Mobile Deployment Options 2013

Mobile Payments are an increasingly important element of the payments ‘ecosystem’.  This is a brief guide on the current options available and their associated benefits and issues.

To apply some context here – the Use-Case discussed is a consumer using their mobile device to pay a merchant for goods or services.  The focus here is on the issuing proposition – not the mPOS acquiring proposition.

microSD is regarded as a popular way to implement a secure element (SE) relatively independently.  This does, however, depend on the handsets having a microSD slot and native API support to support this fully.  A slip-on mobile phone case can be used to house the device but most of these detract from the handsets inherent look and feel (additionally post-issuance OTA is also not possible with these in this form factor).

NFC Tag or Contact-less Sticker (the “PayTag” way)… regarded as ‘new’ and revolutionary however it was actually introduced some time ago in 2007/2008 (possibly even earlier).  It is, undoubtedly, one of the easier ways to implement a mobile payment instrument.  Obviously OTA updates are not possible post-issuance which is considered a bit of a drawback.  Partnering it with a decent mobile app will give the appearance of a well rounded mobile solution to the consumer.

Embedded Secure Element (i.e. manufactured inside the mobile handset) – in order to access the SE the issuing entity will require a commercial and technical relationship with the mobile manufacturer (OEM) in question.   Native NFC support is required in the device.  To support the issuance cycle a Trusted Service Manager (TSM) must be implemented.  Normally for this issuance model the issuer has their own TSM Service Provider (TSM-SP) connecting to multiple Root TSM (TSM-R) nodes for each controller of SE’s (being the OEM’s).  The TSM-SP will be connected to the issuers card/account management system for data personalisation.  It has become popular for some issuers to outsource this function to their existing card bureaus.  From a global issuer perspective there are fewer OEM’s than mobile network operators (MNO’s).  This should mean fewer entities to negotiate with.  This model of issuance allows Issuers to update the SE’s post-issuance using OTA updates.  The OEM is unlikely to recognise any tangible economic value associated with enabling NFC payments on their devices.  Having NFC payments capability is unlikely to create any surges in demand for their devices (under current conditions).

UICC SIM Card Secure Element (the MNO’s chip inside your phone) The issuing entity will require a commercial and technical relationship with the MNO’s in question to enable access to their SE’s.  Native NFC support is required in the device.  From a global issuing perspective there are many MNO’s and negotiating terms and conditions with each entity is likely to present another time-consuming barrier to entry.  Managing UICC SE’s uses a similar TSM-SP/TSM-R model as described above, issuers managing the TSM-SP and the MNO’s managing their own TSM-R.

Secure Element in the Cloud enables the issuance of a mobile payment transaction instrument relatively independently.  It requires a handset with native NFC support as well as a partner app (this app may need to be approved to be downloadable from an online mobile app store).  Consideration should be paid to the network conditions of the operating environment as this solution is totally dependent on the mobile device “pulling” data from a remote SE (via the mobile data network) through the device to communicate to the terminal.  If there is limited or no data network available this is likely to impact the user experience. 

Barcode – Popular amongst merchant closed-loop prepaid and loyalty applications.  Most barcode solutions use QR Codes or PDF417 format Barcodes, this is mainly dependent on the barcode scanning capabilities of the merchants EFT-POS devices.  What are the benefits?  It’s easy, quick, cheap and consumers are already familiar with it (to a degree).  Potential drawbacks?  Barcode cloning could be a potential issue in economic terms we are not looking at a massive fraud potential – unless you are a caffeine addict…  Obviously any mobile app will need to be approved to be downloadable from an online mobile app store.  Some devices have inbuilt “Mobile Wallet” features that enable a stack full of cards to be stored as Barcodes – such as the Apple PassBook.  Some merchants have experimented with dynamically generated barcodes but these are likely to be sensitive to the data network conditions (as described in the Cloud SE section above).

It will be interesting to see if more options will appear in the market – and who will lead them – or will existing solutions become more prevalent if barriers to entry are reduced through increased cooperation between issuers, MNO’s and OEM’s? 

Jargon Buster

EFT-POS – Electronic Funds Transfer Point of Sale Device

MNO – Mobile Network Operator

MVNO – Mobile Virtual Network Operator (

NFC – Near-Field Communication

OEM – Original Equipment Manufacturer (Handset Manufacturer)

OTA – Over-the-Air – managing a payment application wirelessly post-issuance

SE – Secure Element

TSM-R – Root Trusted Service Manager (owner/controller of the SE’s)

TSM-SP – Service Provider TSM – ‘manager’ of the SE’s