emerging payments landscape - merchant advisory group · 2014-06-18 · mobile payments landscape...
TRANSCRIPT
Mobile Payments Landscape
Merchant Advisory Group
Webinar June 18, 2014
Marianne Crowe and Susan Pandy
Federal Reserve Bank of Boston
Disclaimer: The views expressed in this presentation are those of the presenters and do not necessarily reflect the views of the
Federal Reserve Bank of Boston, or the Federal Reserve System..
Agenda
• Role of Federal Reserve in Payments
• Overview of Mobile Payment Landscape
• Mobile Industry Challenges, Risks and
Initiatives
• Security and Regulatory Considerations
• Key takeaways and Next Steps
2
What the Federal Reserve Banks Do
Fed Payment
Initiatives
• Quantitative and
Qualitative Research
FRFS Strategic
Plan
FR Retail
Payments Study
Consumer Surveys
3
Provide financial services to depository institutions and U.S. government
Establish and execute U.S. monetary policy
Supervise and regulate financial institutions
Maintain stable financial system and contain systemic risk
FR Financial Services Strategic Plan
4
• Maintain and enhance FRB network security
• Enhance understanding of end-to-end security
• Collaborate and promote industry best practices
Safety and Security
• Develop solutions to enhance payment speed
• Understand market demand for faster payments
• Continue migration of paper to electronic
Speed
• Develop solutions to promote efficiency
• Understand needs and barriers
• Promote standards adoption to improve efficiency Efficiency
Highlights from 2013 FR Retail
Payments Study
5
Debit card
Credit card
ACH
Checks (paid)
Prepaid card
0
10
20
30
40
50
2003 2006 2009 2012
Trends in noncash payments by number and type of transaction
Billions
Fed Role in Mobile Payments
• History as regulator and operator
• Role to foster integrity, accessibility and efficiency of payment system
• Mobile payments is a new payments channel
• Neutral body
• Facilitate bank and non-bank discussions
• Ensure non-banks understand ‘payment’ responsibilities
• Identify mobile payment benefits, risks and gaps in regulatory coverage
• Applied industry analysis and outreach
• Mobile Payments Industry Workgroup (MPIW)
• Security and risk analysis
• Industry mobile standards
WHY?
HOW?
WHAT?
6
Overview of Mobile Payment
Landscape
7
What is a Mobile Payment?
• Using a mobile phone to
make proximity or remote
purchases, including point-
of-sale (POS), transit,
online goods and services,
digital content and P2P
money transfer.
• Payment is funded with
credit/debit card, prepaid
account, bank account
(ACH) or charged to a
mobile phone bill.
8
Mobile Technology Terms
• Near Field
Communication (NFC):
Standards-based wireless
communication protocol to
exchange data between
devices a few centimeters
apart (e.g., mobile phone
and merchant POS
terminal).
• Secure element: Tamper-
resistant, encrypted smart
chip in the mobile phone
that stores customer
account credentials for
NFC payments.
9
Mobile Technology Terms
10
Host Card Emulation (HCE):
• Software that represents a smart card
• Routes NFC communications through
mobile phone’s host processor
• No secure element needed
• Stores and transmits payment card
credentials via the cloud.
iBeacon
• Network transmitter that identifies and
tracks smart phones.
• Identifies users with iPhones via BLE
(Bluetooth Low Energy) network by sending
and receiving signals across small physical
areas. (Like NFC wider distance.)
• Can send notifications of nearby offers to
customers and enable hands-free
payments at the POS.
Mobile Technology Terms
• Quick Response (QR) Code:
A two-dimensional barcode that
the customer downloads from a
mobile app, which contains
payment information to be
scanned at the POS QR code
reader.
• Cloud-based mobile
payments have payment
credentials stored in the cloud
(i.e., a remote server).
Payments may be initiated from
a mobile app, QR code, NFC.
11
Mobile/Digital Wallet
Application that stores actual
(or proxy) payment
credentials, personal and
loyalty/coupon information.
Used to perform e-commerce
or m-commerce transactions.
A mobile wallet app resides
in the secure element in the
mobile phone. A digital
wallet app resides in the
cloud/remote server.
