Interoperable mobile payment – from a business, user, and technical perspective
Dr. Manfred Männle, product management Mobile Payment Platform, Encorus Technologies
Existing payment methods like cash and debit/credit card payments are still predominant in our daily lives. Nevertheless, these methods are not well suited for new, up and coming payment scenarios such as e-commerce and TV shopping. These methods can result in increased fraud and high dispute handling costs. Next-generation payment methods must meet business, user, and technical requirements that cover traditional as well as recent scenarios. A mobile payment architecture authentication of GSM networks, the cost efficiency of micro-payment, and the flexibility and the global acceptance of existing macro-payment schemes is needed to make m-commerce and mobile payments live up to the high expectations of users, merchants, mobile network operators and financial institutions.
During the past few decades, a continuing trend in the payments market has been the declining share of all payments made by cash. Cash payment volumes in the UK were some GBP 25.6 billion in 1999 accounting for three-quarters of all payments. APACS projects that cash use in the UK will still account for 62% of all payments in 2009, but cash payment volumes are expected to continue to decline [Apacs03]. Migration to on-line debit cards and the electronic purse will be important influences.
Mobile payments, i.e. payments based on your mobile phone, will take their share of cashless payments for various reasons. According to a study of Frost and Sullivan, mobile payment will achieve a volume of USD 25 billion in Europe by 2006 [Frost02].
This paper starts with a brief discussion of advantages and drawbacks of different payment methods, presents a list of the most important business, user, and technical requirements to a modern payment system and proposes an architecture of an interoperable mobile payment system, followed by conclusions and an outlook.
Paying with cash will remain the predominant payment method, but its share is continuously declining. Users appreciate its ease of use, anonymity, and ubiquitous acceptance. Drawbacks are handling costs, in particular when dealing with foreign currencies, and risk of loss and theft. Furthermore, cardholder-not-present payments as in the case of e-commerce are not economically feasible.
Check payments are widely accepted but come with relatively high handling costs. Their importance is constantly decreasing, particularly in Europe.
Credit and debit card payments continue to grow. They are widely accepted, offer good security and come with affordable costs. They allow distant payments and are therefore the preferred payment method for e-commerce and m-commerce. Payments, however, are not anonymous and some consumers are reluctant to use credit cards for e-commerce because of the perceived risk of fraud. Merchant discount (merchant service charge) is relatively high in e-commerce, because the disputes rate is relatively high for cardholder-not-present transactions. Furthermore, person-to-person payments are not always possible and availability (valuta) is usually delayed by one or more days.
Enhancements of card payments like SET [SET97] or 3D-Secure [Visa01] try to overcome these drawbacks, in particular by introducing better consumer authentication via chip or digital signature in order to decrease e-commerce fraud. Changes necessary at merchant and consumer side are the major hurdles in deploying these systems.
Token-based methods like the German Geldkarte gained some acceptance, mainly for cashless payments at vending machines, but spread is limited because of the need of card reading devices.
A growing number of other payment methods and trials, e.g. e-cash schemes like CyberCash [Cyb03] evolved over the past decades, but have not yet gained significant market share. One of the main reasons is their limited interoperability and acceptance, i.e. consumers and merchants must both register to the same entity – the scheme does not leverage existing business relationships between consumers, issuers, acquirers, and merchants.
The following chapters describe technical, business, and user requirements to next-generation payment systems and present an interoperable mobile payment architecture that addresses these needs.
Requirements for next-generation payment systems
Financial networks follow the three domain model in order to implement interoperability. Brand and business rules are defined in a payment scheme. Issuers hold contracts with consumers, maintain consumer accounts and issue e.g. credit cards. Merchant acquirers deliver services tailored to merchants’ needs. The interchange domain ensures interoperability, computes fees and settles funds between issuers and acquirers. Stakeholders are not restricted to a single role, e.g. some banks issue cards and acquire merchants at the same time. Technically, interoperability is achieved by standardized protocols like ISO 8583 [ISO87].
Every new payment system introduced encounters the so-called hen-and-egg problem. Not enough users make it unattractive for merchants and not enough merchant acceptance makes it unattractive to the user. Leveraging the existing infrastructure (merchant acquirers, issuers) can overcome this problem.
Consumers and merchants are familiar with use cases like registration, confirming payments with a PIN, transactions (e.g. credit and debit), account statements, etc. Ease of use can be achieved if a mobile payment scheme copies the known payment transaction types, use cases, and business relationships. Moreover, a payment system of international scope is expected to provide foreign currency conversion during the payment flow.
The need of special devices or software poses a barrier for introducing a new payment system, in particular to consumers. Furthermore, consumers prefer payment systems that provide ubiquitous access.
Costs of deploying and maintaining a new payment method as well as subscription and per transaction fees must compete with costs of existing payment schemes. On the other hand, fee distribution among the service providers must cover their efforts and risks.
