Mobile Micropayment: Opportunities and Technical Considerations

© 2008, HCL Technologies Ltd. Release 1, April 2 2008

Mobile Micropayment Page ii

Table of Contents

1. MOBILE MICROPAYMENT – THE BIG PICTURE ...... 5

1.1. Market Size and Segmentation ...... 5

1.2. Forecasts ...... 7

1.3. Reality ...... 9

2. BUSINESS MODELS ...... 9

3. MOBILE MICROPAYMENT AND INDIA ...... 15

3.1. Remote P2P in India ...... 15

3.2. Popular Mobile Micropayment Services in India ...... 18

4. TECHNICAL FACTORS TO CONSIDER ...... 20

4.1. Technology ...... 20

4.2. Features ...... 20

4.3. Functionality ...... 20

4.4. Ease of Integration ...... 21

4.5. Security ...... 21

4.5.1. General Security Considerations ...... 22

4.5.2. Security Threats in Bluetooth Based Systems ...... 22

4.5.3. Security Threats in NFC Based System ...... 23

4.6. Types of Services ...... 23

5. CONCLUSION ...... 25

Mobile Micropayment Page iii

MOBILE MICROPAYMENT – THE BIG PICTURE

The world of Mobile Micropayment comprises a number of interdependent relationships among banks, service providers (or carriers), merchants, and consumers. In recent years, a number of articles and research papers have been published on the subject of Mobile Banking and Mobile Payment, all emphasizing the point that whereas in 2000 consumers were not ready for mobile financial and payment services, today they are. This statement is perhaps more true of Asian countries (primarily Japan and South Korea) than of North America and Europe, and all forecasts are based on results from pilot studies rather than any sustained track record. That is primarily because both Mobile Banking and Mobile Payment are in their infancy.

It would be fair to say that those who see the glass half full will see opportunities in the present scenario (their assumption being that it is better to enter the market when the playing field in not so crowded); those who see the glass half empty will feel the need to wait for further evidence as proof that this time round consumers are ready.

Note: The terms Mobile Micropayment and Mobile Payment have been used interchangeably in this paper. While a discussion on Mobile Banking is outside the scope of this paper, it has been examined to the extent that it forms an integral and important part of a partnership arrangement among banks/credit card issuers, merchants/retailers, and mobile service providers/operators who facilitate Mobile Payments.

1.1. Market Size and Segmentation

As illustrated in Table 1, the market for Mobile Payments is divided into four segments: In‐Store, Remote, Micro, and Macro. We will focus on the former three, given the focus of this paper.

Table 1: Mobile Payment Segmentation

TRANSACTION LOCATIONS

IN‐STORE REMOTE

Payments under $5 Wireless content and application downloads [Ex.: vending, parking, TRANSACTION SIZE MICRO‐TRANSACTIONS coin‐operated P2P or M2M machines, quick service payments/transfers restaurants, transit and the like]

Payments over $5 P2P or M2M MACRO‐TRANSACTON payments/transfers

Source: Adapted from U.S. Payment Market Segmentation and Sizing Table in Hamilton Sekino, John Kwon and Se Han Bong, P.3. For reference details, see Footnote 1.

Common sense would lead one to assume that since the number of mobile subscribers and the demand for general mobile services (e.g., SMS, Internet, gaming, etc) are on the rise worldwide, mobile financial

Mobile Micropayment Page 5

services must be also growing fast. However, as illustrated below, that is true only in certain regions of the world and that too for specific segments.

Back in 2002, SK Telecom of South Korea (in collaboration with VISA) was one of the first companies to offer Mobile Payment services on a commercial scale. By early 2007, SKT had 2.6 million Moneta phones equipped with Near Field Communication (NFC).1 In 2003 LG Telecom – the third largest mobile carrier in South Korea – collaborated with the largest bank in that country, Kookmin Bank, to offer mobile banking services. Instead of providing the typical mobile payment services, LG allowed its customers to use their mobile devices as a substitute for an ATM or transit card.2 Today, 70% of all digital content (valued at more than $ 1 billion US) is charged directly to cell phone bills instead of credit cards.3 Since then other service providers (e.g. Mobilians) have made a mark in this Mobile Banking and Mobile Payment space in South Korea.

In 2004, Japan followed suit when Sony and NTT DoCoMo formed a joint venture to provide m‐wallet services by adapting the FeliCa chip (developed by Sony and Philips for use in NTT DoMoCo’s wireless smart cards) for mobile phones. By 2006 NTT DoMoCo had one million m‐wallet subscribers – a 35% increase in its subscriber base.4

In the US, the total payment market is said to be $ 7 trillion.5 Of that, approximately $6 trillion is spent in the In‐Store segment involving micropayment transactions (i.e., less than $5).6 Indeed, there is reason to be excited about the possibility of Mobile Banking and Mobile Payment, given that most mobile carriers and bank are under pressure to tap non‐conventional sources of revenue. According to analysts at Diamond Consultants, mobile operators need to generate $40 billion in non‐voice revenue by 2010 in order to maintain a healthy Average Return Per User (ARPU). Similarly, financial institutions also need to generate revenues from non‐conventional sources. In this regard, micropayment, which accounted for

1Hamilton Sekino, John Kwon, and Se Han Bong “Mobile Payments: Mobile Operator Market Opportunities and Business Models” [Chicago, US: Diamond Management & Consultants, 2007], P. 6. Category: White Paper http://www.diamondconsultants.com/PublicSite/ideas/perspectives/downloads/INSIGHT%20‐ %20Mobile%20Payments%20_Diamond.pdf. For a good overview of the Mobile Payment market in Europe see Laurent Bailly and Bernard Van der Lande “Breakthroughs in the European Mobile Payment Markets” [November 22, 2007] http://www.atosorigin.com/en‐ us/business_insights/thought_leadership/thought_leadership_container/wp_mobile_payments.htm. Atos Origin is considered a leader in the European market for electronic transactions – a service that it provides through its subsidiary, Atos Wordline.

