Find articles from my Blog Archive:

Wednesday, 24 July 2013

It's time to ramp-up the ambition in mobile payments

The world is full of novel mobile payments solutions, many of which are doomed to failure in my opinion. This is for one simple reason; they aren't ambitious enough. Most of these so-called innovations are replicating today's payments model and complexity. Very few actually transform the underlying business model and many actually increase end-to-end complexity, not reduce it.

Let's look at today's retail payments model. We could characterise this as the retailer saying "please give me the keys to your safe, so I can go and take what you owe me." We blithely hand over our bank credentials together with authority for the retailer to debit money from our accounts every time we pay at the point of sale. Precisely because this is so inherently insecure, the industry has had to liberally pepper the resultant payments with encryption, pin codes and complex/obscure technology. The whole merchant acquirer infrastructure grew up to connect our banks with the retailer's banks and process the resultant transactions. The reason for this? Only the retailer has connectivity and the ability to connect into the banking infrastructure. Before smartphones, we had no choice; the only way of making things work was by handing control to the retailer. It was complex, but it was the only way.

Nearly all NFC contactless payments solutions attempt to use that existing retail payments infrastructure to process the payment. In effect they are layering NFC on top of the current solution. If you've ever delved into the arcane complexity of sim-based NFC, you'll quickly come to the view that this cannot reasonably be presented as anything other than "Very Complex". Complexity increases costs. And most NFC pilots limit transaction values to £15, which is slightly ridiculous when looked at in the cold light of day. But why layer new technology on top of yesterday's infrastructure, business model and high cost base?

With the advent of smartphones we all have our own portable bank connectivity in our pockets. No longer do we need to hand over the keys to the safe; we can transfer money ourselves without losing control. So how about we redesign our payments future with this in mind? Instead of consumers handing over authority for a retailer to debit their account, what about if the retailer communicated to our phone the transaction value, and the consumer executed the transfer themselves? In effect we just say to the retailer "tell me how much I owe you and I'll transfer the money on my smartphone". This is like modelling retail payments on the way business payments work; the retailer gives us an invoice, then we make the payment ourselves. Now we can do this in a retail context because we've got a smartphone with connectivity to our bank.

There is work to do on the way the user experience on the smartphone works and making it quick and easy. For example, we probably want the ability for the retailer to somehow initiate the flow on the phone wirelessly. And we need to simplify the way we execute and authorise the payment on the phone. If we need to stand in a shop typing in passcodes on our phones, unlocking our phone, finding an app, etc, then it'll never be efficient enough. Some form of simple biometric authentication, like fingerprint recognition, is probably needed before this is quick and easy enough to work efficiently. The user experience might need assistance from the phone OS vendors to optimise things, but we're not too far away from the components falling into place.

NFC could be used to transmit the invoice to the phone and we don't need to worry about encryption or the silly £15 limit of today's NFC implementations - when the till displays the total due on its display for all to see, it's hardly confidential. Although I've been sceptical about NFC in the past, its not the technology that's at fault, its the way everyone has been using it.

Using this approach the fraud risks reduce dramatically because we never hand over authority to a third party to debit our account. At the same time, we eliminate the whole point-of-sale, merchant acquirer, PIN code and encryption complexity in one stroke. Reduced complexity = reduced cost.

In my view there is a huge opportunity to radically simplify retail payments and reduce costs. That means reducing the industry costs so that it can reduce the cost to retailers. Look at any breakdown of card transaction costs - the ridiculous maze of obscure charges are ripe for simplification. Setup fees, transaction fees, terminal rental fees, minimum monthly service charges. Its even impossible to work out what today's charges are without specifying a particular business scenario.

In my opinion the smartphone is at the centre of an impending transformation, because it empowers a radically simpler business model for transactions. But banks have so far not been willing to disrupt their own industry - we continuously see Contactless pilots that just layer new complexity on the old rather than taking an axe to yesterday's complexity. At some point the light will dawn and something more radical will emerge, something that strips out entire layers of complexity and cost in something like the way I've suggested. The way we pay in a retail environment will change dramatically and retailers will encourage that shift because their costs will reduce. Many retailers increasingly operate on wafer-thin margins, so a reduction in card processing charges will be a huge benefit for them.

The future is not based on using smartphones for payments because its cool technology and makes us feel like we're in a sci-fi movie. Instead, Its based on disrupting an industry and reducing charges to its customers. This must mean a radical simplification of the way we pay and subsequent reduction in industry costs.

Many current mobile payment solutions layer additional complexity and cost onto yesterday's model and will fail for that very reason. In my opinion, the successful solutions are likely to sidestep the merchant acquirer complexity. One such promising solution is Zapp from VocaLink - by avoiding merchant acquirer and routing retail payments over the UK's Faster Payments, a very different industry economic might emerge. I'm intrigued by Zapp and its refreshing willingness to rethink the future. I'm sure it will have its challenges; not least that the necessary biometric authentication to make the user experience efficient enough in a retail context is only just emerging - so I suspect uptake might be slower than we'd like initially. But it's definitely an interesting direction.

In summary, my view is that the future of payments belongs to those who radically simplify, strip out cost and reduce the burden on retailers. I suggest this means that we are going to move from a "here are the keys to my safe, please go and take what I owe you" model, to a "tell me what I owe you and I'll transfer it to your account myself" model.

With thanks to @gendal for the safe analogy.

1 comment :

  1. Wholeheartedly agree.

    I like to use the "will this innovation kill an industry?" test to predict if something is going to change the world. Eliminating POS infrastructure, closing down merchant acquirers and infuriating those in the PCI consultancy space strikes me as a pretty big "kill".

    One problem that still has to be solved, however, is authentication of the merchant. I need to be sure that the invoice I receive really is from the merchant I think it's from.

    So you'll probably still need SSL/X.509 on the web and you'll need something similar in the physical world. Otherwise it would just be too easy for an adversary to send a fake invoice over wifi/infra-red/whatever at just the point I'm expecting it.

    It may well be that this proves to be the world's first ever useful use-case for QR-codes... the consumer would be in complete control of where they pointed the phone.

    Interesting times....!