Connecting Mobile Consumers And Merchants

White Paper

Connecting mobile consumers and merchants

White Paper

Contents Executive summary

3

Key drivers of mobile commerce Ease-of-use and convenience Security Easy adaptation to existing payment systems

3 3 4 5

Transaction environments Remote environment Local environment Personal environment

5 5 5 5

Mobile payment landscape today Operator billing Remote transactions Key application areas for remote payments Mobile banking Stock trading Auction Betting Local transactions Electronic purse Person-to-person payment Cross-environment transactions Ticketing Loyalty programs Coupons Receipts Branding

6 6 6 7 7 7 7 7 7 8 8 8 8 8 9 9 9

Enabling technologies Secure platform services

9 10

Nokia in the field of mobile commerce Java™ and Symbian platform leaders Mobile wallet for online shopping

11 11 12

Technology standardization

13

Expected market development and trends

14

Summary

14

Glossary

15

2

White Paper

Executive summary The slogan ‘Life goes mobile’ neatly sums up Nokia’s vision of the role of mobile devices in our lives today. Thanks to the unbeatable benefits of size and utility offered by mobile terminals, we can rely on mobile applications and services to make our lives more fluent and enjoyable. In the developed countries, purchasing has shifted more and more towards electronic payments, as cash use has decreased and card based payments as well as online shopping have increased. Convenience is probably the most important benefit of mobile commerce. By reducing the need to carry cash, credit or debit cards, the mobile device allows consumers to make purchases virtually anywhere, such as using

vending machines without change or buying tickets while on the way to an event. All in all, the overall aim is secure and fluent mobile transactions for both the consumer and merchant. Consistency as well as convenience needs to be a priority in order to make mobile commerce services really take-off. Currently, digital content purchases dominate mobile commerce markets – nearly all business today comes from selling operator logos and ringing tones, making the operator billing system the most commonly used and most practical payment method. This also influences content developers, as parts of their revenue is directed to the operator commissions in the operator billing model. To ensure profitable

business development for all, consumers would ideally have several different competing payment options to choose from. Today’s mobile commerce markets are still at a fairly early stage of development. Yet, mobile commerce is expected to be an important opportunity, so the key stakeholders such as network operators, financial institutions, and mobile terminal vendors are investing to develop both the market and the technology. For developers and service providers, mobile commerce offers the chance to diversify their scope of operation. There is a clear need both for standardized solutions that merchants can implement, and to make wireless processing attractive.

Key drivers of mobile commerce Mobile commerce can be defined as any electronic transaction or information interaction conducted using a mobile device and network that leads to transfer of value in exchange for information, services or goods. Mobile commerce allows the consumer to carry out the transaction using the mobile terminal, whereas many other parts of the trading cycle – promotion, selection, ordering, payment fulfillment and delivery – might occur using traditional channels or fixed line PCs. Intangible goods such as ringing tones or Java™ Midlets can also be delivered to the phone in digital form, making it possible to cover all parts of the trading cycle with a mobile terminal. Key drivers of the adoption of mobile commerce services are ease-of-use, cost efficiency and convenience, as well as the vital issue of security. In addition, mobile commerce solutions must be based on open and global standards and technologies. In the long term, they are the only way to mass-market growth and a balanced ecosystem.

Ease-of-use and convenience Usability issues are critical if a service is to become a commercial success. With mobile commerce, the user experience covers much more than the browser display of a particular shop site presenting a list of products for sale. The transaction process must proceed naturally and logically, and be familiar after the first time. The complexity of the payment infrastructure should be hidden from the consumer to avoid unnecessary confusion – consumers should not have to worry about interoperability or other technological issues, and should be free to enjoy seamless access to content. Ease-of-use depends partly on how often the subscriber uses the service. Encouraging the use of the mobile phone as a payment device will, of course, require value-added mobile commerce services. It is not enough to simply develop mobile extensions of current Internet services, since not all of them will suit the characteristics of the mobile world.

Furthermore, mobile phones themselves have their limitations, such as a small display and limited input capabilities. Nonetheless, factors such as mobility, availability, personalization, and ease-ofuse can easily overcome the limitations of a pocket-sized device. Moreover, technological advancements, with bigger mobile phone colour displays, XHTML browsers and faster and safer connections (GPRS, EGPRS, TSL/SSL) have improved the experience of the user, making mobile services much more appealing. It is worth noting that mobile phones already outnumber personal computers and there are currently more than one billion mobile subscribers in the world. With mobility, services have become far more accessible and are no longer restricted to a specific location or opening hours. Mobile devices also provide convenience, because they can be used in seconds, unlike a PC. Furthermore, greater session security and more secure client authentication methods for mobile payments will give mobile phones an undisputed advantage in conducting e-business.

3

White Paper

Security

During its existence, the WAP Forum specified security components that can be used to provide high session security when making mobile commerce transactions in remote environments, that is, over a wireless network. The Open Mobile Alliance (OMA) has continued this by adopting former WAP Forum specifications as part of the overall architecture. Wireless Transport Layer Security (WTLS) enables server authentication and data encryption, invisibly encrypting and decrypting information sent between a WAP client and a WAP gateway and aiming to prevent a third party from deciphering the communication between these two parties. The protocol also protects the integrity of communications, enabling the recipient of information to verify that content has not been altered in transit. The evolution to WAP 2.0, the next step in mobile browsing, allows access over TCP/IP, which is the standard Internet transmission control protocol that allows data to be sent in fixed or mobile networks. Nowadays nearly all new terminals support WAP 2.0. Compared to the WAP 1.x stack, TCP/IP enables greater end-to-end security and means less protocol conversion – it also provides reliable connections with larger data files. Previously, there were different encoding protocols used between the mobile device and the WAP gateway and between the WAP gateway and the network. TCP/IP enables Transport Layer Security (TLS) to be used all the way from the device to the origin server. This is depicted in Figure 2.

