PAYMENT SYSTEMS

According to the Mobile Payment Forum the mo­bile payments are the transactions with a monetary value that is conducted through a mobile telecom­munications network through diverse mobile users devices, such as cellular telephones, smart phones or PDA’s and mobile terminals.

Mobile payment systems enables customers to purchase and pay for goods or services via mobile phones. Here, each mobile phone is used as the personal payment tool in connection with the re­mote sales. A phone card-based payment system has the advantage over the traditional card-based payment in that the mobile phone replaces both the physical card and the card terminal as well. Payments can take place anywhere far away from both the recipient and the bank. The basics and example of phone-based payment systems are described in Innopay, Mobile Payments.

Traditionally, in the real world, the most popular modes of payments are cash, cheques, debit cards and credit cards. With the possibili­ties created by the Internet, a new generation of payments appeared, such as electronic payments, digital payments and virtual payments. Now, with the growing penetration of the mobile phone and the development of m-commerce, the mobile payment will become an uncontested mode for paying goods.

Consumers can use a mobile device to pay for goods and services, transportation-related items, any merchandise in a physical merchant location. For Goods and Services such as music, videos, ringtones, online game subscriptions, wallpapers, and other digital goods.

Doing financial transactions with mobile phones eliminates the need for auxiliary payment instruments (like POS devices), while using se­curity features of the SIM card (as a smart card) yield to a great level of security and dependabil­ity. A mobile payment service comprises of all technologies that are offered to user as well as all tasks that the payment service provider(s) perform to commit payment transactions.

2.1. Classification of

Mobile Payments

Mobile payment methods currently in use or under trial may be classified according to the basis of payment. A payment transaction has been identified on the basis of multiple dimensions. A distinction between the different types of payments is on the basis of location, time, size and medium. Mobile payments are typically differentiated by technology, transaction size, location (remote or proximity), and funding mechanism.

On the basis of location payments are classi­fied in two types:

• Remote mobile payments

• Proximity mobile payments

On the basis of Technology:

• SMS, a mobile browser, or a mobile application

• Bar codes or a contactless interface to chip-enabled payment technology, such as NFC-enabled mobile phones, contactless stickers, tags

On the basis of size the payments are classified into two types:

• Micro payments

• Macro payments

On the basis of funding mechanism the pay­ments are categorised into following types:

• Account Based

• Real time

• Pre paid

• Post paid

• Smart card Based

• Credit card Based

• M POS

• Mobile wallets

• P2P Payments

2.1.1. Location-Based Payments

Remote mobile payments and proximity mobile payments are distinguished by the location of the mobile handset in relation to the merchant’s POS, as well as by payment account information and the payment acceptance device or service. A remote mobile payment is a payment in which the payer does not interact directly with the merchant’s physical POS system (for example, transferring funds through a mobile phone application to a merchant’s PayPal account).

2.1.1.1. Remote Mobile Payment

Remote mobile payments may use a variety of mobile phone data channels to initiate a trans­action. Most mobile phones are equipped with functionality that can enable remote mobile pay­ments. Remote mobile payments makes purchases from a Web merchant with mobile phone, paying a merchant who does not have traditional accep­tance capabilities for physical goods, or paying a merchant for a purchase of digital goods. Remote mobile payments may be implemented using the existing financial payments infrastructure (e.g., for payment at a Web merchant) or using a closed loop mobile payments system.

A remote mobile payment process is as follows:

• The consumer and merchant set up an ac­count with a trusted third party or MPSP.

• When a transaction is initiated, a SMS mes­sage is sent to the MPSP. Authentication can be secret passwords, validation of handset hardware information, or verifica­tion of other sender personal information.

• After the transaction request is received and authenticated, the MPSP transfers funds from the consumer’s account into the merchant’s account and notifies the mer­chant that the funds have been transferred.

• In a closed loop system, the merchant may then move the funds into a standard bank account.

Remote mobile payments are ideal for use in markets that require person-to-person payments and for under-banked consumers and merchants who are not part of the normal POS acquirer pay­ment process, such as flea market vendors and seasonal outside vendors.

2.1.1.2. Proximity Mobile Payments

Proximity mobile payments leverage the financial industry’s payment infrastructure. An NFC- enabled phone is provisioned with a version of the payment application (i.e., credit or debit card) issued by the consumer’s financial institution.