2 Stuart E. Weiner, et al., “Payments System Research – Briefing” [Kansas, US: Federal Reserve Bank of Kansas City, September 2007], P. 2. http://www.kc.frb.org/PUBLICAT/PSR/Briefings/PSR‐BriefingSept07.pdf

3 Brandon McGee “Mobile Payments & Mobile Banking” [October 28, 2007] http://brandonmcgee.blogspot.com McGee is the Vice President and Senior Product Manager at The Huntington National Bank in the United States and is considered an authority on the subject of Mobile Payments and Mobile Banking.

4 Hamilton Sekino, John Kwon, and Se Han Bong, Op Cit., P.5.

5 Brandon McGee “Mobile Payments & Mobile Banking,” Op Cit.

6 Hamilton Sekino, John Kwon, and Se Han Bong, Op Cit., P. 2.

Mobile Micropayment Page 6

only $13.5 billion out of a total of over $ 1 trillion spent on micropayment is an option. The good news is that on the demand side, mobile penetration in the US has surpassed 75% with 235 million mobile phone users (vs only 176 million credit/debit card users).7 At the present time, several trials are under way in the US whose results will reveal how successful bankers and carriers have been in convincing merchants and consumers to go the Mobile Banking and Mobile Payment route.

1.2. Forecasts

While almost all analysts are in agreement that the market for Mobile Payment is on the rise and will continue to be on the rise, they have different predictions for the pace and percentage of that rise. Of late several reports have cited the forecasts made by Juniper Research about Mobile Payment. According to Alan Goode, Research Analyst at Juniper Research, 204 million mobile phone users will generate $ 22 billion in revenue by 2011.8 As illustrated in Figure 1, his prediction is that the Mobile Micropayment market is poised for growth in all the continents.

7 Hamilton Sekino, John Kwon, and Se Han Bong, Op Cit., P. 2. According to Frost and Sullivan, the number of users of mobile banking services is expected to reach 21.27 million by 2010. Press Release from Frost and Sullivan, “’On‐ the‐Go’ Access to Financial Services Drives Growth of Mobile Payment and Banking Services” [September 26, 2007] http://www.frost.com/prod/servlet/press‐release.pag?docid=107693966 See also Catherine Graeber, “Raining On The Mobile Banking Parade,” [Cambridge, US: Forrester Research Inc., September 18, 2007]. Graeber has focused on the fact that whereas the number of mobile users in the US has increased from 57 million to 90 (a 58% increase), only 45% phones have built‐in Web browser capabilities and only 11% of the population use mobile Internet. Her conclusion, therefore, is that “[t]oday consumers still aren’t very interested in mobile banking,” P. 1. However, in the same study Graeber has a reassuring message. In 2001, 40 million consumers had gadgets to adopt wireless finance but only 4.6% consumers were interested. A recent survey, however, shows a definite trend among what she refers to as “Gen Y” (between 18 and 26 years of age) who already use text‐messaging and pay their bills online. This, according to Gaeber, is the “ultimate sweet spot” in Canada and the US. P.8.

8 Alan Goode, “Mobile Payments: Strategies & Markets 2007‐2011” [Basingstoke, New Hampshire, England: Juniper Research, July 2007] http://www.juniperresearch.com/shop/viewreport.php?id=88

Mobile Micropayment Page 7

Figure 1: Total mPayment Transaction Value ($m) Regional Forecast 2007‐2011

There is general agreement among analysts that Mobile Payment services will grow the fastest in the following segments:

1. Entertainment (music downloads, videos, gaming, and ring tones, as well as text‐based messaging services, such as audience voting)9 2. Marketing and Advertising (access, save, and redeem product/service – specific coupons, promotions and the like) 3. Ticketing (parking, events, and transportation)10 4. Retail and Peer‐to‐Peer Payments (P2P) or Mobile‐to‐Mobile Payments11

9 Alan Goode, “Mobile Commerce Strategies: Ticketing, Retail, Payment & Security” [Basingstoke, New Hampshire, England: Juniper Research, July 2007] referenced in “Mobile Commerce Services – Driving Mobile Commerce Adoption.” Category: Whitepaper http://www.verisign.com/static/036257.pdf. In the same paper, Goode forecasts that the number of mobile transactions will increase from $ 489 million in 2006 to $ 4.6 billion by 2010, and the average size of the transaction will increase from $ 7 to $ 13.

10In January 2006, Goode predicted that the total mobile commerce revenue will be more than $ 44 billion by 2010. Alan Goode, “Ticketing Goes Mobile” Op Cit., P. 5. Category: White Paper. http://www.juniperresearch.com/shop/products/whitepaper/pdf/white%20paper%20‐ ticketing%20goes%20mobile.pdf Note that in 2007, Juniper’s predictions were relatively modest ($ 22 billion by 2010)

11 This service is very popular among the youth. For an interesting discussion see Susan Bushe, “Mobile Commerce – The Future Starts with M2M Payments, [November 2007] http://whitepapers.techrepublic.com.com/whitepaper.aspx?&docid=79149&promo=100511 http://www.unisys.com/communications/insights/white__papers/papers.htm?insightsID=86457 See also, Alan Goode, “Press Release: Mobile Payment to Generate Almost $ 22 billion of transactions by 2011 and be adopted by 204 m phone users” [Op Cit., July 7, 2007] http://www.juniperresearch.com/shop/viewpressrelease.php?id=33&pr=52

Mobile Micropayment Page 8

1.3. Reality

The various stakeholders are very optimistic about the future of Mobile Banking and Mobile Payment because the number of mobile users has been increasing very consistently and it is likely to continue. However, all the stakeholders also realize that the risks involved are also very high and for that reason they all are moving forward quite cautiously. They all realize that they first need to have a business model that will workout for each of them (bankers, carriers, and merchants) and the consumer.

