Sybase Blog – Diarmuid Mallon

When reading about mobile commerce, you could be easily forgiven for thinking that everyone has an iPhone. And if recent news coverage is to be believed, no one has a Nokia anymore. But neither is true.

Recently I took delivery of my first Android device, after my trusty Nokia E71 finally gave up the ghost. Whilst the Nokia was a stalwart companion for many years, wear & tear had taken its toll. After tweeting about the change of devices, the very kind people at Nokia offered me a two-week loan of an E6, the latest ‘version’ of my old phone.

This has put me in the fortunate position to run a little experiment: how do Android and Nokia (Symbian) mobile devices compare when accessing mobile finance services?

For the experiment I used the following parameters
- Must be a UK service
- Must be a service I currently use
- Must be free
- Must be a mobile commerce service (no dissatisfied fowl based apps).

Finally, I’m going to be a wee bit circumspect here with a few of the services tested. Not because I want to avoid heaping praise (or scorn) about a particular service, but rather that I’m going not provide lots of information to those pesky ID thieves.

App#1: Personal Banking
At first glance, the homepage of my bank doesn’t appear to mention mobile banking services, which is a wee bit confusing, as I get SMS alerts from them at least once a week. After more careful inspection, the link to their iPhone app is spotted. Clicking on this, I am then presented with all the options: there is the (obligatory) iPhone app, information on SMS alerts and instructions requesting a cut-down app (balance, statement and top-up) for other devices.

Android: I follow the instructions for requesting the cut-down app, which involve sending an SMS. Nothing happens. So I resend. Nothing. I give up.

Next I try their website in the Android browser. I get presented with mobile web landing page, with offers me the choice of that iPhone app again or a mobile friendly version of the site. I go for the later. The web page fails to load. After a few retries, I spot the problem – it is trying to serve an iPhone friendly webpage which my Android device fails to load. Not sure where the problem really lies, but either way I can’t access the site.

So the only thing I can access as an Android user, are the SMS alerts.

Nokia: Unlike the Android, when I send the SMS requesting the cut-down app I get a response. But whilst the app downloads, it fails to install. The Nokia isn’t yet supported, but plenty of other models are.

Next I tried the website, which like the Android initially takes me the mobile landing page that offers the iPhone app. But, when I go the mobile website, unlike the Android device – the page loads, I can log in and I have full access to my bank account. The high resolution screen of the Nokia and the keyboard make this a much better experience than expected.

Winner: Even though neither device had a dedicated device, the Nokia did succeed in logging in, and (potentially) will have a cut-down app in the near future.

However, the SMS alerts meant I did get some service no matter what type of device I had.

App#2: Credit Card
Similar to my bank, the card issuer I use has an SMS alert service that sends out weekly balance alerts and payment reminders. On their home page mobile access is clearly highlighted, and unlike my bank their rich app is for more than just the iPhone, with Android and Blackberry supported.

Android: Using Google Goggles I scan the QR code on the website (and eventually) this is recognised, and the Android app is then installed.

Logging in I come across a problem that is common theme with the rest of the sites. I use a password manager to create unique credentials for every site I use. On my laptop this is handled very transparently, but when logging in to Apps on a mobile device, you really feel the pain of entering a 12-digit password, particularly on a touch screen.

However once in, the app is full featured; allowing me to check balances, statements, loyalty points and make payments.

Nokia: No dedicated app, so I try accessing the website. Rather than pixel-for-pixel replicating the fill site as my bank did, I get a mobile web version of the site, which loads quickly. Whilst the site is cut-down, functionality is the same as the full site.

Winner: Android. But with a caveat – the credit card app doesn’t provide an option to store the password, and so would require me to enter my (purposely) fiddly password every time. So the app doesn’t make access a great deal friendlier than the Nokia with the mobile web edition of the site.

App#3 Paypal
Like a lot of people I’m a regular user of PayPal. For their mobile App, PayPal have added a number of P2P payment features; including the ability to ‘bump’ two phones together to transfer funds.

Android: Initially the installation of the app fails. Not due to an issue with the App per se, but rather with a limitation with the Android OS. Whilst I have a large (and mostly empty) SD card in my phone, not all Apps support installing on to the card (and in fact you can’t decide were Apps installed, they go where they go).

