M-Commerce
What NFC Should Look Like
Steve Mott
By most accounts, the wireless-carrier-based near-field communication (NFC) mobile payments initiative known as Isis (formally announced late last year but rumored for months before) is still falling short of the mark with respect to a winning formula for prying payments away from banks. Its apparent struggle raises an often overlooked question: What does the payments public really want from a mobile NFC wallet?
Given all the other disruptive influences on the electronic payments business that piled up last year, the Holy Grail quest for NFC payments probably seems like a more of a distraction than a transformation at this point. But don’t make that mistake. Yes, NFC has been overhyped for several years, and, yes, there are few instances of a full-blown NFC deployment extant at this point—outside of transit payments.
But signs are emerging that 2011 is the year of NFC, so payments purveyors need to figure out the right business model, and fast.
For example, Nokia declared in the fall of 2010 that all of its smart phones would be NFC-enabled, beginning in 2011. And late last year, Google announced that Android version 2.3 would support native NFC payments, with rumors at year-end that the marketing company planned to support up to 5 million smart-phone deployments beginning in early 2011. Many of those deployments could carry bank-provided mobile wallets with payment options. So NFC is at the doorstep.
Most of the debate up until now about NFC mobile payments has been over how banks and carriers might interoperate, and who’s going to pay how much in transaction fees. That argument, besides being dysfunctional, misses the key point: Who’s going to use NFC to make payments, and where are they going to use it?
Here’s a related point: Applying 20th-Century dogma about signature-card-based merchant fee structures and levels to the first substantive new payment option in the 21st Century no longer appears to be relevant.
One-Way Reads
A brief history of NFC mobile-wallet payments shows why. Radio-frequency-identification signaling between chips in a plastic payment card or fob and a point-of-sale terminal equipped with a radio-wave receiver/transmitter has been around for more than half a decade. The technology works. But the related business models have largely failed.
For one thing, consumers remain wary about security, and bank issuers have been loath to inform them that one-way, tap-and-go contactless is much safer than mag-stripe swiped transactions.
For another, merchants get only limited payment options: signature credit and signature debit, for the most part, at historically inflated rates. For retailers, replacing a cash transaction with a cost of 2 to 4 cents with pre-Durbin signature-debit card rates of 15 to 75 cents, or even $1.50, was a business model dead on arrival.
Contactless tags stuck on mobile handsets work in a similar way, and Bling Nation Ltd. has demonstrated that consumers, at least in rural areas, are willing to use their cell phones rather than their wallets to pay, if properly supported by local banks and merchants in a business model that keeps local transactions local.
Bling’s business model lowers local merchant fees, but still increases local bank-partner profits by capturing more debit card transactions with less cost to the banks. But beyond Bling’s innovations, contactless tags remain mostly a novelty.
Late last year, Visa Inc., First Data Corp., and others announced pilot programs for micro SD (which stands for microchip secure digital) as a form factor for simple NFC payments. Micro SD storage disks are those little electronic chip cards used for switching photos from handsets to PCs and other devices. Users are familiar with the product, and the micro SD chips have enough digital horsepower to provide significantly more security.
But the buyer-seller interaction with micro SD is still mainly a one-way read by the POS device of the protected payment-account credential burned into and secured by the micro SD chip residing in the handset. Some people think micro SD dispels the need to wait for handsets embedded with NFC. Others think it’s a fad, and that it will be mainly used to fill in NFC functionality for that part of the mobile marketplace that doesn’t migrate to smart phones.
Handsets that come from the factory embedded with NFC vary somewhat in configuration and operation, but most incorporate a Subscriber Identification Module, or SIM, card. SIM cards typically offer strong, tamper-proof security, and operate ‘secure elements’ which can encrypt and protect sensitive data like payment account credentials.
Added to such handsets is an NFC chipset that ideally handles two-way communications. The NFC chip “talks” through the NFC antenna in the handset, which beams data back and forth to the POS terminal or host reader.
In exemplary deployments, the SIM-card secure element provides protected payment-account credentials to the NFC chip application that looks for it to execute a transaction. This communication is done via a single-wire protocol (SWP), or its equivalent, which protects the data exchange from inside the handset.
Properly configured, the encrypted account credential can pass through the POS terminal and the processor’s network to a host or issuer empowered to decrypt the information and perform an authorization.
Such end-to-end encryption absolves the merchant from ever touching the real account data, so concerns about compliance with the Payment Card Industry data-security standard (PCI) go away for these transactions—a big, big plus.
Authentication of the handset’s secure element—ideally accompanied by an NFC application that verifies a PIN and helps generate a unique transaction ID by the POS terminal—constitutes a form of user validation similar to robust implementations of the EMV (Europay, MasterCard, and Visa) standard for contact card transactions (soon to be extended for credit, debit, and prepaid transactions via contactless). And that should lead to a liability shift for payment risk from merchants back to buyers and card issuers—just like EMV deployment does (in Canada, for example).
