Mobile Payments: What is NFC?

What is NFC?

NFC stands for Near Field Communication. It is a standard defined by the NFC Forum, a global consortium of hardware, software, credit-card, banking, network-providers and others who are interested in the advancement and standardizing this technology. As the name implies, it’s a set of short-range wireless communication standards used in mobile phones and other electronic devices. It operates on the frequency of 13.56 MHz with data transfer of up to 424 kilobits per second.

NFC and RFID (Radio Frequency Identification) are sometimes used interchangeably, but NFC is really a newer version or extension of RFID. RFID waves can have very long ranges as they are generally used in manufacturing, inventory and object tracking. In contrast, NFC limits the range of communication to within 2 to 4 inches. This makes NFC more suitable for secure applications like payments.

NFC allows you to share small payloads of data between an NFC tag and an NFC enabled phone or between two NFC enabled phones. This may sound more like Bluetooth because it is also a communication technology between two bluetooth enabled devices over a short range. Yes, they are similar in that aspect, but they are also different in other aspects. For instance, NFC doesn’t need a pairing process; it can read from passive NFC tags; it consumes low power; it connects to its target very quickly ( one tenth of a second) etc. These qualities make NFC a good candidate for mobile payments. Bluetooth has other advantages that makes it a better choice for a different set of use cases. We will discuss about Bluetooth, BLE and Beacons in a different post.

 

Contactless cards, that we discussed in an earlier post, behave like NFC tags and emit NFC style radio frequency signals when provoked by a contactless reader terminal. So, in theory, a mobile phone with an NFC controller can do the same as long as they conform to the protocols defined by payment networks. And that is exactly what is happening when you use a Google or Isis wallet. We will discuss how this happens in practice in an upcoming post on card-emulation mode for NFC.

So, can you just replace all of your contactless credit and debit cards with Google wallet or Isis wallet and call it a day. Not yet. There are a couple of reasons for that.

First and foremost, today, contactless terminals/readers are not plentiful. There are just over 200K contactless terminals across US. The advantage of using your contactless plastic card is that it also comes with a magstripe for backward compatibility with traditional terminals. We do not have that luxury with an NFC enabled phone.

Second, provisioning a contactless application to an NFC enabled phone is a much more complicated process involving a larger ecosystem of participants like SP TSM, SE TSM, MNO, Issuing banks and the complexity involved with security, key management and over-the-air provisioning cannot be discounted either. Technically, these have been solved, but not all Issuing banks are ready to invest in it yet. That said, the industry is slowly, yet steadily moving towards a digital wallet. So, it is going to happen sooner rather than later, but don’t hold your breath.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #12. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is a Mobile Wallet?

What is a Mobile Wallet?

Mobile Wallet, like Mobile Payments, is an overloaded phrase. It means different things to different people. For the sake of simplicity, let’s define the mobile wallet as an app or a set of apps that helps us to get rid of the physical wallet. That was a pretty slick definition, wasn’t it? To make the above definition a reality, what items should the mobile wallet hold? Let’s make a list.

  • Credit cards & Debit cards
  • Gift Cards
  • Loyalty Cards
  • Driver’s License or any Identity proof
  • Receipts
  • Cash
  • Business Cards
  • Coupons, Offers
  • Transit passes / tickets
  • Movie tickets
  • A mechanism to use all of the above everywhere

If a mobile wallet gives us all the above, then we can conveniently get rid of our fat physical wallets. We are not there yet, but sooner rather than later, we will get there. Today, many of the large tech and financial giants are focussing their efforts on the mobile payment side of things – Google and Paypal are good examples. Other giants are focussing on the non-financial aspect of wallets – Apple’s passbook comes to mind. As time passes, the industry will mature, concepts will merge, new innovations will take place, and before we know it we won’t be carrying our physical wallets anymore. Did we ever think that we will never wear a watch again, or never carry a point-and-shoot camera to our next pleasure trip?

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #11. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is Mobile Payment?

What is Mobile Payment?

Mobile Payment is one the overly hyped phrases in the industry today. It could mean a lot of different things in different contexts. In general, Mobile Payment means that as a consumer you can use your mobile device to make payments instead of paying by Cash, Check, Credit Card, Debit Card or any other payment mechanism. It could also mean that you could use your mobile device to accept payments from others; or, it could mean that you can use your mobile to pay a friend back; or just pay a bill. You get the idea.

Let’s start a list of things we can do with mobile and payments in this post. We will keep adding to the list as we find more.

