Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
08 September 2008  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
CIO Decisions
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

Mobile Payments

Atul Kahate discusses how Mobile Payments work and what we can expect in this area in the future

Mobile payments have been in use for many years now, perhaps a bit vaguely. The global market size for mobile payments is expected to be $88 billion globally, according to Juniper Research. IDC estimates that US Mobile Commerce revenues will reach about $58.4 billion.

Several models for mobile payments have been proposed and some of them have also been tested in real life. However, the picture is still a bit hazy, thanks to umpteen “standards” that each vendor seems to come up with, blurring the picture and adding to the confusion.

Understanding mobile payments should not be that difficult. A mobile payment is nothing but a payment initiated via a mobile phone. Another emerging area is the use of Radio Frequency ID (RFID). Here, the mobile devices are being equipped with RFID chips, which can transmit payment information to RFID reader devices. The user can just wave the mobile device in front of the reader to make a payment! This should tell us that mobile payments in any case face the same challenges that any other payment mechanisms need to address. But, and here is the key, they face many more of them.

The biggest challenges that mobile payment mechanisms face are in the area of security concerns. Payers fear that their private data can be misused. Payees are not sure whether they will get paid. Banks worry about losing money, and writing off losses, in case of frauds. Although these worries also exist in traditional payment mechanisms, they are more acute in the case of mobile payments for the obvious fact that the process is initiated and is perhaps also terminated on a wireless device, which may or may not be in the hands of the correct person in the first place!

Why mobile payments?

The rise of mobile payments is due to two primary reasons:

  • Usage of traditional payment channels, such as cash and checks is diminishing every year. Debit/credit cards are popular and are widely used because of the convenience factor. However, they can be expensive for the merchants to process. Merchants pay processor acquiring and interchange fees in addition to incurring costs associated with disputed charges and charge backs.
  • Users want to make payments very fast. Even logging on to the Internet and making a payment seems to be slow these days!

According to an estimate, the global revenues from mobile commerce worldwide in the year 2010 would be about $10 billion. Several major payment and technology companies have been coming up with products catering to various models of the mobile payment systems. The adoption rate of mobile payments is rising very rapidly.

The challenges

Since its inception, mobile payments technology is struggling to find the right model that one can find to be quite reliable and secure. Several questions have been raised, and not always satisfactorily answered in this regard.

For instance:

  • Should the mobile payments be SMS-based, or should they use some other mechanism?
  • Should the payment details be held with the bank, or should they be a part of the mobile phone hardware/software?
  • What should be the sequence of events in making the payment complete?
  • What security features are needed, and who would take care of them?

Most mobile payment mechanisms that exist today, or the ones that are emerging, attempt to resolve these problems.

In general, most mobile payment mechanisms work on the following principles. While some of these will tend to vary per implementation, the basic flow is quite similar across all mobile payment mechanisms.

Mobile Payments: A generic flow

We can summarize the steps in any mobile payment process:

  • The user (person making the payment) sends an SMS for making a payment to the pre-designated number of the merchant or that of the payment service provider. The structure of this SMS can be fixed for a given merchant or payment system provider. For example, the generic format of such an SMS could be: PAY <<Transaction ID>> <<Bank>> <<Amount>>, for example: PAY 123 MYBANK 100
  • The payment system provider would parse the message and ensure that it conforms to the expected format and syntax. If everything is correct, it would send a response SMS to the payer, in a fixed format; which for example, could be: CONFIRM <<Transaction ID>>, for example: CONFIRM T-500
  • Now, the user needs to confirm the transaction along with the PIN. Therefore, the user may respond with an SMS whose format could be: CONFIRMED <<Transaction ID>> <<PIN>>, for example: CONFIRMED T-500 7563. The PIN is supposed to be known only to the user.
  • If the PIN is correct, the transaction ID is also the same as before, and both have originated from the correct mobile phone number as per the records, the payment service provider could now direct the SMS to the payer’s bank for payment authorization using a message such as e.g. AUTHREQ T-500. Note that the communication between the payment service provider and the bank could happen via channels other than mobile phone as well.
  • The bank would process this transaction, and send the appropriate payment authorization response to the payment service provider, e.g. AUTHORISED T-500.
  • The payment service provider would send an acknowledgement to the user, e.g. as e.g. PAYMENT OK T-500. This completes the payment transaction from clearing point of view. The settlement of the transaction is not in the purview of the mobile payment scheme.

While this scheme can work well, several challenges have to be addressed. Firstly, the lack of standards is the biggest issue today. Every bank or payment system comes up with its own mobile payment system, which is different from the rest in some manner. This poses several challenges for the customer, since the customer effectively gets tied to a particular vendor solution, which is proprietary in nature, and does not really work with other payment systems. Consequently, there is an urgent need for collaborative work in this area so that the process can be standardized and is not ambiguous.

Secondly, who is a legal user of the mobile payment system? For this purpose, the user needs to pre-register with the payment service provider, authorizing payments made via the mobile phone to be debited to his/her bank/card account.

