Managing mobile wallets

As contactless ecosystems further develop and mature, we look at the mobile wallet and its role as an enabler of mobile payments

Creating ease, convenience and trust for end-customers (payers/consumers and beneficiaries/merchants) is regarded as critical for the further development of mobile payments. Since a mobile wallet may be regarded as a key tool to address these challenges, it can be regarded as an enabler for mobile payments.

Today, mobile wallets are in their early stages of development. No one in the payment ecosystem knows exactly how the mobile wallet marketplace will evolve in the coming years. But the offering of additional mobile services (such as ticketing, loyalty, couponing, etc…) next to financial services appears to be important drivers for the value proposition.

In addition, to enable a cost-effective approach for all stakeholders involved in the mobile wallet payments ecosystem, a number of key challenges remain to be addressed in the future regarding this topic:

• harmonization of user interfaces to enable a consistent user experience;

• co-existence of payment with other mobile services in a mobile wallet;

• co-existence of multiple mobile wallets on or accessed through a single mobile device;

• linkage of mobile wallets in the payer’s space with merchant wallets;

• interoperability of mobile wallet interfaces;

• execution of proximity payments with remote mobile wallets;

• alignment of mobile wallet security aspects (including authentication) with existing and forthcoming requirements for mobile payments2 related to mobile wallet interfaces and infrastructure;

• coordination amongst various industry initiatives on mobile wallets.

Digital wallet

Similar to the physical world, a ‘digital wallet’ acts as a digital organiser10 and typically contains identification information on the wallet holder, on payments instruments accessible to the wallet holder and optionally personal information items belonging to the holder (e.g., pictures, documents, etc.). This may include information related to eIDs, digital signatures and certificates, logon information and billing and delivery addresses as well as payment instrument related information such as SCT and SDD products and payment cards (prepaid/purse, debit, credit). Furthermore it may also include other applications such as loyalty, transport or ticketing.

A digital wallet is based on technical infrastructures (hardware and software) allowing the secure storage, processing and communication of the information described above provided by the wallet holder, the wallet issuer and the application/service providers. There exists a wide variety of different implementations for these infrastructures ranging from full implementation in the equipment of the wallet holder to remote implementations (as a remote wallet in a ‘Software as a Service’) accessed through the wallet holder’s equipment.

Mobile wallets are digital wallets which are accessed through a mobile device (e.g., mobile phone, tablet, etc….). It is a service allowing the wallet holder to access, manage and use mobile payment services, possibly, next to non-payment applications. This service may reside on a mobile device owned by the consumer (i.e. the holder of the wallet) or may be remotely hosted on a secured server (or a combination thereof) or on a merchant website. Typically, the so-called mobile wallet issuer provides the wallet functionalities but the usage of the mobile wallet is under the control of the consumer.

Although different mobile wallets have been launched in the market in recent years, they are still in their early stages of development. However, a variety of services are already offered to customers. Where originally the penetration of mobile wallets was more focused on coupon deployment and loyalty management, more recently, the mobile wallet presents diverse capabilities extending well beyond these services such as the management of mobile financial services including mobile banking and payment opportunities.

In addition, mobile wallets may facilitate the set-up of value added services for service providers or merchants. As an example of such a value-added service, a merchant may make a special offer to customers who are in the vicinity of its outlet. Another example is the pop-up of the entrance ticket on the mobile device screen when approaching a movie theatre.

Appropriate technical and security requirements will need to be fulfilled by mobile wallets in order to support payment services. In addition, ownership of and responsibilities for the mobile wallet need to be clarified and will be implementation dependent. One or multiple mobile wallets may coexist and be accessed through a mobile device; hereby each mobile wallet may contain one or multiple applications/services.

Financial services 

The mobile wallet may facilitate the payment initiation phase for the consumer/payer by supporting the selection of the payment instrument as well as the authentication process. Mobile wallets may support a variety of payment instruments with different authentication methods, including mobile proximity and remote payments. This may offer opportunities for both consumers and merchants if they understand in terms of security and convenience (such as using a mobile wallet for in-store remote payments). Optionally, a passcode could be used to open the mobile wallet (see section 6.3 for more details). The table illustrates how the payment use-cases can be implemented using the existing SEPA instruments.

Depending on the payment services supported, the mobile wallet application can be very simple, when designed to manage information related to a single payment instrument, or, more complex, when different payment instruments are involved. However, in any case, it allows the wallet holder (consumer/payer) to select, at any given time, the payment instrument he/she wants to use for a particular transaction.

In addition, it is desirable that the mobile wallet will enable the consumer/payer to: define a default payment instrument – one for all or even better, one for every type of payment situation (e.g., prepaid card X for contactless payments, SCT of bank Y for C2B remote payments, credit card Z for C2C remote payments, …); or prioritize one mobile payment service over another, for example by selecting the payment card to be active.

High level principles 

Conceptually, a mobile wallet may be provided by a PSP that issues a single or multiple payment instruments with the only aim being to manage these payment instruments13. Alternatively, the mobile wallet may be provided by a mobile wallet issuer or a trusted third party (TTP) acting on its behalf, and designed to manage payment instruments issued by multiple PSPs.