2. BUSINESS MODELS

The potential to expand revenue from Mobile Banking and Mobile Payment sectors has led bankers, carriers, and merchants to think outside‐the‐box. Since the risks for any one party is very high, they all are in a mood to work out mutually beneficial models to tap what they have come to regard as a huge potential. After analyzing the various pilots and joint ventures around the world, the researchers at Diamond Consultants have reported on the following types of models that are emerging on the scene:

IN‐STORE MOBILE PAYMENT MODEL

1. Operator Dominated Model (e.g., NTT DoCoMo in Japan) 2. Operator and Financial Services Collaboration Model (e.g., SKT Moneta in South Korea) 3. Financial Services Firm Dominated Model (e.g., MasterCard in the US) 4. Third Party Intermediation Model (e.g., MobileLime in the US)

REMOTE PAYMENT MODELS (MAINLY P2P/M2M)

1. Operator and Financial Services Collaboration (SMART Money in the Philippines) 2. Third‐Party Intermediation Model (e.g., PayPal Mobile and Obopay in the US)12

As illustrated in Figure 2, a successful end‐to‐end Mobile Payment service pre‐supposes cooperation among bankers, carriers, merchants, and equipment manufacturers.

12 Hamilton Sekino, John Kwon, and Se Han Bong “Mobile Payments: Mobile Operator Market Opportunities and Business Models” Op Cit. See also, John Boyd, “Here comes the Wallet Phone,” http://www.spectrum.ieee.org/print/2150

In the P2P segment, see also Michelle de Lussanet, et al., “Person‐To‐Person Payment Goes Mobile – But P2P Mobile Payments is a Technology in Search of a Market” [Cambridge, US: Forrester Research Inc., April 19, 2007]. She segments the P2P user base further on the basis of: i) Mobile P2P Bank Transfers; ii) Mobile P2P Virtual Account Transfers, and; iii) Mobile P2P Top‐Up Transfers. Focusing primarily on the European and South African markets, her research indicates that the P2P Mobile Payment users are only a fraction of the overall consumers.

Mobile Micropayment Page 9

Figure 2: Business Potential Models for In‐Store Payment Segment

Source: Hamilton Sekino, John Kwon, and Se Han Bong “Mobile Payments: Mobile Operator Market Opportunities and Business Models” Op Cit., P.4.

Uncommon as they might be, the fact that in Japan, NTT DoCoMo took the lead in deploying the technology that enabled mobile devices to be used for payments, and in the US MasterCard went ahead and offered specific services, proves that Operator‐led and Financial Institution‐led Models are viable options for offering Mobile Payment services.13

Of late, a number of collaborations have been launched among financial institutions, carriers, and merchants to facilitate Mobile Payment services.14 Below is a select list of some of those collaborations.

13 Although somewhat academic and slightly dated, the following article is worth a read, given that it examines the subject thoroughly: L‐F Pau, “Mobile Operators as Banks or Vice‐Versa?” [Rotterdam, The Netherlands: Erasmus research institute of Management (ERIM), January 2004]. ERIM Report Reference Number: ERS‐2004‐015‐LIS. See also, Richard Winston, “Mobile Wallet Will Take Time to Mature in US” [October 30, 2007] http://www.banktech.com/feed/showArticle.jhtml?articleID=202403977&cid=RSSfeed_BST_All

14 See 14 Brandon McGee “Mobile Payments & Mobile Banking,” Op Cit., [October 28, 2007], “Dutch Supermarket Mobile Phone Payment Trial” [October 8, 2007] http://www.paymentsnews.com/2007/10/dutch‐supermark.html, “VISA Announces Mobile Payment Trials in Brazil, Canada, and Malaysia” [November 13, 2007]: http://www.paymentsnews.com/2007/11/visa‐announces‐.html,

Mobile Micropayment Page 10

1. Wells Fargo and VISA (US) 2. Companhia Brasileira de Meios de Pagamento (VisaNet do Brasil) and VISA (Brazil) 3. Maybank, Maxis, Nokia and VISA (Malaysia) 4. Royal Bank of Canada and VISA (Canada) 5. Discover Financial and Motorola (US) 6. Citi, MasterCard AT&T and Nokia (US) 7. Cellular South, Kyocera, and VIVOtech (US) 8. Citi and Obopay (US) 9. First Data & mFoundry (US) 10. Verizon & Obopay (US) 11. Firethorn (recently taken over by Qualcomm) and Verizon (US) 12. Logica CMG and Dutch Supermarket C1000 (The Netherlands) 13. Obopay and Yodlee (US) 14. JBC (Japan) and seven companies (The Netherlands) 15 15. 12 operators are running trials of contactless mobile payment in Australia, France, Ireland, Korea, Malaysia, Norway, The Philippines, Singapore, Taiwan, Turkey, and the US.16 16. Several trials are under way from mobile operators and banks in France, Germany, Spain, Belgium, Austria, and The Netherlands.17

Although outside the scope of this paper, it is worth noting that as a result of the increased flurry of activities in the Mobile Payment space, a number of banks, particularly in the US, have already begun to expand their portfolio of Mobile Banking services to the public.18

15 The seven partners are: CCV Holland, Gemplus, KPN, Nokia, PaySquare, Philips, and VIVOtech. “JCB launches NFC Mobile Payment Pilot Project in The Neitherlands with Seven Major Players” [Amsterdam, The Neitherlands: June 12, 2006] http://www.gemplus.com/pss/banking/jcb_nfc.html

16 The 12 operators running the trails include AT&T, Far EasTone, Orange, KTF, Maxis, SRF, SingTel, Telstra, and Turkell. LG, Motorola, Nokia, Sagem, and Samsung. The handset makers are developing phones for NFC‐enabled mobile payment services. See http://www.tech2.com/india/news/mobile‐phones/mac‐07‐paybuymobile‐trials‐ begin/21942/0 [December 2007].