The most obvious differences between prox­imity and remote mobile payments are speed, convenience, and the fact that NFC payments use the existing financial payments processing infrastructure. There is no need to set up payment processes or accounts with a third party, and the proximity mobile payment data is linked directly to a payment card issued to the consumer by a trusted financial institution.

2.1.2. Technology

Mobile payments use different technologies to perform a transaction. Remote payments typically rely on text messaging (SMS), a mobile browser, or a mobile application. Proximity payments rely on either bar codes or a contactless interface to chip-enabled payment technology, such as NFC- enabled mobile phones, contactless stickers, tags, or fobs.

2.1.3. Transaction Size

Transaction size affects the choice of mobile payment technology and approach. Mobile pay­ments typically fit into one of two transaction size categories. Micropayments (less than $10- $25) are typical for paying for ring tones, music, parking, transit, coffee, and items in convenience stores.

2.1.3.1. Micro Payments

Remote mobile micropayments enable purchases of mobile content and services such as news, games, tickets, and location-based services. Mo­bile micropayments also provide a potential pay­ment method for e-commerce. In Finland, Helsinki City Transport offers a mobile subway and tram ticket, an example of a successful mobile payment service. Customers can order a one hour SMS ticket via their mobile phones by sending a SMS message to a service number. Mobile micropay­ments at unmanned POS include applications such as purchase of soft drinks or items from vending machines, and payments on self-service stations, for example paying for gas without cash at hand. Mobile micropayments at manned POS include small purchases at shops, kiosks, and fast food restaurants. The manned POS mobile payments are often more convenient in the purchase situations. Micropayments generally represent a payment which is below 10 Euros and is usually supported by cash or debit cards. Merchants accept credit card transactions for small amounts because of transac­tion fees. Consequently, mobile payments are an attractive substitute for this type of transaction, especially since most current mobile purchases are news alerts, logos and ringtones. However, most companies promoting micropayments failed because the margins on small value payments are notoriously low, and sufficient economies of scale are extremely difficult to attain.

Micro payments are provided by mobile operators, with payment being made mostly via premium SMS/WAP using mobile operators’ billing infrastructures. Such micro-payments have proved to be an extremely lucrative source of revenue. Since payment amounts are low and the merchant’s fee for mobile content relatively high, mobile operators have accepted the payment risk, based on their basic authentication of the user and their billing systems, without any collaboration with the banks for online authorisation.

2.1.3.2. Macro Payments

Mobile macro payments can be used to pay for larger purchases both electronically (e-commerce, mobile ticketing, gaming) and on manned and unmanned POS (restaurants, retail shopping, and so forth). Mobile macro payments face more competition from well-established traditional pay­ment instruments. However, solutions developed for user authentication in macro payments provide possibilities for a variety of different services such as passage control, digital signatures, and mobile government services. There are different research and telecom organisations that are developing a mobile authentication service based on a WPKI solution. Mobile authentication can be used for m-government services and digital signatures both on Internet and mobile networks.

Macro payments are logically every payment above 10 Euros and represent a real challenge for mobile payments. They need stronger security mechanisms because of the large amount of money involved and the greater possibility of fraud.

For remote macro payments, the mobile is linked to a payment card (credit/debit card) or an account (bank account and/or store account) through an activation/enrolment process and is used afterwards as an authenticator of remotely- stored information. There are various opportunities for mobile remote macro payments.

1. Topping-Up a Mobile Pre-Paid Account: This is done with the help of handset. Customers do not need any more to go to the shop to purchase a voucher. For mobile operators, this is a far less expensive topping up method than scratch cards and represents huge cost savings.

2. Mobile Shopping: Here the mobile phone is used as a shopping and payment channel. Shopping channels are based on IVR, SMS or WAP/iMODE. Access to the mobile store can be facilitated by tag reading, whereby the user swipes the mobile phone across a tag that links them to a website to purchase a product.

There are two kinds of tag:

3. Bar Code Tag: The user scans the bar-code near his favourite product in a magazine, using his mobile phone embedded camera. He is then redirected to the related product on the merchant’s WAP site, where he can get more information on it and purchase it.

