The actual scoring is probably a little more complicated. This blog is focused on investors and business heads that are not deep in the trenches with mobile payments. There is much written on the technology, standards, pilots and who is doing what.. this is an attempt to understand the business incentives within the ecosystem(s) and WHY key actors are pursuing/supporting different strategies. Getting NFC in a mobile handset was no “obvious” decision for MNOs or Handset manufactures, in fact just 18 months ago Apple told a major bank “we have enough radios in the phone, can’t we just use one of the existing ones?” The point shouldn’t be missed, there are many, many ways which a consumer can store information and transmit it to another device (like a POS). As an example: the US State department (in its infinite wisdom) decided to put an unencrypted RFID tag that contains your name and passport #… Another wacky example is Google Zetawire Patent.
Why NFC? Technically it operates on the same ISO/IEC 14443 protocol as both RFID and MiFare so how is it different? I’m not going to get into the depth of the technology (see Wikipedia), but the biggest driver was GSMA/NFC Forum’s technical definition (UICC/SWP) that ENABLED CARRIERS to control the smart card (NFC element). This in turn enabled carriers to create a business model through which they could justify investment (See NFC Forum White Paper).
(Sorry for the pedantic nature of this, but since blog readership is going up.. I’m taking some license in assuming that the style is not irritating too many people.. and besides getting right use of terminology is important. )
Banks and card networks have been circling mobile/contactless payments for sometime. Mastercard’s PayPass (2003) led the way for many of the current bank contactless initiatives. Visa later followed (and still trails) with PayWave in 2007, and Discover with Zip in 2008. All card initiatives operate on the same ISO/IEC 14443 protocol as NFC, most with numerous “successful” pilots. The issues with contactless card platforms are not technology, but business model.
As with any new “platform” it must support a business model for some… preferably for many … participants. Card focused models focused on either cash replacement (ex. Transit, Vending, P2P, …etc.) or “premium” convenience play (see Best Buy NFC Pilot). For those of you not in the card or retail business… there is little love loss between the 2 groups. Retailers are not about to invest in anything that helps either banks or card networks unless it improves sales or margins (see Banks will win in Credit). The NFC model allowed carriers to control the radio, and integrate it into the SIM (UICC) for management of secure applications and data (see Apple and NFC).
Prior to NFC, the “control” for contactless payment was with each contactless network. Visa and Mastercard took 12-18 months to certify every new device. That meant every single new POS Reader, handset, … had to go through multiple certification processes. What manufacturer would want to invest in this contactless model? Alternatively, NFC contains standards and specifications operating within ISO 14443 with an independent certification process. The NFC specification does provide for an independent entity, called the Trusted Service Manager (TSM), to assume the role of gatekeeper (See Dutch Example). But MNOs are not likely to give up the keys prematurely. In the US ISIS model, this TSM will be run by Gemalto (for the MNO consortium).
What does this mean? Q: Can Visa develop a PayWave application on an NFC certified phone? Yes.. can Mastercard develop a PayPass Application? Yes.. that have already. Can TFL develop an Oyster Application? Yes. Vendors like Zenius design secure applications that do just that. NFC enables the phone to host multiple applications that can use the “radio” in different ways (example open secure doors). These mobile applications are secure and can be provisioned and updated remotely. This is the “beauty” of the NFC ecosystem. Investors note: In all of these examples, it takes the MNO and/or TSM to approve your application. In the case of Visa and MA… they are not approved. This means your start up can build the slickest app in the world.. but someone else owns the keys to consumer use. For Visa and Mastercard: their PayPass and PayWave brands are mere NFC applications that can be denied within the NFC enabled phone.
Another important control point (for NFC payment) is POS infrastructure. A new NFC payment instrument must be supported by both the POS (certfication) and the processor(s). POS terminals typically support multiple standards, protocols and payment insturments (see VivoPay 5000M). For each payment method (PayWave, PayPass, Zip, Bling, ..) the POS terminal must undergo a proprietary certification process. POS terminals connect to one or more processors (ex. FirstData, FIS, …) and in addition to processing the transaction, the terminals can receive and process updates (example ISIS/Zip protocol which is still in definition). A recent example of POS payment upgrade: Verifone’s efforts to include Bling/PayPal acceptance at POS, a very big story that has received little attention.
The “downside” of NFC for many stakeholders is that they are no longer in control. In the NFC model, the “keys” to the NFC platform sit with the MNO who controls the UICC. This control is necessary, as it is the MNO who fulfills the KYC (Know your customer) requirement linking a real person to a SIM (and hence to a transaction). In the NFC model, Visa will still need to certify their own NFC software application to be PayWave compliant.. but will NOT necessarily need to certify the chipset/OS and device in which the application runs. Of course the details are a little sketchy here because Visa has not tested their own application for this environment, as handset manufactures are still in flight with their designs (focused on ISIS compatibility). I believe the ISIS dynamic is also the driver of why the latest Android Nexus S had write functions disabled..