12
Mobile Payments Roots in Online
Banking and Cards
NFC Card
Emulation, Cloud, Wallet
QR code
Prepaid Access
Remote Payments via App, Internet
Mobile Remote Deposit Capture
Advanced Mobile Banking –
Bill Pay, P2P
Basic Mobile Banking - information
Online Banking & Card Payments
13
13
Use of Mobile Banking Helps Drive Mobile Payments
• Drivers of mobile banking adoption: – Convenience (37%)
– Smartphone Adoption (32%)
– Bank started to offer service (16%)
• Most common mobile banking activities: – Check balances (93%)
– Transfer funds between own accounts (57%)
– Mobile online bill payment (44%)
14
42%
21%
48%
28%
51%
33%
Smartphone Users
Mobile Phone Users
2013 2012 2011
Source: Board of Governors Federal Reserve System, Consumers and Mobile Financial Services, March 2014
Have you used mobile banking
in the past 12 months?
Mobile Expands Financial Access and Inclusion for Underserved
• Mobile channel provides real-time, 24/7
access to financial data
• Prepaid mobile banking services can
meet financial needs of underserved
• 22% of consumers use prepaid
products; many are unbanked or
underbanked
• 69% of unbanked have mobile phones
– 49% are smartphones
• 88% of underbanked have mobile
phones
– 64% are smartphones
– 39% used mobile banking in past 12
months
15 Source: Board of Governors of Federal Reserve System, Consumers and Mobile Financial
Services,March 2014
Consumer Adoption of Mobile Payments Low but Increasing
• 66% of mobile
payment users paid
bill online
• 17% of smartphone
users made POS
mobile payment
– 39% with QR code
– 14% with NFC
• 63% have security
concerns
• 61% see no benefit
from mobile
payments
16
Source: Board of Governors of the Federal Reserve System, Consumers and Mobile Financial Services, March 2014
24%
15%
24%
17%
Mobile Payment
Users
(Smartphones)
Mobile Payment
Users
2013, n=2341
2012, n=2291
Mobile Payment Solutions Evolving
2006-2008 2009-2010 2011 2012 2013-2014
Remote SMS & e-
commerce Payments
PayPal Text to Buy
Amazon Text Buy It
Direct Carrier Billing
Mobile App Stores
Apple App Store
Android Market
RFID Contactless
Cards
Mobile Web
Payments
Amazon
Mobile Card
Acceptance
Square
QR Code
Starbucks
LevelUp
NFC
Google Wallet
Prepaid
AmEx
PayPal Here
Isis NFC Wallet
Cloud Digital Wallet
PayPal In-store
Apple Passbook
Visa V.me
NFC/Cloud Wallet
Google Wallet
Prepaid
AmEx Bluebird
Mobile Bank Account
Green Dot GoBank
Merchant Apps
Square Wallet
Google Wallet
KitKat HCE
Beacon BLE
PayPal Beacon
17
But Creating Fragmented U.S. Mobile Payments Market
18
18
How the Mobile Landscape has
Changed
2010 – • NFC single channel for mobile
POS
• No wallet discussion
• Early discussion of value-
added services
• How to increase NFC phones
and POS terminals
• Little non-bank/merchant
involvement
• Security secondary
2014 –
• NFC, Cloud, QR Code, HCE
• Channel convergence
• Larger non-bank and merchant
role
• Wallet developments
• Data monetization through
value-added services (loyalty)
• Increased focus on security
and authentication
• Impact of EMV
• More regulatory interest
19
Non-banks Play Strong Role in
Mobile Payments Ecosystem
• Represent diverse businesses
– MNOs, start-ups, technology solution providers, merchants
• Merchants are influencing direction of mobile payments
– Lowering cost by seeking alternatives to card-based payments
– Controlling access to customer data
– Implementing payment provider solutions at POS
– Working with NFC wallet providers
– Developing proprietary mobile apps and white label wallets
– Participating in merchant-centric mobile wallet efforts
• May pose risks to FIs
– Disintermediation, competition for customer relationship, potential security and privacy issues
20
• Google transitioned from NFC with
secure element to NFC using host
card emulation (HCE) model in Oct
2013
• Eliminated connection to MNO
• Opened access to any credit/debit
account to be loaded with
credentials in the cloud
• Still use NFC ‘tap’ at POS to choose
payment method, initiate payment
• Coupons, loyalty programs from
participating merchants redeemed
automatically
• Wallet password protected
• Remote disable if lost/stolen
21
Mobile Wallet
• NFC wallet with payment credentials stored in removable “Isis-Ready” SIM card containing secure element
• Joint venture between AT&T, Verizon and T-Mobile
• National commercial launch November 2013
• Current data:
– 20K Isis Wallet activations per day
– 68 Isis wallet smartphones, of which 14 preloaded with Isis app
• Three FIs: AmEx, Chase, Wells Fargo
• Merchant deals, loyalty programs
• Wallet password protected
• Remote disable if lost/stolen
22
Expands Digital Wallet
• Ubiquitous digital wallet uses mobile app to access payment credentials stored in cloud
• Access with phone number & PIN, or card
23
PayPal in-store
POS solution
PayPal
Payment Code
PayPal Here
PayPal
Beacon
Starbucks Mobile App
• Closed-loop prepaid account funded with credit/debit card
• Scan mobile QR code at POS reader to pay
• Reload funds, earn/track rewards through app
• 10M+ mobile app users; 5M mobile transactions/week
• Mobile represents14% of in-store U.S. transactions
24
• Download mobile app and register
by linking a debit/credit card to a
unique QR code.
