At the forefront of these initiatives is the use of chip-enabled cards with, in particular, the adoption of the EMV standard promoted by Europay, MasterCard, and Visa. But EMV has made little progress since its announcement in 1996. Chip-based systems have proven expensive to deploy and their actual effectiveness seriously criticized.
According to APACS, the U.K card association, the conversion to chip-enabled cards will cost over $1.6 billion for the U.K alone. And the problem is even worse when it comes to adopting chip-based solutions for securing online transactions. Every major online pilot involving chip-enabled cards has failed, unable to absorb the cost to deploy and support the necessary consumer infrastructures.
Chip-based systems do not provide a panacea against card fraud either. Despite ten years of consumers entering a PIN at the point of sale, France reported card fraud doubled in the year 2000, blaming the cloning of the so-called smart cards for the $1.5 billion in fraudulent cash withdrawals. Realizing the difficulties in rolling out chip-based solutions in the home market, the card associations have recently proposed new alternatives to securing online transactions. Known as SPA-UCAF at MasterCard and 3D-Secure at Visa, these solutions have definitively drawn on the lessons learned from the failure of SET, even though they still appear far more complicated than necessary.
Unfortunately, SPA and 3D-secure are incompatible. This only adds to the burden of merchants, issuers, and cardholders who are already required to adopt multiple solutions to solve these problems. Moreover, recent experiments have shown that these solutions have been narrowly designed for the Internet market, and neither one seems to offer a practical alternative to securing the growing number of mobile transactions. And it may get worse as the industry waits for American Express, Discover, and JCB to introduce their respective solutions.
While the card industry struggles to devise practical solutions and dedicate its resources to demonstrate the benefits of a large-scale roll-out of chip-enabled systems, wireless carriers have come to realize the potential of mobile phones as trusted user agents in the origination of payment instructions.
Leveraging the messaging and identification capabilities of millions of cellular phones, wireless carriers have found ways to enable and secure proximity payments, positioning themselves as the trusted intermediaries through which secure payment transactions will happen. Mobipay in Spain, Paybox in Germany, and Orange in Denmark have already enrolled several thousand of merchants and consumers, collecting fees on every payment transactions whether they originate over the Internet or at a point of sale.
Although the opportunity seems tremendous for the network operators, it may be short lived. A revolution is already underway, and the network operators are at risk of losing their de-facto monopoly of the mobile phone market. The consumer devices are becoming smarter and their operational capabilities growing beyond the control of the wireless carriers.
Leading this phenomenon is the Java enabled phone, which allows independent solution providers to develop and deploy their own mobile applications. In the year 2001, mobile manufacturers have shipped over 10 million Java phones, principally to the Japanese market. Nokia alone predicts world-wide shipments over 50 million units for 2002, and nearly 100 million units for 2003. According to the ARC Group, there will be over 1.1 billion Java phones worldwide by year-end 2006. At this time, there will be as many consumers carrying a Java phone as there will be distinct cardholders.
But Mobile Java is only an application platform and, by itself, would have a limited impact on the mobile phone market. Its present capabilities actually fall short in comparison to other mobile development platforms such as Symbian OS, Brew, Palm OS, or Windows CE.
BlueTooth is the technology that will transform the entire mobile phone market. When equipped with a BlueTooth transceiver, mobile phones are capable of interacting with neighboring devices independently of the cellular networks. Wireless interactions take place free of any line-of-sight or close proximity constraint. Instructions can be communicated directly from the mobile phone to any radio-enabled point of service over a local communication link.
Already several mobile payment initiatives have experimented BlueTooth-enabled mobile phones for transactions conducted at a point of sale. These pilots have however met a limited success with the consumers, having failed to find a practical solution to enable transient associations between a mobile phone and the point of sales terminal. In one these pilots, Europay and Ericsson required consumers to swap the batteries of their mobile phones before making a payment.
Still, practical solutions are coming to light. Unlike chip-enabled card systems, mobile payment solutions significantly reduce the overall cost of the infrastructure necessary for acceptance of card transactions. The point of sale terminals can be stripped of their secure PIN-PAD and other cryptographic capacities necessary today to establish trust between the consumer device and the terminal. These solutions also save financial institutions the cost of providing their cardholders with a smart card. Mobile payment solutions use virtual smart cards that can be downloaded over the Internet, and the cryptographic capacity is already built into the mobile phones.