Payments revolution in next two years?

There are some really interesting developments occurring in the world of online and off-line payments. In less than two years time the way we pay for things and even whether we even need to carry a wallet full of cash and plastic could be in question. This could also have some interesting security implications.

Apple and NFC - TechCrunch has an article about Apple bringing Near Field Communications (NFC) to the main stream by integrating an NFC chip in the iPhone 5 and iPad 2. Nothing revolutionary by itself but it becomes more compelling when combined with the Apple payment infrastructure which has already made it simple for users to download over 10 billion apps and become the dominant player in MP3 purchases with over 70% market share (May 2010).

Apple has made major headway in the micropayments problem by requiring an Apple ID to effectively use any Apple device and when you register you have to enter a credit card or other payment method. To buy anything from an app, an MP3, to now books, movies and TV shows all you need is your Apple ID and password. There is no way I would go through the process of registering and entering my credit card details for every $0.99 app but to enter a simple password makes those impulse buys so easy. The third part of this puzzle is that, as TechCruch reports, Apple is also developing simple NFC receivers for merchants which they will either give away or make available very cheaply.  This should assist with the merchant change and acceptance problem, for example Visa Paywave has existed for a while but very few merchants still seem to accept it, penetration has been slow.

If Apple does bring all three of these factors together TechCrunch thinks Apple could become the biggest company on earth, now that might be a slightly optimistic but then again who thought in the 1990's that they would ever be bigger than Microsoft? One of the major factors against this world domination could be that unlike others I discuss below, Apple being Apple does not have any federated payments service. What I mean is that there is no checkout by Apple, as far as I'm aware for an online merchant there is no way to use the Apple payment infrastructure unless you publish to the Apple stores or iTunes. To stop paying the credit and debit card charges Apple will also have to offer a way to directly link your bank account, thus benefiting from the cheaper processing and clearing rates. Finally merchants and creators have to weigh up the benefits provided by Apple vs. the exorbitant 30% tax they change for this service, from simply a payments processing perspective that makes even the credit card processors look generous. But off course the appstores provide so much more from marketing to distribution and invoicing which may still make the Apple way highly compelling.

Google checkout and NFC - Google were the first to announce adding NFC to the new Nexus S.  They also have the payments infrastructure with Google checkout. While this definitely has not been as popular as Paypal, inherently I don't buy the argument that it is significantly deficient. Both work in a very similar fashion especially if you have a Google account for other Google services and if you have an Android phone. Again personally when I am shopping around online for anything, especially commodity electronics I use Google product search and look for sites that support Google checkout. This makes the payment process very fast and I don't have to trust a merchant I have not shopped with before with my card and personal details, enabling a greater range of merchants.

As this Quora post describes, failure of Google checkout to gain marketshare could be more a matter of time rather than an inherent failure in the service or its proposition. In addition to the deep integration with Android, Google checkout can be added very easily to any online site. Mobile and mobile payments especially in the emerging economies could be a massive growth area in the next few years and the Google leadership seems to have strong vision for what they want to achieve in this space.

Facebook credits - Facebook has just announced that they are making Facebook credits mandatory for all games on Facebook, this will no doubt be extended to all other applications on the Facebook platform. Facebook also has 600 million users, a captive audience with 25% of all internet usage being spent on Facebook and Facebook connect. Already for any new web applications Facebook connect is a simple way to get outsource the user management, gain viral growth, so why not the simplest way to monetize?

What they are missing at least compared to Google and Apple is that mobile penetration - at least unless a Facebook phone becomes a reality. Without this, bridging that gap to off-line commerce could be impossible. Using this credits concept could also be a mistake rather than real currency, the constant need to convert could be a barrier to use. Alternatively it could be a stroke of genius, as credits can be used for micropayments with an actual credit card processing charge only when the credits themselves are purchased (which can be done in a bulk form or via giftcards). Facebook credits as a global currency? Never say never....

Paypal - Paypal is the other obvious big player, they had a massive third quarter in 2010 with a 22% increase in revenue to $838 million. They already have an APP on the iPhone and Android that allows you to send money very easily and there is talk that they may work with Google to support NFC payments in 2011. Paypal has the massive advantage of scale and market share, the integration with eBay and the infrastructure to already bypass the middlemen of payment processors and Visa and Mastercard. As with Google they already support linking your bank account directly, which enables them to avoid expensive card charges and offer service such as micropayments at low enough rates to make it viable. For online sites Paypal is incredibly easy to integrate with and the send money feature can even be used by off line merchants, my wife for example uses just the send money to email feature to receive payments for her small cake business and that works really well.

