NFC is Near Far Close...

Mobile commerce transactions and NFC (Near Field Communication) in particular can potentially redefine what we mean by 'disruptive innovations'. It is interesting enough to watch the behaviours of people reacting to their phones ringing as they pass through airport scanners; how will they perform when it rings while transacting with PayPass or PayWave at the petrol pump?

The payments industry can get pretty excited when we see an opportunity to tackle cash head-on, grab a larger piece of the transaction pie or cross over into other data streams. It is hard to dispute, that the NFC debate has seen many join the "jet stream" generating a strong momentum with media and industry forum announcements - some great, some good and some questionable.

Establishing some realities


Consumer adoption rates

As industry pundits, we can forget the real Customer even though we are also one of them. How much change can consumers absorb and over what time span? If we consider that the first coin emerged from Asia Minor in 640BC, and it was another one thousand four hundred and forty six years for paper notes to arrive in China (806AD). Yet, fast forward to the last sixty years and we added cards, magnetic stripe, POS, ATM’s and started chip cards.

Condense the focus further to the last 10 years and we ramp up full Chip & PIN deployments, expanded the use of PIN, overlayed contactless payments (again removing the need for PIN under certain limits and the signature) – and today we shift away from cash and cards with the attention on mobile devices!

Despite solutions of 2,500 years still in use and consumers getting to grips with the new use of plastic, Mobile and importantly increased online connectivity of many devices has a real and significant role to play in our immediate futures.

Expectations of mobile

The reality of the mobile is an all in one device for so many of our daily needs. It delivers Communications, records images or voice, our favourite music clips, the news online, games, ability to send that urgent email response and a multiplicity of other applications on offer.

To facilitate the great things the mobile empowers us to do anywhere, anytime the Mobile Network Operators provide us various modes of connectivity. The handset manufacturers also do their bit with the addition of Wifi, Bluetooth, InfraRed and NFC capabilities. It is this last set of capabilities that provide a local connection on a one to one or group basis. Note NFC’s companions in communication.

It is now I should remind you of the famous and relevant Gartner Hype Cycle – you best get the climbing gear out, as it is a long way to reach the ‘peak of inflated expectations’.

It is not just about NFC

NFC is by its nature a local interaction between two devices, requiring a physical interaction be it with another NFC phone, enabled posters or retail devices. The power of existing and ubiquitous devices in many markets (smartphones, tablets, etc…) has enabled service offerings that also support remote transactional activity as well as in-store bricks & mortar environments, something that NFC can only be a part of by perhaps scanning a poster or as part of a strong authentication technique.

I steer you towards looking up Tesco’s foray into South Korea, Ocado’s mirror proposition in the UK, Woolworth’s Supermarket in Australia, Macy’s in the US and one of my favourites Patrizia Pepe in Italy. Did I mention cameras on phones and the ability to scan barcodes being ubiquitous today?

The statistics would have it

Gartner has indicated that m-payments for 2011 will be $86billion up 176% on 2010. Ernst & Young indicate that m-payments will reach $245billion by 2014. However, there are many and varied definitions of m-payments – so what is everyone actually measuring?

More relevant is the dominance of the hand held device as smartphone sales now outstrip PCs as at Q4, 2010 according to IDC (100.9million smartphones against 92.1million PC’s). Facebook indicates that 50% of its users interact on a mobile device and are twice as active as those of us on laptops. (As an inactive user, this statistic must hold up).

The telling statistics are those indicating the rise and rise of online retailing or remote shopping. Frost & Sullivan indicates that Australia has had a 13% increase in online retailing and the UK surpassed 10.7% of total sales as online. They are tipped to exceed 12% very soon.

Back to NFC for now…

Many markets have high adoption of smartphones, however few of these are actually NFC enabled. This adds a layer of inertia as consumers upgrade phones on the rollover of their one or two year phone contracts. Juniper is holding out that NFC phone penetration will hit 700 million devices by 2013.