17 Laurent Bailly and Bernard Van der Lande, Op cit., p. 7 & 11.

18 SRM Technologies Inc. has announced the SRM Mobile Wallet [November 2007] http://www.srmtechnologies.com/banking/wallet.html, Open Solutions, MShift Announce Partnership Agreement to Enable Mobile Banking and Bill Pay with Financial Institutions [November 7, 2007] http://www.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20071107005989&ne wsLang=en, AT&T has launched Mobile Banking Nationwide. “Through an innovative relationship, AT&T, Wachovia Corp. (NYSE:WB), SunTrust Banks Inc. (NYSE:STI) and mobile banking and payment enabler Firethorn Holdings LLC — and Firethorn's strategic partner, CheckFree Corp. (Nasdaq: CKFR) — are providing a mobile banking solution that is accessible to millions of Wachovia and SunTrust customers.” [November 13, 2007] http://www.att.com/gen/press‐ room?pid=4800&cdvn=news&newsarticleid=24716, ClairMail has been chosen as Mobile Commerce Innovator at BAI Retail Delivery Conference & Expo [November 12, 2007] http://www.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20071112005169&ne wsLang=en. Researcher at the Aite Group anticipate that the active base of mobile banking users in the United States could reach over 1.6 million by year‐end 2007, rapidly rising to 35 million users by the end of 2010 [Boston, Mobile Micropayment Page 11

The latest excitement is caused by the rumour that Google is about to come out with mobile services (including Mobile Payment) of its own. In a very recently written article Kevin Maney’s opening sentence read thus: “Google could be your next phone company.”19 According to Maney, Google is bidding for the old analog UHF broadcast spectrum that will be auctioned by the government of United States in early 2008, and since this development will impact mobile telephony (and thereby Mobile Payments), it is worth quoting directly from Maney’s article: “Google won’t say what it would do with the spectrum, but it’s expected to turn its acquisition into a nationwide wireless internet, thereby pureeing existing telecom business models…The next step is phones that work on any wireless network, the way any pot works on any stove. Google is pushing to have these so‐called open phones work on the UHF spectrum, which would help end the practice of binding phones to certain networks and handcuffing customers to contracts. In other words, if the new spectrum opens the door for unlocked phones, then wireless companies could be forced to change the way they manipulate consumers and handset makers. It’s a change that Kevin Martin, the Federal Communications Commission chairman, wants. ‘There would be some real consumer savings on the wireless side,’ Martin said in an interview early this year. More than that, it’s a transformation most consumers would like.”20

The above, coupled with the development of Android™‐ the first complete, open, and free mobile platform ‐ by the Open Handset Alliance is pointing in the direction that Google is planning to come out with a mobile phone that will support a range of mobile services, Mobile Payment being just one of them.21

The In‐Store Mobile Payment models in general allow the consumers to:

1. Check balances 2. Pay Bills 3. Transfer Funds 4. Feed cash into special machines or transfer cash from credit card accounts

MA: September 4, 2007] http://www.aitegroup.com/reports/200709041.php. There are several other reports and announced but the above is enough to given an idea of the increased pace of activities in the Mobile Banking space.

19 Kevin Maney, “Hello, Ma Google” [October 2007] http://www.portfolio.com/views/columns/2007/09/17/Cellphone‐Carrier‐Breakups

20 Ibid.

21 See Brandron McGee, “Mobile Banking Consumer Awareness” Op Cit., [November 25, 2007]. See also, Kevin Maney, Ibid., “What would it take to build a better Mobile Phone?” http://www.openhandsetalliance.com/index.html. Additionally, the following are some more interesting articles on this subject “Google Announces $10 Million Android Developer Challenge” [November 12, 2007] http://www.google.com/intl/en/press/pressrel/20071112_android_challenge.html, “ …….” http://www.nytimes.com/2007/11/05/technology/05cnd‐gphone.html?_r=1&oref=slogin. There is speculation that ‘Gpay’ Mobile Payment services could accompany the rollout of proprietary ‘Gphone.’ See “Google looks at Payments by Mobile Phone”[September 3, 2007] http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article2378321.ece

Mobile Micropayment Page 12

5. Redeem loyalty points 6. Reload gift cards

In the Remote P2P Segment too, although there are Third Party Intermediation players, as illustrated in Figure 3, most analysts agree that the Operator and Financial Services Collaboration Model will rule the day not only to mitigate huge investments and the risk of failure but also because in markets such as the United States and Europe (and this is true of India as well as), the financial institutions (banks and credit card issuers) and carriers are very well entrenched in their respective economies; they have a certain level of acceptability in the public in their respective domains that Third Party Intermediaries lack.

Mobile Micropayment Page 13

Figure 3: Potential Business Models for the Remote P2P Segment

Source: Hamilton Sekino, John Kwon, and Se Han Bong “Mobile Payments: Mobile Operator Market Opportunities and Business Models” Op Cit., P.4.