4

Micro-payments

Macro-payments

Priority on convenience

Priority on security

Information Number of transactions

When conducting monetary transactions, security is a key consideration. In mobile commerce, security measures should be adjusted according to the value of the transaction and there are different solutions available for different needs. The following figure illustrates the different levels of security needed by varying types of services. All in all, the question is about risk management and matching the right services and solutions together.

Ringing tones

Digital signature

Single city transport tickets Screen savers Games

Music

Trading

Event tickets

Travel CDs

Simple authentication (e.g. MSISDN)

ty

uri

Sec

Video clips

Bill payment, banking Flowers Gifts

Catalog shopping Public transport season ticket Value of transaction

Figure 1. The level of security depends on the value of the transaction.

WAP 1.x WTLS Connection is secure only to the WAP gateway

WAP Gateway The whole end-to-end security cannot be assured due to the security gap in the gateway

SSL Secure as such, but data may have been manipulated or read in the gateway

WAP 2.0 HTTPS/TLS, SSL WAP Gateway acting as a WAP 2.0 proxy Security is comparable to the Internet model – transaction all the way to the origin server will be secure

Figure 2. TCP/IP enables improved security over data connections from the mobile device to the network.

Based on the Internet security protocol Secure Sockets Layer (SSL), TLS is a standard for enabling secure Internet connections between the devices and origin servers by establishing a TLS tunnel in the gateway. SSL and TLS will ensure real end-to-end security with no security gap (that is, security protocol conversion inside the gateway). In practice, this means improved security for information-sensitive applications such as mobile payments.

A digital signature can be used for authentication or non-repudiation purposes (e.g., signing a document or confirming a transaction), which are key conditions in establishing the merits for legally binding commercial transactions. The digital signature is executed in the WAP application security layer and confirmed by a code. Mobile wallets, used alongside digital signatures, greatly improve security in mobile transactions, and are also convenient and easy to use.

White Paper

Easy adaptation to existing payment systems Existing payment methods and protocols have gone through a long process of evolution and it has taken a long time to develop payment systems that are globally accepted and adopted. For this reason, it is important for mobile payments to be based on existing methods and standards if they are to penetrate the market quickly. Up to now, most mobile services have been based on SMS, and have thus been charged for in the phone bills of mobile network operators. By developing applications and services that support other payment methods, a larger number of consumers will be able to buy a widening set of goods and services. Credit cards are widely used on the fixed-line Internet and can be adapted to mobile use. Personal transaction information, such as the cardholder’s name, address, credit card number, and expiration date can be filled in quite easily via a PC keyboard, but it takes time and effort with a mobile phone keyboard. Some Internet services support an automatic information exchange specification called Electronic Commerce Modeling Language (ECML). Likewise, the same standard can be used in mobile services. Nokia’s wallet application supports the same specification and offers a user-friendly solution for transferring transaction information via a mobile phone.

Transaction environments Mobile transactions can be performed in three environments – remote, local, and personal. Each environment has its own mobile commerce services and characteristics that may require specific technologies. Mobile phones will become the ultimate transaction devices by combining all three environments.

Remote environment In a remote – or online – environment, transactions are conducted over a wireless network, and the physical location of the consumer is not very relevant to their actions. Most remote transactions, similar to those conducted online over the Internet, are conducted with menu-driven applications, resulting in a higher latency in transaction time. In remote transactions, the phone’s UI is of paramount importance as it must relay all relevant information to maintain the user’s trust and ensure usability of the services. Remote transactions range from online purchases and banking to more impulsive activities such as downloading digital content. In most cases, the underlying technology used is Wireless Application Protocol (WAP) over a network operator-provided bearer, such as Circuit Switched Data (CSD) or General Packet Radio Service (GPRS). The payment method can vary from card payment to operator billing, depending on the nature of the purchase. The transition to Extensible Hypertext Markup Language (XHTML) as the standard browser language and the switch to using the TCP/IP stack at the transport layer are expected to increase the number of remote transactions, as they provide a richer browsing experience as well as faster and more secure connections.

Local environment In a local – or proximity – environment, the consumer is in the vicinity of the “other end,” and mobile transactions are usually initiated over short-range wireless technology. Performance requirements for local transactions, such as speed and ease-of-use, are high, meaning that transactions must be simple “swipe” transactions with extremely low transaction latency. Radio Frequency Identification (RFID) is an example of a technology that can give convenient local transactions as RF technology is already used in many places, such as access control and public transport. Local purchases can be both low cost and impulsive, such as buying a soft drink from a vending machine, or midto high-cost and non-impulsive, such as buying and using an event ticket. The payment method can vary from card payments to prepaid accounts.

Personal environment In a personal environment, mobile transactions are usually conducted on the UI of another device and augmented by security, connectivity, or other functionality provided by the user’s mobile phone. This implies that the user’s interaction with the mobile device is limited to, for example, securityessential functions such as PIN entry, since the primary interaction is with the device at the other end of the connection.