  • Mobile at the Point of Sale
    • Tap & Pay using your Mobile NFC device – Google Wallet, Isis
    • Scan a QR code using your mobile’s camera to make a payment – Paydiant
    • Show a QR code displayed on your mobile at the POS – Starbucks Wallet
    • Pay using Mobile BLE and iBeacon technology and the Cloud – Paypal
    • Simulate Magnetic Stripe signals – LoopPay
  • Mobile Point of Sale (mPOS)
    • Mobile card reader dongle to accepts payments – Square
    • Fully integrated tablet based POS system – ROAM
  • P2P payments – Person to Person
    • Pay a friend using their phone number – PayM
    • Pay a friend using their email address – PayPal
    • Pay a friend by bumping the phones together – BumpPay
    • Transfer money between different bank accounts – Bank apps
  • mCommerce
    • Pay in apps using digital wallet – Pay with Paypal
    • Pay across apps – Venmo Touch
    • Pay in mobile web sites – Regular mobile checkout
    • Pay utility bills using your mobile device
  • Old Fashioned
    • Pay using SMS – Premium SMS or MMS
    • Direct carrier billing

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #10. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is EMV?

What is a EMV?

EMV is defined by EMVCo as, “a global standard for credit and debit payment cards based on chip card technology”. It was named after its original developers – Europay, MasterCard and Visa. EMVCo is the organization that manages, maintains and enhances the EMV specifications.  Today, EMVCo is owned by American Express, Discover, JCB, MasterCard, UnionPay, and Visa. Other organizations from the payments industry also participate as technical and business associates from time to time.

EMV chip cards contain embedded microprocessors that provide strong authentication, security and cryptography features not possible with traditional magnetic stripe cards. In addition to storing payment information in a secure chip rather than a magnetic stripe, using EMV improves the security of a payment transaction by adding 3 important features:

Card Authentication:

Card authentication protects the payment system against counterfeit cards. Card authentication methods are defined in the EMV specifications and the associated payment network chip specifications. Card authentication can take place online, offline or both.

Cardholder Verification:

Cardholder verification authenticates the cardholder. Use of a PIN is a common cardholder verification method (CVM) that authenticates the cardholder and protects against the use of lost or stolen card. EMV supports Online PIN, Offline PIN, Signature and No CVM as part of its specifications. As mobile payments grow new CVMs, in the form of finger-print, voice and device PIN may also get added to the list

Transaction Authorization:

For an online transaction authorization, EMV supports the notion of a dynamic transaction cryptogram. The presence of the dynamic component completely eliminates replay style attacks. EMV supports both online authorization and offline authorization based on rules and risk-parameters set by the Issuer

The Contact chip cards and Contactless chip cards that we discussed in earlier posts can comply to the EMV specification and reap its security advantages. In fact, all of the contact and contactless chip cards in Europe are created using the EMV specification. At present, contact chip cards are in very limited use in US, but the good news is that they are migrating towards it and they are using EMV as the underlying specification.

In contrast, many US banks did offer contactless chip cards over the last few years. These cards did not follow the EMV specification. They instead used a complementary Contactless MSD specification which is an equivalent to regular magenetic stripe data, but a bit more secure. They chose to use MSD because US does not have the EMV infrastructure setup yet. As and when the migration towards EMV matures, these existing contactless MSD cards will also be migrated to Contactless EMV cards or that is what I think.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #9. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Bring Your Own Wallet

Today, the mobile wallet is an overused buzzword discussed and debated by a variety of industries. Payment companies, financial institutions and merchants of all sizes are all vying for consumer attention. Technology companies, mobile network operators (MNOs), start-ups and even marketing companies are joining forces to innovate in this space. Though many are talking about it, asking a simple question like what is a mobile-wallet? brings surprisingly different answers depending who you ask.

The competition heats up

A question often asked is who could win the ‘wallet wars’ in the years to come? Isis Wallet was launched just a few weeks ago and is heavily backed by three of the top MNOs (Verizon, AT&T and T-Mobile). Google Wallet has finally escaped the clutches of MNOs by introducing Host-Card emulation in Android Kit-Kat. Are they in a position to reverse their wallet downfall? PayPal has started piloting their in-store beacon payment experience. With over 100 million credit-cards on file, is PayPal going to be the winner again? Will MCX wallet, with its support from all major retailers, be the Holy Grail for merchants? Can Square re-create their m-POS success in the wallet world? Apple’s passbook shows huge potential by itself. With the subsequent introduction of finger-print biometric and iBeacon in iOS7, is Apple in a better position than others?