Thirdly, what about the security of the transaction? All mobile communication is usually encrypted both in GSM as well as in CDMA using proprietary techniques. However, this does not give 100% assurance to everyone. There are attempts to bring in public key cryptography solutions to the mobile payment systems. However, the challenges in such scheme are the same as the challenges in any mobile phone applications: how to deal with the issues of very primitive processing and display capabilities, and small bandwidth. Until these are resolved completely, public key cryptography may not play a significant role in mobile payment systems.

Fourthly, mobile phone is considered to be the most widely lost/misplaced object these days, overtaking dear old umbrella! Would this not pose a security risk? Yes, it would, and one needs to find far better solution to this problem. Some of the solutions that have been piloted mandate that after the user initiates the payment, she has to confirm the payment request via a phone call to the payment service provider. However, this greatly impedes the whole reasoning behind mobile payments – the promise of facilitating quick and effortless payments!

Some experts argue that the six-step process outlined earlier is too heavy, and needs to be streamlined, especially considering that the user would most likely pay only small amounts using the mobile pay feature. Therefore, some of the following schemes are also implemented.

One argument is that the first message from the payer to the payment service provider itself should also include the PIN. While this is acceptable to some as it enhances the user experience, others deem that as even less secure than the basic six-step process. Another solution mandates that all the merchants and banks agree on participation in the mobile payment solution beforehand. The user also registers with the payment service provider. Whenever a payment needs to be made, the user simply announces her mobile number to the merchant. The merchant sends an SMS to the user’s mobile phone. This SMS contains the merchant name, amount, and a unique transaction code. The user needs to reply to this SMS with the same unique transaction code, and the PIN that is unique per user. The rest of the process remains the same. But this means that the user has to send just one SMS in the process.

Case studies
We review two mobile payment schemes that have been piloted in India below.

PayMate

Initially launched only for one pilot bank, in this mechanism, the customer needs to register with the bank for this service. Once registered, the customer receives an SMS with a mobile PIN (MPIN). The PIN can be changed.

The customer can use this service at any of PayMate’s accredited merchants. The customer needs to have a credit or debit card account with one of the PayMate partner banks. The customer can shop from merchants and avail of goods and services without entering the credit card number or bank account number anywhere.

To make a payment, the customer needs to share her mobile number with the merchant. The customer receives an SMS (with the merchant name, transaction code, and amount), requesting for authorization of payment. The customer needs to enter the PIN and the same transaction code as was received from the merchant. The customer’s bank authenticates the details and debits the amount to the customer’s account. The customer receives a confirmation of this transaction via an SMS and the merchant’s system also gets updated with the status.

mChek

Airtel, ICICI Bank, and VISA got together to launch a mobile payment mechanism called as mChek. This service enables a straightforward and secure mobile payment transaction. This is because every transaction needs to be preapproved by the customer and digitally signed.

The digital signature happens by using a PIN number. During the execution of a payment transaction, the merchant sends an SMS mentioning the amount payable to the customer. The customer enters her PIN number and sends an SMS back to the merchant, confirming the amount to be paid. Both the parties then get a confirmatory SMS indicating the completion of the transaction.

Of course, for this to work, the customer needs to be an Airtel mobile subscriber, and needs to have an account with ICICI Bank. All personal information that is normally stored in that magnetic strip on the back of the customer’s credit card is loaded on to the SIM card of the mobile phone in a secure format. ICICI Bank cardholders get an add-on card, which allows them to access this service.

Current and future trends

It is seen that micro payments (i.e. payments made for parking or public transportation tickets) dominate mobile payments. A large numbers of small-value payments will continue to dominate the area of payment transactions via mobile phones. However, true benefits to all concerned in the value chain will be seen from transforming these services into value-additions as much as possible.

It is vital that mobile payment players agree on an open standard for mobile payments at the national level (if not worldwide). As long as these standards and protocols remain specific to any operator or payment scheme, their growth is likely to be slow. If there is a national mobile payment standard, chances are that banks, mobile service providers, companies, and merchants will be more likely to invest into such a platform. This would also entice many more customers towards this payments facility.

Buying tickets for events is another very interesting opportunity for mobile payment providers. In this scheme, the service provider buys a number of tickets or accesses the central ticketing system for a certain event, such as a music concert, a party, a sports game, etc.

There are examples where the mobile service operators have started marketing these services to the corporate segment. For example, they provide mobile business services with integrated mobile payment facilities for employees’ payments for travel, fuel/gas, tickets, and so on.

Mobile payment technology is currently focused on SMS with a growing interest in RFID. For instance, NTT DoCoMo has launched a contact-less mobile wallet. In Europe, where a lot of action is seen in the mobile payments area, a majority of payments are made via SMS. The big advantage of this approach is that the provider can create a payment solution that is generic and which can work on all kinds of handsets.

The author is the Head – Technology Practice – PrimeSourcing (Services) Division – i-flex Solutions limited, Pune. He can be reached at akahate@gmail.com

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.