5

White Paper

Mobile payment landscape today Commissions for mobile payments are currently all generated from the digital content micro-payments. Consumers personalize their mobile phones with ring tones, graphics, and so forth and games, downloadable phone applications, as well as music and video clips, are also growing in popularity. Because remote and local payments are not expected to play more important roles for a few more years, there has developed a huge gap between digital content payments and all other forms. Actually, due to the enormous dominance of digital content micropayments, it is very difficult to estimate when and to what degree local and remote payments will take-off. This is illustrated in more detail in Figure 3. This forecast figure is based on the assumptions that digital content payment commission is on average 25%, for remote payments approximately 9% and for local payments around 6%.

Operator billing Operator billing is currently the dominant method of micro-payment. This is mainly seen as very convenient by the consumer, although at times they might also value the flexibility of different payment methods. Moreover, the choice of products and services is limited because of the billing system. For the operator, there may be legal and practical hindrances as not all goods or amounts are billable on the phone bill. Furthermore, there might also be a credit risk for the operator when content value increases. The long-standing tradition and dominance of operator billing is most likely to do with the fact that there has yet not been business cases for financial institutions in this field. Also, it has been so easy for the users to be able to purchase goods without any specific registration and have all the digital goods purchased just added to their phone bill.

6

Payment commission m€ 8000 Digital content

7000

Remote payment 6000

Local payment

5000 4000 3000 2000 1000 0 2002

2003

2004

2005

2006

2007

Figure 3. Mobile Payment Commissions, Source: Nokia Mobile Services forecast 2003.

For additional mobile payment methods to grow in usability, banks and card associations need to come up with solutions that are as simple and easy to use as operator billing is. Also merchants need to be provided with similar payment handling options that have been traditional for physical and Internet payments. These solutions need to be familiar to the ones people are already using, merely a way to bring similar transactions safely into the mobile environment. The merchants also see benefits from operator billing, as it is currently the only way to handle micro-payments economically. The possible hindrances here come in the form of several integrations required, each with a proprietary interface. Therefore, due to the overall functionality of the operator billing, merchants are now taking a closer look at alternatives. These could include, for instance, subscriptions and transaction aggregation. In addition, there are also other players interested in the field of micro-payments. These could be banks (e.g. Mobilecash: a multi-bank mobile payment service using existing banking infrastructure and consumer and merchant relationships) and credit card companies (e.g. Visa, pre- or

postpaid shopping account that can also be used for non card owners – parents topping up children’s accounts). Operators too are interested in reducing the number of integrations and have started to form payment consortia e.g. SIMpay. All these are steps to improve the field, yet they all must compete with the convenience of operator billing.

Remote transactions Mobile on-line shopping is a mobile extension to established electronic commerce where goods, services or digital content are purchased over the mobile Internet. The mobile phone adds value mainly through its mobility and availability, yet on the other hand, the pocket-sized device with its limited UI capabilities has some challenges for service providers. This has raised the possibility of using different channels product selection – (PC, Catalogue) – and for actual payment (mobile phone). The main mobile on-line shopping items are prepaid account top-up, digital content, tickets, familiar “top-ten” products, games, DVDs, CDs, etc. Digital content shopping has so far has been mainly operator logos, screen savers, pictures for messages and ringing tones. New terminal technologies such as Java,

White Paper

music/video players, DRM, etc. will expand the consumption of content and the digital content business. Typically, the following phases can be identified in a mobile on-line shopping transaction: • Browsing including goods selection • Payment method selection • User authentication • Transaction authorization • Transaction acknowledgement • Goods or service delivery either digitally or physically

Stock trading In many western countries, stock trading and money investing have become much more common among the wider population. The ability to monitor the market and trade wherever and whenever they want are the key elements for investors who are looking for short-term earnings.

Key application areas for remote payments

Although the actual target consumer group for mobile stock trading is very small, the typical value of the stock trading is high and therefore there is a need for strong authentication and non-repudiation. Push type information services combined with transaction services will increase the value of the mobile phone for stockholders.

Mobile banking

Auction

Since nearly everyone has a bank account and pays bills regularly, mobile banking can be seen as a mobile commerce application with very good potential. A key driver for e-banking services has been the general cost reductions in the banking branch networks. It has been estimated that by 2006 two-thirds of invoices will be electronic (Litan – Gartner Research 2003). Mobile banking will continue this trend, adding value with virtually anytime mobile phone capability and new push type services for e.g. bill payment. These, combined with convenient and strong authentication, digital signature functionality, and the ability to get rid of costly one-time password lists will be the key drivers for mobile banking.

There has been great deal of interest in online auctions, especially in the US. Used cars and business items have been sold online on the Internet for the best offer. The biggest advantage for bidders is that they do not need to be physically present at the auction and a bidder can receive a message on their phone when their bid is beaten.

Banks have been very concerned about potential security risks jeopardizing their reputation as a main trust provider. Yet, many of the most advanced banks are making significant numbers of transactions and related services through the Internet. Ease of use, cost of service and security are also key components to allow high volume banking services. Mobile banking can be implemented as a browser service or using some specific midlet – both options are currently gaining support from the industry.

providing even more freedom of place and time, allowing people to watch a football match in the arena or in a bar and bet on who will score the first goal in the second half.