There is a general consensus that the Third Party intermediation Model of the kind launched by Obopay and PayPal fulfill specific P2P fund transfers/payments, but since this type of transaction does not involve the operators, the user experience may not be ideal. For instance, mobile operators may block message to the providers’ short codes, the Java‐based applications may not work on all handsets, to mention only a few.22

22 For an interesting comparative analysis see, Hamilton Sekino, John Kwon, and Se Han Bong “Mobile Payments: Mobile Operator Market Opportunities and Business Models” Op Cit. See also Stuart E. Weiner, et al., “Payments System Research – Briefing.”

Mobile Micropayment Page 14

3. MOBILE MICROPAYMENT AND INDIA

Several overseas carriers and financial services firms are eyeing the Indian market to make their entry into the Mobile Banking and Mobile Payment space, and for good reasons. There are different estimates for the extent of mobile penetration in the Indian market ranging from 85 million mobile subscribers23 to 213 million.24 There are also different estimate of how fast the mobile phone subscriber base is growing but the average seems to be five million subscribers per month.25 What is interesting to note is the fact that the mobile subscriber base is growing faster than that of PC, banking, and credit/debit cards.26

In light of the above, it is hardly surprising that the carriers, banks, and merchants have already started mobilizing their resources to tap into what is being regarded as a huge opportunity. As illustrated in Table 1: Mobile Payment Segmentation, there are basically two types of micro and macro transactions: In Store and Remote (P2P or M2M). The only segment in which activity has occurred in India in the past couple of year is Remote P2P involving micro‐transactions. As illustrated in Figure 3: Potential Business Models for the Remote P2P Segment, page 14, there are essentially two working models in the Remote P2P segment: Operator/FS Collaboration and 3rd‐Party Intermediation. In India it is the former that is gaining currency. It is expected that once the Reserve Bank of India comes out with a regulatory framework for Mobile Banking and Parliament passes a bill on Payment Systems in India, the level of activity in Mobile Payment and Mobile Banking will increase significantly.

3.1. Remote P2P in India

At present there are four collaborative initiatives in the P2P/M2M segment. They are as follows:

1. mChek: is a collaborative initiative among Airtel, ICICI Bank, and VISA. mChek is a mobile platform developed by Airtel in 2005 in collaboration with VISA to allows users to link an existing Airtel mobile phone to their existing credit card issued by any Indian bank. Although mChek’s vision looks very promising, the services that it offers today are wanting in many areas.27It is reasonable to assume that a probable reason why mChek is not implementing the original vision is that it is

23 Sakshi Sharma and Kishore Butani, “Could Mobile Revolutionize Banking Sector [September 21, 2006] http://news.moneycontrol.com/mccode/news/article/news_article.php?autono=241652.

24 “MasterCard to Tap ‘Mobile’ Data to Widen Area” [November 21, 2007] http://economictimes.indiatimes.com/News_by_Industry/MasterCard_to_tap_mobile_data_to_widen_reach/articleshow/2557 619.cms.

25 Sakshi Sharma and Kishore Butani, Op cit. Another study puts the growth at 4.5 millions subscribers per months. See http://www.pluggd.in/2007/02/mobile‐payment‐in‐india‐ringing‐bells.html [February 2007].

26 According to one study, for every 2 mobile phone users there is 1 credit/debit card user and compared to 200+ million mobile subscribers, there are only 135 million households with access to banking services, which implies that the number of ‘unbanked population’ is quite substantial. See Rabin Ghosh “M‐Commerce Close to Becoming a Reality” [July 7, 2006] http://www.dnaindia.com/report.asp?NewsID=1040241; “MasterCard to Tap ‘Mobile’ Data to Widen Area” Op cit.

27 See the FAQ section on mChek’s website: www.mCheck.com (February 2008).

Mobile Micropayment Page 15

waiting for RBI to publish guidelines on Payment Systems in India. That is a wise approach to adopt at this stage, given RBI’s recent move in which it asked Times of Money Ltd., owed by The Times Group, to desist from offering its online payment service entitled: Wallet365.28

2. Paymate: was founded by Ajay Adiseshann and Probir Roy in Mumbai. Paymate is synonymous with the mobile payment platform the aim of which is to allow users to make payments with their mobile phones. Recently, Paymate got a new lease on life when Sherpalo Ventures (owed by Ram Sriram) and Kleiner Perkins Caufield & Buyers announced an investment of $5 million in Paymate. The Silicon Valley‐based investors are well known for building businesses such Netscape, Junglee, Amazon, and Google to mention only a few, and Paymate is their third Indian investment after Naukri and Cleartrip.29 Paymate’s model supports only on‐line retailing, i.e, the user browses a web site such as rediff.com and decides to buy an item. When the user reaches the purchase screen he is presented with the option of paying via his mobile phone and enters his mobile phone number and clicks submit. If the user is a pre‐registered Paymate user, then an SMS is sent to the user’s phone with the item code and the user needs to reply with the item code and PIN number to confirm the purchase.30 Although Paymate launched its SMS payment service with CitiBank. It is also available on the Websites like Rediff, Naukri, Jeevansathi, 99acres, and Cleartrip, the response has not been as enthusiastic as anticipated. Paymate’s biggest limitation is that it is available only to CitiBank customers and only in English.31

3. NGPay: is JiGrahak’s mobile application that allows users to buy goods and services through their mobile phones. Moreover, the application allows businesses to use the platform to offer their products and services such as movie tickets, flowers, books, airline tickets, gifts, etc., to customers. JiGrahak (‘Yes Customer’ in Hindi) too got a new lease on life when Helion Venture

28 See http://www.timesofmoney.com/tomsvc/jsp/home.jsp [December 2007]. See also Sucheta Dalal, “E‐Wallet Useful, But Can Be Risky, Too” [July 24, 2006] http://www.financialexpress.com/fe_full_story.php?content_id=134986. RBI is currently evaluating the new payment methods, including Mobile Payment and should be publishing its report(s) in the very near future. See “RBI in Favour of Migration to New Payment Model” [November 5, 2007] http://economictimes.indiatimes.com//articleshow/msid‐2517978,prtpage‐1.cms?

