Advancing mobile contactless payments using near field communications
Mobile phones have achieved full market penetration and rich service levels in most, if not all, European Union (EU) and European Economic Area () Member States, making the mobile channel ideal for leveraging and promoting the use of Single Euro Payments Area () payment instruments.
The use of mobile devices to undertake payment activity has necessitated the development of new business relationships, which has resulted in different industry sectors working together for the first time. This level of market convergence requires an infrastructure that will support advanced functionality and robust security, yet which meets a range of business and technical needs. Most importantly, mobile payment services must be user-friendly by delivering tangible benefits and convenience when implemented to consumers and merchants.
The European Payments Council () recognises that this landscape will only be achievable through the creation, delivery and maintenance of an interoperable mobile payments ecosystem based on open standards. To ensure a sustainable framework, the infrastructure implemented today must be scalable and flexible to the future needs of both end users and the organisations delivering the mobile payment services.
Although the is eager to advance activity in all areas of mobile payments - including mobile remote payments where two parties are able to send and receive funds irrespective of where they are located - initial resources are focused on mobile contactless card payments, where the mobile device needs to be in close proximity to a point-of-sale terminal. The forthcoming Mobile Contactless Card Payments Interoperability Implementation Guidelines are exclusive to mobile contactless payments using near field communications (NFC) technology1.
The is also developing implementation guidelines for mobile remote payments to be released at a later stage.
Avoiding market fragmentation: industry association and stakeholder outreach
The is working with key groups to establish the necessary standards and business rules to leverage the full potential of the mobile channel for the initiation and receipt of payments in an interoperable environment. In addition to its on-going liaison activities with relevant bodies to monitor and contribute to the advancement of mobile payment activity, the has established three formal relationships to progress its work in this area:
- GlobalPlatform is an international association which standardises the management of applications on secure chip technology. The liaison between the and GlobalPlatform will ensure that the mobile contactless technical specifications and use cases of each organisation are compatible as far as possible and meet pre-defined technical common requirements.
- GSMA, the worldwide mobile communications industry body, has worked with the to deliver joint industry white papers (see below).
- Mobey Forum is the global cross-industry consortium which contributes to the mobile financial services ecosystem from the perspective of banks. The 's cooperation with this group seeks to share knowledge and best practice to ensure the definition of compelling mobile payment use cases, which promote the benefits of deploying interoperable mobile payment technology.
Making it happen: summary of achievements
The released two documents in 2010 to clarify its role in creating an interoperable mobile ecosystem in . These papers are a starting point in the process of defining the responsibilities of stakeholders and synchronising technical requirements with existing industry standards.
The white paper on mobile payments was the first document to be published in July 2010. This paper creates awareness on how to best combine the benefits of state-of-the art payment instruments for credit transfers, direct debits and card payments via a mobile phone. It explores how mobile payment services can be delivered through cooperation and understanding between service providers active in the banking industry and the new players emerging in the mobile ecosystem.
In October 2010, the and GSMA jointly published the paper Mobile Contactless Payments Service Management Roles - Requirements and Specifications. This document describes the provision and lifecycle management - including distribution, configuration, activation, maintenance and deletion - of banks' mobile contactless payment applications when residing on a UICC2; a secure element (SE) also known as a SIM, which is located in a mobile handset. It also outlines the role of the trusted service manager (TSM), an independent and trusted third party that facilitates the provisioning and secure management of mobile contactless services and defines a minimum set of requirements for a TSM to interface with banks and mobile network operators.
The implementation guidelines: the next phase of activity
The Mobile Contactless Card Payments Interoperability Implementation Guidelines are the 's next step in making mobile contactless payments a reality. To ensure the delivery of the most comprehensive guidelines, the has analysed the latest specifications and drawn on materials from EMVCo, the EMV® standards body, GlobalPlatform, Mobey Forum and its existing working relationship with the GSMA.
This latest document explicitly offers a description of the mobile contactless payments ecosystem today and the stakeholders involved, to provide a clear understanding of the technology available and its deployment within the market. This enhanced level of clarity will ensure adherence to an adequate level of security measures and appropriate governance by payment service providers.
Bringing this document to market will enable the quick development and implementation of mobile solutions. It will achieve this by:
- Promoting the use of open standards, which will avoid market fragmentation and the deployment of proprietary solutions with limited geographical reach.
- Providing transparency to market participants by clarifying the roles of key stakeholders.
- Stating the position and responsibilities of the in relation to other industry bodies.
- Defining the adequate level of security for the whole mobile contactless payment value chain in order to establish confidence in this environment.
Guideline summary: key content offered
Following an extensive analysis of different SE alternatives, the document details the diverse service models and processes involved in the provisioning and the lifecycle management of a mobile contactless payment application residing in a mobile phone SE. As well as advancing the 's work in relation to the UICC, the document covers embedded SEs and micro secure digital (SD) cards. Time has been taken by the to detail the technical infrastructure as well as the essential security requirements for each component within this complex architecture.
In addition to developing SE implementation guidelines, this document acknowledges the different aspects of processing a mobile contactless card payment such as transaction flows, cardholder verification methods and risk management. It also provides an overview of standards and specifications defined by other standard and industry bodies active in this ecosystem, to offer an unambiguous overview of how this converging landscape interlinks with different stakeholders and their associate rules and regulations.
Throughout the development of this work, the has identified further gaps that need to be addressed to ensure a secure, sustainable and scalable mobile contactless payment ecosystem that will support full market penetration for all SEs. The guidelines conclude by outlining these next steps for the industry to maximise the reach and mass market adoption of this convenient and accessible payment technology.
Don't miss the opportunity to have your say
The will release the Mobile Contactless Card Payments Interoperability Implementation Guidelines by the end of April 2011 on the Website for consultation. Stakeholder comments are encouraged and welcomed by 17 June 2011.These will be reviewed and the guidelines amended accordingly prior to final publication in October 2011.
Dag-Inge Flatraaker is the Chair of the M-Channel Working Group.
EPC Consultation: Mobile Contactless SEPA Card Payments Interoperability Implementation Guidelines - This consultation was closed on 17 June 2011.
EPC Annual Activity Report 2010 (Chapter 10 provides an update on the 's work in the area of mobile payments)
1NFC refers to contactless technology that enables data to be transmitted wirelessly over short distances.
2Universal Integrated Circuit Card.
If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.