CPP contactless and mobile payments white paper 2011

  • 1,604 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,604
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
84
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Contactless& MobilePayments:The emerging need forprotection & assistanceservicesA CPP white paperMarch 2011
  • 2. Introduction 2 1.0 Executive Summary Contactless payments are a collective term used to describe payments which can be made from a card or mobile phone without the need to make physical contact with a point of sale device. Recent statistics show that there has been an evolution in consumer payment behaviours in the UK with low value more frequent payments becoming the most popular type of payment in the UK. This pattern of spending behaviour is well matched to the ‘tap and go’ mentality of contactless payments, and bodes well for future adoption of such technologies on both cards and mobile phones. The much-celebrated trial of Oyster, the Transport for London’s paperless ticket scheme, has been a highly successful ‘test case’ for contactless cards in the UK. Oyster’s success has meant a wider UK rollout of contactless cards is now anticipated within the next few years. As such, issuance of contactless cards looks set to increase and we would expect to see contactless cards becoming an increasingly prominent feature of the UK payment architecture in the very near future. Extending this further, continued development of mobile payment software platforms, and mobile phone hardware also bodes well for future adoption of contactless payments via the mobile phone. Providing that software and hardware providers can broaden the range of mobile handsets they can support, the prospect of the consumer managing payment, loyalty and travel cards using their mobile phone could soon become a reality. Contactless and Mobile Payments March 2011
  • 3. 3 In addition to this, increasing smartphone adoption, driven by handset manufacturer competition, network operator strategy and the ‘social dimension’ will fundamentally change the way consumers see and use their mobile phone. Rather than being simply a tool for communication, consumers will see their mobile phone as the ‘central hub’ for co-ordinating and managing their lifestyle, keeping in touch with their friends and family and completing their day-to-day financial affairs. Despite the interest and debate about contactless payments and the benefits they can offer, there has been little discussion within the industry about how to comprehensively Increasing tackle the issues presented by loss or theft. This is surprising, as past concerns about the security of contactless payment technologies have been a key factor in restricting smartphone consumer uptake. Recent moves by government and leading industry players in the UK have sought to allay such fears, although we still believe that fraud will be a decisive issue adoption, will which could present a major challenge to the adoption of contactless cards and mobile payments in the UK, and which we feel the industry is yet to adequately address.fundementally CPP has identified three scenarios in which the use of contactless payments either via a change card or mobile phone could represent a risk to the security of consumer payment data, potentially putting consumers at risk of card fraud or identity theft. These include; the way - The loss or theft of contactless cardsconsumers see - The loss or theft of the mobile handset - Data security – involving an attack on the mobile payment ‘ecosystem’ their mobile from malware, trojans and viruses phone As contactless payments grow in prominence, providers will need to consider how to best protect their customers from these growing threats to their financial, personal and mobile security. The combined competence of CPP and our heritage with Card Protection, Identity Protection and Mobile Phone Insurance products makes us ideally placed to deliver new innovative services and fully maximise the sales potential of this rapidly developing market. Contactless and Mobile Payments March 2011
  • 4. 4 2.0 What are contactless payments? Contactless payments are a collective term used to describe payments which can be made from a card or mobile phone without the need to make physical contact with a point of sale device. Contactless payments on plastic cards use a form of technology known as Radio Frequency Identification (RFID). This short range wireless connectivity standard facilitates data communication between two separate devices. Although RFID technology can, in theory, be integrated into a variety of differant mediums in the UK, it is most common to find it integrated into the design of pre-paid, debit and credit cards. Oyster, the card used on the London Transport network is a good example of a payment card with contactless functionality, and more recently MasterCard and VISA both have introduced contactless functionality on a variety of their payment cards, dubbing this functionality Pay Pass (MasterCard) and Pay Wave (VISA). Contactless payments in mobile phone handsets use a similar form of wireless connectivity to RFID, called Near Field Communication (NFC). NFC devices are able to send and receive data when they are brought within four centimetres of one another. Financial information is stored on a secure