This is a kind of paradox. On one hand, market surveys clearly show some reluctance from consumers to pay with their mobile. The main reason is the perceived lack of security. There are also concerns about what happens if a phone gets lost or stolen. On the other hand, consumers who have already tested NFC payments love it. Gemalto has been involved in many NFC pilot programmes with partners around the world which achieved 90 per cent satisfaction rates from consumers. Therefore the main challenge for financial institutions will be to educate consumers about the security of the system. Mobile payment via NFC is as secure as payment with a plastic bankcard. So what exactly does happen if a phone gets lost? Consumers can either call their bank or mobile phone operator to block the service right away.
Mobile payment via NFC is as secure as payment with a plastic bank card. NFC mobile payment reuses the logical and physical security mechanisms used for contactless cards and brings additional security layers to comply with the need for post-issuance activation of an NFC payment application. Those new security layers are endorsed by major payment network schemes.
Payment applications require certification coming from Visa and MasterCard. These payment applications are downloaded and installed in secure elements such as SIM cards which have to be common criteria certified (exactly like banking cards). The post-issuance process (including security mechanisms) of installing and personalizing a payment application via TSM in an NFC secure element has been standardized in Global Platform and therefore endorsed by the banking world. Finally the trusted service managers (TSMs) in charge of managing the payment applications remotely are hosted in secure data centers which are also certified by financial services authorities.
Key features which reinforce the Mobile NFC security include:
1) The NFC SIM cards storing a consumer’s payment credentials and the payment applications are certified according to security standards defined by financial services authorities and are comparable to CHIP-N-PIN security.
2) Consumers can choose to authenticate transactions by entering a PIN code on the payment application. Consumers can also request the PIN to be entered for all payments, even for small amounts – providing the end-user with complete control of protection features.
3) Secure over-the-air technology for remote management enables immediate remote blocking of the payment application. This works in a similar fashion to blocking a bank card in opposition mode.
No it’s really simple and will depend on the business agreement between the involved parties (bank/Mno) but the common practice will be similar to the following scenario:
For example, if your phone with SIM based NFC containing applications from your banks, favorite retail brands and transport operator gets stolen you will first call the MNO which will remotely (over-the-air) lock all the applications and notify all concerned service providers which will also take the appropriate actions such as blocking the application to prevent unauthorized transactions. You will not be required to call all service providers one by one.
The MNO will then issue a new SIM and will automatically request the restoration of all services that were available on the previous SIM.
Consumers can also call banks or transport operators directly. In that case, the service provider will notify the MNO about the theft.
By default, the introduction of new technologies to the market takes time as standards have to be agreed between stakeholders and technology has to be developed accordingly. Moreover the deployment of NFC services require the construction of local ecosystems and business models involving many players such as banks, transport companies, telecom operators, retailers, merchants, OEMs etc. It took some time for those players to get organized to collectively trigger the deployment of NFC handsets and Point of Sales (POS)terminals.
A part of the chicken and egg equation is being solved with the start of NFC handsets proliferation. Now we need NFC POS terminals to sustain the mobile payment use-case which represents the main money driver for many NFC players. The development of a large set of appealing NFC services to consumers must also be developed before mass adoption takes place.
The deployment of PoS terminals has already started, driven by the roll-out of contactless cards by some major banks. Increased NFC handset availability will also boost the deployment as it clearly improves the value proposition for merchants that will not only consider NFC as another payment means but as a new communication channel to consumers. It will allow, among other things, the push of marketing and promotional materials such as vouchers,that can be simply redeemed in shops.
It is hard to envisage what the market will look like in 10 years from now but it is clear that NFC phones and contactless cards will coexist. Mobile payment is designed for low value transactions and is seen as a replacement for cash that still represents 80 per cent of transactions.
NFC is under deployment in many countries around the world including France, UK, USA, Poland, Japan, South Korea, Turkey, Singapore and the Netherlands, which is leading the race with a wide-scale deployment expected in 2012.