Local transactions Not all merchants are interested in how people pay, yet they are all interested in having them as customers. If given a choice, customers will decide, and for a wireless payment method to prevail, it has to be easier than cash and card payments. Questions such as “Does it speed up the transaction process? Does it bring value?” need to be answered in order to make local transactions successful in mobile commerce. In general, to make mobile commerce happen, the user’s experience with payments needs to be consistent, fast, convenient, transparent, employ hassle-free technology and provide a beneficial, value-added service.

Betting

The mobile phone can be used as a payment instrument in the local environment instead of cash or payment cards. The primary market for local payment solutions will be consumers in unattended or “loosely attended” trading places such as fast food restaurants, filling stations, retail stores, ticket dispensers, vending machines and parking meters. Mobile payment fits well with unattended stations where magnetic stripe or contact card based terminals can be inoperable because of vandalism or where cash management is clearly not cost-effective. It seems that the overall solution for places such as these will be achieved with contact less cards, with mobile phones employing a contact less card interface.

Horse racing and betting have traditionally gone hand in hand. Nowadays betting is an essential part of many sporting events. It is a huge business and betting offices are constantly developing new betting methods and new alternatives for betting. Online betting on the Internet has already taken off, providing freedom from betting outlets and enabling last minute betting at home or from the office. Mobile betting however is

Mobile phone payment in a normal retail store is very tempting because of the potentially large volumes, yet it is also very challenging – it’s very hard to beat the speed and convenience of the existing payment methods. The possibility of combining loyalty programs with the payment transaction and speeding up the actual payment process could be selling points for mobile payment in this area.

However, a mobile channel is seen more as a customer service providing only monitoring. The channel itself is not seen as a revenue generator – rather, money goes to the company arranging on-line auctions when people place something for sale. The starting of auctions through the mobile device is not seen as likely. The use of a digital signature feature would provide non-repudiation for mobile auctions.

7

White Paper

Local transactions can be divided into two categories, as depicted in Table 1.

Fast and convenient “swipe” transactions

Menu driven transactions

The key requirement for local payment is to adapt to an existing payment settlement backbone.

Low-cost, impulse purchases

Mid-to-high cost, non-impulse purchases

High-volume commodity transactions

Lower-volume, non-commodity transactions

Extremely low transaction-latency expected

Higher-latency in transaction time accepted

Applications: vending machines, ticketing, parking

Applications: ticket purchases, groceries, restaurants

Electronic purse Electronic purse is a smart card application containing real value in the form of electronic money paid for in advance. The card, which can be reloaded with further funds, can be used for a range of purposes. From a pure technology point of view, a mobile electronic purse solution could be very similar to a mobile ticketing solution for public transport – the value (money, ticket) is downloaded remotely in a secure way to the phone and then used locally over a RF interface. This is a very important area that demands that operators and banks provide micropayments economically, with the key being lower fixed costs per transaction. This type of solution will compete with operator billing for micro-payments and will probably provide the basis for local micro-payment solutions, yet currently it is not widely implemented.

Person-to-person payment Person-to-person payment in the mobile environment means that a person transfers electronic money from his electronic purse or server based account to another person’s electronic purse or account. Although the technology used in person-to-person transactions may use the remote connectivity of the mobile phone, it can also be used very locally, with two persons being together when the money is lent or paid back.

Table 1.

Cross-environment transactions This section gives more details of the mobile commerce sectors, which are valid for both remote and local transactions.

Ticketing A ticket serves as a certificate, license, or permit. Traditionally in paper format, digital tickets are already quite widely used in areas such as public transport. The concept can be roughly divided into event (cinema, concert, match, etc.) and transport (bus, train, plane, etc.) ticketing. Tickets can be time-based (e.g., a season ticket), value-based (e.g., purse application), one-time or a multi-time ticket or a combination of these and a mobile ticketing platform should accommodate all types of ticketing. Tickets often have a monetary value, and so the security of ticket transfers and processing is important. Ticketing can be divided into three phases – ticket purchasing, most likely over a remote connection, ticket management including browsing of ticket details, and ticket usage (i.e. validation), typically over a local connection. Digital tickets combined with mobile phone local and remote connectivity and ticket management capability, will offer clear benefits for ticketing compared to any existing ticketing models.

8

Multi-application environments will be built up, such as a city-card system where one device can be used for several purposes. The technology will be contact cards, contact less cards and/or dual interface cards including both contact and contact less interfaces. Although ticketing is one of the main applications in the card, the issue is how to manage the different applications and will there be a main card issuer? How can the new applications be set in an easy and secure way? The mobile terminal may help in this case if applications can be downloaded over the air, turning the mobile phone into a secure multiapplication platform. The main motivations for going to mobile ticketing are convenience for the user, cost savings for the ticket service provider and the mobile terminal as an information channel for both parties. The solution where the ticket has been bought over the public network, stored in the phone and used locally will offer the most interesting benefits for all ticketing applications.

Loyalty programs Nowadays loyalty programs are an essential part of customer relationship management. Their target is to increase customer loyalty in the traditional local payment environment, such as retail shop chains. They are also a way to collect important customer information, which can be used for direct marketing purposes, or trading customer information if this is permitted. So far,

White Paper

loyalty programs have not played an important role in Internet e-commerce. A mobile phone can add value for remote payment by combining a payment and loyalty method in an easy and flexible way and convenient loyalty card support is certainly crucial to enable local mobile payments.

