“Over the Top” with Mobile Payments

by Scott Loftesness on February 2, 2012

in MasterCard, Mobile Banking & Payments, Mobile Payments, Mobile Wallets, Scott Loftesness

Scott Loftesness -- Glenbrook Partners

On January 26, FIS announced a new mobile payments solution using technology provided by Paydiant. In its announcement, FIS said:

This cloud-based payment solution is adaptable and secure, requiring only downloadable applications for both consumers and retailers. Importantly, the mobile payments solution can be built into retailers’ and financial institutions’ existing mobile applications, preserving brand equity and strengthening customer loyalty.

With much of the card payments industry zigging toward an NFC-based solution securing payment card credentials on mobile handsets, FIS is zagging in a different direction with this new solution – one that doesn’t need to wait for NFC and Secure Element (SE) chips to be embedded in mobile phones. We might call this new cloud-centric approach “Payments Over the Top” – because, as you’ll see, with this new FIS/Paydiant approach card credentials never leave the cloud.

FIS is pursuing multiple strategies here – see their announcement earlier this week with mFoundry, the company who recently announced a global strategic partnership with MasterCard to deliver NFC-enabled mobile payments solutions to its customers.

Back to the notion of an “over the top” strategy. We spoke with Doug Brown, FIS Senior Vice President of Mobile Products, to learn more about this new approach to mobile payments.

There are a couple of difficult problems to be solved to enable mobile payments at physical POS locations – namely, where is the card credential stored, how is it accessed, and how it is exchanged with the merchant’s POS terminal?

Many in the industry advocate storing card credentials in mobile handsets – specifically, in Secure Elements in those handsets under the control of a trusted manager – and then using NFC (Near Field Communications) technology to communicate the card credential from the handset to the POS device through emulation of contactless cards. Participating merchants must have POS terminals capable of accepting an emulated contactless card – but, otherwise, the rest of the value chain (from merchant to acquirer to network to issuer) need not make any changes.

New infrastructure is required, however, on the issuing side where payment card issuers need to participate in a new mobile payments ecosystem in order to provision and manage their card credentials onto mobile handsets.

In the US, we’ve currently got two examples of this approach: Isis, the joint venture company formed in late 2010 by AT&T, T-Mobile and Verizon, and Google Wallet with partners including Citibank, MasterCard, First Data, and Sprint.

FIS is taking a different approach with its newly announced solution – one that avoids the need to store any payment card credentials in the consumer’s mobile device. Consumers are enabled to participate by installing a bank-provided mobile banking/payments application on their mobile handset. This mobile app doesn’t store any card data on the handset. Rather, it’s a mobile application that utilizes the mobile handset’s camera as the sensor that is used to initiate payment at POS. Neither an NFC chip or a Secure Element is necessary in the consumer’s mobile handset.

Similarly, participating merchants don’t need to install new POS terminals to support contactless acceptance. Merchants do, however, have to make software modifications to their POS systems to support generation of 2D bar codes – presented either on customer-facing screens or on printed receipts. The bar code, scanned by the consumer using her mobile payment app, is what links this particular purchase at this particular merchant to this consumer. Once scanned, it’s sent up to the cloud where the FIS server matches things up, accesses the consumer’s card credential and sends it securely on to the merchant’s acquirer. Authorization and settlement to the merchant proceeds normally from that point.

I think of the challenge of mobile at POS being the “last inch” problem. How does a mobile handset communicate with a merchant’s POS terminal to consummate a purchase transaction? With NFC, it’s done as we described above – riding the existing merchant/acquirer network rails. With cloud-based approaches, it flows differently – in this case from the merchant’s POS to the consumer’s mobile handset, into the cloud and back around, through the merchant’s acquirer, to settle and pay the merchant. Think of clockwise vs. counter-clockwise!

Using 2D bar codes with a mobile payments application also could enable other use cases. For example, in an eCommerce purchase, the online merchant could display a 2D bar code on the consumer’s computer screen – which could be scanned by the mobile app to complete payment just like at the physical POS. For bill payment applications, billers could print 2D bar codes on their paper statements – or, similarly, display them online and enable payment from consumer handsets.

While the FIS solution avoids the NFC-related hardware issues, it will need to overcome two-sided adoption challenges to reach any meaningful scale. Consumers will want to know that it’s worth their while to try to pay this way – which means that “enough” merchants have to be on-board. Consumers will also be asking “Why bother? What’s in this for me?” And, their banks will need to embed the solution in their mobile banking/payments application. But the NFC-based approaches face similar adoption challenges.

One intriguing opportunity with this “optical” over the top solution is that merchants could decide to adopt this irrespective of bank participation. A merchant, with a mobile app that embeds the FIS solution, could enable convenient payments at their POS locations – analogous to what Starbucks has been doing with it’s mobile payments application. This might enable merchant-specific adoption to occur without issuer participation.

Zigging and zagging we go – into the new world of mobile payments. FIS’ solution is yet another innovative solution to the “last inch” problem – going over the top and into the cloud to consummate payment.

What do you think? Share your thoughts in a comment below.

{ 5 comments… read them below or add one }

Trizt February 3, 2012 at 2:19 am

I can see an issue with using someones else cloud account, specially with mobile operating systems which ain’t too secure, getting out the information needed to access the cloud account and then they can do some shopping for free.

Reply

Dave Birch February 3, 2012 at 2:36 am

There is a third possibility: putting the payment credentials in the cloud but storing some other “ID” in the tamper-resistant part of the phone (either the SIM or a secure element).

Reply

Cherian Abraham February 3, 2012 at 2:22 pm

@Dave,

The hybrid model you suggested is most likely if the party had something to leverage on both worlds – online and offline. This could be the path Apple end up taking if it decided to keep NFC in iPhone 5, but still wanted to leverage the 200 million iTunes portfolio. This way, it could use existing payment rails but could still steer clear of the SE ownership dilemma and the challenge of geting the hundreds of issuers onboard who issued the 200m credit cards that made up iTunes.

Reply

Smart Banker February 5, 2012 at 11:30 am

So:
1. Consumer has to fire up app (how much longer than any other payment form?)
2. Phone signal required throughout transaction (think mall or Costco – no signal)
3. No IC break for merchant (assumption)
4. Consumer needs to snap a picture of the code (limits users, lengthens time, etc)
5. Significant training for front line sales staff required (policies on handset holding, assisting consumers with payments, what to do in a myriad of scenarios)

This makes no sense to me – the Starbucks approach is simple, successful, and clean because you present a code to a merchant scanner – not fumbling with a QR reader app.

Limited appeal, limited addressable market, lack luster results on the horizon. This is FIS giving their issuers a warm blanket in the face of disintermediation coming from all corners of the marketplace.

Reply

amol natu February 7, 2012 at 5:43 am

Interesting to see the similarities in approach with Paypal. While mechanics differ (2D bar-codes instead of PIN/Password), both organisations seem to be interested in bypassing the chicken-egg reality and target a pie of the current retail spend. Would be nice to understand the merchants perspective in terms of the additional cost for using such a cloud-based option as compared to card present and how much offset/additional volume are they projecting based on loyalty, coupon type sales activation.
Is there an element of digital receipts in the FIS solution like in case of the Paypal trial ? End-user purchase behavior could make a great differentiator.

Reply

Leave a Comment

Previous post:

Next post:

Clicky Web Analytics