March 11, 2008
Contactless Payments or CASH 2.0

Contactless Payments or CASH 2.0

About the Presenter:

Dean Rizzuto (Dean.Rizzuto@gmail.com) recently worked for one of the only
active Mobile Payment companies in the US actively taking live payments,
called MocaPay. Dean was involved in all aspects of the mobile payment
engine from transaction processing, Banking/ACH interfaces, SMS gateway
integration and support, customer and merchant support, POS integration and
support as well as the design and implementation of the core payment
transaction processing engine.

Dean's experience has provided him with a unique perspective of the design,
development, support and growth of a Mobile Payment engine from one of the
only companies in the US currently doing live Mobile Payment transactions.
Prior to working at Mocapay, Dean spent 10+ years in Online/Web Strategy and
Analysis developing Website and Web Application Strategies, developing
Business and Functional Requirements and producing and managing the
implementation of large-scale web applications and websites including
nationally recognized eCommerce sites, complex games associated with major
sporting events, citizen journalism, publishing platforms and many others.


Most people in the audience have used cash, debit cards, credit cards.
Few of us have used cell phones to purchase items.

Why would consumers want to use this method to buy things?

Contact payment (credit or debit cards) - how it works:

Players in this field:

. Credit/debit cards (credit card processing players will also be
involved in contactless payment)
. Cashier
. Merchant Point of Sale (POS)
. Mobile Handset
. Acquiring bank (processes transactions)
. Issuing bank (they issue the card to you)
. Processing network (cost associated with line sending payment/credit
. Credit card associations

Typical credit card transaction

. You hand card to cashier
. Cashier runs it through the POS system or dials out; whatever the
process, it costs someone money to perform this process
. Card account number, purchase amount, and merchant's purchase ID are
captured (the account number is captured from the magnetic stripe)
. The acquiring bank routes the information to the credit card
association into the Transaction Network; they verify that the card is valid
. Credit card association routes to the Issuing Bank to check the
user's credit line (does the user have enough cash in account to make this
purchase?). These associations charge a fee, but they have a lot of
responsibility - they verify whether the purchase is valid, card is good,
. The purchase is approved or declined
. Billing/invoicing occurs

Settlement (before the merchant actually gets the money in their bank
account) may take a few days from time of purchase

There's a lot of money involved in this process and many people handle/touch
the transaction

Detailed Scenario

. Suppose Dean goes into a big box retailer (like Best Buy, Circuit
City, etc.)
. Dean is buying an MP3 player that costs $150
. 2-3% of total purchase price is a transaction fee

The merchant actually receives between $144-147 (purchase price less the
transaction fee)

Acquirer Costs, Credit Card Association fees, and Issuing Bank fees may be
between $3-5 (Interchange fee)

Issuing Bank handles the following:

Revenue Costs
Interest fees Billing / invoicing
Late payment fees Charge backs
Over credit limit fees Fraud prevention
Processing fees Fraud recovery
Rewards points

Interchange fees

What affects the amount a Merchant pays to accept credit/debit/smartcards?

. Type of merchant
. Also average transaction amount
. Is card information hand-keyed in or magnetic stripe read?
. Is the card physically present? (phone or ecommerce trans)
. Card type (business cards cost more to process)
. Settlement date: the sooner merchant wants to receive payment, the
more they might have to pay

Why pay by credit card?

Get points

More secure than checks (because the bank guarantees the transaction)
Discourages employee theft

Security associated with credit cards
. Security is low, Fraud is very high
. Issuers are trying to reduce fraud to manageable levels, since it
can't be completely eliminated
. What is the cost to merchants and consumers?
. Big box retailers: get paid quickly and cost isn't that high
. Consumers: need a PIN, a CVV (card verification value on back of
card), SmartCards

Contactless Payments Scenario

Scenario: you are buying a cup of coffee

. Cost is $1.60
. 3-6% of that cost are transaction network fees (approximately $.25)
. Merchant receives approximately $1.30 - 1.25
. Acquiring bank costs, credit card association fees, issuing bank -
they get $.05 - .10 for this purchase

Merchant must ask:
. Can I afford to take credit cards for purchases? OR
. Can I afford NOT to take credit cards for purchases?
. How much is actually being saved by not taking credit cards?

RFID chip can be included in many things such as cell phones. iPods,
keychains, bracelets. RFID reader sits on counter and reads your chip.

Why consider contactless payments?

. Convenience
. Speed
. Tracking
. Points

. Speed
. More secure than checks

Average speed of transactions
Cash transaction takes 34 secs
Mag stripe card transaction takes 24 secs Smartcard transaction takes15 secs

SmartCard contactless payments (contains an RFID chip)

. Can be used for purchases that are less than $25 (no signature
. Increase holder's propensity to spend (a plus for merchants)
. Card never has to leave the holder's hand - feels more secure

. New equipment is needed for merchants
. Doesn't work in all transaction situations (where pre-authorization
is required; tipping the wait staff)

SmartCards and Security

. It's secure because the device is always in purchaser's hand
. Phantom reader scenarios are unfounded (being too close to reader,
accidental scan) because of security:
. Triple DES with 128-bit encryption
. Account information is not transmitted (just transmits a transaction
number), unlike magnetic stripe cards
. Similar cardholder liability limitations on SmartCards; liability is
fairly limited in case of fraud
. Unproven technology, so some users may be scared to use them

Mobile Phone Contactless Payments

. RFID (or Near Field Communication - NFC) based
. Similar security issues to SmartCards
. Another mouth to feed (transmission costs money)

Beyond RFID - Mobile Phone/Technology Advancement

. Mobile Phones
. Processing Power
. Internet/data connectivity (SSL)
. Native applications can be developed to run on the phone
. Graphical interfaces (can use bar codes). Companies can send coupons
with bar code via cell phone
. People are more likely to leave their wallet at home rather than
their cell phone, so it's a definite part of their daily life

Typical RFID transaction

. Very similar to typical credit card transaction slide
. Big difference is that an encrypted transaction code is passed
rather than the user's account number
. This transaction uses the existing infrastructure used by credit
card systems

How can we use cell phone in ways that don't follow the typical path, cut
out some of the processing/transaction fees, middlemen, etc.?