Coupons In certain countries, coupons are widely used to entice consumers to shops or certain Internet market places or to buy things they would not otherwise be aware of. Since the mobile phone is a personal device with remote connectivity, it can be considered as an attractive direct marketing object. Coupons with a certain value require security functionalities such as DRM and a method of using them in financial transactions. Moreover, if direct marketing (privacy) legislation allows, coupons may play an important role as a direct marketing method including commercial value.

Receipts A receipt is a document provided by a merchant, recording the details of the transaction for the customer to retain as a proof of purchase. The customer may use this proof of purchase in several ways, for example as: • a detailed transaction record for tracking their personal finances • as evidence of a reimbursable expense to an employer • a warranty, i.e. a proof of purchase to enable the return of goods to the retailer with whom the original purchase was made Replacing paper receipts with digital ones in a mobile phone would give numerous advantages for the mobile phone user: • Eliminating manual entry of transaction information for personal financial accounts or creating expense reports • More detailed tracking of items purchased based on date, location, and amount • Reduce or eventually eliminate the loss of receipts • Lighten the physical wallet

These advantages may see digital receipts become a key functionality that will boost the use of mobile phones for payment.

Branding Branding, in this context, refers to conveying information to the user about the branded services that form part of the payment transaction. This is accomplished by displaying the media (images, animations, sounds) associated with the said brand. This media is made familiar to the user beforehand, by the brand owner’s publicity effort and through day-to-day use. While brand media does not directly convey any monetary value, familiar brands are an integral part of the payment process. The customer expects to see the logos of a shop chain, credit issuer or loyalty scheme displayed during the transaction and as such they help boost confidence that it will proceed in the correct way. When moving from physical to digital payment transactions, digital may seem to the user to be too detached from its

real-world counterpart to be understood, let alone trusted. This can be alleviated by adding metaphors and associations to the physical realm that make it easier for the user to understand what is happening and assess the level of trust he has in the proceedings. The presence of the trusted brands that the user normally associates with payments thus makes the digital transactions feel more familiar. Nowadays the brand information is mostly conveyed via images – printed logos on receipts, credit card organization logos on plastic cards etc. Thus the user’s familiarity with and trust in transactions via the mobile terminal can be enhanced by displaying the same brand imagery throughout the digital transaction – that is, showing a credit card organization’s logo (or media clip) in connection with paying by credit card, or showing a loyalty scheme logo in order to assure the user that the loyalty scheme has been active during the transaction. However, it is crucial to understand that there are other important factors in creating trust, such as consistency of use.

Enabling technologies When conducting remote payments, the connection between the content server and the mobile phone is established via a PLMN (Public Land Mobile Network), such as the GSM cellular network, which includes bearers such as SMS and GPRS. Currently, most mobile content is still paid based on premium rate SMSs, the biggest advantage of which is that it does not require a special web services payment interface. Premium rate SMS use will be expanded to Java midlets. GPRS has taken over as a primary bearer for mobile Internet. Its adoption along with mobile terminals with color screens has brought notable benefits to the user, both in terms of speed and the overall experience of mobile browsing, which remains one of the most important phone applications and the main way to

discover downloadable content and infotainment. With the introduction of XHTML Mobile Profile and Wireless Cascading Style Sheets (WSSC), the industry is now able to offer compelling, rich and full color services to users, providing revenue opportunities for operators as well as service providers, content owners and media companies. The next generation mobile services are specified as WAP 2.0 from the WAP Forum. The specifications have two key elements – the mark-up language changes to XHTML MP and the transmission protocol becomes Wireless Profiled TCP/IP. The industry started to implement Wireless Profiled TCP/IP in mid 2003 – it is compatible with

9

White Paper

standard TCP/IP, but includes optimized settings to improve performance over wireless links. Both XTHML and TCP/IP are standards on the fixed Internet, so this migration supports the convergence of the mobile and fixed domains. WTCP/IP will also provide faster data transfer for larger files, better end-to-end security, and more advanced applications, resulting in an enhanced browsing experience for the consumer. Financial applications such as banking and Verified by Visa payments will benefit from end-to-end encryption enabled by migration to wtCP/IP transport, as they can now waive their own secured gateways and instead specify a normal Internet address, in the same way as on the fixed Internet. With local payments, the methods for data transfer are numerous, for example, Bluetooth and RF are all possible options. Bluetooth is a radio interface operating at 2.4 GHz and is specified by the Bluetooth Special Interest Group. It has a theoretical range of several 10s of meters and will work out of sight through non-shielding materials. The data rate depends on the implementation and the balance between up & down traffic and has a maximum of 721 kb/s in one direction. It requires power at both ends and the basic interface supports bi-directional, full duplex block exchange with transport level encryption. Radio Frequency technology enables a short-range bi-directional RF transmission for operation at 134.2 kHz and 13.56 MHz. It is a battery free technology transferring power and data at the same time over the air. The cheapest RF tags are read-only with a very small memory. The most powerful chips include microprocessors, which can be used via contacts or contact less (so called dual interface chips) with all the security functions developed for smart cards. The most important feature of RF contact less technology is easy and fast local connection with adequate security.