4. NFC Tag: The same principle as the bar code tag, but the NFC tag is read by the NFC-enabled mobile phone. Ticketing ap­plications in which dematerialised tickets are ordered, paid for and delivered on the mobile.

5. Bill Payment: SMS bill delivery and pay­ment is already being used by some mobile operators and utility companies.

6. Internet Shopping: Here a user authen­ticates their transaction with their mobile handset rather than having to enter their credit card details. There is a still a significant number of consumers that do not feel com­fortable entering credit cards details online, for whom mobile authentication could be an acceptable alternative The mobile device are also used as an authentication method for 3D-secure card payments online. In this case, the user still enters their card details through the Internet and validates the transaction on their mobile phone

7. P2P (Person to Person): It refers to payment between two persons through their GSM. The success of P2P on the Internet is largely driven by online auctions.

8. M- POS: It refers to a specific case of P2P in which the mobile payment service is mar­keted to professionals and to low-segment mobile merchants without point-of-sale (POS) payment terminals, for which mobile payment could prove a cheaper alternative to electronic payment. The merchant initiates the transaction via a SIM toolkit menu entry in his mobile device, entering the amount due and the customer’s phone or reference number. The customer then receives a sig­nature request on his mobile handset and validates it by entering his PIN. Both receive a confirmation of the transaction via SMS. Transactions are performed directly by debit­ing the customer’s bank card and crediting the merchant account. The payment costs including communication costs are billed by the telecom operators using the SMS premium infrastructure.

9. International F und Transfer for Migrant Communities: Another potentially prom­ising application for P2P mobile payment services is the capability to send money abroad.

The international fund transfers via mobile phone represent the Mobile Money Transfer mechanism endorsed by the GSM Association and MasterCard that leads to a faster development of operator driven mobile fund transfer systems worldwide. An additional new opportunity for mobile operators is to bring financial services to developing countries, where the number of ‘un­banked’ (or under banked’) people with mobile phones is much higher than the banked population. Vodafone’s M-PESA in Kenya is a good example of those emerging opportunities, enabling mobile subscribers to deposit or withdraw cash at a branch of the mobile operator, top-up their prepaid ac­count and transfer money to another customer using their mobile phone.

2.1.4. Funding Mechanism

Mobile payments rely on multiple funding mecha­nisms. Transactions can be included on a telephone bill or funded by a prepaid account associated with the phone (typically used for text-message-based payments). Alternatively, cash can be loaded into a virtual account at an agent location that is then used for payment. This is the alternate way to maintain an account for each consumer in the form of electronic tokens. Here, consumers typically need to convert actual currency to their electronic equivalent, i.e. tokens. Another source of funds is a traditional bank account or credit, debit, or prepaid card, accessed through a virtual wallet (a wallet that is accessed using the mobile phone’s browser or a mobile application). The wallet may provide access to one or more of the above funding sources, which are loaded into the wallet.

2.1.4.1. Account-Based Payment Systems

In account-based payment systems, each customer is associated with a specific account maintained by the TTP like a bank. Every consumer is as­sociated with a specific account maintained by an Internet Payment Provider. There are three kinds of transactions in Account based Payment Systems (Real time-Cash, Prepaid transactions- Debit, Post-paid transactions-Credit):

1. Real-Time (Cash): Payment methods that adopt the real-time or “cash” like payment schedule involve some form of electronic cur­rency that is exchanged during a transaction. Examples of real-time payment methods are e-Cash and beenz.

2. Pre-Paid: In pre-paid transactions, this account will be directly linked to the con­sumer’s savings account. The consumer maintains a positive balance of this account which is debited when a pre-paid transac­tion is processed. This is the most common charging method for MNO’s as well as third-party service providers in order to be able to evaluate only that the user is capable of paying. The prepaid user is a significant part of the current MNO customer base.

3. Post-Paid: If post-paid transactions are supported, the charges from a transaction are accrued in the consumer’s account. The consumer is then periodically billed and pays for the balance of the account to the TTP. This is the most common method used in e-∕m-commerce transactions today. Examples are:

a. Phone-Bill Based: This is the charge method most commonly used by mobile network operators, and it is an internal charging method.

b. Account-Based (Bank/Credit Card):

This method is used by banks, which a priori have an account of the user, or the credit card industry.