After deleting a few Apps, PayPal is then installed.

Through the App I can not only view my PayPal account, but also access the P2P payment functionality. One nice feature is that this is integrated with the phone’s contacts.

Nokia: Whilst there is a PayPal App for Nokia, at the time of writing it isn’t compatible with the E6. I was able to access the full PayPal site through the browser, which does include the P2P functionality, but not the ‘bump’ method of making a proximity P2P payment.

Winner: At the moment the Android is the winner, but once the App is updated for the E6, then this could be a draw.

App#4 Amazon
Time for some retail therapy, there are huge number of online shopping sites, so for this experiment I go with the largest in the UK.

Android: Both US and UK versions of the Android App are available. Of the Apps tested, Amazon was one of the few that allowed new users to sign-up for the service on the device.

Once installed the App provided a mobile optimised view of the UK Amazon service. Even 1-Click purchasing is supported, although personally I’m not sure if I could trust myself to not accidently click on random items as I browser and end up with a lot of unintentional purchases.

Nokia: No app for Nokia, but when using the browser I as given the option of using a mobile optimised version of the service or the full site.

Winner: If you aren’t a big user of 1-click, then this was very close to a draw. Both devices enabled me to browse and shop on Amazon.

App#5 Pizza
So after all that hard work, time to reward myself with a Pizza. The nearest big chain pizza delivery service to me is Papa John (other pizza vendors are available). They have a mobile web service but no Apps for any device, so it is a straight draw. They also send out marketing messages via SMS, so again a draw here.

Final Scores
Overall the Android is just ahead in terms of mobile support. Once the PayPal and my Bank’s Apps are updated for the E6, then it could be said the Nokia would be actually just ahead as its browser seemed to be more robust when dealing with the websites I encountered.

Summary
It is a very interesting experience coming to familiar services through the lens of a new mobile device platform, as it gives you an insight in to how new users of a mobile service experience mobile services.

There was a great deal of inconsistency in terms of how companies promoted mobile services and the experience as an end-user.

Mobile is no-longer an optional channel, but just having an iPhone app is not going to fully address your customers mobile access needed.

When launching a mobile service you need to
- Ensure your mobile service is clearly promoted on your homepage
- If possible, enable sign-up from the mobile device/service as increasingly consumers are using mobile as their primary internet access channel
- Just having an iPhone app will only provide access to a subset of your customers
- Determine which platforms are used in your market, and have a strategy to address them
- Remember SMS is accessible to all, followed by USSD and mobile web
- Mobile web versions of your sites enable you to reach more customers, use device detection to ensure the best possible user experience
- Think about how you deal with password, particularly for devices with virtual keyboards

A question I’m often asked “Is your solution compliant?” and this is a question to which there is no short answer.

The challenge when you are talking about mobile commerce solutions is that there is no single regulation that is going to cover your solution. At a minimum, you need to look to local telco, banking, payment and marketing regulations. Beyond these, if you store credit card details then additional regulations from Credit Card companies come in to play.

So you can see, that deceptively simple question “Is your solution compliant?” at the very least will elicit the response “Compliant to what?”

So what are some of these regulations you need to be mindful of when launching a mobile commerce solution?

The Big 3: SAS 70, ISO 27001 and PCI DSS
When looking at mobile commerce solutions, these three standards are regularly mentioned – SAS 70, ISO 27001 and PCI DSS.

SAS 70 (Statement on Auditing Standards No. 70) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants. A SAS-70 Type II audit analyzes a hosting service organization’s control over the information technology and processes that serve its clients.

Companies in the financial services industry are being required to show adequate oversight of service providers, such as obtaining a SAS 70 review conducted to comply with Gramm-Leach-Bliley Act (GLBA) requirements.

To comply with Sarbanes-Oxley mandates, public companies require SAS-70 Type II certification from their hosting service providers. In addition to offering compliance with federal regulations, a SAS-70 provides assurance to all of a service organization’s clients that the controls, processes and procedures evaluated are operating effectively.
SAS 70 is a US standard, and is applied at the organisation level. SAS 70 only applies when we are offering a managed service. Where the managed service involves cardholder data, then PCI compliance is also required.

PCI DSS: The Payment Card Industry Data Security Standard is a worldwide information security standard and was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or pass cardholder information from any card branded with the logo of one of the card brands (Visa Card, MasterCard, American Express, Discover and JCB).