29 See http://www.mobilepundit.com/2006/07/07/sherpalo‐and‐kleiner‐perkins‐invest‐in‐paymate/ [July 7, 2006].

30 Deepak Srinath, “Paymate, Ji Grahak, or mChek: Take Your Pick” [December 24, 2006] http://www.ventureintelligence.in/blog/2006/11/paymate‐ji‐grahak‐or‐mchq‐take‐your.html.

31 Recently, Paymate announced that it plans to enter the North American mobile payments market. PayMate will offer m‐payment services to U.S. unbanked consumers (who account for 13% of the population) as well as cellphone‐based cross‐border remittances from the U.S (which was estimated to be around US$300 billion in 2007, with an annual growth rate of 8.5 percent). According to Paymate, North America is the largest initiator of cross‐ border remittances, and India, Mexico and Philippines represent the top three destinations for these remittances. See “Indian M‐Payments Firm Targets U.S. Market” [December 9, 2007] http://www.epaynews.com/index.cgi?survey=&ref=browse&f=view&id=1197028380837043222&block= [March 2008].

Mobile Micropayment Page 16

Partners decided to invest $2.2 million in JiGrahak’s mobility solutions32 and it already seems to have a very eclectic customer base33.

4. Obopay: There have been reports since 2006 and as late as October 2007 about Obopay entering the India market, raising $10 million in funding, hiring local staff, and the like activities, but Obopay India has yet to launch its commercial services. When it does do so, it is expected that the services offered will be the same as those offered in the US and elsewhere.34

5. SMARTCELL: is an M‐Commerce platform developed by E Cube India Solutions Ltd., – first Indian company to have launched vending machines based on its own indigenously developed Smart Card technology.35 When E Cube noticed that payments for purchases using automated coin‐ based vending machines were proving to be problematic in India, it brought in the Mobile Operated Vending Machine (MOVM)!36 Having already moved in this niche space of retail, E Cube India has now developed SMARTCELL, which will support a wide range of services from Mobile Banking to taxi fare payment. SMARTCELL platform is still in‐the‐making and once it is commercialized, E Cube India plans to roll out applications for a number of activities ranging from Mobile Banking to payments at a host of locations.37

a. Others: One would expect that by now Tata and Reliance would be in forefront (like Airtel) in developing mobile platforms for Mobile Banking and Mobile Payments but that is not the case, at least if the reports are anything to go by. There are rumours that both are developing applications for this space but neither Tata nor Reliance has made any announcements.38 According to Mobile India, Reliance Communications’ theme for this year’s Reliance Mobile Application Developers Contest is Mobile Applications for Rural India, the aim of which is to m‐ enable the life of rural people in a number of areas.39

32 Nikhil Pahwa “Helion Invests in JiGrahak” [August 10, 2006] http://www.lightreading.com/document.asp?doc_id=106751. See also “Obopay Enters Indian Market for Mobile Payment” [January 23, 2007] http://www.paymentsnews.com/2007/01/obopay_enters_i.html, “Promethean India PLC ‐ Investment in Obopay, Inc.” [July 25, 2007] http://www.hemscott.com/news/rna/item.do?newsId=47304769953899.

33 See FAQ section on Jigrahak’s website: www.jigrahak.com (Feburary 2008).

34 See “Obopay India to Close $10 Million in Funding” [October 28, 2007] http://www.contentsutra.com/entry/419‐obopay‐india‐ to‐close‐10‐million,

35 E Cube India has an impressive list of clients in India and strategic alliances with German, French, and American companies. See http://www.e3india.com [December 2007].

36 See http://www.e3india.com/smartvend/smartvend‐MOVM.html [December 2007].

37 See http://www.e3india.com/smartcell/smartcell_applications.html [December, 2007].

38 See “Tata IndiPay: Mobile Payment Gateway from Tata” http://sifybroadband.techwhack.com/412/tata‐indibay/ [March 6, 2006].

39 “See Reliance Rural Application Development Context” http://mobile.broadbandindia.com [November 1, 2007].

Mobile Micropayment Page 17

3.2. Popular Mobile Micropayment Services in India

As mentioned earlier, all the Mobile Banking and Mobile Payment activities in India are in the Remote P2P/M2M segment involving micro‐transactions, probably because no special hardware is required for those services. By contrast, the In Store option (both Micro and Macro Transactions) presupposes availability of appropriate devices (e.g., NFC enabled handsets and POS Readers). In due course, this option will definitely come to India – it is only a matter of time.

According to analysts, Mobile Micropayment players in the Indian market should seriously consider the services mentioned below, given their broad base.

1. Mobile Micro‐Finance and Micro Payment Service to the “unbanked” population in rural India. The solutions that are developed for India could be easily adapted for other developing countries. According to Frost and Sullivan, the mobile commerce opportunity in developing countries is very significant. As illustrated in Figure 4, the Asia Pacific region is expected to account for more than a third of the $80 billion revenues by 2009.40

Figure 4: Mobile Commerce Transaction Opportunity (US $ Billion)

Source: Shaker Ibne Amin, “M‐Bankng – To Bank the ‘Un‐Banked’” [May 14, 2007] http://www.frost.com/prod/servlet/market‐ insight.pag?docid=98655381.