2.1.4.2. Smart Card Payment Systems

A smart card, chip card, or ICC is any pocket-sized card with embedded integrated circuits. Smart cards are made of plastic, generally polyvinyl chloride, but sometimes polycarbonate. Smart cards can provide identification, authentication, data storage and application processing. Smart cards may provide strong security authentication for single sign-on within large organizations. Payment systems use a smart card, an embedded microcircuit, which contains memory and a mi­croprocessor together with an operating system for memory control. These smart cards can be used for electronic identification, electronic signature, encryption, payment, and data storage.

Smart cards serve as credit or ATM cards, fuel cards, mobile phone SIMs, authorization cards for pay television, household utility pre-payment cards, high-security identification and access­control cards, and public transport and public phone payment cards. Smart cards may also be used as electronic wallets. The smart card chip can be “loaded” with funds to pay parking meters and vending machines or at various merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. No connection to the issuing bank is necessary, so the holder of the card can use it even if not the owner.

These are the best known payment cards (clas­sic plastic card):

• Visa: Visa Contactless, PayWave.

• MasterCard: PayPass Magstripe, PayPass Mchip

• American Express: ExpressPay.

Smart cards are of two types: Contact smart cards and Contactless smart cards.

1. Contact Smart Cards: Contact smart cards have a contact area of approximately 1 square centimetre, comprising several gold-plated contact pads. These pads provide electrical connectivity when inserted into a reader, which is used as a communications medium between the smart card and a host (e.g., a computer, a point of sale terminal) or a mobile telephone. Cards do not contain batteries; power is supplied by the card reader. The ISO/IEC 7810 and ISO/IEC 7816 series of standards define physical shape and characteristics, electrical connector positions and shapes, electrical character­istics, communications protocols, including commands sent to and responses from the card and the basic functionality of the smart card. Communication protocols for contact smart cards include T=0 (character-level transmission protocol, defined in ISO/IEC 7816-3) and T=1 (block-level transmission protocol, defined in ISO/IEC 7816-3).

2. Contact-Less Smart Cards: A contact­less smart card is any pocket-sized card with embedded integrated circuits that can process and store data, and communicate with a terminal via radio waves. Memory cards contain non-volatile memory storage components, and perhaps some specific se­curity logic. Contactless smart cards contain a re-writeable smart card microchip that can be transcribed via radio waves. These cards require only proximity to an antenna to com­municate. They are often used for quick or hands-free transactions such as paying for public transportation without removing the card from a wallet. Like smart cards with contacts, contactless cards do not have an internal power source. Instead, they use an inductor to capture some of the incident radio-frequency interrogation signal, rectify it, and use it to power the card’s electron­ics. The standard for contactless interface is defined in ISO/IEC 14443-4.

The first contactless smart card in production use for fare payment was the Octopus card. A major application of this technology has been contactless payment credit and debit cards. Some major examples include are ExpressPay from American Express, PayPass from MasterCard and PayWave from Visa.

2.1.4.3. Credit Card Mobile Payment Systems

This type of mobile payment systems allow cus­tomers to make payments on mobile devices using their credit cards. These payment systems are developed based on the existing credit card-based financial infrastructure by adding wireless pay­ment capability for consumers on mobile devices. A credit card is a payment card issued to users as a system of payment. It allows the cardholder to pay for goods and services based on the holder’s promise to pay for them. The issuer of the card creates a revolving account and grants a line of credit to the consumer (or the user) from which the user can borrow money for payment to a merchant or as a cash advance to the user. Credit cards allow the consumers a continuing balance of debt, subject to interest being charged. The credit cards conform to the ISO/IEC 7810 ID-1 standard. Credit cards have an embossed bank card number complying with the ISO/IEC 7812 numbering standard. The existing SET secure protocol, developed by Visa and MasterCard for secure transfer of credit card transactions, has been extended and known as 3D SET to support mobile payment for mobile device users.

2.1.4.4. Mobile POS Payment

Mobile POS payment system enables customers to purchase products on vending machines (or in retail stores) with mobile phones. Two popular types of mobile POS systems are: automated point-of-sale payments, and attended point-of-sale payments. The first type is frequently used over ATM machines, retail vending machines, park­ing meters or toll collectors, and ticket machines to allow mobile users to purchase goods (such as snacks, parking permits, and movie tickets) through mobile devices. The other type of Mobile POS systems is useful for shop counters and taxis. They allow mobile users to make payments using mobile devices with the assistance from a service party, such as a taxi driver, or a counter clerk etc. A typical example of mobile POS payment system is Ultra’s M-Pay.