The great news is that a NFC device is not just about emulating an existing card offering eg MasterCard PayPass, Oyster or your Frequent Flyer card. It is able to also act as a reader of contactless cards. Bankcard issuers will have to maintain the old fashioned plastic card for sometime in parallel to any mobile offering to maintain utility for consumers and merchants. So, could NFC be a new way to authenticate cardholders by presenting their plastic card to their phone in an online session?

NFC utility today

Looking beyond just a ‘simple’ payment at a POS, NFC is being used for a myriad of services in trials and early launches around the world. Consider the hotel room key at the Clarion in Stockholm, turning on your Christmas lights at home as Cambridge did in the UK this year, facilitating your farm store in Austria, saving administration time for home care nurses in the Netherlands and corporate access for the Blackberry carrier. There are many functional ideas for NFC communications; do they all require complex stakeholder groups to bring to market?

To access an overview on the NFC ecosystem, go to www.cardsconsult.com/whitepapers.html and select the NFC presentation.

The Transaction Moment & the Customer

The combination of online connectivity and mobile has changed the way we look at promotion to the Customer and ownership. In the past, a coalition of Customer facing businesses would consider who owns the Customer and look at branding, the token – especially if card based which belongs to the issuer and of course the data of a program.

The mobile now provides a dynamic audible environment that firstly is owned by the Customer – neither a bank nor retailer and in many cases the MNO own the end point device. Customers can now aggregate services that are relevant to them on a single gateway device. Customer ownership boundaries reverts to the content providers own domain through the applet or offering accessed by the Customer at a point in time and at the point of interaction.

Ubiquity – is it required?

Innovations often require a strong ‘call to action’ for a consumer, merchant or business operation to adopt. Often this is linked to the size of the available pool of resource that can access the innovation.

Bluetooth gained traction with the hands-free movement for calls on the go and for the keyboard that I am typing this blog upon. How can NFC based propositions establish such traction? Is accessing online content quickly with the tap on a poster enough? Can the process of card payment emulation on the phone be made simple enough to deliver the speed conveyed in Visa NFC videos on YouTube? Wake the phone, enable the NFC interface if turned off, select the wallet, select the card etc – unless you have staged a preferred card for each transaction!

The Call to Action and the link to NFC need to facilitate a dialogue with the Customer. It should fundamentally shift the retail or media operational experience. Traditional Direct Mail etc is only a monologue. Tap here for product reviews and recommended add-ons, tap here for coupons for discounts or rewards collection, tap here to easily download the latest retail catalogue applet for your phone to shop on the go or tap here to receive your transaction receipt and link to Facebook to like my store!

The industry now has many tools to maintain a fresh proposition look and feel, to drive viral based marketing and to motivate communities of interest around a brand, product or event. Developing the mobility model will require drawing on a key attitude of MBNA Corporation – “Think of Yourself as a Customer”.

Making Mobile with NFC work

Let’s start with realistic expectations of the available supporting infrastructure and the timeline to reach a suitably scaled & engaged community of interest. The Dutch example referenced earlier while closed loop, does provide a basis for expansion.

The NFC ecosystem, noted as a ‘jungle’ at the moment in the referenced presentation above forces the need to collaborate with partners to succeed in deployments. Is it just an MNO, a card bureau, vendor or portal requirement – each will depend on your proposition and position in the ecosystem.

In the context of payments, recognize that the mobile and NFC will be a companion to mainstream open loop plastic cards for sometime to come. Be aware of the dual lifecycle management operations that will beset the organization from Customer care to account management.

Consider the link between bricks & mortar engagement and the prevalence of online (often remote) activity, but not in isolation of your inventory management and distribution strategies if in the retail sector. Remember also that the phone is not the only online and mobile device used by the Customer or staff member.

The add-on! The iPhone is probably large enough for most consumers today. Expecting them to insert it into an additional sleeve to establish a larger NFC pool is not sustainable. Making consumers pay for it is even less so. Have we forgotten the lessons of the late 1990’s, early 2000’s of Amex Blue, Mondex and ANZ First chip cards and their plug in readers and software needs?

And the winner is…?