Simple put, any solution where we
• Store or transmit cardholder details
• Act as a PIN entry device for card payment (using the card PIN, and not a mPIN)
• Store, process or transmit cardholder data as part of authorization or settlement – and sell, distribute or licence product to a third party.

If a solution involves cardholder data, certification is compulsory. It should be noted that PCI applies at a product or implementation/deployment level, and so would require a certification per instance. You get compliance for a deployment, not for the software.

ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. It can be summarised as follows:
• Systematically examines the organization’s information security risks, taking account of the threats, vulnerabilities and impacts
• Designs and implements a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that it deems unacceptable
• Adopts an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis

ISO 27001 is an international standard, and is based at the organisation level.

Country Specific Regulations
Detailing all the regulations that are applicable, in every country is beyond the scope of this mere blog post, so instead I’ll look at one country’s regulations to provide an insight in to what you can expect to encounter.

FSA compliance: BCOBS, the Banking Conduct of Business Sourcebook (From the FSA handbook)
BCOBS 1.1.1 applies to Companies that accepts deposits from banking customers. If the proposed solution was includes accepting deposits, then these regulations would apply.

There is a requirement that banks to ensure certain requirements are met when outsourcing operational functions that are ‘critical to the performance of regulated activities’ which is detailed in SYSC 8.

Key to SYSC 8 is ensuring that the systems and controls we have in place for the protection of customer data (sort codes & account numbers) are adequate. Any mobile commerce solution must not impair the ability of the FSA to monitor the bank’s compliance with all obligations under the regulatory system.

EU Directive on payment services (PSD): The aim of the PSD is to ensure that electronic payments within the EU and in particular credit transfer, direct debit and cared payments become as easy, efficient and secure as domestic payments within a member state.

Beyond the Financial regulations, additional regulations include
Equal Opportunities/DDA: Ensuring accessibility to products and services
Paperless-customers: Keeping customers informed of important notifications, if they start to use a mobile App as their main banking channel.

And of course the local mobile regulations from not just the operators, but also regulatory bodies such as PhonePayPlus.

Summary
For any solution, hosted or deployed, that involves a (credit/debit) cardholder’s details PCI compliance is mandatory. This requires certification on a per instance basis.
When identifying a vendor, if they are going to host the solution for you, you should be looking for SAS 70 or ISO27001 depending where in the world the solution is hosted.
Beyond these, you need to look at a wide variety of regulations financial, governmental and telco.

When looking at a mobile commerce solution, perhaps the better questions is “can it achieve compliance?” The answer to this is ultimately highly dependant on the flexibility of the solution, and the experience the vendor has of deploying products in a wide range of regulatory environments.

In a previous blog posting I discussed how mobile payments schemes could be viewed as either closed or open schemes. Whilst the schemes differ in complexity in set-up and running, perhaps more fundamental is the difference between the business models behind the schemes.

Two-Party Schemes
The simplest (mobile) payment scheme is a Two-Party scheme. These schemes are typically Merchant run. In world of credit cards, these are the store issued cards that can only be used at the store that issused them,

In this model the Merchant deals with all aspects of the service, from issuing the mobile payment app, authorizing payments and collecting of funds. In the mobile payment world, the US Starbuck mobile payment service is a great example of a two-party scheme.

However, unlike traditional store cards, the Starbucks scheme is debit-based, where consumers top-up their stored value account (SVA) prior to making a purchase. This greatly simplifies running the scheme as accounts are always in credit.

Three-Party Schemes
A Three-Party scheme is where an independent company issues cards that work at multiple merchants.

In this scheme independent company (the issuer) is responsible for the issuing of the payment instrument (card, mobile app,…), manages the (payment) network and approves payment. The issuer builds the network by acquiring customers (account holders) and merchants. This is the model that American Express started with, and any mobile payment scheme offered by say a single Mobile Operator, for example M-Pasa.

Like Starbucks mobile payment scheme, many three-party mobile payments schemes are based on debit rather than credit. Some schemes get their customers to preload credit into an SVA, whist others link to an external funding source such as bank account or credit card.

Four-Party Schemes
Finally there is the Four-Party system. In these systems multiple issuers are brought together to create the payment scheme.