element within the mobile handset, on the SIM card or on a peripheral device such as a memory card or adhesive sticker, whilst software installed on the mobile phone provides the interface for consumer interaction. Contactless payments remove the need for consumers to verify every transaction made using their card or mobile phone, and a number of transactions can take place before consumers are asked to verify their identity using their PIN number or security code. Contactless payments therefore offer considerable speed and convenience in comparison to other existing payment methods available in the market. The latest data from Barclays and Barclaycard, in November 2010, showed that the total number of contactless transactions reached over one million and is predicted to reach over twelve million by the end of 20101, showing that contactless payments are set to increase even further in the not too distant future. 1 Barclays Media Centre, November 2010Contactless and Mobile Payments March 2011
  • 5. 5 3.0 Overview of key market developments Statistics published by the UK Payments Council in April 2010 showed that debit cards have now become the preferred method of payment over cheques, credit cards, and cash transactions in the UK. The statistics showed that although average spend per purchase on debit cards has only risen 50 per cent over the last ten years to £45, debit cards are being used for more frequently low value payments. Whilst the proportion of payments Issuance made by cash and cheque are predicted to decline further over the next eight years, spending volumes on debit cards are set to increase with the UK Payments Council of contactless expecting debit cards to account for 46 per cent of card transaction volumes by 20182. This pattern of spending behaviour is well matched to the ‘tap and go’ mentality of cards looks set contactless payments, and bodes well for future adoption of such technologies on both cards and mobile phones. to increase and Oyster has been a highly successful ‘test case’ for contactless cards in thewe expect to see UK, so much so that we anticipate a wider UK rollout of contactless cards within the next few years.contactless cards The earliest example of contactless payment technology being used on a large scale becoming an in the UK, was the rollout of the Oyster Card Scheme on the central London travel network. Oyster offered consumers quicker journey times and a more convenient way to increasingly pay for their travel services, but the scheme also played an important factor in driving down the cost of operating transport services and reducing the level of fraud at prominent underground tube stations. Between 2003 and 2009 the number of tickets sold on the London Underground per day dropped from 1.8m to 600,000, resulting in a considerable feature of the cost saving for transport operators – an estimated £40m per year!3. UK payment On the back of the success of Oyster, the government recently announced it will bring forward its plans to implement a ‘smart and integrated’ ticketing system across the UK architecture within the next few years. This will see the roll out of contactless technology installed in nine regional areas outside of London and should allow consumers to use a single contactless payment card to pay for their journey, across multiple transport networks and providers. What is not clear yet is whether it will be left to established card issuers or transport operators to take control of card issuance, administration, activation (to ensure the card has reached the customer safely) or payment processing. At this moment in time, debit or credit cards carrying contactless technology may well present the strongest case for the rollout of contactless technologies on a national scale. Card issuers have the necessary expertise to provide card issuance and payment processing already provides nationwide merchant acceptance through the MasterCard or VISA network. Barclays has been supportive in adopting contactless cards when in 2007 it launched its One Pulse credit card, which combines the functionality of Transport for London’s Oyster card with a Visa contactless enabled credit card. 2 ‘The Way We Pay 2010’, UK Payments Council, April 2010 3 ‘Smart and Integrated Ticketing Strategy’, Department for Transport, December 2009. Contactless and Mobile Payments March 2011
  • 6. 6 It is reported that by February 2010, Barclays and Barclaycard had issued over 6 million contactless cards4 with business customers’ new or re-issued cards now having contactless technology included as standard. First Direct is also making headway in the mobile payments market, launching its ‘app on the go’ in January 2011, allowing customers to view their balances and last 20 transactions as well as making payments to an existing person or organisation5. Transport for London has already announced that starting in 2012 it will be upgrading the Transport Network in London to accept contactless debit and credit cards, and these forms of payment are expected to eventually replace the Oyster card system as the modus apprendi for payments made on the London travel network. Certainly the London 2012 Olympics will also prove a great opportunity to showcase contactless payment solutions, with the expectation that a number of banks, mobile operators and retailers using