Mobility and consumers! With the levels of investments being poured into finding problems to fix with NFC that will make all parties a sustainable return – the winning proposition is yet to be defined.

Online connectivity now penetrates many of our daily interactions and will increase as the car, smart home and TV’s all gain online connectivity. NFC in and of itself targets only a segment of the retail payments market, its real value may yet appear outside the payments sphere.

For now I have to take a call and send an SMS … on NFC it is wait and see!

The Next BIG Thing is...

The consumer or retail payments industry is thoroughly dynamic and for industry pundits is very exciting. Yet as we all know, it is full of media noise from journalists, consumer groups, regulators, schemes and suppliers.

Yet while we trawl through this noise looking for the next big thing to happen in payments, the consumer continues on blissfully unaware trusting in that their next purchase will go through without a hitch - funds permitting!

It is when there is a failure in the system - fraudulent activity resulting from a point of compromise; or network points failing at the transaction moment, that we see another small thread unravelling from this trust model.

So while consumers continue to use the products we deploy, we question what next? - Especially if you look at developments over the last 8 years alone. Chip & PIN, Mobile banking platforms, massive take up of online banking, introduction or the proliferation of open loop prepaid card programs, payment system reforms, bill payment services and so on...

Post Chip & PIN, the industry has focussed on contactless, Near Field Communications (NFC), peer to peer payments (particularly mobile) and in Australia the next wave for domestic debit (EFTPOS) and Bpay (MAMBO) to meet the innovation drum beat of the Reserve Bank.

In addition to these activities, a focus on cross sector convergence is unavoidable; as is the level of unrest at the growing number of compromises of cardholder data.

Despite this position, the industry is in danger of myopically focussed on the transaction method at the moment - contactless, NFC, increase the speed of interaction. Yet payments, is a Customer relationship product and product built on trust.

At MBNA, the key message to all was "Think of Yourself as a Customer". It was placed above each and every door in the organisation. So if I am blissfully unaware as a consumer what the next big thing is, what should we the industry be looking at?

Security & Authentication

An extremely innovative thought leader in the industry recently pointed out to me a 1964 newspaper advertisement for Sheaffer pens. It shows the image of the card being 'beamed' from a ring to be written down and then to sign with the pen. Is this about convenience and security, or simply a belief that the pen will never be obsolete at the point of sale?

The point being, that with new approaches to payment transaction methods, the security and authentication layers can not be ignored.

An increasing number of new starters will continue to appear in the market (most with extremely short life spans, others developed for longevity) and some large global brands will continue to evolve into payment services providers. Yet the underlying integrity of the traditional and core payments system and funds sources remains with the banking sector, regulators and the payment schemes.

So Google, Sony, Apple, Amazon etc will all have their roles to play - but it should not be at the expense of network integrity and betrayal of the consumer trust in the payments ecosystem.

Indeed some of these players could in themselves launch a new global payment brand tomorrow, and while transaction moment security may be wanting in some cases - they walk away with the dis-intermediated transactional data which is a powerful Customer relationship management by-product of payments.

Mobile and secure

The high focus on mobility and services from app stores is potentially a train wreck waiting to happen. Not all apps are security accredited and even if they are, it is not a consistent or accredited process in many cases. The focus on NFC functionality requires the app store to consider enhanced functionality underpinning application life cycle and security token life cycle management. Clearly an area for solutions companies like Bell ID to succeed in.

Yet do the app store providers understand this requirement and philosophy?Banking and Government sectors are well aware from their forays into multiple application smart card programs over the years and bodies like Global Platform. Is this now a new service call for Credential aggregation? If so, which brands and organisations are best positioned to uphold this trust model?

Losing sight

Payment system security and customer/merchant authentication is critical - no one can deny this. Yet, after 11 years, 3D-Secure for SecureCode and Verified by Visa remains an elusive solution in many online environments, particularly Australian online retail sites.

New retail and payments platforms go live each week, with some questionable propositions behind them, yet they are able to attract a base of transactors willing to participate - especially where convenience is strong.For example the Heathrow Express application for iPhone/iPad etc.