40 Shaker Ibne Amin, “M‐Bankng – To Bank the ‘Un‐Banked’” [May 14, 2007] http://www.frost.com/prod/servlet/market- insight.pag?docid=98655381. Amin’s study shows that in the Philippines and Kenya, financial institutions and carriers have been instrumental in providing micro‐financing, remittance, and micropayment services to the rural population. See also 31.

Mobile Micropayment Page 18

2. Mobile Remittance Service: Relying on World Bank studies of migrant remittance, Amin stresses that in 2006 migrants from developing countries remitted more than $200 billion, which is $193 billion more than in 2005, and more than double of what was remitted in 2001. Remittance was the second largest source of external finance for developing nations, after Foreign Direct Investment (FDI), and more than twice as large as Official Development Assistance (ODA) received by developing countries.41

3. M‐Ticketing Service: All the players (discussed above) that are active in the Remote P2P – Micro Payment segment either are currently offering or are proposing to offer Mobile Payment services for purchasing tickets via SMS. Another option is to develop Mobile Payment for carriers and financial institutions in collaboration with manufacturers of NFC‐enabled handset (e.g., Nokia) and of especially designed kiosks equipped with readers ‐ this is the route taken by East Japan Railway Co (JR East) and London Underground.42 If mobile penetration is anything to go by then Delhi, Chennai, and Mumbai are appropriate cities for running Mobile Banking and Mobile Payment trials.43

41 Ibid.

42In Japan, DoCoMo’s “wallet phone”(equipped with the NFC‐enabled Felica Chip) is used as a fare card at East Japan Railway’s gates. The passengers pay for their tickets by simply waving their phone before specially equipped kiosks. See John Boyd, “Here Comes The Wallet Phone” [November 2005] http://www.spectrum.ieee.org/nov05/2150. In London, Transport of London, mobile phone firm 02, Barclaycard, VISA Europe, and Nokia recently started a trial whereby “[h]undreds of people have been given special handsets fitted with a built‐in credit card and Oyster card ‐ the device used to pay for train and bus tickets in London.” See also “London Underground to Enable Payment by Phone” [November 27, 2007] http://www.wireless‐ watch.com/2007/11/27/london‐underground‐to‐enable‐payment‐by‐mobile‐phone/. See also “Pay‐by‐Mobile Phone Trials Start in London” [November 28, 2007]

43 According to a Mobile India report, Delhi has the highest wireless penetration in India—90%. It is followed by Chennai and Mumbai, where the penetration levels stand at 88% and 69.61%, respectively. See “Wireless Penetration – Circlewise” [October 25, 2007] http://mobile.broadbandindia.com/2007/10/wireless‐penetration‐ circlewise.html.

Mobile Micropayment Page 19

4. TECHNICAL FACTORS TO CONSIDER

4.1. Technology

The possible technologies which can be used in implementing Mobile Micropayment Systems include:

• SMS (Short Messaging Service) • NFC (Near Field Communication) • Bluetooth • Mobile Internet

4.2. Features

While mobile based Micropayment System may have a number of attractive features, the following offerings are the most important:

1. Contactless Communication: Mobile micropayment system should be able to provide a secured communication channel with the merchant system using any contactless communication technology, e.g., NFC. 2. Prepaid & Postpaid: Settlement with the payment service provider should be enabled by Prepaid or Postpaid mode. If the payment service provider is telecom service provider, the billing should be merged with the network service bill. 3. Two‐factor Authentication: Strong authentication should be provided to protect from fraud. Biometric authentication can be combined with the regular username/password to safeguard the transactions. 4. Mobile Wallet: Mobile phone’s data storage can be used to store high sensitive data like credit card number, payee details etc. This will help the user to quickly enter the payment details. 5. Security: The security features needs to be addressed are listed in section 4.5. 6. Multi Platform Support: As there are different mobile devices in the market with different network technology support, the micropayment system should cover wide range of handsets and network services.

4.3. Functionality

Since the mobile industry is very dynamic all over the world, the range of built‐in functionalities also keep changing according to as user groups and country. The following are, however, some of the components and functionalities that are required in a typical Mobile Micropayment System:

1. Mobile client

a. Validate the user b. Establish secured communication with PoS terminal c. Provide screens to enter payment details Mobile Micropayment Page 20

d. Store user data in the device in a secure manner e. Manage application: Install, Uninstall, and Upgrade

2. Payment service provider

a. Provide prepaid or postpaid account b. Interact with the mobile devices and PoS for performing the user requested transactions c. Generate bill d. Interact with Network service provider or bank if required e. Provide standards based API for performing the transactions

3. Point of Sale terminal

a. Authenticate the merchant b. Provide communication mechanism based on NFC, Bluetooth and other technologies c. Provide transaction related UI for merchant d. Update transactions with the server or in batch mode or regular mode e. Perform initial validation of user data (e.g., screening of blacklisted users) f. Provide statistical information to central administrator module

4.4. Ease of Integration

To a great extent the acceptance of any Mobile Micropayment System depends upon its ease‐of‐integration with external systems such as those listed below.

Integration with Payment Services: Integration with external payment services should be done based on standards defined by W3C (http://www.w3.org/TR/WD‐Micropayment‐ Markup/). This will help in achieving seamless portability across different payment service vendors.

Integration with Mobile Device Features: It may be required to store some user data in the mobile phone. SIM card can be effectively used for secure data storage. While implementing this standard APIs (message format) should be used to make sure the application runs on all handsets.