• Scan QR code from mobile phone to
LevelUp terminal at participating
merchants to pay.
• 1.5M+ users; 14K+ businesses in
40+ states
• 100+ merchant white-label mobile
payment and loyalty apps
• Location-based offers; loyalty
programs
• Partnerships with NCR, Heartland
Payment Systems, Foodler
25
Merchant-driven
Mobile Wallet
• MCX is a cloud-based/QR code
mobile payment wallet app
• Merchant deals, loyalty programs
• 70+ U.S. brands
– 110K+ store locations
– $1Trillion+ in annual payments
• Will not share customer data
• MCX/FIS partnership – EFT
network for payment processing
and settlement
• Paydiant developing white label
wallet platform
• Launch TBD
26
Apple - Potential Disruptor?
• iTunes digital wallet & mobile payment app
– One of the biggest online credit card
subscribers with 800M iTunes accounts
– Credit card/billing info stored in cloud
• Passbook mobile app
– Aggregates QR codes from retailer loyalty
cards, gift cards and coupons, boarding
passes, movie tickets into non-payment digital
wallet
– Convenient tracking of loyalty cards, rewards
• Isis NFC case for iPhone
– Contains NFC antenna
– Secure Element microSD card stores
credentials for mobile contactless POS
payments
27
Mobile Payment Industry
Challenges, Risks and Initiatives
28
Financial institutions
Merchants
Card networks
Clearing/settlement organizations
Payment processors
Payment trade associations
U.S. Treasury
Online payment providers
Mobile Network Operators
Handset/OS manufacturers
Chip makers
Mobile solution providers
Mobile carrier trade association
What is the MPIW?
Industry group representing over 40 major U.S. mobile
payment stakeholders
29
Overall Mission of MPIW • Build consensus on mutual points of value and challenges
• Work collaboratively to reach critical mass for secure,
efficient retail mobile payment adoption
• Help Fed understand industry role and trends in mobile
payments ecosystem
MPIW Goals
• Convene MPIW and other industry stakeholders to
share perspectives and issues on POS mobile
payment developments
• Assess impacts of new technologies, solutions &
risks
• Work to remove barriers to secure mobile adoption
through analysis of potential risks and mitigation
tools such as tokenization and authentication
• Identify potential gaps in mobile payment standards
• Keep abreast of regulatory developments
• Support key principles for successful U.S. retail
mobile payment ecosystem
30
Principles for Successful
Mobile Payment Ecosystem
• Interoperability of platforms, including NFC & cloud
• Open/ubiquitous wallets across payment networks
• Existing clearing and settlement rails, allowing for new rails
• Technology-agnostic end-to-end mobile payment security
• Clarity of roles and risks of non-bank mobile providers and
solutions
• Globally interoperable and technology-agnostic U.S. mobile
standards
• Regulatory clarity for consumer protection, privacy and non-
bank engagement in mobile payments
31
Few venues for broad acceptance
Growing non-bank and
merchant roles
Data security and privacy concerns
Convergence of online,
mobile & POS channels
EMV Migration Lack of
interoperability and standards
Finding the right value-added incentives
Competing technologies – NFC, Cloud, QR
code, HCE
Complex regulatory structure
Challenges to Adoption
32
Mobile Security and
Regulatory Considerations
33
Mobile has Multiple Points of Risk
Mobile Apps
Customer Authentica-
tion
NFC, HCE & Secure Element
Wireless Network End
User
Payment Transaction
Account
Wallet
Mobile Device
Cloud
34
• Complexity creates new opportunities for compromise
Malicious mobile apps and data breaches
Data monetization and location-based services heighten privacy risks
• Need stronger authentication
EMV, tokenization, geo-location, biometrics
• Convergence of platforms and parties blurs lines of responsibility and liability
U.S. EMV Migration Addresses Card-
Based Fraud
35
October
2017 October
2016 October
2015 2014 April
2013
Acquirers & Processors
100% EMV
Liability shifts to
non-EMV merchant acquirers EMV at
Gas Pumps
Liability shifts for ATM
transactions
Supports mobile
payment adoption
MPIW Mobile Security Activities
• Sub-group evaluating and documenting risks
and security options for mobile device and
end-to-end mobile payment transaction based
on use cases:
– Proximity and remote mobile payments
– NFC, Cloud, QR Code, HCE, etc.