So while contactless/NFC may provide convenience, is a fraction of a second of card handling at the point of sale what the cardholder is looking for - understanding that the transaction is still going online for authorisation and the food is still cooking and the shopping is still being placed into bags?

Keeping in front of counterfeit, lost/stolen, account take over fraud remains unresolved. A partial Chip & PIN environment with mag stripe does not close the gap. Inconsistent terminal PINpad designs which expose Customer PINs in many retail environments to in-store cameras is another opening. The UK push for PIN shields was well received by all.

Phishing remains significant, yet the level of consumer education and even card issuer education remains wanting. Should issuers really be sending email marketing promotions that require you to click through to a website to register for cashback on your credit card - and worse request the cardholder to enter the card number into this webpage that has a dubiously selected URL name?

If we lose focus on the basics of payment system security, how can we logically ensure that each 'next big thing' in payments will stand up to the test of time? Importantly how do they stand up to the criminally minded segment who seek to either compromise data to make a point or use that data to conduct fraud?

Think of Yourself as a Customer

Ultimately, the consumer continues to transact blissfully. An increasing number of us are hit with ATM skimming fraud, online fraud and bear the pain of waiting for our bank to refund the lost monies and the frustration of re-establishing payments and direct debits for new accounts and cards.

The Customer, seeks their payment system to work first time, and every time. If it fails them, they do not want to be impacted by the fall out of that failure.

Who has truly developed the next big thing that will answer to that call?

Contactless 'Tap & Go'...wait...Please Hold!

Chip & PIN - the baseline

After fifteen years of stabilising (EMV) Chip & PIN, we the industry like to think we are on a winner. Indeed this should be viewed as the case and the reality, despite the global media and the occasional journal from Cambridge.

That said, the number of ongoing bulletin releases on the EMVCo website and the pro-longed migration to Chip & PIN does highlight that this is not always a straightforward exercise for those involved.

Now let's consider the payment Schemes themselves - international and domestic (where they still exist). Establishing an interoperable, consistent Chip & PIN environment has triggered much marketing on payment security for counterfeit, lost and stolen fraud activity.

Costs have decreased, but for many this is attributable to strategic sourcing of chip masks, operating systems and point of sale upgrades. Divergent activity to the main market solutions has and will continue to challenge stakeholders.

So now I don't need a PIN?...

Contrast to this is the parallel push for contactless payments and payments without the need for a cardholder verification - PIN or signature (CVM). Well, that is the media play anyway! See recent media backlash to FastPay in Australia for transactions less than A$35.

Depending on the market, the no CVM limit for contactless transactions can be as high as three figures as it is in Australia - set at A$100 for both PayPass and PayWave. It can be low, as in the UK at the new level of £15. Yet, this is not the actual limit for contactless transactions - transactions can still occur in excess of these levels, as long as a PIN is applied as well. Consider the current focus on mobile and the use of Near Field Communication (NFC) for tap & go with the phone.

It is not expected that up to A$100 you can use your phone, only to have to pull out the old fashioned plastic for transactions in excess of A$100.

Consistent payment experiences

So what of the experience of contactless. As a carrier of multiple PayPass cards, the experience in 3 key markets has been quite telling. The UK, US and Australia.

As a regular in the UK throughout 2010, I frequented a local coffee shop on Kingsway in London who has a contactless reader. Needless to say, coffee is not overly expensive, yet not once in 12 months was I directed to that device. Contactless in the UK was contained solely to Oyster transactions.

The US was markedly different, both in buying lunch at the MasterCard HQ cafe and making transactions in retailers in Ohio. Nothing overly stood out other than proving that my Australia PayPass cards did work effectively in the US markets Mag Stripe Defined (MSD) implementation model and were fast.

Now for Australia. With Chip & PIN consistency has always been the goal. Yet for contactless this is far from the experience.

Please hold sir...