10

Moreover, a new RFID technology, Near Field Communication (NFC), is currently being standardized. As well as RFID reader and tag functionality, this technology specifies a truly bi-directional, active communication mode between two reader devices. Other than that, functional capabilities of NFC resemble the ones described earlier in this section. Note that bi-directional communication in mobile terminals is not seen as a likely development. There are several radio frequency technologies using different frequencies and modulation methods. Nokia’s solutions in mobile commerce are based on open technologies hence ISO 14443 A/B (supported all over the world) standard is preferred. RF contact less technology is most suitable for fast and convenient “wipe” transactions and impulse transactions (vending machines, ticketing, parking, etc.) with low-cost and applications based on it are already used all over the world: authentication (SpeedPass, Toll Tag), asset tracking (Ford, luggage at airports), access control (automobiles, corporate campuses, public transport, ski lifts), etc. RF contact less technology can be adapted to a mobile terminal either based on a smart card or as an integrated solution. RF contact less is definitely the most promising candidate for local transactions from a technology perspective.

Secure platform services Various mobile commerce applications need secure platform services – a good example here is secure storage to store sensitive payment data in a mobile wallet. Such services can be offered through a terminal platform. Terminal platform based security The platform security approach has become something of a trend due to the increasing requirements of new application areas, such as mobile commerce and content delivery requiring copyright protection. The opening of the terminal platform to third party applications is the biggest motivation here – issues such as protecting a user against hostile content is very important – obviously with links with mobile commerce security too. Until now, most mobile commerce concepts requiring high security have been able to rely on smart cards, with the help of e.g. SIM Toolkit support from a terminal. The idea of a phone as the only wallet for a user will challenge this approach in the near future. Sensitive transactional data including various payment instruments is not technically feasible to implement based on smart cards only. The same is also true with other relevant features such as Secure UI, where the purpose is to make sure that a user interface is protected against attacks, such as trying to steal a user’s PIN code by mimicking some real transaction. Secure UI functionality is relevant not only for Nokia made applications, but also for 3rd party network based functionalities. The importance of OS security is currently very high. Clearly, the terminal platform will notably increase its role as a secure application platform in the next few years.

White Paper

Nokia in the field of mobile commerce Nokia actively improves mobile applications with a special focus on usability. For the consumers, using services needs to be self guiding and effortless and the technological advancements in display sizes and more intuitive graphical user-interfaces are of high value.

Millions 800 Total shipments 700 Worldwide Java phone shipments 600 500 In 2008, 85% of the shipped terminals support Java

400

Furthermore, in the field of mobile commerce, Nokia supports all relevant scenarios with secure and safe transactions and with the aim of making them easy to use for the consumer. Nokia supports several different user authentication methods – certificates and WIM as well as GSM authentication for operator transactions. Secure transmissions are achieved with WTLS and SSL/TLS connections. To protect content, OMA Digital Rights Management (DRM) is applied. The basic requirement is that copyright protection is achieved through forward lock. More flexible content business is achieved with the option to preview protected content before purchasing, as well as applying time and play count-based usage rights. Reliable delivery can be ensured with the use of Java and OMA DL technologies.

300 200 100 0 2003

2002

2004

2005

2006

2007

2008

Figure 4. Java enabled terminals’ share of total global shipments. Source: ARC 2003.

Smartphones shipped (million) 120 Symbian WMS

100

Linux 80

Palm Other

60

40

20

Now that service discovery has improved greatly, the latest technological advancements, such as high-quality colour displays and next generation XHTML browsers over TCP/IP, allow users to enjoy richer and more compelling graphical content and increased efficiency for large data files. Perhaps the most tangible advancement in the field of mobile commerce is the new mobile wallet application, which brings added confidence and convenience.

Java™ and Symbian platform leaders Although digital content is already the dominant form of mobile commerce goods, there is still plenty of new business potential in this field. Here a key accelerator is Java technology,

0 2003

2004

2005

2006

2007

2008

Figure 5. Symbian terminals constitute the largest and fastest growing segment in the category of smart phones and PDAs. Source: ARC Chart Nov 2003.

which allows services to become much more versatile, ranging from games to information and enterprise applications using richer multimedia and advanced network capabilities. This makes Java a major opportunity for developers and service providers. Both Java and Symbian OS are open platforms for application development and are also widely supported in Nokia terminals.

Symbian terminals are based on a dominant smart phone software platform, with total volumes exceeding those of Palm and others together (ARC Chart Nov 2003, see Figure 5). For example, an estimate in 2003 from Canalys estimates that phones based on Symbian OS accounted for 94% of all feature phones and smart phones in the EMEA region in Q2, 2003.

Java will be a standard feature across terminals in the next few years. Figure 4. illustrates the expected growth in this area.

11

White Paper

Mobile wallet for online shopping Electronic commerce frequently requires a substantial exchange of information in order to complete a purchase or other transaction. The person making a purchase needs to enter his name, payment card number and expiry date, possibly also the delivery address and other details. Particularly with a mobile device, which in many cases have limited input capabilities, keying in all the required data can be rather timeconsuming and error prone. However, the main factors driving the usage of mobile transactions are ease of use and convenience. The new version of the wallet application, first introduced in the Nokia 6220 and Nokia 6600 phones, makes service access and mobile payment easy and convenient for mobile users. It allows users to store a range of personal information on their mobile phone, such as usernames and passwords for different mobile services, credit and other payment card details, delivery addresses and personal notes, and retrieve the data easily during a browsing session to fill in required data fields. The obvious benefit for the user is that there is now no need to remember passwords, card numbers and best of all, no need to manually fill in the data when using the mobile channel for transactions. In practice, this reduces significantly the number of actions required by the user during a browsing session. The necessary data can be sent to the application over-the-air by service providers and card issuers or alternatively, consumers can manually enter data into the wallet. By using data that is pre-stored in the terminal, there is a smaller risk of typos and errors, which are quite common, particularly with long number sequences. All the data in the wallet is encrypted and the application can be accessed only with a wallet PIN code. This way, mobile shopping is not only more convenient and faster, it is also much safer as the owner of the mobile phone is the only

12

Figure 6. An example showing how a wallet populates the transaction details and Verified by Visa authenticates the user before the transaction is completed, Source: Modirum.