Interface with PoS: There is not standard format defined so far for the communication between Mobile and PoS. With the lack of standards we should atlesat try to use standards like XML as data wrappers so that we achieve ease of integration to some extend.

4.5. Security

Security is the key to the success of any mobile micropayment system. A great deal of attention should, therefore, be paid to how the system is designed to handle common security threats, some of which are discussed below.

Mobile Micropayment Page 21

4.5.1. General Security Considerations

User Authentication: Strong user authentication should be implemented to protect the application from illegal access. Biometric or smartcard based authentication can be combined with the normal Username/Password authentication.

Server Authentication: Server authentication i.e., server proving its identity to the client, will ensure that mobile client is connecting to the authorized payment gateway. This can be implemented using certificate from any trusted certification authority.

Application Data Security: Sensitive user data or transaction details should be stored or transmitted in a secure manner. This can be achieved using any industry standard encryption technique.

4.5.2. Security Threats in Bluetooth Based Systems

The following are some of the security threats specific to Bluetooth‐based micropayment systems, which need to be addressed.

SNARF Attack: In this type of attack, confidential data can be obtained anonymously and without the owner's knowledge or consent, from any Bluetooth enabled mobile phones. The data include, at least, the entire phonebook and calendar, and the phone's IMEI (International Mobile Equipment Identity), which uniquely identifies the phone to the mobile network, and is used in illegal phone 'cloning'.

BACKDOOR Attack: Here the attacker establishes a trust relationship through the "pairing" mechanism, and ends up having access to the resources of the mobile device. Consequently, not only can data be retrieved from the phone, but other services, such as modems or Internet, WAP and GPRS gateways may be accessed without the owner's knowledge or consent.

BLUEBUG Attack: When this attack occurs, a serial profile connection is created to the device, thereby giving full access to the AT command set. It is then possible for the attacker to use the phone to initiate calls, send SMS messages, read SMS messages, connect to data services such as the Internet, and even monitor conversations in the vicinity of the phone. Furthermore, call forwarding diverts can be set up, allowing the owner's incoming calls to be intercepted.

Bluejacking: This happens when the attacker sends unsolicited text messages to other Bluetooth users. If such an event occurs, then all data on the target device becomes available to the initiator, including phone books, calendars, pictures and text messages as well as important micropayment information including account number or credit card number.

Mobile Micropayment Page 22

4.5.3. Security Threats in NFC Based System

A Mobile Micropayment System needs to take seriously the security threats discussed below that are among the most common in NFC‐based systems.

Eavesdropping: This is an important consideration in any wireless communication interface. When two devices communicate via NFC they use RF waves to talk to each other. An attacker can use an antenna to also receive the transmitted signals. Additionally, it is of major importance in which mode the sender of the data is operating. This means whether the sender is generating it’s own RF field (active mode) or whether the sender is using the RF field generated by another device (passive mode). Both cases use a different way of transmitting the data and it is much harder to eavesdrop on devices sending data in passive mode.

Data Corruption: Instead of just listening an attacker can also try to modify the data which is transmitted via the NFC interface. In the simplest case the attacker may just want to disturb the communication such that the receiver is not able to understand the data sent by the other device. Data corruption can be achieved by transmitting valid frequencies of the data spectrum at a correct time. The correct time can be calculated if the attacker has a good understanding of the used modulation scheme and coding. This attack is not too complicated, but it does not allow the attacker to manipulate the actual data. It is basically a Denial of Service attack.

Data Modification: In data modification the attacker wants the receiving device to actually receive some valid, but manipulated data. This is very different from just data corruption. The feasibility of this attack depends on the applied strength of the amplitude modulation. That is because the decoding of the signal is different for 100% and 10% modulation.

Data Insertion: Here the attacker inserts messages into the data exchange between two devices. But that is only possible, in case the answering device needs a very long time to answer. The attacker could then send his data earlier than the valid receiver. The inser‐ tion will be successful, only, if the inserted data can be transmitted, before the original device starts with the answer. If both data streams overlap, the data will be corrupted.

4.6. Types of Services

Services taken by the mobile payment users differ based on their needs and the technical capabilities of the handset used. However, the following are some of the common services that could be considered in Mobile Micropayment scenarios:

• Postpaid or prepaid • SMS based or application based • Micropayment for digital content (ringtone, pictures, games, etc) or commodities like ticket, payment in tollgate, water bottle, etc.

Mobile Micropayment Page 23

• Communication based on NFC, Bluetooth or GPRS depends on the phone support • Payment linked with billing service of telephony service provider, Bank or third‐ party payment gateway

Mobile Micropayment Page 24

5. CONCLUSION

Since the original research on the subject of Mobile Banking and Mobile Payment, which was only a couple of months ago, there has been a great deal of activity in both segments of the Mobile industry.44 Consequently, while some details may have changed over the past three months or so, what remains the same is the fact that no one player has the intention of going it alone in the Mobile Banking and Mobile Payment space, and that partnerships are the order of the day.

Moreover, those who see the glass full and have a vision of what is about to happen do realize that it will not be too long before that Mobile Payments space will not only get crowded but competition will be fierce. Our research suggests that companies like HCL are in an advantageous position because they have the wherewith all to tap into the Indian as well as the overseas markets by forming partnerships with existing and/or new clients. That advantage will, however, be short‐lived if they take a ‘wait‐and‐see’ approach, given the eagerness with which banks/credit card issuers, merchants/retailers, and mobile service providers/operators are eyeing the Mobile Payment segment and the speed with which they are moving into that space.

44 To get a glimpse of this, see the latest news on Brandon McGee’s blog http://brandonmcgee.blogspot.com.

Mobile Micropayment Page 25

Mobile Micropayment Page 26