Strong payer authentication is the pre-condition to prevent consumer fraud and to keep the number of disputes low. This is why most schemes that provide a payments guarantee for the payee demand strong consumer authentication. Measures for integrity, non-repudiation, confidentiality, and persistence further reduce the number of disputes and increase consumer trust.
The consumer prefers anonymous payments, which is in contrast to fraud reduction and strong authentication. Nevertheless, consumer data can be hidden from the merchant while still maintaining strong authentication by the issuer.
Enabling traditional payment schemes for mobile payment (mobile macro-payment) is not critical from a regulator’s point of view, since the actual payment process remains unchanged, including security measures, roles, and liabilities. Standard operational and technical requirements apply to processing. Issuing e-money, unlike telecommunications prepaid accounts, are expected to be the subject of more restrictive regulations. In Europe, the different national implementations of the e-money directive pose different levels of requirements to e-money issuers, e.g. in Germany showing a tendency towards a banking regulation type of interpretation.
When looking at the advantages and drawbacks of existing payment methods, and when learning from failures of many payment systems, one can derive a set of business, user, and technical requirements:
Mobile payment architecture
An extended three domain model is required to fulfill the requirements listed above. Building on the three domain model allows the industry to leverage the existing banking, card issuing, and merchant acquiring infrastructure. In this extended model, payer authentication is performed by the GSM network when the consumer uses his or her mobile phone to confirm a payment. GSM networks provide a strong, chip-based user authentication and almost ubiquitous access [GSM03] to a large customer base.
Such a role-based model does not restrict a stakeholder to take only one single role. Mobile operators are in a good position to operate wallet servers and to issue micro-payment instruments. Banks traditionally take the role as macro-payment issuers and merchant acquirers. Nevertheless, the model also permits a mobile operator to acquire merchants or a bank to issue a micro-payment instrument. The technical architecture supports all relevant business setups.
Conclusions and outlook
The presented approach combines the security features and strong user authentication of GSM networks, the cost efficiency of micro-payment, and the flexibility and worldwide acceptance of existing macro-payment schemes.
Non-proprietary (interoperable) payment systems are superior to proprietary solutions in the long term and create additional value for all participating parties. Technically, the interchange domain ensures interoperability between independent issuers and acquirers who operate components (wallet server, merchant server, etc.) of various vendors. On the business side, initiatives like the GSM Association, Mobile Payment Forum and the Mobile Payment Services Association (MPSA) are doing the ground work, or in the case of the MPSA even setting up interoperable mobile payment schemes [ITW03].
However, the introduction of a new and widely accepted mobile payment scheme, in particular the setup of a clear business model and the time required for users to gain confidence and familiarity with a new brand and scheme, will take considerable time (cf. the introduction of credit card schemes). Nevertheless, the commitment of mobile network operators to initiatives like MPSA point towards the introduction of interoperable micro-payment schemes. Next-generation mobile payment systems are on their way, so don’t be surprised if your wallet starts ringing one of these days.
[Apacs03] Association for Payment Clearing Services: Payments, Facts and Figures
http://www.apacs.org.uk/about_apacs/htm_files/figures.htm, as of 2003-01-20,Cash
http://www.apacs.org.uk/about_apacs/htm_files/cash.htm, as of 2003-01-20.
[Cyb03] CyberCash, Inc. (acquired by VeriSign, Inc), http://www.cybercash.com/ .
[Frost02] Frost & Sullivan: Mobile Commerce Payments, May 2002.
[GSM03] GSM: GSM Recommendations 02.09, 02.17, 03.20, and 03.21; cf. for example http://www.3gpp.org/ftp/Specs/archive/ as of 2003-01-20.
[ISO87] ISO 8583: Bank card originated messages – Interchange message specifications – Content for financial transactions, August 1987.
[SET97] SET Secure Electronic Transaction LLC: SET™ Specification Books, May 1997, http://www.setco.org/set_specifications.html as of 2003-01-20.
[Visa01] Visa International Service Association: 3-D Secure™ Protocol Specification, November 2001.
[ITW03] ITWorld: European operators team on mobile payment scheme, http://www.itworld.com/Net/2613/030226eumobile/page_1.html as of 2003-05-14.
Dr.-Ing. Manfred Männle
Dr. Manfred Männle works with Encorus Technologies as a product manager and system analyst for the “Encorus Mobile Payment Processing Platform”. His tasks include requirements specification and market introduction of products and services for mobile payment, as well as technical consulting and supporting product development.
Dr. Männle has over 5 years of experience in the IT industry. Prior to joining Encorus, he worked as research assistant at Karlsruhe University. In addition to scientific research activities, he managed two projects in the telecommunications industry about reliability assessment and fraud detection of billing systems through statistical and data mining techniques.
During his academic career at the Universities of Karlsruhe (Germany) and Nancy (France), Dr. Männle authored several publications in the area of systems identification and artificial intelligence (fuzzy logic). In 2001, he received a PhD (Dr.-Ing.) in computer science from Karlsruhe University.