Consumers Easy and convenient service access and mobile payment

Financial institutions More secure and user friendly payment services

Mobile operators Increased data traffic and a growing number of mobile purchases

Developers New business opportunities using existing standard technologies and tools

Merchants Opportunity to easily add a mobile channel and to create totally new services

Figure 7. Key benefits of the mobile wallet.

one who knows the secret password for the wallet application. The wallet is most appropriate for remote macro-payments. In Figure 6 there is an example of how a wallet can be used with a 3D Secure mobile Verified by Visa transaction.

The 3D secure model is a global solution for online payment authentication supported by Visa, MasterCard, banks, retailers and 3rd parties across North America, Europe and APAC. The main aim of the 3D model is to help merchants reduce the cost of online fraud. 80% of

White Paper

the costly charge backs occur when cardholders state that they did not participate in or authorize the transaction. If a merchant supports the 3D model it automatically means a shift in liability from merchant to issuer bank. Visa and Nokia have successfully tested the 3D secure model in a mobile environment.

The wallet was created in order to improve the usability of mobile services, yet, it is not only the mobile users who will greatly benefit from this application – all the players in the field will benefit from the growing amount of service usage. Figure 7 summarizes the key benefits of the wallet application.

Technology standardization As an avid supporter of open platforms and technologies, Nokia has been an active participant in forming and shaping the standardization landscape for the needs of digital convergence in numerous different standardization organizations. Here is a brief account of some the standardization fora that are also relevant to mobile commerce. MeT Initiative – MeT is the voice of mobile phone manufacturers. Financial institutions and operators may require manufacturers to include excessive and proprietary features in mobile phones – MeT counteracts this by proposing a reasonable set of standardized services, which enable mobile commerce applications. MeT focuses on mobile phones, defining the minimum set of additional functionality that may enable the maximum application area, while preserving the best usability. Nokia has a strong presence in MeT. Mobile Payment Forum – The Forum was launched late 2001 by the four major payment organizations, American Express, JCB Co., Ltd., MasterCard International and Visa International. It currently has approximately 50 members representing the mobile, technology and financial industry, with a strong presence from mobile operators. The main focus of the MPF is to enable mobile commerce by evaluating and improving payment methods based on existing card relationships. The Mobile

Payment Forum complements the work of other industry consortia and has endorsed several MeT specifications. The mission of Nokia in MPF is to identify and promote solutions that are of business value to operators while preserving terminal value. MoBey Forum works as a consolidated voice of the financial industry regarding mobile commerce and other financial services and acts as a forum where needs can be expressed and requirements can be discussed. In addition, the forum promotes mobile commerce to financial institutions. Nokia representation is strong at the management level and within the Business Workgroup. It is expected that the main outcome from the Forum will be the continuous discussion that will shape the acceptable requirements. Further, Nokia is using MoBey to try out new solutions for mobile commerce. Java Community Process – The JCP is an open organization to develop components of the Java platform and to offer suggestions for improving and growing the technology. The terminal-side mobile commerce is addressed currently by JSR120 (Wireless Messaging API) and JSR177 (Security and Trust Services API for J2ME). JSR120 can be used for payments using premium rate SMS. JSR177 effectively defines the

signing/authentication API and the smart card access API. Currently Nokia is looking to start a new JSR to define Java payment API. OMA – Open Mobile Alliance is chartered to deliver the open architecture for mobile services. The m-commerce workgroup was created in late 2002 to analyze the gap in the global m-commerce landscape. It is uncertain what the next charter of the group will be. The main driver has been the standardization of operators’ back-office payment interface for web services. IrDA – The goal of IrDA is to develop and promote infrared communications for use in the local environment. IrDA has successfully developed several standards, which are widely used. Bluetooth SIG is developing the Bluetooth short-range radio communication standard. Current work concentrates on development of release 2 of the standard, which will address several usability issues. The SRFT group within Bluetooth SIG has been specifying requirements for the effective use of Bluetooth for mobile commerce. SRFT has no plans to define an alternative payment system. It is believed that the second release of the Bluetooth radio specification will enable the use of Bluetooth for financial transactions. However, Bluetooth will remain as the communication channel rather than the mobile transaction standard.

13

White Paper

Expected market development and trends A major trend among mobile terminals is that they can handle more and more applications and new types of content, which is a clear expansion on current ringing tone and logo sales. Symbian OS and Java are opening up new possibilities for application developers and the user can easily configure and personalize the functionality of the terminal to match his needs. Third parties can also implement the applications. A healthy content and service providers’ business requires convenient, secure, versatile and cost-effective transaction capabilities. There are increasing opportunities to leverage SMS, due to its convenience and users’ continuing trust in system. In addition, a standard micro-payment system will create new business models, such as paying for smaller features or local add-on services to general, more expensive ones, enabling a consumption model instead of one based on subscription. Operators also see an opportunity in local transactions to