In this system we have issuers and acquirers. The issuers are responsible for attracting customers (account holders), and the acquirers bring merchants in to the system. This is the model that the credit card schemes such as Visa and MasterCard follow, and mobile payment services such as mpass or paybox follow.

Business Models
The business models of these three systems are very different, and in particular how each scheme funds itself.

Two party mobile payments systems are based on avoiding interchange fees. Take the example of the Starbucks card. As a user you top-up your eWallet via a linked credit card, for which Starbucks pays an interchange fee on the transaction. That one transaction, loads enough credit to fund perhaps 10 coffee purchases in the store. And if the customer had paid by credit card for those transactions, Starbucks would have paid 10 interchange fees, rather than one. So they are aggregating your transactions in advance. Of course there are additional benefits as customers may be more loyal when deciding where to purchase their next coffee, and may purchase additional items such a blueberry muffin as the ‘cost’ of the transaction is hidden compared to say handing over cash.

Three party (closed-loop) mobile payments systems are generally work on a fee-based model. Here the party running the scheme charges a fee for each transaction. For the merchant, the fee charged for the transaction balances out the inherent costs from running a scheme themselves. And for the consumer, they benefit from a payment instrument that is not tied to a single merchant and so can be used in a wide range of locations.

In a Four Party mobile payments you have issuers and acquirers. The role of the issuer is to attract customers, whilst the acquirer brings merchants in to the scheme. When consumer makes a purchase in store, an interchange fee is paid from the merchant’s acquirer, to the party that issued the service to the consumer. The aim of the fee to cover the costs that issuer incurs not just bring customers to the scheme but other costs such as collecting funds, billing and customer service.

Today we see mobile payments schemes adopting each of these models, and like traditional credit cards there is room for all of these models.

For merchants, launching a two-party scheme offers the fastest time to market. The real challenge here is whether your customers/business could sustain a dedicated payment scheme. Like store cards, consumers may be willing to hold a few store specific cards, but they won’t have a card for every store they use. However, as discussed in previous posts, mobile vouchers/loyalty is an option that is suitable for a much larger range or merchants.

Mobile Payment Schemes
Mobile payments don’t exist in a vacuum. Just as a piece of paper doesn’t magically become a bank note, or a rectangle of plastic become a credit card, your phone can’t just suddenly start paying for goods and services. You need a payment scheme behind the scene to make this happpen. At a very minimum a scheme has to handle funds in, funds out and authenticating transactions.

In the mobile world there are a number of mobile payment schemes today. From the long-standing premium SMS services to the brave new world of NFC. Whilst the technicalities of these schemes vary greatly, all schemes fall in to two broad camps: open and closed payment schemes.

Approach 1: Closed
Perhaps the best know of these schemes is the Starbucks Mobile Payment scheme which is currently running in the USA.

This type of schemes work on a closed-loop, and are limited to either a single merchant, or occasionally a single locale. So in the case of Starbucks, you load funds in to your Starbucks wallet, and then you can draw against this when your purchase coffee. Starbucks have been running a card-based version of this scheme for some years now. The mobile version swaps the mag-stripe swipe for a 2D barcode scan.

So what are the benefits of this approach? Well for consumers moving from the card to the phone means one less bit of plastic to clutter their purse/wallets. But beyond that you can also instantly check your balance and recent transactions.

For Starbucks, there are two clear benefits. Firstly they save on interchange fees. Customers no longer swipe their credit card for single transactions, but instead they periodically load $20 or so on to the card. This means Starbucks pay 1 credit card processing fee rather than 5 or more if the customer had paid per beverage.

The second advantage is that enables Starbucks to build a profile of their customers purchasing habits, and the potentially offer bespoke offers and promotions.

Approach 2: Open
Open schemes are by far the most common, and the type that consumers are most familiar with. Open schemes are not tied to a single merchant or locale, and open to anyone joining the scheme. Cash is certainly the most established of these, but that Visa or Mastercard credit card in your wallet is also another example.

Open mobile payment schemes are a ‘relatively’ new in the scheme of things, but are increasing in number every year. Perhaps the longest established is paybox in Austria, but others such as mpass and MobileP@y have more recently launched.