It would be desirable that mobile wallet issuers ensure their mobile wallets follow some basic principles in support of mobile payment services based on SEPA instruments such as:

1. consumers/payers should be able to use their mobile wallet(s) to make mobile payments throughout SEPA, regardless of the original country where the mobile wallet was issued and where the SEPA mobile payment services were subscribed to;

2. the usage of a mobile wallet should not impact the security of the underlying payment instrument including the protection of personal data;

3. a mobile wallet should be able to support the easy recognition and selection by the consumer/payer of any mobile payment service defined by a PSP, including brands & logos, payment scheme brands, payment instrument, etc. as appropriate;

4. all PSP’s proprietary personalisation data related to a customer for a mobile payment service (e.g., IBAN, PAN…) accessed through a mobile wallet in the course of mobile payments, should remain under the management of the payer’s PSP;

5. a mobile wallet should enable mobile payment services by including core functionalities such as (but not limited to) selection and initiation of a mobile payment, life cycle management of credentials and payment/authentication applications (installation, update, activation, deactivation, cancellation, etc.);

6. mobile wallets should ensure a high availability of their services as expected by their holders.

Ecosystem 

The ecosystem for mobile wallet payments includes a variety of aspects such as the different stakeholders, their business models, the technical infrastructure and security measures and the legal framework. Since mobile wallets are dynamic and fast-developing, there is a potential for existing stakeholders in mobile payments to take on additional roles and/or for new players to enter the market. These new stakeholders may come from different backgrounds with a variety of motivations to offer robust, competitive and effective mobile wallet services for consumers. The following stakeholders in the mobile payments ecosystem also take part in the mobile wallet payments ecosystem.

The consumer/payer is a natural person who makes the mobile payment; he/she owns a SEPA payment account or a SEPA compliant card, a mobile device and contractual relationships with a network operator (an MNO and/or an ISP) for mobile services; the consumer experience will be driven by convenience, cost and the offerings from the other stakeholders in the ecosystem. The consumer may control which mobile wallet he/she wants to use, and which content he/she wants in his/her mobile wallet by making the necessary arrangements with the mobile wallet issuer and mobile (payment) service providers.

The beneficiary owns a SEPA payment account or, where relevant, a SEPA compliant card. In the case where the beneficiary is a merchant, the beneficiary is the acceptor of payments for goods or services purchased by the consumer/payer. A mobile wallet can offer a new way to interact with its customers. An added incentive may also come in the shape of the mobile wallet being an effective way to establish brand exposure and closer customer relationships by offering loyalty incentives, discounts and other marketing offers. In the case where the beneficiary is a private customer/small business, there may be situations where it is very convenient for the beneficiary to own a mobile device in order to receive value added services like notifications.

The PSP offers SEPA payment services compliant with regulatory/security requirements. As a service provider that handles its customers’ financial services through various channels, a PSP may aspire to take on a new role in mobile wallet services and position its brand in this new financial environment.

Consumers

The network operator, an MNO and/or an ISP, is responsible for securely routing messages, operating the mobile and/or the internet network. Furthermore, an MNO has the capability to put the mobile wallet and mobile payment/authentication applications onto the consumer’s mobile devices/UICC.

The payment system functions are both provided by a payment scheme based on a SEPA payment instrument and a clearing and settlement mechanism (CSM). In the case where a dedicated payment application (MCP or MRP application), authentication application or credentials on the mobile device is/are involved, the mobile payment service issuer is the PSP responsible for provisioning the application or the credentials to the consumer/payer. The application or credentials is/are stored in a secure environment. This is typically in a Secure Element (SE) on the mobile device or on a remote Secured Server. This implies the involvement of additional stakeholders such as the SE issuer (see [1]). Optionally, the mobile payment service issuer may also use a so-called Trusted Service Manager (TSM) for the life cycle management of the application.

The Trusted Service Manager (TSM) is a TTP acting on behalf of the SE issuers and/or the mobile payment service issuers to facilitate an open ecosystem. Mobile payment service issuers, TSMs and SE issuers collaborate to perform the provisioning and management of the application(s) and/or credentials.

An optional TTP that operates an infrastructure that could facilitate increased convenience and/or trust for the parties involved (e.g., a common infrastructure when an alias is used for remote payments. A payment gateway provider is a TTP that facilitates the transfer of information between the payment portal (such as a website or mobile device) and the beneficiary’s PSP. This service can be operated directly by the PSP.

Additional stakeholders include for example manufacturers, application developers, mobile device manufacturers/vendors and organizations performing infrastructure evaluation/certification.

Wallet models 

It is assumed here that consumers/payers will perform mobile payment services via a mobile wallet accessed through a mobile device. Depending on the type of mobile payment services covered and on the mobile wallet issuer, different mobile wallet models may be identified. Because of the variety of influencing factors ranging from pure business to more technical aspects, a categorization of these models proves to be challenging. These main factors may include among others: the variety of mobile services covered, such as proximity or remote payment products from one or multiple PSPs, non-payment services, etc.; the mobile wallet issuer (e.g., an independent TTP or a mobile (payment) service issuer); and the location of the mobile wallet.

However, it is possible to distinguish a few trends appearing in the market today:

• vertical versus horizontal mobile wallets

• mobile wallet in the payer’s space versus mobile wallet in the beneficiary’s space

• mobile wallet located in the mobile device versus a remote Secured Server (also sometimes referred to as ‘in the cloud’), or a combination thereof.

by EPC Secretariat, European Payments Council