Stakeholders
In analyzing the Total Addressable Market (TAM) for any investment I always look at who are the existing stakeholders and their realative markets. Within the NFC Ecosystem I see the following:
MNOs have had very little experience in running a software platform ecosystem, or a payment network.. or a TSM. Closed systems usually precede open systems, and I would expect this trend to follow within NFC. The vendor most able to coordinate a value proposition which spans payments, software, mobile platform, advertising, … ? Apple. Say what you want about Apple’s penchant for control.. they are one of the few companies with the skills and experience to address all of the issues surrounding a new mobile platform.
Banks and card networks are the only group not to score in NFC because of their inability to create a new value proposition with MNOs and retailers, as such they loose. Banks hold out hope that existing card loyalty programs hold, and consumers refuse to use payment instruments that are not currently in their pocket. History demonstrates that telecom operators have ability to sell and market cards (see AT&T Universal) to create compelling incentives…. Banks will likely begin pushing the benefits of Credit cards (Reg Z consumer protections). Will carriers respond by expanding their consumer credit risk through carrier billing initiatives (Boku, Bango, billtomobile)?
Message to banks.. stop depending on Visa and Mastercard for this.. develop your own payment network, with a unique POS integration.
Thoughts appreciated
Very thoughtful post Tom.
As i have mentioned before, the four party model is under siege.
Apple is a contender, but must re-engineer “iTunes’ from a content warehouse that has a non-real time payments backend into a payments and settlement system. No easy task – as you know.
PayPal could also stake a claim by establishing an MNO and getting a lot more bank friendly.
They, unlike all newcomers that i am aware of, have the a very scalable risk & fraud engine.
Its tough to imagine in a “world of clouds” that ACH does not emerge between parties – issuers, merchants and consumers to test the incumbent processing model. But its going to take time. Habits die hard.
And lets keep in mind, over the next 2-3 years, that the POS NFC transaction $$ will be a rounding error against plastic, thus the available fee’s to support all these startups operations small over the next 5 years. Everyone is fighting for first mover position. The bigger battle is non-NFC inApp payments.
Mirek, thanks for your comments below.
(a) There is more to mobile payments than NFC based solutions; e.g. NFC does nothing to remote payments (who will dominate those segments and how? The same players who will dominate the proximity payments?)
(b) There is more to NFC than transmission of data from the payer to the payee (as the case is in the merchant centric model); data can be and is often transmitted from the payee to the payer and the payer initiates the transaction (in the payer centric model). I happen to believe that this is going to the winning direction. And in fact the very foundation of NFC is to get the data from the outside-in and act on it.
(c) There are 3 user operating modes for NFC: peer to peer (ISO 18092: to communicate 2-way with another device), reader/writer mode (ISO 14443: e.g. reader that reads an RFID tag), or card emulation (to behave like a contactless card; be a tag) – many solutions can (will be) designed and tried. The Paypass and PayWave are not the only ways.
(d) NFC is of no value in markets with no NFC phones and terminals – which includes all developing countries; in developed markets there is a considerable medium term potential, yet under a question mark given the required investments. About the ~70% of mobile users in US and ~95% of mobile users in, say, Nigeria (the largest market on the African continent) do not have iPhones, data plans, NFC phones or merchants with NFC transceivers.
(e) Fundamentally the question is: what problem does the NFC solve and how does it solve it (better/cheaper than the alternatives?); what will drive the adoption and use of the NFC solution?
(f) What is the business model from the perspective of all the members of the new ecosystem? Does it compute at all? Can all these parties make money?
2. Secure Element
On the phone, the NFC controller will only give you communications capability; all other intelligence comes from outside of NFC; NFC only facilitates data exchange.
NFC comm however is not secure. Higher layer software has to secure the channel if you don’t want eavesdropping. NFC needs to be “connected” to some “software with data” so that some application function can be accomplished. This software with data has to be secure – if you are interested in implementing some real world apps. This software with data, secured somehow, it called a secure element – SE. SE can be in a separate chip or in the SIM/UICC; latest idea: SE on the microSD card. NFC controller and SE are 2 separates components.
Pingback: Page not found « FinVentures
Pingback: ISIS Platform: Ecosystem or Desert « FinVentures
Will Isis pay for some of the POS buildout at retailers?
Pingback: Disrupting Payments at the POS « FinVentures
Very interesting stuff Tom, but I would add that the potential for new business models is greater than you might imagine. There is no reason for the NFC Secure Element (SE) to be on the UICC and therefore under the control of the operators.
http://digitaldebateblogs.typepad.com/digital_money/2010/12/ipown.html
Cheers,
Dave.
Pingback: Mobile Apps will Die « FinVentures
Pingback: OpenNFC – Game Changer « FinVentures
“it is the MNO who fulfills the KYC (Know your customer) requirement linking a real person to a SIM (and hence to a transaction)” Really? You mean banks cannot comply with KYC requirements? What about linking a real person to a bank account (and hence to a transaction)? Users do not want to have their lives managed by MNOs, which for the most part, are seen as a necessary evil. In the US, in how many places will I be left without payment capacity because there is no network coverage in my area?
Pingback: Visa’s Mobile Strategy: Portfolio Manager « FinVentures
Pingback: ISIS Delay.. « FinVentures
Pingback: Carriers as dumb pipes? « FinVentures
Pingback: Gemalto QR Codes.. One Giant Leap _________ ? « FinVentures