Sydney has a mono-rail system which now has contactless payment acceptance. Depending on the station you from which you purchase your ticket the contactless experience could lead to missing the mono rail as it passes by. A CBD based station allowed me to wave my card - and after 2 goes we had success. A station at Darling Harbour required me to hand the card over as the reader was behind the secure glass and the attendant took 3 attempts to get the transaction to process - only by HOLDING the card in place. After waiting for the ticket and receipts etc; perhaps cash may have been a better bet had I not been conducting a mystery shop exercise. (The bank was advised to no avail.)

A chip card being used to its full potential...incredible

The trigger for today's blog was a McDonalds transaction yesterday. Perhaps hard to believe, but the receipt (yes not an option, we waited for all 30cm of it to be printed) actually had an Authorisation Response code of 'Y1' on it. This is fascinating - to actually experience an offline authorisation approval. Not even an electronic fallback transaction! As I still had to wait for the food, I watched the device subsequently commence connection procedures and submit an advice to its acquirer. (They know who they are - well done for using chip to its full potential).

Most clients question the transaction speed benefit! It is indeed hard to defend the speed benefit when devices are authorising online in most cases and receipts are being printed etc. It is extremely hard to defend when you know that the card more often than not needs to be held in range longer than expected. While merchant training can be resolved - a number did not know how the reader activated or worked. Delays in activation are also a problem.

Ubiquity in contactless...not so fast - but eventually

So with fifteen years to achieve the current state for Chip & PIN (and the US reaching an inevitable tipping point), the contactless and NFC advancement of main stream payments may yet continue to struggle. Perhaps the point should be not to compare to traditional main stream card payment methods of swipe/dock and PIN/sign.

Perhaps this is why contactless transit operations and innovative start ups like sQuid, Snapper and the like are accepted. Their attention is on cash and are separated from access to consumer banking accounts - credit or transactional debit.

So let's not rush deployments if we are to compromise brand consistency and trust at the point of sale. This is the moment of truth for a Customer of both the card issuer and the retailer/acquirer - and it is the greatest moment of trust!

While it is understandable to see the Barclaycard chief espouse the virtues of alternative payments, and in particular contactless/NFC; I feel that we are potentially letting all of the industry hype run away with us!

How long ago was that great franchise Mondex all the rage with its arch nemesis VisaCash? It seems that Prepaid is now the product, but how many are chip based - a few!

Then came contactless with PayPass and PayWave (Visa Wave), another solution for low value payments - others existed for magnetic stripe transactions with no signature/PIN - but now with the added cost of an RFID card - which I may not be able to acquire from my traditional card bureau.

Not long after, we were all caught up with contactless and NFC - let's go back to Cartes 2006 as a case in point - technology and a pretty high total cost of ownership for what are Low Value Payments! Some may argue what are actually Cash displacement transactions.

Displacing Cash
The payments industry is yet to identify the 'holy grail' of cash displacement for electronic alternatives. At issue is the convenience of cash, perceived affordability of cash and to some extent the budgeted security of cash.

One Central Bank continues to openly note cash as the better alternative to many of the consumer payment products available or emerging today - price is at the base of this argument.

Don't get me wrong, I am a supporter of contactless cards in particular - but issued for purposes that initially provide a call to action - Oyster/Octopus etc and then can support other services.

So should banks bother? It is easy for them to issue contactless cards and support Visa or MasterCard in their quest to be the leader in this space - but widespread EMV based contactless reader deployment is far from strong or easy. Moreover, the US version of the technology has plenty of statistics - but what do the retailers really say? Do the transactions per day compared to cash or card add up?

Enter NFC
Now to our friend NFC for the mobile phone. Absolutely makes sense. If I was still living in London, I would have wanted an NFC Oyster solution - bring it on! I know my payments are low value, I can still budget and have control should anything go wrong with the security model.

But mainstream bank payments via NFC? Again, no shortage of media hype including the recent O2/Barclaycard effort or the more interesting Payez model. Yet who has identified a business case for the bank or merchant? The commercial models remain in constant flux, so you could argue that no one really has an operational business case.

You need new phone hardware (consumer challenge, MNO challenge, manufacturer challenge); you need a viable number of contactless readers at retail POS (bank challenge, retailer challenge, acquirer challenge); you need an agreed business arrangement and OTA operation for the sophisticated user (big time challenge) and lastly the Consumer Proposition.

