongle.

[From The future of the high street: near-field communication (Wired UK)]

I shouldn’t make fun. The technology might be old to us, but it’s new to the mass market. And I should not that it isn’t just UK journalists who get a bit confused.

For example, special payment stickers are available already that allow merchants to NFC-enable their point of sale terminals by simply affixing a sticker to the terminal, Litan said. Such stickers go for as little as $18

[From Analysts: Apple could disrupt mobile payment industry | BappProducts | iOS Central | Macworld]

Wait, what? I think the journalist got the wrong end of the stick on this one! Let’s be clear. The contactless payment schemes are NFC and the cards, phones, stickers, watches, hat, badges or anything else will all work with the NFC POS terminals. The key point here is that the retailers are rolling out NFC at POS not just because they want to accept NFC contactless cards, which many of them don’t really care about, but because of NFC contactless phones, which promise an entirely new mobile shopping experience. The retailers want mobile wallets as soon as they are practical, because the value-adding opportunities around coupons, loyalty, location-based marketing and all sorts of other things besides payments are so great.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

iPown

To understand why the fuss, and why this is of relevance to the digital money world, you need to understand a couple of technical architectures relating to mobile phones and the role of the Secure Element (SE). The SE doesn’t exist in phones yet, but it’s important because if we want to implement anything important (such as payments) inside a phone, we need somewhere to store cryptographic keys, and that somewhere needs to be tamper-resistant to a great degree. Thus we need a handset to have an SE. Ah! You might say: but handsets already have a tamper-resistant thingumy inside them, why not use that?

That’s a good point. In the modern way of things, the tamper-resistant chip thingumy the handset is more properly called the UICC:

The UICC (Universal Integrated Circuit Card) is the smart card used in mobile terminals in GSM and UMTS networks. The UICC ensures the integrity and security of all kinds of personal data, and it typically holds a few hundred kilobytes. With the advent of more services, the storage space will need to be larger.

[From UICC – Wikipedia, the free encyclopedia]

Historically, we’ve tended to associate the UICC (in the form of a removable smart card) with one application only, and that application is the Subscriber Identification Module (SIM) that allows the phone to connect to a mobile network and refer to the combination as “the SIM”. But…

A UICC may contain several applications, making it possible for the same smart card to give access to both GSM and UMTS networks, and also provide storage of a phone book and other applications

[From UICC – Wikipedia, the free encyclopedia]

It can also contain more than one of each. Thus, you could have multiple “soft SIMS” inside one UICC (that special case where the UICC contains only one application, and that is a SIM, we will refer to henceforth as the “hard SIM”). Now let’s consider what happens when Apple add an NFC interface to their devices and therefore need an SE.

The filing also points to the inclusion of near-field communication (NFC) technology in upcoming iPhones — and, for that matter, in Macs and media devices such as the Apple TV.

[From Apple patent seeks to reinvent retail • The Register]

Where can the SE that makes the NFC interface useful go? Either we can plug in an SE (eg, a DeviceFidelity microSD) or we can add an SE to the UICC (the e GSM Association, GSMA, preferred option) or we can build an SE into the device by adding it to the motherboard. The GSMA want to put the applications that control the NFC interfaces to be on the UICC, which kind of makes sense because if you take your UICC out of one phone and put it in another, then you’d want your SE applications (eg, your MasterCard, Oyster etc) to go with it. But not everyone thinks that the SIM is the key to this picture.

Suppose that instead of adding an SE, Apple add a UICC and put the SE in that? What this means in practice is that the UICC will be inside the iPhone or iPad or Mac, on the motherboard. But the SE need not be the only contents of the UICC. Why not put soft SIMs in there as well and do away with fiddly microSIMs? If I walk into the Apple Store in London and buy a 3G iPad, say, then the UICC could come with a default SIM application. Let’s say this is O2. When I take the iPad to France, instead of paying outrageous 3G roaming charges (and therefore leaving my iPad at home), my iPad will download a French operator’s SIM application and start using that. I won’t choose the operator — in fact I won’t even know this is going on, because Apple will simply negotiate with mobile operators to provide commodity service.

In other words, perhaps we move to a world in which the operators’ SIM connectivity function becomes just software running on someone else’s physical card.

[From Dean Bubley’s Disruptive Wireless: Apple, embedded SIMs, NFC and mobile payments – some speculation]

Dean is spot on. And you can see plenty of positives in this architecture. If you’re not a mobile operator, that is. If you’re a mobile operator, this is another step towards being nothing more than a pipe. As a customer, I think I’d be quite happy with the mobile operators as a pipe, selected purely on a cost/QoS basis (and competing with each other on that basis). After all, they haven’t (in Europe) got very far with “smart pipe” services such as, just to name two examples, digital money and digital identity. So the Apple UICC containing soft SIMs and an SE may not be such a bad architectural option for consumers. But…

The operators are privately saying they could refuse to subsidise the iPhone if Apple inserts an embedded subscriber identity module, or Sim card.

[From FT.com / Telecoms – Apple warned over built-in Sim cards]

There are other people in this value chain too, such as smart card manufacturer Gemalto who were rumoured to be making the Apple UICC.

Gemalto explained to us why such a deal, which involved a significant amount of devolution from the mobile phone operators to the mobile phone manufacturers, is unlikely to happen without the tacit approval of network carriers themselves.

Gemalto has been a strategic partner for mobile phone operators for more than a decade now (the company is the biggest SIM manufacturer in the world) and gets the majority of its revenue (more than 60 per cent of last year’s 1.654 billion Euros).

[From Gemalto : No Apple iPhone 5 Deal On The Table Yet | ITProPortal.com]

Quite. But let’s just go back over another main point: in order to provide payments, or other useful services, via NFC it is not necessary to have the co-operation of the carriers.

Visa’s approach “shows that basically there’s nothing that the carriers can do that the [payment] networks can’t do without them,” McPherson said.

[From Mobile Payments Set for Surge, But Who ll Set the Pace? – American Banker Article]

The mobile operators have no acceptance at retail POS so they have to work with payment scheme partners to reach scale, but other payments players don’t need the operators. They can put stickers on the back of phones, plug microSD into handsets or use the NFC interfaces that will be built in by Google, Apple and RIM. Since customers will come to expect these services, they will eventually get built in to all handsets. Unless the operators can launch highly functional NFC platforms quickly (which they probably should have started doing a couple of years ago) then they will be out of the loop.

Issuing hard SIMs is expensive, so if the operator’s connection with the customer is downgraded, there is no point in doing it and the operators would save money by providing soft SIMs to any UICC that they can bill to. So I think the situation is this: in the future, many devices will a UICC built-in. This UICC will function as an SE for NFC interfaces. The UICC will store a number of soft SIMs, not only for mobile phone communications but for future 4G and 5G communications. The UICC will also hold standard digital money and digital identity applications. And instead of Vodafone and Telefonica controlling the matrix, Apple and Google will.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.