These schemes work in a similar manner to existing credit card schemes, with merchants joining and accepting payments. Some schemes are run across mobile operator groups (for example paybox and mpass) or independently (for example Mobikash).

For merchants there are numerous advantages to joining the scheme, range from providing a better online purchasing experience (mpass) to enabling incremental purchases (paybox for car parking).

Open Vs. Closed
The end-user experience when making a purchase is very similar whether you are using a closed or open mobile payment scheme, so do consumers care about this technical difference?

The challenge here is that whilst the payment experience is much the same, the difference is that your coffee store scheme only works in that coffee store chain. So it requires consumers to have a payment scheme per merchant. Not only do they need to download/install an app per store, but also they then need to individually load funds in to each scheme. The big question is just how many brands can command that level of commitment from their customers?

Clearly Starbucks had a huge headstart from having an existing prepaid card scheme before moving to mobile. Also their customers tend to make frequent visits and are receptive to switching payment methods for a better experience at the point of sale. But how many other merchants match this profile?

For most merchants the logistics and costs of implementing a closed mobile payment scheme are not realistic. But this doesn’t mean they can’t exploit the mobile channel to create greater customer intimacy.

There is a whole range of mobile CRM tools and services that can be run in parallel to existing payment schemes. From on-pack coupons to drive loyalty schemes, to customer outreach via the mobile channel there are wide range mobile CRM services being launched.

Most retailers are not going to setup and run their own mobile payment schemes, but in the coming year expect to see some very innovative mobile CRM services to be launched that complement existing payment methods.

A Flurry of NFC Announcements
If you have been following the mobile payments news recently you will have been seen the flurry of news around NFC, and in particular the rumours regarding Google’s entry into this space.

“Google is poised to roll out Near Field Communications-based mobile payment trials at stores in the New York City and San Francisco markets, enabling shoppers to purchase products and services by bumping their smartphone against a point-of-sale digital reader.”
http://www.bloomberg.com/news/2011-03-15/google-is-said-to-ready-payment-test-in-new-york-san-francisco.html

Google isn’t the first company to have thrown its hat in the ring for NFC services. Perhaps the the largest venture has been the joint venture involving AT&T, T-Mobile and Verizon Wireless.

“Three major U.S. mobile operators have created a joint venture known as ISIS, which intends to build a mobile payment solution that will allow consumers to make purchases at retail stores with just a wave of a mobile phone at the checkout counter. The founding members of the JV include AT&T, T-Mobile and Verizon Wireless.”
http://blogs.forbes.com/velocity/2010/11/16/the-isis-mobile-wallet-are-visa-mastercard-and-paypal-under-siege/

What is NFC?
NFC or Near Field Communication is a relatively new form of ultra-short range wireless communications between devices. It is much like Bluetooth, but with a much shorter range, with much easier set-up, specifically designed for services such as payment or exchanging small bursts of information.

You may already be using NFC; if you have a Visa payWave credit card then you can consider yourself an early adopter of this technology. Every time you are tapping that card to pay, you are leading the way for the next generation of payment instruments.

NFC and Mobile Payments
Since the late 90s there have been numerous attempts to turn your phone in to a universal payment device. Even the original SIM cards were the same size as a credit card, albeit without the magnetic stripe.

Initial attempts at enabling purchases via mobile phone focused on sending simple barcodes to your phone; an approach that is still being used today, more than 15 years later. This was followed by PSMS (direct to bill charging) and more recently by payment commands issued by SMS, USSD, WAP and mobile apps.

The challenge, however, remains the same. In developed markets retailers are not eager to accept these approaches since they slow down the speed of processing at the checkout. And consumers have been largely resistant in the absence of any clearly compelling benefits over traditional payment methods (cash, cards, cheques, etc.).

NFC vs. NFC vs. NFC
What most of NFC mobile payment stories fail to address is that there are three NFC standards, and only one of which is actually suitable for payments. They also often fail to differentiate between integrated mobile NFC and a mobile device with NFC co-located.

NFC supports three methods for communication:
• Peer-to-peer: intended to enable to devices to quickly connect/share information. For example bumping two devices together to swap a business card.
• Read/Write: a non-secure mode for exchanging information. For example touching a smart poster with your phone to check-in to location for a FourSquare-like check-in.
• Card Emulation: this is the mode that enables an NFC handset to act as a smartcard/credit card. Importantly, it is the only secure mode for NFC.

