Design
Imperatives of Mobile Payment Solution.
This paper discusses high-level
design imperatives of a Mobile payment Solution. Most retailers, bankers and
businesses should focus on Mobility not just for Mobile technology sake, but a
platform and a vehicle for commerce and enterprise transformation. Mobile
Payment is no different. In this short paper I will attempt to discuss some of
the design imperatives of a Mobile Payment solution. A Mobile payment solution may address various industries
such retail (mCommerce), Banking (mBanking), Telecommunications (Mobile Money),
to name a few, regardless of the
industry the underlying design ought to focus primarily on seamless, ephemeral
and engaging transaction experience. Mobile payment products may include a diverse set of use
cases which includes ( but not
limited to) – Banking activity, money transfer, charity donations, coupons,
loyalty currency, cross-border commerce and fund transfer, receipt management and shopping ( and all
related commerce activity). While each of these use case represents a deeper
industry specific design challenges, any Mobile Payment initiative should have
a singular focus on “Secure Engagement”.
Secure Engagement implies that
the technology should be mostly invisible, with a focus on consumer adoption
and scale for sustained growth and usage. With focus on consumer adoption which
may manifest in form user
interface design, better back end integration with system of records, optimized
performance and use of contextually relevant mobile services, security should
be embedded in every aspect of the design. Security design considerations are
particularly important as we design a Mobile Payment Solution as Trust is
single most important currency, which will enable rapid adoption and protect
and establish long-standing consumer relationship.
Security
by design implies that product or solution has been designed to be secure. Security design is not only aware of Mobile specific threats
but also factors in security controls around Malware, location and user
behavior. It is also important to consider that a secure design does not impede
the user engagement. While security is important, user experience around engagement is paramount. Including robust security and rich
engaging design in a Mobile
Payment solution is a balancing act, and a challenge.
Focusing
on “Engagement” part of the “Secure Engagement” paradigm , implies that we understand the compelling reason
around usage of a Mobile Payment solution which does not equate to simply
‘Mobilizing” the current payment channels. Therefore the design should be
deliberate. There are many
solution that provide “a Payment” vehicle. Let me explain, Credit/Bank cards
are an obvious staple, and but either digitizing or automating that function
certainly adds to convenience but falls short of delivering the promise of an
integrated digital payment experience. But the same payment vehicle would
include banking integration, reward point redemption, bank based financial
controls such as receipt management, bill pay, money transfer, etc, as an
inclusive feature allowing to integrate not just Payment function but other
aspects of ‘Life Transactions’. Such
a solution would appeal to the consumer adoption and act as a strategic
differentiator.
Mobile Payments is an emerging space that no
enterprise engaging in any Mobile transaction, ranging from retailers to
governments can ignore. Mobile payments promise an Omni channel experience
incorporating the coupon, loyalty programs, and integrating that with Mobile
experience. Mobile payment if not integrated into a complete experience fall
short of delivering the holistic digital experience. While the promises of
Mobile payments are immense there are many considerations, challenges and
possibilities that an enterprise should consider. What makes Mobile Payments an
interesting space is the emergence of new players on a daily basis. For
instance, facebook announced it Social Payment ( P2P and MMT patterns)
ambitions – if facebook succeeds it will not only lower the cost of transaction
of payments and transfers, but will disrupt yet again a landscape that is in
constant state of flux. The true challenge is to pick a sustainable platform or
a mobile payment strategy that is cost effective, and yet addresses the diversity
in this evolving landscape.
With
“Secure Engagement” as a singular
focus, it only makes sense to draw upon the characteristic of the design
imperatives, and it may make sense for us to split this concept, for sake of
granularity into two distinct topics – Engagement AND Security.
1.
Engaging with Mobile Payments
a.
Enhancing
Customer engagement – Mobile enables an robust and unprecedented
way to strengthen and establish client relationship. Mobile has certainly
changed the parameters of Mobile relationship. This implies that an enterprise
use Mobile Payment as a channel to extend the engagement from transaction to
interaction. An enterprise Mobile design should focus on his expanded channel
with self-service capabilities, which empowers the customers, strengthen the
perception, reduces cost and paves the way to cross-sell and up-sell
opportunities. Payment is ultimate form of endorsement, and when consumers buy, they can better understood and marketed to. Hence a design that is inclusive of integrated
“Life Transactions” can be a strategic tool for an enterprise that is
customized to every individual in
every way – Payment, coupons, Loyalty currency, integrated values in a single
engagement channel.
b.
Shift
in Competitive Dynamics – Many of current day client
relationships and engagements come with a pre built barrier. A system that is
laden with intermediaries and distribution chain between the service provider
and consumer. This lengthy value chain not only distances the customer, but
also increases the costs of transactions. Integrated Mobile payment solution
can not only disintermediate the value chain but also present an opportunity to
gain deeper insights, design customized offers, reward loyalty and pass on the
costs saving of a shortened value chain to the client. Without a well-designed
engagement model, enterprise would have to reply on the value chain. A robust
Mobile Payment strategy can shift the competitive dynamic by collapsing the
value chain and delivering real value in real time.
c.
Considering
“other” Digital Currency - When we discuss payments natural conclusion is transfer of
money, be it consumer to business,
business to business to business, or even person to Person. A complete payment solution should
include management of ‘Other
digital” currency as an options such as coupons, Loyalty rewards, Airline and
hotel Points, and mostly anything with ‘Value’ to the consumer. Other digital
currency may also include Crypto Currency and Bitcoins.
d.