Consumer sentiment
You gave me a PayPass Credit card, yet it still has that mag stripe on it for when I am in most shops or in non-EMV markets. It still has the signature strip, even though I have been asked to use PIN as it is better for me. It has a 3 digit code on the back you keep asking me for when I am online - well occasionally you ask me for it!

Now I am to download an applet to my new phone (assuming my bank supports) on the off chance I have a transaction in a contactless capable merchant and the transaction is within all the required floor limits? (assuming the merchant acquirer saw a business case to do so).

Pragmatics and the Future
We have a long road to travel for payments evolution! It is great to see organisations like Barclaycard at least investing in the future of payments and having a go. Trials do need to truly test consumer and merchant adoption - avoid the incentives of the Mondex/VisaCash days - make them pay for it as is likely in production. It is hard to listen to research from user groups who don't pay.

We are significantly focused on the low value end of the payments spectrum for innovation. Thankfully this is not the only case...We do however need to continue focusing on the less sexy aspects of payments - SECURITY - face to face and online! Loss of integrity of the interoperable model that has been 50 years in the making would make contactless and NFC unfounded in the end.

But let's be frank, we are yet to make EMV a no brainer for everyone and it's certainly not global.

Protecting Online Transactions

Transactions performed online are exposed to a myriad of evolving security and fraud based attacks. Businesses and consumers must be aware and vigilant as online activity is no longer constrained to a PC as the global proliferation of mobile devices grows. This paper discusses this new dawn for online fraud and the need for answers.

With emerging terms like crimeware, malware, rootkits, trojans, phishing, spear phishing, pharming, man-in-the-middle (MIM) and spyware, it may be incredible to think that the level of online transactions continue to grow rapidly. Yet to what extent does the consuming public recognise these threats and moreover the businesses & governments providing the online services in the first place?

Is your identity at risk?
This paper focuses on online transactions in recognition that attacks are not aligned to payments activity alone. Gathering and taking over your identity, including user names, passwords, biographical data and secret questions/answers are all targets for a ‘cyber’-criminal.

A recent Harvard & Berkley report notes three areas of reliance for phishing attacks: lack of knowledge, visual deception and lack of attention. The UK Government is looking for its Citizens to be more aware with the launch of a ‘Get Safe Online’ website; while Australia has ‘www.protectfinancialid.org.au’.

Awareness about the dangers in exposing your personal information on the web is wanting. Research by Sophos, a US IT security firm shows that 40% of Facebook users are too free with their personal information including addresses, date of birth, phone number and email addresses.

A report issued by Symantec in March 2007 notes that stolen credit card details are selling for US$1 to US$6, and biographical & identity data is selling at US$14 to US$18.

Hacking of websites has moved from showing off and making sure people knew who you were to a sophisticated and now increasingly hidden activity. Many consumers consider the security of their PC with tools and firewalls, yet how many subscribe to the updates or renew?

Importantly, what security do consumers consider when using their web-enabled mobile phones to logon to their bank, favourite website or to download email?

The latest threats
The sophistication of web based attacks can not be ignored, and unfortunately many attacks are much harder to detect or trace. One group known as the ‘Rock Phish Gang’ is such an adversary. Comparing the longevity of an attack; ‘normal’ phishing attack sites stay up on average 58 hours, yet Rock Phish attacks are lasting over 94 hours before being shut down.

Phishing attacks remain highly focussed on financial institution brands accounting for more than 96% of reported incidents. Australia & New Zealand brands account for 2% of attacks according to RSA’s July 2007 report. Yet unexpected brands and sites are threatened.

Recently, it was reported that the Sydney Opera House home page had been compromised. A new wave of ‘drive-by-attacks’ sees trusted websites broken to install a javascript that hosts malicious code. When people access a site, the code infects their PC or device. This type of attack use Rootkits that hides the malicious code from other programs and operating systems including anti-virus ware.
RSA further highlights kits are being offered on the web for free supporting the developer in their quest for greater reach of fraudulent earnings through man-in-the-middle attacks. How can you combat such a diverse array of cyber-crime? Is it possible to be ahead of them?