reduce fraud by leveraging their authentication capabilities. However, reducing fraud vs. merchant cost would require additions to the payment back-end. An increasing focus on stored value is making micro-payments more economical for merchants. Now Visa and MasterCard have launched their 3D secure model, shifting global liability from the merchant to the issuer. Therefore, there is an opportunity for a convenient, secure and merchant friendly authenticated payment method to become the de facto standard for mobile payments. Remote (macro) payment is expected to produce the lowest number of transactions. However, it is playing a key role by enabling for example micropayment account top-up, purchasing higher value (over 5€) digital content and enabling remote payment and local usage habits. Ticketing is expected to gain in popularity among mobile commerce applications and is seen as a

concrete and easily identifiable benefit for the user. The necessary enabler for ticketing will be remote payment. Merchants will be in a key position in the development of mobile commerce. This new concept must be sold to them, since they need to invest to update their current point of sales (POS) terminals. It’s not realistic to expect merchants to make radical changes to their existing payment systems overnight, so a smooth addition to an existing payment settlement backbone is a must. The key drivers from a merchant’s point of view are fast throughput time, costeffectiveness, customer satisfaction and higher customer loyalty. By speeding up the payment process, merchants may decrease their operational costs and potentially increase sales. Fast and convenient payment methods also favour users in this hectic world. Moreover, a mobile terminal’s messaging capabilities provide many opportunities for customer relationship management.

Summary Today, a considerable proportion of mobile commerce consists of the purchase of different types of digital content that in most cases is used in the mobile phone. Symbian OS and Java technology offer new possibilities for application developers, while users are able to easily configure and personalize the functionality of the mobile device to match their needs and preferences. Consumers increasingly personalize their mobile phones with ring tones, screen savers, and wallpapers. Games, downloadable phone applications, as well as music and video clips are also growing in popularity. Once people become more familiar with buying digital content and services with their mobile devices, they will then more easily adopt the mobile payment mechanism for physical goods and local transactions as well.

14

As stated, currently digital content is the only relevant form of mobile commerce and based on their billing relationships, operators continue to dominate micropayments. Mobile ticketing in public transportation is becoming a spearhead for mobile commerce, with event ticketing to follow. Technically, the aim is to have a smooth adaptation to the existing and coming payment and ticketing systems. A recent step forward in the field of mobile commerce has been the adaptation of the 3D Secure Internet payment model (Verified by Visa) to the mobile environment. Here, both the merchant and consumer are authenticated and can rely on the transaction to be handled properly. With the aid of new and improved Wallet applications and the SSL

connection for ensuring end-to-end security in Nokia phones, these transactions can easily be conducted over the mobile channel, extending mobile commerce possibilities from the currently dominant digital content, e.g. ringing tone and operator logo selling, to more diverse choices. For mobile commerce to really take off, it must build on established habits, practices, and infrastructure, and then add specific mobility value. The added value can be, for instance, instant access and delivery, flexibility, convenience, personalization, location awareness, or better customer service. The key drivers in the adoption of mobile commerce services are ease-of-use and convenience, keeping the issue of security in mind. Applications and services that are too complex and time-

White Paper

consuming discourage consumers from “going mobile.” The challenge is to implement a secure payment scheme so that it remains convenient and simple to use. Nokia’s main interest in the field of mobile commerce is to deliver world-class terminals that offer the level of security and trust demanded by the consumers and service providers now and, thanks to incremental improvements, in the future as well. Nokia’s role as mobile terminal manufacturer is to provide a technological ecosystem, which improves the user experience in all mobile applications, and, very importantly, in mobile commerce.

Glossary 3D API DRM ECML EGPRS HTTP IrDA MeT MoBey NFC OMA OS PIN POS RF RFID SRFT SSL SW TLS WAP WSSC WIM WTLS XHTML

Three-domain payment model Application Programming Interface Digital Rights Management Electronic Commerce Modeling Language Enhanced General Packet Radio Service Hypertext Transfer Protocol Infra Red Data Association Mobile Electronic Transactions MoBey Forum Near Field Communication, two-way RF contact less technology Open Mobile Alliance Operating System Personal Identification Number Point of Sales Radio Frequency Radio Frequency IDentification Bluetooth SIG Short Range Financial Transaction Study Group Secure Socket Layer Software Transport Layer Security Wireless Application Protocol Wireless Cascading Style Sheets Wireless Identity Module Wireless Transport Layer Security Extended Hypertext Markup Language

The contents of this document are copyright © 2004 Nokia. All rights reserved. A license is hereby granted to download and print a copy of this document for personal use only. No other license to any other intellectual property rights is granted herein. Unless expressly permitted herein, reproduction, transfer, distribution or storage of part or all of the contents in any form without the prior written permission of Nokia is prohibited. The content of this document is provided “as is”, without warranties of any kind with regards its accuracy or reliability, and specifically excluding all implied warranties, for example of merchantability, fitness for purpose, title and non-infringement. In no event shall Nokia be liable for any special, indirect or consequential damages, or any damages whatsoever resulting form loss of use, data or profits, arising out of or in connection with the use of the document. Nokia reserves the right to revise the document or withdraw it at any time without prior notice. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation. Nokia product names are either trademarks or registered trademarks of Nokia. Other product and company names mentioned herein may be trademarks or trade names of their respective owners.

15

NOKIA CORPORATION Nokia Mobile Phones P.O. Box 100 FIN-00045 NOKIA GROUP, Finland Phone: +358 (0) 7180 08000 www.nokia.com

0104 Indivisual Copyright © 2004 Nokia. All rights reserved. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners. Products are subject to change without notice.