Contextually
relevant transaction – The contextually relevant transaction
implies personalized, and context specific be it location, user, mood or even
sentiments based transaction. The
information ( logic and decision) consumed by mobile payments, promises to
deliver new levels satisfaction and loyalty. The insights obtained by such
engagements are the very insights that help drive this rich system of
engagement. This type of service and experience delivered by a mobile payment
system can lends itself to ability of an enterprise to “Mass Customize” Mobile
payment products.
e.
An
Ideal Digital wallet? - The notion of digital wallet is very confusing. The market
of digital wallets is fragmented and changing rapidly. The innovations to the
likes of Google wallet, Square, and PayPal to name a few have truly disrupted
the traditional payment schemes such as cash or bankcards. This led to a digital wallet frenzy where every bank, including payment
processors such as a Visa and MasterCard has launched their own version of
Digital or Mobile Wallet. So which is an Ideal Mobile/Digital wallet? The
Answer happens to be in our own wallet. An ideal wallet should be
a.
Customizable –
Like our own wallets
b.
Does more than Pay
( such as a Person to person, like cash,
and have the ability to store other credit or cash instruments)
c.
Work Anywhere
(open frameworks technology implied),
d.
Inclusive of rewards management
– either links the apps, or drive the reward management from the back end
systems
e.
Simple, Secure and Easy
to use – Simple and easy to encourage adoption, Secure to institute trust.
2.
Security in Mobile Payments:
a.
On-Device
Security – This area encompasses all security aspects of
the Devices, which includes device, application and data protection. There are
several technologies that can be employed to accomplish this, including the tools and API provided by the Mobile OS. It
is imperative that the Application and solution design ensure that the application, related
data and the connection to enterprise – be it a merchant, issues or acquirer bank etc is secure. Other
techniques include application containerization, application of guard
technology and so on.
b.
Securing
Interaction – Securing interaction implies secured mobile acceptance
that leads to higher confidence and trust. Securing interaction may spans multiple participants
including mPOS or Point of interaction, and any other third part in the “Interaction value chain”. PCI
Council has listed Point-to-Point Encryption (P2PE) solution guidance to ensure acceptance of secure Mobile
payments. Secured interaction at surface may leverage device display and
communication to secure mobile payments, but it is about addressing and
maintaining data security throughout the payment lifecycle.
c.
Transaction
Security – Transaction security does not only include
the mechanism of a traditional secure transaction, but also new emerging
technology such as NFC, BLE, iBeacon, HCE ( Host card emulation) and Tokenization as a cloud based Secure
element to secure the transaction. The idea of this design imperative to
include tokenization
for payments is to reduce the scope of PCI-DSS compliance by either not storing
credit card information at all or limiting where and how it is stored. The PCI
Data Security Standard (PCI-DSS) requires merchants to protect payment card
information in any form – printed, processed, transmitted or even if it is
stored. Transaction security
consideration is primarily to reduce risk and in turn transaction cost.
A design that employs multi prong approach to mitigate fraud risk may increase
the cost of solution but reduces the long-term transaction costs.
d.
Data
Security – Securing data is one of the most fundamental solution
design requirement. There are many set of masking algorithms that can be employed for static data
masking, i.e., allowing customers to mask data when they move across various
systems in payment network. Transaction security and Data Security combined are
building blocks of securing the
Mobile Payment engagement. This foundation would typically include the following components:
1. The tokenization/encryption
algorithms – this is to create
and encrypt tokens
2. A Vault – a Vault where not only the token but also
the data mapping between token and sensitive data is kept. This component
should be PCI-DSS compliant.
3. API/SDK – This can be exposed as a service and allows the
solution that enables integration with payment transaction processing
4. Auditing and Reporting –
For compliance and management.
e.
Trust
as a Currency – Mobile Payment in this discussion has been
about money transfer, mCommerce, mBanking and basically transacting with things
that are of value. Trust is one currency that is of tremendous value to any
enterprise – Retail, Banks, payment processors and anyone involved in “secured
engagement”. Trust can be viewed as a virtual currency that is earned one
interaction at a time. Trust as a
design paradigm is central to a mobile payment solution design as it is focused
on safeguarding things of value that leads to rapid consumer adoption.
Conclusion:
Mobile Payments is an
important avenue to consider for any enterprise, as its application and impact
goes way beyond “a Payment” system. Mobile
= Engagement and Payment = Security, so I have described the design principles
of any Mobile Payment solution to be “Secure Engagement”, in absence of
Engagement it is nothing but a existing payment vehicle with mobile front end
and in absence of security it not really a meaningful payment system.
Secure
engagement implies that the technology should be mostly invisible, with a focus
on consumer adoption and scale for sustained growth and usage. With focus on
consumer adoption which may manifest in form user interface design, better back end integration with
system of record , optimized performance and use of contextually relevant
mobile services, security should be embedded in every aspect of the design.
Security design considerations are particularly important as we design a Mobile
Payment Solution as Trust is single most important currency, which will enable
rapid adoption and protect and establish long-standing consumer relationship.
References:
4.
McKinsey
Report: The Next Phase of Consumer Mobile Payments
5.
http://www.europeanpaymentscouncil.eu/index.cfm/sepa-credit-transfer/iso-20022-message-standards/
6.
http://www.europeanpaymentscouncil.eu/index.cfm/sepa-credit-transfer/iso-20022-message-standards/
No comments:
Post a Comment