Google Nexus S supports the Read/Write mode. So any trial will be limited to checking in to locations or grabbing simple vouchers or promotions – not a replacement for your contactless credit card.

Of course, at this early stage Google has plenty of time to upgrade to Card Emulation mode. But there is still another challenge to overcome before you have a true NFC mobile payment device.

What Makes a Credit Card a Credit Card?
This may sound like a Zen koan, but it isn’t. What makes a contactless credit card a credit card is not the wireless antenna, but its Secure Element (SE). Put simply, the SE is the combination of software and hardware that proves that the card is genuine, and links it to your debit orcredit account.

On a conventional card, the series of 1s and 0s encoded on the magnetic strip accomplish this. With NFC, the SE is a discrete component distinct from the radio component of NFC .

So where does the SE exist on the phone? Well, this is the second challenge for NFC mobile payments – no one can agree on this today. Some banks favour creating a software version of the SE and putting on your phone’s SIM card. Whilst others, like the ISIS joint venture, favour integrating the SE into a mini-SD memory card. The appeal to banks of the latter approach is that it closely mirrors how the issue credit cards today. They manufacture a card, personalise it for a specific customer (i.e., add the SE element), then ship the card to the customer.

Ignoring the obvious problems with some devices (all those iPhones with no mini-SD slot, for starters), the question remains: what mix of components and design will mobile NFC payment ultimately comprise?

The Truth is Out There
NFC mobile payments are coming, there is no doubt. The huge success of services like the Starbucks barcode payment scheme show there is a huge appetite for mobile payment services.

However, at the present time the lack of agreement over key elements of NFC limits existing solutions to interim status. Of course, even a hodge-podge of schemes will accelerate demand, educate customers and help build mobile payment ecosystems. You just might not want to hold your breath!

Why NFC is still years away from being mainstream & what you should be doing to be prepared for mobile payments

Attendees polled at GSMA Mobile World Congress February 2011, 76 percent believe mobile proximity payments using NFC technology is still at least two years away

What is NFC?
NFC or Near Field Communication is a new form of ultra-short range wireless communications between devices. Just as your cell phone can connect you to the mobile network’s radio mast tens of miles away, its WiFi capability connects to hotpots hundreds of metres away, Bluetooth can connect up to 10 metres or so, and now you have NFC that connects to devices up to a few centimetres away.

NFC was designed with a number of applications in mind, and in particular as a means of triggering a payment.

One of the first examples of this has been Visa’s payWave credit cards. When using this card, you don’t need to swipe your card, or even remove it from your wallet/purse. Just tap it against a payWave pad in a store, and your payment is made. No signature, no PIN – just tap and go.

Now this might seem very familiar to you if you have used transport-ticketing system like London’s Oyster or have an electronic toll pass. However, whilst the user experience is similar, the technology and business processes behind this are very different.

Why does it matter for mobile?
Mobile payments can be traced back to the 90s, but it has always been limited in its application by the technology generally available.

One of the first mobile payments was bill pay in the early mobile Internet (née WAP) banking applications. This was followed by premium SMS (or direct-to-bill) services for ring tones and more recently schemes like paybox Austria which covers remote and proximity payments such as car parking and vending machines.

Whilst the numerous mobile payment schemes have been successful, and in particularly, with remote payment scenarios. In proximity scenarios for low-value/high-speed transactions mobile payments are not quite there. And so NFC has been seen as the solution for this particular scenario.

What is holding back NFC?
Anyone reading the mainstream press in the last few months might believe than mobile NFC is either here now, or just waiting for the new iPhone 5. However the reality of the situation is a little more complex than that.

For a phone to work in the same manner as that Visa payWave card, it needs at a minimum
(1) NFC wireless capability added
(2) A Secure Element to verify its identity (just as your credit card has either a mag-stripe or chip embedded in it)
(3) Retailers to have NFC readers/POS
(4) Your phone linked to a source of funds/line of credit
(5) Agreed business rules (Visa payWave has a maximum transaction limit, and process for verifying the customer is the transaction is suspicious)

So even if the next iPhone has an NFC chip that still doesn’t make it a true NFC payment instrument.