Most likely scenario:

. Use same magnetic stripe infrastructure
. Players remain the same
. Costs will probably be consistent

Alternatives include:

. SMS or
. Internet technology

SMS Based Scenario (similar to MocaPay)

. Set up account with them (all cash based)
. User enters store about to make a transaction and enters PIN into
cell phone (Sends SMS, which includes PIN, phone number)
. Text message goes to SMS aggregator and based on information from
user, validates information and returns a purchase code back to user
. Give code to clerk to make purchase
. Cashier enters code and sends it to MocaPay server; purchase is
approved or declined.
. Settlement happens every night so merchants get paid daily
. Flat $.19 transaction fee charged by MocaPay for all purchases,
regardless of amount
. High security because each phone has its own PIN and you need that
phone and that PIN to make a purchase.

Potential problems:
. SMS Aggregator may be very busy or down
. Cell phone doesn't have enough power or reception to make a call

Challenges to merchant:
. Need separate card reader or integrate into merchant's existing POS
. Cashier must understand how to use it; they must be trained how to
use it

Internet-Based Scenario

1. Chase puts cell-top application on cell phone.
2. Securely sends PIN, phone ID, Merchant ID, Purchase amount 3. Phone is
GPS-enabled so it pulls merchant ID into phone and pushes it out, via SSL,
to the Internet.
4. Validation: PIN, Phone ID, Funds availability (all via Internet/SSL) 5.
Once information is validated, it's sent to POS and receipt it automatically
printed. This is contactless (no cashier is involved).

Another example:
. You go to supermarket with a cart filled with items.
. You walk by an RFID reader
. Cost of all items is calculated and you are given a payment total
for the entire purchase.

Security of Other Models

Mobile phone all can use SSL, so it's better than having phone in hand.
Account can be tied to your physical phone, so you can't take another
person's phone and access your account.

. No connectivity, connectivity problems in remote locations
. You run out of battery power on your cell phone
. SMS charges (may be costly)
. SMS Aggregator problems (slow or down)

Contactless payments - What's in it for me?

Mobile Carriers
. Increased data and Internet usage on phone plans
. More loyalty to cell phone carriers because it's too much trouble to
switch all information to another carrier
. Sell more units
. Other RFID applications (handset manufacturers). Chip is already in
handset so it can be used for lots of other applications. Enables more
commerce - can buy tickets with your phone and using your phone as the
actual ticket.

Credit Card Issuers
. Ways to extend their current reach
. Want you to use existing infrastructure and want to stay in the loop
. Cut into cash payments; they want you to use cards instead of cash
. Less credit cards issues; cost saving for them
. Regular credit card business will still exist - ATMs, for example

. Lower transaction costs
. Minimal equipment changes/upgrades
. More transactions = more money
. Contactless buyers may spend more
. Embrace new technology; be tech-friendly
. Change - need less cash on hand and no making change for customers
. Amex says: ExpressPay transaction is less than both cash and credit,
and typically users spend more

. Device/card is secure because it never leaves your hand
. Same liability as with credit cards
. All-in-one device - Electronic Wallet
. Link phone to online banking
. Money transfers
. All accounts available

Summary - contactless payments

The technology is here; it's just a matter of time before it's used by
mainstream. Over next few years, technology will grow.

Make most sense for merchants with high-volume, cash-driven
. QSRs (quick serve restaurants) - 80% of trans under $25 - mean
transaction is $12
. Movie theaters
. Mass transit; some have even set up their own systems

Adoption of technology
. Chicken / egg (merchants are waiting on users and vice versa)
. Potential fraud risk is much smaller


. Standardized protocols (ISO 14443). Agreement that all transmissions
will be done in the same manner

RFID on cell phone
. Other scenarios - ticketing, contests, etc.

Q & A

Q. RFID - how long has it been small enough to use in mobile devices?

A. For awhile and now it's more secure. Technology has been around for
awhile but it's become improved and more secure. This is primarily used for
US-based transactions right now. iPhone takes away the need for the cell
phone company to be involved (because it uses WiFi) and takes a cut.

Q. What happens to ecommerce transactions if this technology takes off?

A. Might need credit card for those scenarios; this is one of the areas
that needs to be ironed out. Company that accomplishes this task will have a
great product.

Volume may lower the $.19 transaction fee charged by companies like MocaPay.
Big retailers have the ability to leverage their costs by their volume.
There is a hope that high overhead costs will go down.

Points are a big draw for using credit cards. But contactless payment
providers are exploring ways to reward users for using their service.

Part of the problem is that companies that want to use this technology must
educate their cashiers/workers, etc. about how to use it.
Education is a big part of the puzzle.

MocaPay technology may be more critical as a technology than as a consumer

Select a Year

2008 Minutes
2007 Minutes
2006 Minutes
2005 Minutes
2004 Minutes
2003 Minutes
2002 Minutes
2001 Minutes
2000 Minutes
1999 Minutes
1998 Minutes
1997 Minutes
1996 Minutes
1995 Minutes
1994 Minutes

Copyright 2005 RMIUG.org, All Rights Reserved