the event to accelerate the card and mobile products. VISA is likely to take the lead with the likely installation of point-of-sale acceptance devices at competition and non-competition venues, all of which are likely to support VISA PayWave, as was the case for the Vancouver Winter Olympics in 2010. These developments clearly show that over the next few years issuance of contactless cards looks set to increase and we would expect to see contactless cards becoming an increasingly prominent feature of the UK payment architecture in the very near future. NFC Continued development of mobile payment software platforms, and mobile technology phone hardware bodes well for future adoption of contactless payments via the mobile phone may soon Nokia announced in June 2010 that all new smartphones shipped by the company from become 2011 will come with NFC functionality. There have also been rumours that appointment of Benjamin Vigier by Apple in August 2010 will see the next iPhone model include NFC built into functionality. Vigier previously worked at NFC specialists, Mobile Wallet and mFoundry, as well as working within the NFC function at Sandisk.smartphones Google recently announced the next version of the Android operating system will include NFC functionality called ‘Gingerbread’. Google Android’s operating system is now pushing as standard ahead of Apple’s operating system and Blackberry’s RIM (Research in Motion) and only behind Nokia’s Symbien system. 25% of smart phones now adopt this system, up from 3.5% in quarter three 20106. This begs the question whether this is the final big push NFC needs to go mass market. Looking at existing mobile phone handsets there are a number of relatively inexpensive hardware upgrades available which can equip the mobile phone with the ability to send and receive contactless payments. Smartphones with an external memory card slot can take advantage of a programme similar to that currently being developed by VISA and Device Fidelity. This solution marries an NFC chip with a standard MicroSD memory card and provides an almost instant upgrade for any phone supporting MicroSD card functionality. For mobile phones without a memory card slot an alternative upgrade comes in the form of a SIM card integrated with an NFC chip which replaces the existing SIM card in the phone, another low cost upgrade comes in the form of a sticker containing an NFC chip. This can be attached to the interior or exterior of mobile phone casing. 4 ‘Barclaycard’, NFC Times, April 2010 http://www.nfctimes.com/company/barclaycard 5 First Direct newsroom, 13 January 2011, http://www.newsroom.firstdirect.com/press/release/first_direct_launches_iphone_a 6 Gartner research, November 2010 ‘Worldwide Market Share of Market System’. Contactless and Mobile Payments March 2011
  • 7. 7 NFC-based payment applications on SIM cards or other secure chips are linked to payment applications running on the mobile phones. These software applications provide the user interface which enables consumers to initiate and complete purchases, check transaction records and collect or redeem related loyalty points. Monitise, Nokia, MasterCard and VISA already have software platforms which provide mobile banking services and which support NFC payments on a limited range of handsets, whilst other providers such as PayPal and NatWest have focused on developing applications specifically for high end smartphones. Moving forwards software providers will need to ensure that software support is extended to a wider range of handsets and NFC hardware configurations to in order to drive consumer uptake. Providing that software and hardware providers can broaden the range of mobile handsets that can support the prospect of the consumer managing payment, loyalty and travel cards using their mobile phone could quickly become a very real possibility. Increasing smartphone adoption, driven by handset manufacturer competition, network operator strategy and the ‘social dimension’ will fundamentally change the way consumers see their mobile phone Recent data from Ofcom in June 2010 showed that nearly three-quarters (73.5 per cent) of handsets sold with post-pay mobile contracts were smartphones, giving smartphones an overall penetration level of 26.6 per cent in the UK mobile phone market (equivalent to 12.8 million subscriptions). Increasing penetration of smartphones has been driven by the arrival of handsets based on Google’s Android platform which has served to extend choice within the market. In addition relatively new providers such as ZTE, Acer and Huawei, are now offering low-cost smartphones, with some models priced at under £100. Established smartphone manufacturers have responded by enhancing their smartphone offerings, hence launch by Apple of the iPhone 3GS in June 2009 and iPhone 4 in June 2010 and the increased focus on the consumer segment of the market from Research in Motion owner of Blackberry smartphone brand. Continued growth in smartphone adoption will also be bolstered by network operator strategy as smartphones represent a way for network operators to develop lucrative revenue streams outside the voice and text arena. Rapid innovation in handset design will also be a key driver for smartphone adoption as network operators will increasingly look to provide differentiation between ‘old’ and ‘new’ handsets. This will be driven by the ever increasing usability of the smartphone, and the clear added value smartphones can offer over standard mobile devices - such as the ability to download applications and access additional 3G and 4G services. The ‘social’ aspect of mobile phones is fast becoming the backbone that mobile services are built from. Facebook accounted for almost half (45 per cent) of total time spent online on mobiles in December 20097, demonstrating that consumers do not just want to collect content, they want to create, share and comment on it. Combined with the recent developments in contactless payment technologies this means that the level of sensitive data sent through, stored on or accessed by the mobile phone is likely to increase in the foreseeable future. Rather than being simply a tool for communication consumers are starting to use their mobile phone’s as the ‘central hub’ for co-ordinating and managing their lifestyle, keeping in touch with their friends and family and managing their day-to-day financial affairs. 7 The Communications Market, Ofcom, August 2010Contactless and Mobile Payments March 2011
  • 8. 8 4.0 Contactless Payments and the issue of fraud Despite the benefits offered by contactless payments, consumers still have reservations about security of such technologies Despite the anticipation about contactless payments and the benefits they offer, there has been little discussion within the industry about how to comprehensively tackle issues presented by loss or theft. This is surprising, as in the past, concerns about the security of contactless payment technologies have been a key factor in restricting consumer uptake. In a US survey conducted by the Smart Card Alliance in November 2006, a total of 51 per cent of both current users and potential adopters rated security as their main concern withFraud will be a using contactless payments whilst a further 61 per cent indicated that they were unwilling to adopt contactless payment because of security issues8. Four years on it still remains to decisive issue be seen as to whether industry players have decisively resolved these concerns. A recent survey in April 2010 by Forrester Research demonstrated that one fifth of which could consumers surveyed did not believe mobile banking was safe9. Recent moves by government and leading industry players in the UK have sought to allay present a such fears. In an effort to increase confidence in contactless card payments card issuers such as Barclays have guaranteed that customers will receive the same level of fraud major protection on a contactless card as they do on Chip and PIN cards. Furthermore in August 2009 the UK government, working in partnership with the mobile and banking industries, challenge to released a series of measures designed to prevent criminals targeting contactless cardthe adoption of and mobile payments technology. These guidelines included, suggesting a single point of contact to report lost or stolen mobile phones (with or without contactless functionality contactless and encouraged registration of mobile phones on the National Mobile Phone Register to ensure that any lost or stolen devices could be easily disabled along with the SIM card payments and any financial service applications installed on the phone) In the case of contactless cards the guidelines aimed to ensure that user liability would be limited in line with a relevant code of practice (such as the Banking Code), as well as recommending a process designed to block the contactless payment functionality of the card in the event of loss or theft. Although CPP welcomes these developments, we still believe that fraud will be a decisive issue which could present a major challenge to the adoption of contactless payments in UK, and which we feel the industry is yet to adequately address. CPP has identified three scenarios in which the use of contactless payments either via a card or mobile phone could represent a risk to the security of consumer payment data, potentially putting consumers at risk of card fraud or identity theft. 8 ‘Contactless Payments: Consumer Attitudes and Acceptance in the United States’, Smart Card Alliance, November 2006 9 ‘Smart phones to drive European m-banking take-up’, Forrester Research, April 2010 http://www.finextra.com/news/fullstory. aspx?newsitemid=21333 NB: Based on a survey of 14000 people in France, Germany, Italy, the Netherlands, Spain, Sweden and the UK Contactless and Mobile Payments March 2011
  • 9. 9 The loss or theft of contactless cards Growth in contactless card issuance will mean that the consumer will be carrying a variety of cards including debit and credit cards, pre-paid transit cards and loyalty cards potentially all from separate issuing institutions, some of which they will carry in their wallet or purse, and some of which will be ‘virtually’ stored in their mobile phone. In the event of loss or theft of their wallet or mobile phone there will be a need for a service intervention to quickly cancel and subsequently reorder lost or stolen cards. The ability to cover multiple types of card, to be able to differentiate between this ‘virtual’ set of cards stored on the mobile, and the ‘physical’ set of cards in the consumer’s wallet, and cancel only the compromised cards will be an important factor in limiting the