Mobile payments as a financial transaction medium emerged around a decade ago. Adoption was slow due to the nature of the mobile technology supporting the concept. However, recent significant advances on the technology front have made this area one of burgeoning growth in the financial services sector.
Services-based and text-based payment and proximity device communications a Re-appearing worldwide. Widespread use of smartphones and consumer comfort with mobile devices for more than communication are the principal drivers of a resurgent and increased interest in mobile payments. In addition, advances in software and hardware Security techniques have made trusted financial transactions possible from these devices.
Mobile devices will soon be the central tool consumers use to manage banking relationships. When consumers start embracing mobile wallets and making digital transactions, banking will never be the same again.
A “mobile wallet” — defined at least for financial purposes — allows consumers to store and manage their credit, debit, prepaid and gift cards on their smartphone using a singular payment application. Instead of carrying around a stack of physical plastic cards, consumers can use the virtual “cards” on their phone to make point-of-sale purchases. They can swipe of their phone or tap the screen a few times, and voilà — a payment can be easily made. (Note: the definition of “digital wallet” is often expanded to include nearly every piece of information consumers carry around with them today — government-issued IDs, driver’s licenses, health insurance cards, etc.)
Mobile devices are the future of payments, and mobile wallets represent much more than just an emerging/alternate option. Soon nearly 100% of all transactions will be 100% digital, and consumers will be able to conduct and manage nearly every one of them through their mobile devices. Mobile wallets will consummate a new era in banking.
Near field communication (NFC)
This is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into proximity, usually no more than a few inches. Present and anticipated applications include contactless transactions, data exchange, and simplified setup of more complex communications such as Wi-Fi. Communication is also possible between an NFC device and an unpowered NFC chip, called a "tag".
NFC standards cover communications protocols and data exchange formats, and are based on existing radio frequency identification (RFID) standards including ISO/IEC 14443 and FeliCa. The standards include ISO/IEC 18092 and those defined by the NFC Forum, which was founded in 2004 by Nokia.Philips Semiconductors (became NXP Semiconductors- 2006) and Sony, and now has more than 160 members.
NFC is just an example there are others e.g. Apple's iBeacon uses BLE, which builds a beacon around a certain area so the app can be alerted when users enter, GigaOM reports. Apple's iBeacon has a large range, up to 50 meters, while NFC tags have a range of less than a third of a meter—meaning a retailer could deploy fewer iBeacons to cover a larger area of a store, the article says.
PayPal’s new Beacon mobile payment system unveiled this week (09/13), also uses a BLE signal. PayPal users must have the company's app already running on their phone for it to initiate a payment through Beacon when they enter a store.
Payments and Transaction Service companies usually have to follow similar Compliance, Risk and Fraud practices as Banks so there is a large amount of cross over across the Financial Service sector. There are compliance areas directly aimed at Payments:
Internet Payments Security in Europe
Under the guidance of the European Central Bank, the European Forum on the Security of Retail Payments (SecuRe Pay) has developed recommendations to improve the security of internet payments. It outlined 14 recommendations covering three main areas: general control and security environment, specific control and security measures for internet payments, and customer awareness, education, and communication. For example,
standards for internet payments security include measures such as 3-D secure ready cards for strong customer authentication. The recommendations must be implemented by PSPs and governance authorities of payment schemes by February 1, 2015. The report specifies minimum requirements for internet payment services such as cards, credit transfers, e-mandates, and e-money.
The report also lists points to be considered in the PSD review, including a structure to facilitate the exchange of information and cooperation between PSPs, supervisory authorities/overseers, and data protection authorities.
The security measures required for internet payments, EMV, and data privacy may hamper the convenience offered by innovations such as mobile, contactless, and real-time payments; illustrating competing effects. Even the standardization mandated by ISO 20022 is likely to involve significant costs of change for banks and their corporate clients. Many payments executives acknowledge this competing effect.
2009 - Payment Services Directive (PSD)
Implemented in the UK via the Payment Services Regulations 2009 (PSRs) - introduces SEPA amongst other things). Payments Services Directive (PSD2) together with a Regulation on Multilateral Interchange Fees (MIFs) on 24th July 2013. Objective of improving the effectiveness of the European payments market, the revised PSD aims to improve security of low cost internet payment services by extending its scope to cover payment initiation services as a new regulated activity. The proposal also increases consumer rights when sending transfers and money remittances outside Europe or paying in non-EU currencies. 2013, the European Forum on the Security of Retail Payments (SecuRe Pay) under the aegis of the ECB, developed recommendations to improve the security of payment account access services involving third parties. Objective of these recommendations is to protect the account owners by ensuring that third parties have requisite security and control measures and there is increased transparency for account owners and the account holding PSPs.6 SEPA/e-SEPAAs of June 2013, SCTs represented 47.0% of the total credit transfers across the Euro area. With the deadline of February 1, 2014 for migration from domestic payment schemes to SEPA instruments.
While to date SEPA largely has been a collective initiative, PSPs cannot expect the next phase of its development to be the same. In this next phase, PSPs need to focus on developing their own solutions, either collaboratively or in competition with each other. A combination of continuous dialog with regulators, collaboration and co-operation with all stakeholders, and individual innovative programs is needed to progress in the payments industry and meet Key Regulatory and Industry Initiatives (KRII) obligations.
The significant challenges involved in migrating to SEPA instruments are making it highly unlikely the initiative will be fully implemented by the February 2014 deadline. As of June 2013, SEPA Credit Transfers (SCTs) accounted for 47.0% of the total eligible credit transfers across the SEPA countries but SEPA Direct Debits (SDDs) comprised only 3.7% of total direct debit transactions.24 PSPs that are not SEPA compliant by the deadline potentially face penalties while corporates may face significant business risks because payments may not be processed.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM and POS cards