The biggest challenge today for NFC is not just the lack of NFC capable handsets, but industry agreement on the Secure Element (SE) and the standards/business rules that will define the payment schemes.

Take the Secure Element. Many European banks have looked at SE being software based, and installed on the SIM in the phone. But in America some banks have are experimenting with issuing mini-SD memory cards with an SE and sometimes even the NFC chipset. The problem here: your CDMA phone might not have a SIM slot or the SIM is non-removable, and if you have an iPhone then you don’t have a mini-SD slot.

Or look at the retail side. Most large retailers are on a 10-year replacement cycle for their point of sale (POS), so getting them to install new NFC terminals is not a straightforward proposition.

What Does the Industry Think?
At the GSMA’s Mobile World Congress (February 2011) we spoke to 251 mobile industry members, and asked them for their view on when mobile NFC will happen, and what is holding up its progress.

The main finding was that the (mobile) industry recognises for mobile payments to take off, a concerted effort is needed from all the players (operators, banks, handset manufacturers, and merchants).

However the big surprise was the gap between the industry’s expectations of when NFC will happen, when compared to a lot of the press coverage over the last few months. Most people interviewed saw NFC being at least two years out. Even the most enthusiastic region (the Americas) only 49% thought NFC mobile payments with in a year.

With the exception of the Americas, we got very consistent feedback from those interviewed at Mobile World Congress, and that was there was no single factor holding back NFC, but rather that lack of suitable handsets in consumers hands, limited number of NFC readers at point of sale, the incomplete standards and the need for improved coordination between stakeholders.

Respondents from Asia and EMEA saw all these reasons as approximately equal. Those we spoke to from the Americas focused on lack of coordination (51%) as the main barrier.

How do I get NFC ready?
The clear message from those we spoke to is that for NFC mobile proximity payments to be a success, there will need to be a much greater deal of cooperation and coordination across all stakeholders.

Merchants/retailers need to ensure they have a mobile strategy in place, and beyond that to start preparing for mobile payments. This can be as simple as pre-emptively collecting their customers’ cell number, to starting to use the mobile channel today to start building consumer confidence.

Are there alternatives I can use today?
What we’ve seen in the last few years is that developed and developing economies have had a marked difference in their approach to mobile payments. In developing economies the focus today is very much on remote mobile payments. In these economies there is a large proportion of unbanked, and so carry/sending money is a major challenge. So remote payments provides a huge benefit. As existing mobile technologies (SMS, USSD, WAP) can be used, rather than waiting new technology is a huge benefit.

In developed economies, it certainly clear that many countries are focusing proximity payments for their lead mobile payment services. But even here we see a split, with some markets waiting for NFC, whilst others launching interim solutions. The advantage of the latter approach is that they are creating momentum today; you need an eco-system of merchants and customers. That’s the final frontier.

Launching your first mobile commerce service can be a daunting prospect for banks, merchants or enterprises. The mobile world has its own unique set of technical standards and terminology, which can be very confusing at first. For example, what you call a “text message,” your supplier calls an “SMS”; what you call a “vanity number,” they may use the term “TPOA.”

Launching any mobile service can benefit from following some basic principles:

The Basics
Which mobile channels will you use? Whilst many services launch with an iPhone and/or Android application, will this reach your target audience? Text messaging reaches all phones, Mobile Web reaches most phones and applications reach only specific phones. When designing your service, think about what devices your target audience uses.

Shortcodes. Most services have a text messaging component, ranging from initial sign-up for the service to alerts. You will need a shortcode to send and receive text messages. This number becomes part of your mobile presence or brand, so select one carefully. Local telecommunication regulations might also restrict what numbers you can use.

Longcodes. Shortcodes work only with local consumers’ mobile phones. If you want to support international visitors, you will need a longcode in addition to your shortcode.

Use an aggregator. If you want to be accessible to all consumers, then you need to be connected to all the local operators. Using an aggregator avoids building and maintaining these connections, because they are pre-connected. Aggregators can also advise you about local telecommunication regulators.

Which phones will you build applications for? Any market has more than a thousand handsets in use, so building device-specific applications is not practical. Select the key devices for your market or customer base, then backfill with either text or mobile internet versions of the service.

Project Planning
When planning your first mobile project, your project plan should incorporate:
Operator delays. Most services need approval, so allow time for this. How much time you need will vary by operator and the nature of your service.

