Building a mobile payment model

Swipe your mobile across a reader by the till and instantly your purchases will be charged to your credit card. No signature, no waiting for PIN verification, quicker access through tills and point of sale. To find out how far the industry is from delivering on the promise of mobile payments, FST caught up with Rashid Qajar Telsecure.

FST. Using mobile phones to facilitate payments is a hot topic in financial services at the present. How do you think a mobile payment model will develop, and what might hold it back?

TS. Consumers are ready, but then consumers are always ahead of the game when it comes to technology and it’s uptake by the industry. The forward thinking and innovative members of the industry will be the first to meet this demand first.

Primarily controlled by the banks, Visa and MasterCard, the payments industry is the largest businesses in the world, moving trillions of dollars around the world every year and increasing. The mobile operators have wanted a part of this enormous industry for years, but have not yet developed a universally acceptable method that defines the way forward for making payments by mobile phone. Several half-hearted efforts have been made by the mobile industry but have not culminated in any standard having being created.

There is however encouraging news from the Groupe Speciale Mobile Association (GSMA) who recently announced the establishing of a global framework standard for mobile phone payments. They predict this one-swipe payment technology will potentially replace cards and cash and make it possible to go shopping just with a mobile phone. Banks do not want to make the card extinct and research has shown neither does the consumer, because it is a very convenient way of making payments and the card is used by many to signify their status, mobile phone payments just offers choice and that is the key to gaining and retaining their customers.

In order to develop a mobile payment model, it calls for collaboration with the banks to achieve significant attraction and rapid growth; otherwise making payments by mobile phone will be limited to closed schemes such as Mpesa by Vodafone or making small payments for car parks and vending machines.

However, collaboration at this level has inherent, but not insurmountable problems. Mobile operators and financial institutions are reluctant to enter into such collaboration, but this is because to date, no one company has thought outside of the box. The financial institutions have expressed their concerns that this is their core business and rightly so. Banks want to issue cards and they want people to use them; they have invested billions in the global infrastructure and they will not allow others to infiltrate a market segment that they control. This is where the fundamental error has occurred in the past.   

MasterCard are leading the way forward with their PayPass system currently being trialled in USA and France and soon to be trialled in the UK. If this is successful then MasterCard have the power and influence with the banks in providing a collaborative solution, but many issues will have to be resolved including revenue share, security the provision of new infrastructure. The latter is a bitter pill for banks to swallow as they have just spent over £1.4 billion for the new chip and PIN infrastructure and also leaves one big question of how to verify that this is the person making the transaction. Verification and authentication is a key component to any successful mobile payment standard in limiting fraud.

FST. Do consumers actually want to use their mobiles for their banking? What’s wrong with a debit or credit card for example?

TS. They want the choice. Not all consumers will want to use mobile banking to look at statements and payments, but what is attractive is having the choice to access balance availability, these sorts of services are being provided by banks. What they do not want is the inconvenience of having to top up their mobile phone and then go shopping, when they already have a card. Mobipay in Spain did introduce a mobile payment system in 2003, but it proved unsuccessful because it was too expensive to implement, needed change to the mobile phone, new infrastructure had to be deployed with merchants and the inconvenience of toping up their phone severally limited penetration, hence its failure. People want to have cards as it is means to show their status but increasingly the latest phone has proved to be more of a status symbol. How often does someone show you their latest card? How often does someone leave their latest card out on the table? But what consumers really want is the ability to ensure that they are a part of the authentication process when making purchases in the MOTO and internet area.

FST. Security is a big worry for most customers. How can the industry guarantee that mobile payments will be as or more secure than other channels?

TS. Absolutely. The mobile industry is not promoting any greater security aspects of mobile payments, although it can be made more secure than chip and PIN. No one can guarantee a fail-safe system or 100 percent security, but you can certainly make it harder for the criminals. Card fraud in the face-to-face area was the biggest concern for the card issuers and had been growing exponentially in the UK, and has been addressed with the introduction of chip and PIN, but fraud has not disappeared from banking, it’s just moved to the CNP area (internet, mail and telephone order), an area which now has the highest level of fraud. This can be addressed by the use of the mobile phone by introducing an additionallayer of security thatinvolves the cardholder.

FST. There are many competing technologies/payment models in this space. What do vendors need to do to ensure that their solutions will be compatible with future developments in the market?

TS. No-one has thought outside the box, everyone, until now has been thinking how they can gain from it when the answer is to look at how everyone can gain from it, all except the criminals. There can be many solutions but it needs the collaboration of all parties to ensure that there is a viable standard that these solutions all work to. What the banking industry will be very reluctant to accept is any major changes to the way they currently work. Therefore any solutions have to be generic, require minimal change to current backbone systems and be certified and compliant to current and future banking payment security protocols. This is absolutely possible and is the only way forward.

FST. Can you tell us a little about your own solutions in this space?

TS. After extensive research in the payments industry as a whole, Telsecure discovered that making payments using the mobile phone appeared to not be what the consumer wanted. The problem was that there was no single solution in verifying and authenticating a cardholder in real time when making a purchase on the internet, by mail and telephone order. It was all very fragmented and complicated and involved so many different parties and no one, single, truly interoperable solution; no wonder consumers weren’t too keen.

In collaboration with industry leading companies and experts, Telsecure embarked upon providing such a solution, which sits transparently on the current backbones of card issuers, which has a single point of deployment, has a higher degree of security than currently available in the market, coupled with it’s cost effectiveness and incorporates within it, all the security protocols of current systems, and is industry compliant.

Our solution, securePay, utilises the cardholder’s mobile device to verify and authenticate the cardholder in real time when purchasing goods and services in the CNP area without the need to change current backend systems, similar to chip and PIN. The system is a patented, proprietary technology, built with tried and tested hardware and software that is certified by design to Visa, MasterCard and global banking standards. It also provides secure online banking access to web based customers and provides the cardholder with the ability to turn their credit and debit card on or off. We believe that we have in securePay the bases of a secure mobile payment method that can be adapted to suit the purpose mobile payments. The next 12 months will be interesting to see how mobile payments develop and how and if the banks will buy into this and at what level.

Rashid Qajar, CEO of Telsecure, has a wealth of experience in banking and technology, owning and managing a number of successful companies, concentrating on technology, with a specific interest in authentication, verification and payment technologies. Rashid has been responsible for the building successful innovative solutions in the banking area since 1989.