Banks and card schemes - It would be incredible if the card issuing banks and card schemes do not react to this growing threat, especially to services such as Paypal providing a float, if they paid interest on a balance and you could use it the majority of places online and off-line why would you need a retail bank account? Why would you need a debit card? Their BillMeLater service offers short term credit, substituting credit cards and overdrafts. People linking their bank accounts directly to Paypal is a major and growing threat to banks credit and debit card processing fees and Paypal floats and Billmelater could cut into their funds under management and credit card businesses. While the card issuers have the advantage of the being the current default method of payment, the one that everyone has and is comfortable using, simply sitting on that could be quite naive. It can be amazing how fast even seemingly stable markets can be severely disrupted.

I have written before about what a major opportunity this is for banks and card schemes, and some banks such as Bank of America are trailing NFC technology,  Visa have launched a partnership with iCarte a vendor that adds NFC to the iPhone via a case to enable use of their mobile application in Turkey. The merchant acceptance figures are impressive with 40,000 merchants in Turkey already supporting it. Whether iCarte remains in business if the iPhone 5 supports NFC built-in and whether users are willing to pay for a bulky case to get NFC are outstanding questions. From Visa's perspective the hard work is with the merchants and in developing the mobile payments application. Now that is done, they could be well placed for the iPhone 5 and other NFC phones as they continue to build up the merchant base. This is a very good thing for issuers and Visa member banks who are supporting this initiative.

My overall question when it comes to Visa, Mastercard and the legacy banks is whether they will be able to move fast enough with the heavy bureaucracy, ancient and proprietary systems and gain agreement among so many competing players, to present a viable alternative to the average consumer and merchants.

Security implications:

  • Keys to the kingdom - As these services grow rather than needing to steal card details or physical cash it simply becomes a username and password. As I have written before, stronger authentication will need to become the default. Luckily with mobile devices two factor authentication, greater use of location based and even biometric (facial recognition via camera, augmented reality, finger print readers) are all easily accessible and can be implemented today
  • Anti-fraud infrastructure - The banks and payment processors have invested millions, if not billions collectively in anti-fraud detection and prevention technologies and processes - mostly at the payment authorization and transaction layer but also increasingly at the authentication layer with online banking. Adaptive authentication and anti-fraud response which is risk based is also critical to providing the best customer experience while reducing the fraud to an acceptable level. As the above services grow they will increasingly be targeted by fraud and either make the similar investments or be smart and leverage vendors such as RSA and Arcott who have the learnings, databases and technologies from their work within financial services
  • Mobile and NFC threats - Any new technology especially wireless payments is going to have vulnerabilities, being able to retrieve and intercept wireless data is major concern, current attacks that work very well on cards also work on NFC devices with skimming and cloning of NFC chips a concern especially as it can be done wirelessly without needing physical access to the actual device. On-going security testing and research into these technologies, rapid and mandatory firmware upgrades to patch security vulnerabilities and designing the best available security practices from the outset will be critical. With mobile devices storing more and more valuable data and now being a payments device that is still extremely easy to lose or be stolen,  security feature such as strong authentication, storage and transmission encryption, remote tracking and wipe will have to become standard.

While the death of cash has been long predicted but slow to arrive, we finely maybe reaching a perfect storm of conditions to enable it to happen. The explosive growth in the scale and capability of mobile platforms, the maturing and reduced price of contactless and wireless technologies, the spread of large scale identity platforms and the continued merging of off-line and online commerce. I would love a future where instead of my wallet bulging with the change from my coffee purchase, I just wipe my phone past the NFC reader. Where my phone caries my identity and payment methods making my wallet redundant. Where I can buy anything confidently online quickly, without risking my payment or personal details using a single secure federated identity. A future where anyone can build a business to sell to the long tail by being able to purchase identity and payments processing cheaply as a service. Where emerging economies can transfer money, make payments and access banking services using mobile phones, leapfrogging the creation of expensive and slow finance networks and the need for bulky computers and fixed line telecommunications. The exciting thing is that such a future seems well within grasp and the interesting question will be who will be the dominant force or forces in this brave new world.

Photo credits: Flikr, monty.metzger

Read more: Computerworld article on the same issue

Qwiki background on NFC:

No comments:

Post a comment


Written by