Technology Behind Mobile Payments

Smart phone is the fastest technology that mankind has adopted to, overtaking the internet. Mobiles have been the pivot around which the new innovative payment methodologies are being developed. In this paper we will walk through technologies that are used by the payment providers to enable payment through mobiles.

A. STK (SIM Application Toolkit) – A SIM is an integrated circuit that is intended to securely store the international mobile subscriber identity (IMSI) which identifies the subscriber uniquely. STK is an application program that is written on top of the SIM technology, this enables the mobile service provider to provide the user with a menu based technology that is used for various services including mobile payments. m-Pesa the mobile money transfer system that Safaricom introduced uses the STK technology. The users are provided with a menu based application where they can enter the details to transfer the funds. As, STK is embedded with the SIM technology it is quite tamperproof and secure. STK is likely to be used in countries where the smartphone penetration is low.

B. USSD(Unstructured Supplementary Service Data) Most of the mobile phones work on either CDMA or GSM technology. CDMA technology is owned by Qualcomm while GSM is the industry standard and is the more widely used mobile technology. USSD messages work on the GSM technology, basically GSM technology has 2 bands, one for voice communication and the other for network communication, the USSD band. USSD messages are similar to the SMS(Short Message Service), but they are of 182 characters length. They work by creating USSD session, which gives them real-time communication capability. Vodacom uses this technology to provide the payment service Tanzania, though the quantum of transaction is not as high as m-pesa Kenya they have seen reasonable success with over $12million worth transactions being processed every month.

C. NFC  Touted as the Crossing the Chasm of mobile payments. NFC, stands for Near Field Communication, is a radio technology that enables devices to communicate with each other when they are touched together or brought to close proximity. To make an NFC payment one needs to bring the NFC device close to POS terminal where the NFC device is recognises the POS device, the NFC device will create a token using the POS provided data and a secure element, and sends it over to the POS device. The POS device will then forward the token to the payment service provider who will validate the token and make the payment.

It has a very strong argument when it comes to the security of payments, they use the concept of secure element which is tamperproof. There are basically 2 ways of managing the SE component and as expected, Google and Apple are betting on different technologies to make the NFC payments.

Google uses the Host card emulation technique to enable payments; using HCE enables google to work with other players. In case of HCE the secure element is stored in the cloud which puts it at a disadvantage of needing internet connectivity to make payments. It makes sense for Google to use this approach as they do not manufacture the devices.

Apple pay on the other hand uses in-device Secure Element (SE) to enable payments, using SE for apple makes sense, Apple manufactures the device and owns the payment application, which gives it the freedom and flexibility to use the Secure Element method of authentication and authorization.

NFC technology is being worked upon for the last 5 years, but it has not seen much success, experts believe that 2015 might be the year when mobile payments will take off.

D. QR codes – The present leader of the pack, Nielson in its The Modern Wallet: Mobile Payments are Making Life Easier report that 45% of the interviewed Customers favour payment via the QR codes. QR code stands for Quick response code, first developed by Densa-Wave a Toyota subsidiary, for inventory tracking of automobiles. It is a 2 dimensional image of black squares that can be decoded by the barcode reader. Most smart phones with cameras have the ability to scan and read QR codes which has led to the wide spread use of QR codes in payments. There are basically 2 types of QR code payments that can be made:

  1. Receive a QR code in your phone and get it scanned at the counter: In this case the customer needs to have a payment app installed in the mobile phone, which will generate a QR code for the payment transaction. This QR code can be scanned using a barcode reader by a cashier to process the payment.
  2. Scan the QR code at the counter and make the payment: In this case the customer needs to have a payment app installed in the mobile phone, which can read the QR code and process payment for the same.

Now, the question if it is safe? Actually it may be safer than the card payments as the customer information is not passed while the transaction is processed; the QR codes send tokens which are validated by the payment processors. China has blocked the use of QR codes following concerns about the level of security QR codes provide, but there are strong rumours about the service being made available soon as Wechat and Alipay are testing out QR code based payments in the country.

E. Bluetooth Low Energy Bluetooth low energy was originally introduced to the market under the name Wibree by Nokia in 2006. The same has been merged to Bluetooth standard in 2010. A Bluetooth beacon has sensors that detect the smart phones within a few inches making it extremely user-friendly, as the name suggests it uses the highly energy efficient Bluetooth low energy. The vendor has to install the BLE in the store, provided by multiple vendors including apple, which can transmit messages to the customers mobiles. Apple and Paypal are 2 companies that are betting big on this technology, while apple has a Bluetooth beacon that works with apple alone, paypal has no such restriction, their beacons work both on apple and android devices.

There have been concerns raised against the technology that people would be bombarded with prompts, but Paypal president David Marcus asserts that the consumers are still in control of the notifications that they receive. For instance there can be notifications from stores which can be left unattended. The customers can also choose the stores that they want to receive notification from.

One of the major problem that BLEs face is the DoS attack(Denial of Service). Another issue that we see with the paypal system is the way in which the product is designed. Paypal provides customers contactless payment system, in this case the vendor cannot prove the customers authorization of the payment as there is no  handshake to show the same.

F. Mobile Card Reader  When square first brought these to the markets, everyone from Paypal to Facebook to Google expected them to do well, but unfortunately they have not done well till date. These are basically card readers that can be attached to any smart phone, enabling the smartphones to make payments through cards. When I first saw them in 2012, I expected them to be widely used by e-commerce companies and small businesses. But, these MCRs suffered from a major flaw – the commission charged by the card companies. Customers were not willing to pay extra and retailers were not willing to give up on their margin.

G. MST MST stands for Magnetic Secure Transmission it was developed by LoopPay which has been recently acquired by Samsung. The MST technology generates changing magnetic fields over a short period of time that emulates the same magnetic field change as when a card is swiped across the read head. If you move the MST enabled mobile over the card reader at a distance of 3-inches the MST is a great technology where the physical card has been replaced by the mobile phone and the technology on the vendors side has remained unchanged.

Samsung Galaxy S6 that was announced on March 1st 2015 supports the MST technology.

Though Samsung has an edge over others with MST payments, the default payment method in  Samsung Galaxy S6 is NFC, not MST. Be it technology providers or the vendors, both want to do away with card based payments.

Conclusion: STK/USSID payments will remain prevalent in markets where smartphone penetration is low, which gives the telecom companies an edge over other players.

NFC is expected to make the retail payment hassle free. With Apple choosing NFC technology it is very likely that the industry wants to promote NFC as the default mode of payment.

QR codes is an easy to use technology that will peak very soon, whose success will depend not on its merits alone but on the failure of other payment technologies such as NFC, Bluetooth and MST among others.

BLE still seems to the technology of the future, where a customer can use his mobile to choose products using mobile in the store and make payments via BLEs.

MST might just be Samsungs plan B in the payments space, they also seem to want to use NFC over MST. NFC is the default payment option in Samsung galaxy S6.