Approaches to protection
Providing strong security for online services is often costly and can reduce usability for the end-user. The balance of cost versus usability is difficult for many businesses as they seek greater adoption of e- and m-commerce, while providing more convenience to their customer base, yet protecting their own brand by remaining trusted.

Protecting online transactions is not only the domain of the business or government offering the service but also the consumer. It is essential that web based devices are loaded with current anti-virus & spyware protection tools. Importantly, your own vigilance is essential as you traverse across the internet. When it comes to transacting however, how are you protected?

Business and Government have numerous tools available to secure their sites and your interaction with them; some are overt, others remain covert!

Many use IP address tools to confirm that a person logging in is using a regularly used PC and internet connection or Transaction Anomaly Detection to track variances and mitigate fraud exposure. Techniques including secret questions only the valid user should know the answer of or the use of secret images that again the valid user should recognise are scenarios that allow both the business and consumer to confirm that the other is a valid user or website.

Many widely used solutions do not protect you against man-in-the-middle attacks or other emerging techniques. There is increasingly a reliance on multiple solutions and channels to provide full security of your identity and your finances.

Are you protected?
Some banks have issued a token that provides a One Time Password (OTP) for each unique logon. The dependency is the consumer must carry an additional device and have it with them each time they wish to transact. This is a high cost solution, which in itself is open to compromise especially by friends and family use.

The use of mobile phone SMS based solutions does reuse an existing consumer device; however SMS is not reliable if you require a real time delivery of an OTP. Equally, interactive use of SMS to transmit PINs or passwords to your provider will leave a trace in your sent items folder unless cleared.

Yet while you may see the secret image on your website, or answer the secret question correctly, the data may still be received by a cyber-criminal undertaking main-in-the-middle fraud. So what now?

Being detection minded
Securing online activity requires a complete yet interactive separation of your login or confirmation credentials from the channel in use. Ie Transact on-the-net, authenticate off-the-net.

To be effective, the consumer must be able to readily use and rely on the solution. Having interactive use allows the user to be authenticated, the transaction to be confirmed or declined due to either incorrect information (MIM attack) or the transaction was not initiated by user (ID theft).

With providers of detection tools and security solutions working collaboratively, the ability to detect and record fraudulent payments and identity theft work can towards closing the up-time of crime based sites.

Who owns the Customer anyway?

The nature of convergence across industry sectors surrounding a common area like payments, has continued to plague new business models with old conventions and arguments.

The nature of a co-brand card product or affinity card often saw tensions appear around who has the right to communicate with the Cardholder or Customer, and at what frequency. In this scenario, the partners (often a retailer and a bank) would both see the card as their product and as such their Customer.

How do you establish a framework whereby each partner understands the value that they are bringing to the proposition and assigns its Customer ownership on that basis? eg financial risk management with the bank versus branding and transaction benefits with the retailer!

The advent of Mobile remote payments and the use of a mobile as the "trigger" for payments in one of multiple approaches, is something that now brings this issue to a new head.

A clear path on which parties can provide innovative payments services to the mobile phone/cardholder/Customer is required. The current debate on who should be involved in a solution provides the foundation for numerous and disparate solutions being offered in the market.

On the one hand we see parties seeking to exclude interaction with the telco community, while others see the telco as leading the trend. Will this turn Customers away through confusion and mis-trust? Can the "Value Provided" argument for each party involved, not lend itself to resolving some of the issues in this debate?

A collaborative approach that mirrors aspects of and learns from, more than 50 years in the 'often taken for granted' card payments market could be one avenue. That is, the establishment of a business framework that recognises the standards and regulations of each unique sector yet has a common set of rules for engagement.

The challenge however continues to lie with international standards and importantly an increasingly fickle Customer base who demand more and more as they become educated about the ways in which they can interact and conduct commerce. They want usability, security and reliability to retain Trust.