Corporate risk prevention consultancy and analyst UKFraud earlier released research warning of a “cocktail of emerging risks” as a consequence of rapid growth in the global mobile payments market. A recently released interim report findings are as follows:
- The marketplace and market activities continue to be exceptionally fast-moving as regular announcements from many parties herald major changes in available offerings, applications and technologies. These are becoming increasingly complex in a crowded market. New entities join the melee all the time, trying to stake their claim and demonstrate their role in the mobile payments processs
- Few of the companies or stakeholders appearing in any one part of the market have a comprehensive view of the whole market (e.g. web developers trying to become payment gateways).
- People think, write and discuss this market only in the relative terms of today”s marketplace and as such they are generally constrained by traditional payment models. This ensures that what they write is often out of date reasonably quickly.
- Nomenclature is a problem. When industry pundits and stakeholders talk about “mobile wallets”, this can mean many things to different people. Areas can include: Web applications and in particular web-payments, Near Field Communications, online banking services and device loaded payment solutions. However, the term also encompasses “ticket” repositories, loyalty voucher storage, password vaults, club membership passes and password encryption.
- The definition of a “wallet” is likely to change too. Initially, stakeholders have thought about a “wallet” solely as a money repository. We should think about it more as somewhere where we put all those other personal items like tickets, coupons, vouchers, payment details and log-on credentials. The market should be talking not about electronic wallets but about the new “bigger thinking” i.e. caring about our “handbag” or “briefcase”, which might also contain other essential possessions, e.g. a wallet, ticketholder and list of passwords as well as a wide assortment of the other things that we collect and store there.
- Technology advances and tech start-up innovations have led to a surge of many innovative products and services for consumers to keep abreast of and surveys show that people are confused. So how do these things all work, and how can they be integrated? Innovation and advances are positive and people are ever-chasing”first-mover advantage” – without the tools to deliver sustainable and secure solutions.But this means that many will fail. They will not meet the challenges of scale, or develop a critical mass in terms of profitability or market presence. Most will be at risk of major fraud attacks as they grow. The legal or other losses could be overbearing once they start to attract the attention of criminals, regulators and other parties that raise the need for payment system compliance enforcement.
- Noting the element of competition that exists and despite the flurry of activity to date, there still appears to be a distinct lack of broader collaboration, coordination and vision for where the market is or will be going.
- Conversely, larger organisations and participants may have the market and brand presence, the necessary infrastructure and technology platforms, etc., but they suffer from the constraints of their own size and governance. Such players are typically more deliberate and laboured in their innovation development process. Where they are large payment organisations, for example, they often have a reputation to protect and secure infrastructure to maintain, upon which their reputation is founded.They are typically more aware of risk management concerns plus the implications of regulatory input and feedback on their proposition. Consequently, these participants are unable to move as fast as they would like or as others would expect
- So, for both existing and for new participants in this market, as well as competing, they also need to think about how their product fits into the wider market and customer needs. Whilst speed to market is important, they need to achieve this with a robust, secure, future-proofed product or service. This should use today”s technology but that which is both business-proof, and commercially viable. This is difficult for any one organisation to achieve in isolation of others. The answer lies in collaboration and also in setting appropriate shared standards and governance.
- Authentication of an “extended” identity, including that of devices, will be one of the single most important factors in the evolution of solutions, products and the global direction of standards.
Kevin Smith, Chair of UKFraud”s Mobile Payments & Wallet SIG reports on the state of evolution taking place in the marketplace and key findings. In his view, “There needs to be room for innovation and competition in payment systems, to ensure that the evolution of these new technologies and business-models is combined in “life-managing” value-add solutions. To be truly effective, this requires sector wide collaboration.
“The technologies, applications and solutions consist of many more components than suppliers can handle; and the solutions that are being evolved often miss the security and risk infrastructures required. Particular areas of weakness include: AML checks on identities and refer-listings, controls over and monitoring of hardware validation and the business being undertaken. Security of the software and the data transmitted is another area that requires greater focus. As the market is growing so rapidly the SIG is concerned that controls and proper infrastructure is often inadequate.”
The SIG sees the on-going challenge as putting in place the basics of proper checking, standards procedures, processes and highlighting the infrastructures needed. It also sees a requirement for setting base security thinking in place; to prevent the inevitable “crash”or a series of likely expensive regressions. This will prevent:
- Different systems, standards and “languages” that evolve needing to be merged
- Big losses from criminal attacks
- Abuse of systems for illegal and disreputable activity
- Major failings of all of those parties who invest in the “wrong direction”
- Adverse brand damage for key participants and stakeholders.
Commenting on the findings Bill Trueman CEO of UKFraud commented; “Every boardroom is confused about where this market is going and how to act and direct its efforts. This is because it is so clear that this will be the global future for consumers and suppliers. The big challenge is how to be successful as the landscape changes globally.
“Companies of all sizes face concerns. Many major corporates with strong security and infrastructure are worried that they can”t adapt to the future just as the thousands of smaller entities are trying to “create a solution or market” with only a small piece of the jig-saw and none of the infrastructure or security or standards based upon interoperability required.
“There is no crystal ball for anyone to rely upon and there is still a tremendous amount of bravado with people developing new and “sexy” solutions that will probably not work. Typically there are the 90% that will fail and the 10% that might be successful. The simple truth, from the SIG”s findings, is therefore that those that collaborate will be better positioned for success.”