Generic vs. merchant

These questions, however, are based on an assumption that a multi-purpose generic wallet will emerge as the winner. Considering that the mobile payments revolution is still in its nascent stages, it’s too early to assume that a single generic wallet will triumph over a merchant-specific wallet such as a Starbucks wallet. Starbucks claims that more than 10% of store sales are driven by its mobile wallet app and is the only success story in this space. The generic wallet fails to provide any credible proof to challenge this. So, the real question is: who will win the generic wallet vs. merchant-specific wallet war?

As far as merchants are concerned, this question need not be fully answered before they dive into their mobile wallet initiative. Here’s why: most of the wallets mentioned above try to solve the mobile payment challenge. But payment is just one part of the larger wallet ecosystem. Until other ambitious players solve the mobile payment challenge, merchants can use stop-gap payment solutions while focusing on the rest of the wallet ecosystem.

Bring Your Own Wallet

The most practical approach then would be for a merchant to follow the mantra, ‘your app is your mobile wallet.’ By building your own-brand mobile wallet, you can access customer profile information (demographics, purchase behavior, spending patterns) and track transactions which would otherwise be sold to competitors. Combining such valuable information with unique capabilities that smartphones offer, new and innovative solutions can be created to boost your sales, up-sell, cross-sell and elevate customer experience to a whole new level in several different ways:

  1. Improve the in-store shopping experience and customer engagement: staff can be equipped with mobile POS devices; in-store navigation can assist customers to the exact location of a particular product; access to store inventory can identify if a particular product is in stock; product comparison and user reviews can strengthen customer confidence; mobile ordering, smart-checkout and in-store pickup can reduce queue wait times.
  2. Increase customer loyalty and invite repeat-visits: access to digital loyalty/reward cards from the wallet; real-time rewards information access; creating badges and rewards gamification to increase customer spend; geo-fencing, to check-in customers and offer a personalized experience.
  3. Increase customer base using innovative offers: offering location based offers when the customer is in vicinity of the store; iBeacon technology to identify if a customer is checked into the store and leveraging that for targeted sales to motivate in-store purchases. This can also be used to bring your mobile wallet to the forefront without getting hidden in the fourth home screen.
  4. Support a payment solution that works today: use a stored-value digital card that the customers can refill with their linked bank accounts; or use a white-label mobile payment provider like Paydiant if you prefer to support all card networks from your mobile wallet. Regardless of payment option chosen, integrate it with your rewards program; offer additional incentives for consumers who use your mobile-wallet; ensure tight integration between the mobile payment system and the rest of the mobile-wallet ecosystem.
  5. Support generic mobile payment providers when they finally figure it out: eventually, the generic wallet providers will figure out a standardized way to make a payment at the physical or virtual POS. Design your mobile strategy to be flexible to support them so you don’t lose generic wallet customers. Your own loyal customers can be appropriately incentivized to continue using your mobile wallet.

Remember, the existing magnetic-stripe based card payment experience is not broken. It works, customers understand it and more importantly, they are happy with it. So, payment is not the problem you need to solve. Neither should you wait for generic wallet providers to solve the m-Commerce challenge for you. By placing your bet on your own unique mobile wallet today, you can focus on creating what adds value – a new and improved relationship with your customer and rewarding them with a pleasurable shopping experience.

The article was originally published on bobsguide on May 8, 2014 and is re-posted here by permission.

Mobile Payments: What is Tap & Pay?

What is Tap & Pay?

 

When we use a Contactless Card to tap on the Contactless reader to make a payment, instead of swiping a magstripe card, we are essentially using Tap & Pay technology. The same goes for any NFC enabled mobile device that support Card Emulation Mode – like Android and Blackberry. Tap & Pay is just a marketing terminology. You may also see it referred to as Tap-n-Pay, Tap to Pay, Tap & Go, Wave & Pay and so on.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #8. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is a Contactless Chip Card?

What is a Contactless Chip Card?

Contactless chip cards are standard credit cards with an embedded contactless chip. Optionally, a MagStripe is also provided for backwards compatibility. These cards require no physical contact with the point-of-sale (POS) terminal. To make a payment, the consumer holds the contactless card in close proximity (less than 2-4 inches) to the merchant POS terminal and the payment account information is communicated wirelessly via Radio Frequency (RF).

Radio frequency waves are the frequencies within the electromagnetic spectrum associated with radio wave propagation. Many wireless communications technologies are based on RF, including radio, television, mobile phones, wireless networks and now, contactless payment cards and devices. Don’t confuse this RF with RFID technologies used in manufacturing, shipping and object tracking. Those are designed to operate over long ranges (in the order of 25 feet) and typically don’t have built in security and privacy. On the other hand, the contactless cards that are used for payments are desgined to operate at a short range and come built-in with security and cryptography capabilities.