impact of card loss or theft for the consumer. In the case of low value payments (typically those of £15 or under) contactless payment technologies will also remove the need for the consumers to authenticate every payment using their PIN number supplied with their card. Consumers will be able to make a number of low value payments until a ‘ceiling’ limit is reached – prompting the consumer to enter their PIN number to confirm their identity before further transactions can be made. This could potentially leave the consumer at risk of fraudulent transactions if their card is lost or stolen. We believe there will be a continuing need for consumers to protect their contactless cards and mobile devices that incorporate NFC technology to ensure fraudsters do not gain access to their bank accounts and spend fraudulently. Data Security - An attack on the mobile payment ‘eco-system’ from malware, trojans and viruses As mobile phones become increasingly prominent as a payment tool, fraudsters will seek to exploit weaknesses in the software and hardware of these handsets for commercial gain. This has already been seen in the case of internet banking which has been the repeated target of attacks by malware and trojan viruses designed to harvest consumer login and payment data. Recent research from Ovum suggests that as mobile banking grows in prominence it will start to attract similar kind of attention because of the potential rich pickings which can be made by harvesting financial information stored on the mobile phone. Ovum also believes that mobile phones will become increasingly vulnerable to malware attacks due a greater range of software platforms and the vulnerabilities of these platforms which hackers will seeking to exploit. Providers will need to consider how to best protect their customers from these growing threats to mobile security.Contactless and Mobile Payments March 2011
  • 10. 10 The loss or theft of the mobile handset In recent research conducted by CPP misuse of the mobile phone featured as the second largest concern voiced by our customers following the loss or theft of their mobile handset10. In addition to the risk posed by mobile security threats providers will need to consider how best to protect customer information in the event of a loss or theft scenario. As more and more sensitive information is sent through, accessed by and stored on the mobile handset we believe that the ability to swiftly ‘lock down’ access to the handset to secure sensitive data will be of paramount importance in limiting the extent of compromised personal and financial data. Our research has also shown that the desire to protect against loss, theft or damage is a key factor in informing the decision to purchase mobile phone insurance11. With high value mobile handsets such as ‘smartphones’ growing in popularity, we believe that providers will also need to consider providing their customers with the option of protecting their handset against lost, theft or damage along with additional options to protect against the fraudulent use of voice calling and data plans. 10 Fonesafe Compliance Research Q3 2010, Conducted by Optimisa Research and CPP 11 Fonesafe Compliance Research Q3 2010, Conducted by Optimisa Research and CPPContactless and Mobile Payments March 2011
  • 11. 11 5.0 Opportunities available with CPP CPP’s portfolio of Life Assistance products may offer one way of adequately protecting your customer’s interests, whilst at the same time generating incremental revenue streams and strengthening customer loyalty with your organisation. CPP has particular specialisms in the following areas: Contactless and Mobile Payments In line with the Home Office’s Directive and the Mobile Contactless Forum’s appetite for a single point of contact for consumers in the event of a lost or stolen handset which may hold potentially sensitive data, CPP is considering development of a mobile security product which may address these areas of concern. Card Protection Card Protection provides a single point of contact should our customers need to cancel their cards. We then re-order them on their behalf – taking the stress, worry and hassle out of this unfortunate experience and if their bank holds them liable for fraud we also cover this. Additional services such as lock and key replacement and emergency cash are available, to ensure that customers can continue their life as normal until their new cards arrive. Identity Theft and Fraud Customers who hold an Identity Protection policy with CPP gain access to a comprehensive suite of preventive measures, including access to their Experian Credit report and regular alerts to inform them of any significant changes to their credit status, we can also actively monitor use of personal information online, and alert our customers if we believe that their personal data has been compromised. Should the customer become victim to identity theft CPP can not only address, but help to rectify any outstanding issues. Should the customer need financial assistance we can also provide £60,000 worth of cover for legal liabilities, lost wages or rejected credit application fees.Contactless and Mobile Payments March 2011