• Planned analysis of relationships and impacts
of tokenization initiatives and authorization
tools on mobile payments
– TCH, EMVCo, MasterCard and Visa, PCI, X9
36
Mobile Standards Developments
• U.S. standards and industry certification are needed to
ensure global interoperability, security and efficiency of
mobile device, payment process and technology platforms
• Current efforts are fragmented
• NFC and secure element follow guidelines from ISO and
NFC organizations (e.g., Smart Card Alliance, NFC Forum,
GSMA, and Mobey Forum)
• U.S. mobile contactless payments employ chip security
and NFC technology based on ISO 14443
• ANSI X9 Mirror Group working with ISO to develop broader
mobile financial services technical standard (ISO 12812)
• No standards for tokenization, cloud, QR code or HCE
mobile payments
37
Complex U.S. Regulatory System
• Current regulations and laws
for underlying payment
methods (credit, debit, prepaid,
ACH), govern mobile
payments
• Alternative providers less
familiar with banking laws for
consumer protection, privacy,
KYC, BSA, data security,
money transmission, risk
compliance
• No one authority or law
regulates mobile
payments/commerce
• Fragmented U.S. regulations–
different consumer protections,
disclosure requirements, and
error resolution provisions
38
38
Industry Perspective on Mobile
Regulation
• MPIW met with bank regulators and FTC in May 2014
• Key concerns are consumer protection, privacy, data
security and financial inclusion
• Non-banks offering mobile services should understand
how to protect consumers, but for now banks still liable
• Still no indication of pending regulation specific to
mobile
• Focus on education and communication between
industry and agencies
• Industry stakeholders want to be involved when need
for mobile regulation arises
39
Potential Industry & Policy Issues
40
Should mobile standards be open, proprietary, or both? Standards vs. guidelines vs. best practices?
How to secure end-to-end mobile transaction across multiple mobile platforms and what are stakeholder responsibilities and liabilities?
How to protect consumer data and privacy with use of big data, marketing programs, location-based services
How to ensure level playing field in financial services for all consumers, including the underserved
Key Takeaways
41
Non-banks continue to drive and shape the industry through innovation and implementation of new mobile solutions
Unclear value, too many choices and lack of standards are causing customer and merchant confusion, resulting in poor adoption (to scale) and spotty merchant acceptance
Potential risks need to be monitored … and “confusion” and adoption by consumers must be consistently gauged
Next Steps for Fed/MPIW
• Actively engage with industry to help remove barriers to safe and secure adoption of mobile for all consumer segments, including underserved
• Keep abreast of mobile industry trends and assess impact of various initiatives: EMV, HCE, tokenization, and new non-bank solutions
• Continue to analyze potential mobile payment risks and identify mitigation tools
• Identify standards gaps and potential changes through participation in X9 and ISO
• Monitor regulatory developments and inform industry stakeholders
42
http://www.bostonfed.org/bankinfo/payment-strategies/index.htm
Reports available on Boston Fed website:
http://www.bostonfed.org/bankinfo/payment-strategies/publications/2011/mobile-payments-
mapping.htm
http://www.bostonfed.org/bankinfo/payment-strategies/publications/2013/mobile-payments-
landscape-two-years-later.htm
Questions?
Thank you
43