In the image above, the logo marked on the right hand side represents the universal contactless symbol. If you see this logo on your credit card, you can be sure that it supports contactless payments. Similarly, POS devices that support contactless payments prominently display the same logo to advertise their capability for the same.

Typically, when you make a payment with contactless cards, you are not required to enter a PIN or autograph your signature. This is intentional because, one of the most touted value-add features provided by a contactless card is fast checkout times. Consequently, they are sometimes also referred to as Tap & Go cards.

In the context of mobile payments, when you use a NFC mobile device (like Android or Blackberry) to Tap & Pay at the point of sale, you are actually using the same underlying technology as the Contactless Chip Card. The NFC controller chip inside the mobile device is put into card-emulation mode. In this mode, the NFC chip behaves like a Contactless chip card thereby transforming your mobile phone into a contactless credit card.

Since mobile phones are way more powerful than a plastic card, they can hold as many cards as you want and the NFC chip will be able to simulate any or all of them. This essentially turns your mobile phone into a virtual mobile wallet. Now you know where the concept of Mobile wallets origintated from.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #7. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is a Contact Chip Card?

What is a Contact Chip Card?

Chip cards are standard bank cards that are embedded with a micro computer chip instead of or in addition to a Magstripe. It is an evolution in our payment system that will help increase security and reduce fraud in a card-present environment. A cardholder’s confidential account data is more secure on a chip-enabled payment card than on a MagStripe card, as the former supports dynamic authentication, while the latter does not. This prevents fraudsters from easily copying account information and creating counterfeit cards.

In United States, MagStripe cards are more common-place although a migration towards chip cards is currently underway from all major card networks and Issuing banks. In UK, Chip cards, more specifically the Chip-and-PIN variety is ubiquitous while MagStripe cards are almost extinct.

This post explicitly discusses contact chip cards, which requires direct contact with the reader to establish communication with each other during a payment transaction. There is also a contactless chip card variant that we will discuss in the next post.

Contact Chip cards may come as Chip-and-PIN or Chip-and-Signature cards. Chip-And-PIN cards are used to verify the cardholder by asking them to enter a PIN during transaction authorization whereas Chip-and-Signature cards use traditional signature for cardholder verification. PIN is generally considered a more secure method of cardholder verification than Signature. But, the credit card platform in United States is not built to support PIN. So, you would generally see only Chip-and-Signature cards in US.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #6. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is a Magnetic Stripe Card?

What is a Magnetic Stripe Card?

The most commonly available type of credit and debit card in the United States is a Magnetic Stripe or MagStripe card. As shown below, the black band on the back of your card is the magnetic stripe. It stores information by modifying the magnetism of tiny iron-based magnetic particles. The stored data can be read by swiping past a magnetic reading head, which is what you do when you swipe your credit card in a point of sale terminal.

Credit_Card_Mag_Stripe

The MagStripe holds your account information encoded in the form of Tracks – Track 1 and Track 2. They both hold similar information. Given below are some details.

 Track 1 Data:

  • Primary Account Number (PAN) – This is your credit card number
  • Name
  • Expiration Date
  • Service Code
  • Discretionary data – Contains CVV code among other data

 Track 2 Data:

  • Primary Account Number – This is your credit card number
  • Expiration Date
  • Service Code
  • Discretionary data – Contains CVV code among other data

Other than the fact that Track 1 stores your name while Track 2 doesn’t, there are a few other technical details associated with each which is not important for our discussion. Point of sale card readers read either Track 1 or Track 2 or both depeding on how they are programmed. Rest assured, information in either one of the tracks is enough to complete a purchase transaction.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #5. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: Who is a Payment Network?

Who is a Payment Network?

If credit card payments was a software project, then payment network is the project manager. The logo that you see on your credit card that says Visa or MasterCard is nothing but the name of a Payment Network. They are also otherwise called as card network or payment brand or just network. It is important to remember that card networks do not issue cards to the layman. Issuers issue cards.

When we discussed about Acquirers, I mentioned that the Acquirers don’t directly maintain a link to every other Issuer under the sun; instead they maintain a link to every major card network. Card networks in-turn maintain a link with every Issuer that issues their network branded cards. In essence, they are the intermediary between Acquirers and Issuers for authorizing credit card transactions.

There are various other functions that a card network performs. They manage the brand reputation and marketing. They facilitate clearing and settlement. They set rules that govern payment transactions within their network and enforce them. They set standards for security, compliance and certification. And much much more…

Out of the major card networks, Visa has the largest market share, followed by Master Card, American Express and Discover in that order.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #4. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.