On January 26, FIS announced a new mobile payments solution using technology provided by Paydiant. In its announcement, FIS said:
This cloud-based payment solution is adaptable and secure, requiring only downloadable applications for both consumers and retailers. Importantly, the mobile payments solution can be built into retailers’ and financial institutions’ existing mobile applications, preserving brand equity and strengthening customer loyalty.
With much of the card payments industry zigging toward an NFC-based solution securing payment card credentials on mobile handsets, FIS is zagging in a different direction with this new solution – one that doesn’t need to wait for NFC and Secure Element (SE) chips to be embedded in mobile phones. We might call this new cloud-centric approach “Payments Over the Top” – because, as you’ll see, with this new FIS/Paydiant approach card credentials never leave the cloud.
FIS is pursuing multiple strategies here – see their announcement earlier this week with mFoundry, the company who recently announced a global strategic partnership with MasterCard to deliver NFC-enabled mobile payments solutions to its customers.
Back to the notion of an “over the top” strategy. We spoke with Doug Brown, FIS Senior Vice President of Mobile Products, to learn more about this new approach to mobile payments.
There are a couple of difficult problems to be solved to enable mobile payments at physical POS locations – namely, where is the card credential stored, how is it accessed, and how it is exchanged with the merchant’s POS terminal?
Many in the industry advocate storing card credentials in mobile handsets – specifically, in Secure Elements in those handsets under the control of a trusted manager – and then using NFC (Near Field Communications) technology to communicate the card credential from the handset to the POS device through emulation of contactless cards. Participating merchants must have POS terminals capable of accepting an emulated contactless card – but, otherwise, the rest of the value chain (from merchant to acquirer to network to issuer) need not make any changes.
New infrastructure is required, however, on the issuing side where payment card issuers need to participate in a new mobile payments ecosystem in order to provision and manage their card credentials onto mobile handsets.
In the US, we’ve currently got two examples of this approach: Isis, the joint venture company formed in late 2010 by AT&T, T-Mobile and Verizon, and Google Wallet with partners including Citibank, MasterCard, First Data, and Sprint.
FIS is taking a different approach with its newly announced solution – one that avoids the need to store any payment card credentials in the consumer’s mobile device. Consumers are enabled to participate by installing a bank-provided mobile banking/payments application on their mobile handset. This mobile app doesn’t store any card data on the handset. Rather, it’s a mobile application that utilizes the mobile handset’s camera as the sensor that is used to initiate payment at POS. Neither an NFC chip or a Secure Element is necessary in the consumer’s mobile handset.
Similarly, participating merchants don’t need to install new POS terminals to support contactless acceptance. Merchants do, however, have to make software modifications to their POS systems to support generation of 2D bar codes – presented either on customer-facing screens or on printed receipts. The bar code, scanned by the consumer using her mobile payment app, is what links this particular purchase at this particular merchant to this consumer. Once scanned, it’s sent up to the cloud where the FIS server matches things up, accesses the consumer’s card credential and sends it securely on to the merchant’s acquirer. Authorization and settlement to the merchant proceeds normally from that point.
I think of the challenge of mobile at POS being the “last inch” problem. How does a mobile handset communicate with a merchant’s POS terminal to consummate a purchase transaction? With NFC, it’s done as we described above – riding the existing merchant/acquirer network rails. With cloud-based approaches, it flows differently – in this case from the merchant’s POS to the consumer’s mobile handset, into the cloud and back around, through the merchant’s acquirer, to settle and pay the merchant. Think of clockwise vs. counter-clockwise!
Using 2D bar codes with a mobile payments application also could enable other use cases. For example, in an eCommerce purchase, the online merchant could display a 2D bar code on the consumer’s computer screen – which could be scanned by the mobile app to complete payment just like at the physical POS. For bill payment applications, billers could print 2D bar codes on their paper statements – or, similarly, display them online and enable payment from consumer handsets.
While the FIS solution avoids the NFC-related hardware issues, it will need to overcome two-sided adoption challenges to reach any meaningful scale. Consumers will want to know that it’s worth their while to try to pay this way – which means that “enough” merchants have to be on-board. Consumers will also be asking “Why bother? What’s in this for me?” And, their banks will need to embed the solution in their mobile banking/payments application. But the NFC-based approaches face similar adoption challenges.
One intriguing opportunity with this “optical” over the top solution is that merchants could decide to adopt this irrespective of bank participation. A merchant, with a mobile app that embeds the FIS solution, could enable convenient payments at their POS locations – analogous to what Starbucks has been doing with it’s mobile payments application. This might enable merchant-specific adoption to occur without issuer participation.
Zigging and zagging we go – into the new world of mobile payments. FIS’ solution is yet another innovative solution to the “last inch” problem – going over the top and into the cloud to consummate payment.
What do you think? Share your thoughts in a comment below.