2.1.4.5. Mobile Wallets

Mobile wallets are the most popular type of mobile payment option for transactions. Like e-wallets, they allow a user to store the billing and shopping information that the user can recall with one-click while shopping using a mobile device. The primary types of mobile wallet schemes in the market are client wallet and hosted wallet.

1. Client Wallets: These are stored on a user’s device in the form of a SIM Application Toolkit card that resides in a mobile phone. Since the wallet is based on hardware, it is difficult to update, and potentially the user’s sensitive financial information is compro­mised if the device is lost or stolen.

2. Hosted Wallets: These are the digital wallets hosted on a server. This gives the service provider much greater control over the functionality it delivers and the security of the data and transactions. Hosted wallets can be self- hosted wallets or third party hosted wallets.

In addition, server based mobile e-wallets using SET technology are already being used, provid­ing secure transaction capability for merchants and cardholders.

2.1.4.6. P2P Mobile Payment

P2P payment allows individuals to pay one another through a third party. P2P payment services, which are offered by many banks and third parties, can also allow business owners to transfer money to a customer or supplier account (and vice versa) using an e-mail address or mobile phone number. Users can conduct transactions using funds from a bank, credit, debit or prepaid account, or the payment can be funded through the mobile phone bill. PayPal is the leader in the P2P category, with the largest global Internet-based payment network. PayPal offers a mobile phone app that allows consumers to send and request money using an e-mail address or phone number and a service based on SMS. PayPal has a P2P payments solution for Android NFC phones that allows money to be transferred by tapping two NFC phones together.

Other examples of P2P mobile payment solu­tions include the following (Figure 1):

• In 2010, Visa announced a new P2P pay­ment service that gives its U.S. customers the ability to receive and send money from their Visa accounts. Visa’s service includes a partnership with CashEdge and Fiserv; two P2P financial transaction companies that now have access to VisaNet, the com­pany’s payment processing network.

• MasterCard MoneySend uses the mobile browser, SMS, or a mobile app to enable customers to transfer money from person to person using a mobile phone.

• ZashPay, a service provided by Fiserv, of­fers a public Web site that allows people to transfer money using e-mail addresses or mobile phone numbers. The banks in­volved determine the sender’s fee.

2.2. Mobile Payments Stakeholders

Mobile payments implementations are still in their infancy, with business models still being

Figure 1. Mobile payment overview

defined and tested through numerous pilots in the market. The business case mobile payment is complicated especially in proximity payments. There are concerns about the rate at which both consumers and merchants adopt payment type. However, the fundamental barrier to widespread adoption of mobile payments is the requirement that multiple players cooperate. Many of these players claim both a relationship with the customer and a share of transaction revenue. During the next several years, thousands more merchants in the United States are expected to be able to accept contactless payments. However, certain critical requirements must be met by all stakeholders before high volumes of consumers can actually start using mobile phones for payment especially at a physical POS.

There are a wide variety of stakeholders in a mobile payments system (Figure 2). Depending on the implementation scenario, stakeholders change and additional stakeholders with varying degrees of involvement may also be involved.

Stakeholders may include:

1. Consumers: The stakeholders who use the mobile payment devices for conducting mobile payment transaction.

2. Issuers: The stakeholders who issue mobile payment capabilities and support easy man­agement of mobile payments.

3. Merchants: The stakeholders who accept mobile payments whether contactless or contacted payments.

Figure 2. Mobile payment stakeholders

4. Acquirers: The trusted third parties who support mobile payments.

5. Mobile Operators: The stakeholders who ensure a supply of mobile phones with NFC technology and support payment services on their networks for proximity payments.

6. Payment Networks: The stakeholders who set standards and promote acceptance by all parties throughout the network.

7. Chip and Handset Manufacturers: The stakeholders who support branded financial applications.

8. SIM/Payment Software Developers: The stakeholders who develop and support branded financial applications for chip and handset manufacturers.