Certification. If you are launching an application-based service, some operators will require certification before release. This is also true for app stores such as Apple’s iTunes Store.

Approval. Operator approval is required if your service will be using operator billing.
Using an aggregator will help you better plan for these situations, as they can advise you about operator-specific requirements, regulations and certification times.

Designing Your Mobile Service
There are basically two approaches to launching a new mobile service: the big bang, which launches with all functionality present from the start, and the staggered approach, which launches with a minimal set of key functions and evolves slowly over time.

Experience has shown that the latter is the better approach. However, to decide which approach is better for your circumstances, consider these points.
Early on, determine your objectives. What is essential for the service, and what is a nice-to–have?

Don’t include the kitchen sink. Be realistic in what is in the product. What is the minimum set of features that makes the services functional? Too many features will make the service harder for your customers to understand.

Rome wasn’t built in a day. Add new features gradually, and bring your customers along with you.

Include all the carrier-required screens and Ts&Cs. Depending on the service, operators will have regulations on what you can, cannot and must say in your applications.

How to get help, contact info. What are the phone numbers and URLs for your service?

How to cancel the service. Operators have strict rules on this.

Manage Costs
Unlike the Internet, where consumers incur no direct costs for accessing Web sites, mobile users are acutely aware of costs relating to mobile services. When designing a mobile service, you should consider:
Length of text messages. Determine early on if you will use one text message (160 or 70 characters for non-roman alphabets) or two (320 or 140 characters). Two messages cost twice as much (both for the bank and, in some markets, the customer) and will work differently on different phone models and for different operators.

Keep Mobile Web Lite. Keep graphics to a minimum on mobile Web sites. Fewer graphics keep the user experience smoother and reduce the risk of consuming users’ mobile data plans.

Going Live
The feedback we get consistently from our customers is that you can never advertise your mobile services too much. For example, an mBanking customer told us that they found that online banner ads worked extremely well for enrollment; when this bank stopped online banner advertising, enrollment dropped by as much as 60 percent.

Advertising should not be limited just to banner advertisements. Make use of all the customer touch points you have: statements, Web site and print ads. Often forgotten are your physical stores or branches. Make sure your staff are not just aware of, but promote your mobile services.

As one customer recently told us, “The best mobile solution won’t succeed if no one knows about it—adoption is crucial.”

For as long as I’ve been in mobile (15 years and counting) there has the cliché/truism that the US is behind when it comes to mobile. We’ve just published our latest consumer survey, and on initial reading, it could seem that it is all doom and gloom for the US. But is this true? Read the rest of this entry »

The public has grown to trust online banking, as evidenced by the huge upsurge of users accessing their accounts over the Web and paying bills and credit cards online. Based on a survey by the Pew Internet & American Life Project, more than 50 million adults in the United States now bank online, which is a 47 percent increase from just two years ago and a significant jump from the 14 million people who took advantage of these services in 2002.

Again and again, these customers say they enjoy managing their finances online because of the convenience and ease of use. Customers that have adopted online banking often experience a higher level of customer satisfaction and exhibit more loyalty to their banking institutions. For example, Forrester’s report, “The Experiences that Satisfy Consumers,” finds that 84 percent of online banking customers are satisfied or extremely satisfied with their online banking services.

Rather than resting on that success, financial institutions and mobile operators are adding mCommerce options to deliver an even higher level of convenience for their customers. Checking account balance, transferring funds and approving payments can be completed using a mobile phone with a simple text message, which gives customers the flexibility to manage their finances whenever and wherever they want. For many customers, mobile payment options are a necessity, and financial institutions that offer mobile services are gaining a competitive advantage. Read the rest of this entry »

Earlier this year we published our Global Usage and Acceptance Survey Report. The survey looked at how consumers are using their mobile devices today, and what new services they would be interested in. We looked at three service areas: mobile commerce, mobile CRM and next generation carrier services.

The survey was completed by more than 4,100 mobile users, in sixteen countries using an online methodology, with at least 250 mobile phone users per country. The countries in the survey were Argentina, Australia, Canada, China, France, Germany, India, Indonesia, Italy, Malaysia, Mexico, Singapore, South Africa, Spain, United Kingdom, and USA. Read the rest of this entry »