  • 12. 12 Mobile Phone Assistance and Protection Should customers find that their mobile phone is lost, stolen or damaged one call to CPP will ensure that the handset is reported as lost or stolen with the network provider. Customers are fully protected for any unauthorised calls made from their handset during this time, and should the handset need to be repaired or replaced, this can be easily organised over the phone. For additional security all the mobile handsets which we protect can be registered on the IMMOBILISE national property register. Packaged Services CPP’s packaged service solution connects the individual product elements together so the customer has the choice to access the service elements in one place. This approach gives the customer control, through choice, over the benefits they select and business partner’s choice to manage the usage risk. Operating as the central hub, CPP can co-ordinate and manage all the product activities, third party relationships and services involved in the efficient and smooth delivery of the packaged service to the banking provider. In summary, CPP can offer an end-to-end proposition design package and development, as well as supplier sourcing, service and channel delivery. Business Process Outsourcing CPP offer a range of service to sales telemarketing services the key benefits of which include driving out cost from your operating model, enabling greater pricing efficiency through volume delivery of products and services, and providing an enhanced customer experience by delivering high levels of customer service. The combined competence of CPP and our heritage with Card Protection, Identity Protection and Mobile Phone Insurance products makes us ideally placed to deliver new innovative services and fully maximise the sales potential of this rapidly developing market. 6.0 Further Information Any further queries about the opportunities available with CPP should be directed to: Jason Walsh – Divisional Director, Mobile Protection Division CPP Group Plc, Holgate Park, York YO26 4GAContactless and Mobile Payments March 2011
  • 13. 13CPP is an award-winning organisation:- Winner in the European Contact Centre Awards, Large Team of the Year category, 2010- Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010- Winner in the National Sales Awards, Contact Centre Sales Team of the Year category, 2010- Finalist in the National Insurance Fraud Awards, Counter Fraud Initiative of the Year category, 7.0 About CPP 2009 The CPPGroup Plc (CPP) is an international marketing services business offering bespoke- Finalist in the European customer management solutions to multi-sector business partners designed to enhance Contact Centre Awards, their customer revenue, engagement and loyalty, whilst at the same time reducing cost Large Team and Advisor to deliver improved profitability. of the Year categories, 2009 This is underpinned by the delivery of a portfolio of complementary Life Assistance- Named in the Sunday products, designed to help our mutual customers cope with the anxieties associated Times 2008 with the challenges and opportunities of everyday life. PricewaterhouseCoopers Whether our customers have lost their wallets, been a victim of identity fraud or looking Profit Track 100 for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to- Finalists in the National enjoy life. Globally, our Life Assistance products and services are designed to simplify the Business Awards, 3i complexities of everyday living whether these affect personal finances, home, travel, Growth Strategy personal data or future plans. When it really matters, Life Assistance enables people to live category, 2008 life and worry less.- Finalist in the National Business Awards, Established in 1980, CPP has 11 million customers and more than 200 business partners Business of the Year across Europe, North America and Asia and employs 2,300 employees who handle category, 2007, 2009 millions of sales and service conversations each year. and Highly Commended in 2008 In 2010, Group revenue was £325.8 million, an increase of more than 12 per cent over the previous year.- Named in the Sunday Times 2006, 2007, 2008 In March 2010, CPP debuted on the London Stock Exchange (LSE). and 2009 HSBC Top Track 250 companies What We Do:- Regional winner of the CPP provides a range of assistance products and services that allow our business partners National Training to forge closer relationships with their customers. Awards, 2007 We have a solution for many eventualities, including:- Winner of the BITC Health, Work and - Insuring our customers’ mobile phones against loss, theft and damage Well-Being Award, 2007 - Providing assistance and protection if a customers’ cards and keys are lost or- Highly Commended in stolen. the UK National Customer Service - Providing advice, assistance and insurance to protect customers against the Awards, 2006 insidious crime of identity fraud- Winner of the Tamworth - Assisting customers with their travel needs be it an emergency (for example Community Involvement lost passport), or basic translation service Award, 2006. Finalist in 2008 - Monitoring the credit status of our customers- Highly Commended in - Provision of packaged services to business partners’ customers The Press Best Link Between Business and Education, 2005 and 2006. Winner in 2007 For more information on CPP visit:- Finalist in the National Business Awards, Innovation category, www.cppgroupplc.com 2005 Contactless and Mobile Payments March 2011