For merchants like Wal-Mart, Best Buy, and Home Depot, the EMV liability shift—accompanied by exoneration from PCI-compliance requirements and costs—is a powerful motivator for pushing NFC contactless, in addition to EMV contact cards. EMV functionality can reside in the mobile-wallet application supported by the NFC chip, with the account credentials protected by the secure element. Voila!
That takes care of security, the qualifying factor for serious NFC participation. For merchants, these features alone provide a compelling business case, and from all indications, they are willing to invest some of their Durbin-mandated debit card interchange savings toward this end.
But for many consumers, other functions, along with a separate business case, will be needed. Such differentiating functions boil down to two main components: 1) An open wallet that can host a wide variety of payment options and types; and 2) Fully enabled interactions between buyer and seller managed by wallet functions and NFC two-way applications.
Controlled Intimacy
An open wallet, as the carrier-based Isis venture has learned, is certainly critical for merchant acceptance. Nobody wants to repeat the mistakes of tap-and-go contactless, where a limited wallet sometimes resulted in frustration. For example, Best Buy felt compelled in 2009 to kick out Visa’s PayWave contactless platform because the card network wouldn’t provide a PIN-debit option.
With post-Durbin debit card interchange rates apparently dropping by 75%, the debit card options in an NFC wallet look markedly more attractive to merchants, and might well become the dominant payment type. But there is also pressure from merchants to include other merchant-friendly options, such as closed-loop prepaid and private-label credit types. There is even talk of cross-merchant acceptance of those payment types to ensure consumers can use those values and credit lines at any cooperating merchant.
The point is, full NFC ought to ensure payment choice, whether that means selection by the consumer or the ability at the POS for merchants to steer the transaction to their preferred payment options, with the consumer’s blessing, if necessary.
And that means the NFC wallet function must be designed to accommodate just about any payment option through APIs that interoperate both with account credentials securely stored (or tokenized) in the handset and merchant POS terminals that can/should handle these payments interchangeably.
That includes compatible implementations of EMV. Banks would not be excluded from NFC account usage, but would have to contend with other merchant and non-bank competitive offerings for consumer and merchant choice.
The most important component, however, remains the two-way communications infrastructure that enhances buyer-seller interactions with real-time, location-aware digital applications. Here is just a small sample of applications being tested in the marketplace today:
– A smart-phone user enables location-tracking on the handset and arrives in a city to eat dinner. Promotional announcements appear on the phone upon arrival. The user requests (perhaps having opted-in previously) recommendations for Chinese food restaurants. The carrier, or application host, presents offers or suggestions close to the user’s location. When the user dines at the restaurant, the merchant discounts the purchase price and pays a bounty for the business. The costs and revenues are divided up among the participants. The bounty is warranted because the merchant got new business it had no reason to expect.
– This same user enters a store never visited before. The smart phone pings with coupon offers from the merchant and/or application providers or coupon brokers (like Groupon). The consumer makes a purchase, obtains the discount, and—if she permits—is entered into the store’s customer database.
– The next time this user visits that store, the host system recognizes the smart phone, researches prior purchases, and tries to present more relevant coupons to the user. More profitable private-label or promotional items can be pitched, and incremental sales consummated.
– As the user moves down the aisles, real-time offers for specific products (including directly competitive offers from, say, Coke when a repeat Pepsi buyer is identified in the lane by the merchant’s host system) can be enabled on the handset; selections can be confirmed, and discounts or promotions tabulated in advance of check-out.
– Properly configured users can do check-out basket tabulations while they shop. Weight-sensitive baskets or bar-code-scanned selections can be added up and confirmed for payment as the user completes a self-service check-out. If the user is a regular customer, loyalty values can be applied real-time to the purchase; if not, the user can be registered (by cell-phone number) for the loyalty program with a few taps on the handset. Applications—including coupons, return-visit promotions, and opt-in user profiling—can be downloaded on the way out of the store.
– Or, a user visiting an unknown or untrusted merchant location can simply shut off the handset, and shop anonymously or without interaction—as they do now!
Integrating loyalty programs on the handset, across the mobile-wallet functions, will be a key feature of a full, two-way NFC configuration. As well, wallet applications can also create, store, and present digital IDs (useful for online purchases, along with tokenized payments) with opt-in/opt-out profiling information that can be turned on or off (or made anonymous or personalized by the user) at will.
Such controlled intimacy between the buyer and the seller—not business models based on transaction fees—bears out the real promise of NFC mobile payments. How new transaction-generating and revenue-sharing models evolve from here is still a big unknown. But now, for the first time in the slowly-evolving digital-transactions era, how a buyer shops and behaves and how a seller treats and values that consumer will be driving the business case.
For what both consumers and merchants really want from NFC is more relevance, efficiency, and gratification in their relationships. Those who stand in the way of that are destined to fall by the wayside.