9. Trusted Service Manager: The stakehold­ers including OTA personalization bureaus who provision the payment application to the memory of the phone.

10. IssuingandAcquiringPaymentProcessors: The stakeholders who process payments act­ing on behalf of acquiring and issuing banks and who are involved in almost every case.

11. Proprietary Payment Application Providers: The stakeholders who offer payment applications for specific services (for example, transit agencies’ fare payment systems).

12. Specialty Application Providers: The stakeholders who can add additional value to proximity mobile payments (e.g., PayPal enabling person-to-person payments).

2.3. Mobile Payment Business Models

There are four potential mobile payments business model scenarios. These models are used by differ­ent stake holders, depending on their needs and value propositions. They are described as follows:

2.3.1. Operator-Centric Model

In this model, the mobile operator acts indepen­dently to deploy mobile payment applications to NFC-enabled mobile devices (Figure 3). The mobile operator loads the mobile payment ap­plication on its customer’s NFC mobile devices. The customer may prepay, or the operator may add charges to the customer’s existing wireless bill. This acts in two ways.

Operator provides the merchant with a wire­less POS system.

• Operator enables the proximity payment application on the merchant’s NFC mobile device.

• Operator enables the proximity payment application on the merchant’s NFC mobile device.

2.3.2. Bank-Centric Model

A bank deploys mobile payment applications or devices to customers and ensures merchants have the required point-of-sale (POS) acceptance ca­pability (Figure 4). Payments are processed over the existing financial networks with credits and debits to the appropriate accounts. An issuing bank owns the relationship with the customer and is responsible for getting the payment token. In this case an NFC-enabled phone is given to customers in the same way as bank cards are distributed. The responsibility of the bank for this role could vary. At one extreme the bank could actually give (or sell) its clients a fully-featured NFC phone, while at the other extreme the bank could simply provision an existing NFC phone with a suitable payment application. The merchant relationship is owned by the acquiring bank. In many cases the acquirer provides the merchant with the ap­propriate acceptance device for the Point -Of-Sale.

Figure 3. Operator centric model

Figure 4. Bank centric model

2.3.3. Peer-to-Peer Model

The Peer-to-Peer Model is an innovation created by payments industries who are trying to find ways to process payments without using existing wire transfer and bank card processing networks (Figure 5). The ability to send money from one person to another, even across great distances, has existed for many years through providers such as Western Union. While the Internet has made this service even more convenient, the high fees associated with the transfers can make them cost prohibitive and not for every-day use. Internet bill payment services provided by most banks have made remote payments to merchants convenient, but cannot be used for real-time purchases. Mobile phones with Peer-to-Peer capabilities overcome these obstacles. An independent peer-to-peer

Figure 5. Peer-to-peer model

service provider provides secure mobile payments between customers or between customers and merchants. This entire process can have follow­ing scenarios:

Scenario 1: Provider deploys contactless cards/ devices to customers and POS equipment to merchants in a closed loop model.

Scenario 2: Provider deploys a mobile payment application for the NFC-enabled mobile device.

Scenario 3: Peer-to-Peer service provider uses an existing online application (e.g., PayPal Mobile). No POS equipment is required.

2.3.4. Collaboration Model

This model involves collaboration among banks, mobile operators and other actors in the mobile payments value chain (Figure 6). This also includes a potential trusted third party that manages the deployment of mobile applications. Payments in this model are processed over the existing financial networks with credits and debits to the appropriate accounts.

This model includes two possible scenarios:

Scenario 1: A mobile operator partners with one bank to offer a bank-specific mobile pay­ments service.

Scenario 2: Industry associations representing mobile operators and financial institutions negotiate and set standards for applications that reside on secure elements in mobile devices, allowing multiple card types from different banks to be used.

In the above mentioned cases, NFC-enabled mobile devices and compatible POS devices are deployed that meet the standards set by the partner bank or industry associations. Potential sources of revenue include merchant commissions,

Figure 6. Collaboration model

merchant and consumer trans-action fees, new customer acquisition fees, and marketing fees. The amount paid and collected by each actor is the source of considerable contention. Generally it is expected that merchant fees are split between banks, mobile operators, and perhaps third-party TSMs. Comparable models exist in the credit card industry for customer acquisition and marketing fees between partners.

3.