SDP Global Summit 2012


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SDP Global Summit 2012

  1. 1. Mobile Payments SDP Global Summit Rome 12. 9. 2012 Martin Prosek, VAS Platform Development Manager Telefónica Czech Republic
  2. 2. Telefó About Telefónica Czech Republic Fixed and mobile voice and data, IPTV Operated under commercial brand O2 1
  3. 3. Telefó Telefónica Globally 2
  4. 4. BlueVia – Global APIs
  5. 5. Introduction 01 Mobile Payments Quick Review 02 Telefónica Czech Republic Experience 03 Opportunities 04 Technical Solutions 05 Risks and their Mitigations 06 Summary/Recommendations Disclaimer: The opinions of the author expressed in this document do not necessarily state or reflect those of Telefónica company 4
  6. 6. Mobile Payments Most popular service • • • Users use it – it is convenient method how to perform purchases Developers need it – provides monetization Operators like it – gives place in the value chain and another revenue stream Mobile Network Mobile Network Operator Operator Consumer Let us do some quick review… Content Provider
  7. 7. Payments? What are the Mobile Payments? Many definitions exist… • It generally refers to payment services performed from or via a mobile device. Focus on Mobile Network Operator service • • • • Not mobile banking Not payments using credit/debit card Not payment through online payment provider Not NFC Direct to bill (D2B)
  8. 8. Experience in Telefonica CZ Today is 10th anniversay of service mJuice m-Platby • USSD based, used or cinema tickets purchase Premium SMS – 7 years old service Mobile web payments m-platba – 3 years old All these payment solutions are pre-SDP
  9. 9. Mobile Payment Methods Premium SMS – oldest one Mobile web – already established In-app payments – great for freemium InSmartphones penetration still grows… One-off payments Subscriptions/direct debit Google Android Apple iOS 200802 200806 200810 200902 200906 200910 201002 201006 201010 201102 201106
  10. 10. Limitations Transaction fees are and will be still high Limited use for intangible goods, mostly consummable on the mobile device
  11. 11. Opportunity The situation is very positive • • • • The smartphones penetration is high Users already have learned to pay for apps Operators are perceived as trusted parties and have good track of history in mobile content User experience is better than for using payment cards Mobile Payments can substitute the declining content revenues Mobile Payments can help operators to return to the value chain and stop being dumb pipe
  12. 12. Technical Solutions SDPs – standard means to expose Payment API API standards Operator Operator
  13. 13. Business Risks Repudiation • • When operator cannot prove user‘s consent user later can reject the payment Closely connected to subscribe identification Provider charging without providing service • • By mistake or technical failure Biggest problem can be fraudulent use Unclear relation to the provider • Not possible to get clear responsibility
  14. 14. Technical Risks Communication is not direct anymore Operator Operator Man-in-the-middle (M-I-M) attacks are possible Provider Provider Operator Operator Even the app itself can compromise the payment security – App-in-theApp-in-the-middle (A-I-M)* App App * Known examples: fraudulent Premium SMS sending… Provider Provider Operator Operator
  15. 15. Mitigations Possible Risk Mitigations Payment transactions and/or spend limits (per day, month…) Different security levels for different amount of payments • E.g. for purchases under 2 € lower security Security influenced design of payment authorization • • • User giving consent as directly as possible (no M-I-M) Verification of human interaction (login by username/password, PIN, captcha, mouse movements/gestures…) Alternative communication channels (SMS, USSD…), use of one-time password
  16. 16. Mitigations Possible Risk Mitigations Payment notifications (by SMS and/or e-mails) • User gets info about payment transaction everytime Offering opt-in model • Use must confirm intention to have payments enabled Best solution would be use of SIM-based transaction signing
  17. 17. Good Balance of Security and Convenience One click payments No authorization Opt-out Convenience Security Authorized payments Opt-in SIM-Toolkit based security
  18. 18. Recommendations Let the user be in control of the service security settings – provide good web selfcare Give the user access to full history of the payments – on the web selfcare MADo your best to have direct access to user (no M-I-M or A-I-M) Have clear contracts with providers stating responsibility for all cases all 17
  19. 19. Empire… Last Days of the Roman Empire… Mobile Network Operators had created „empires“ Huge revenues were funding their development But now the „empires“ are under attacks of „barbarians“ from outside (the Internet…) If operators are not acting now the position in the value chain might be lost – the „fall of empire“
  20. 20. Questions?
  21. 21. Thank you.