Wireless Payment Systems
Mobile Workshop - WWW9
Amsterdam, 14May 2000
Through mobile Internet services, wireless operators and application service providers will soon offer subscribers the FIRST Wave of access to Internet and corporate intranet-based services including email, contacts, and voice mail, and to information such as travel, news, stocks, weather, and sports through their WAP-enabled mobile devices. Consumer and business users will therefore have virtually anytime, anywhere access to up-to-the-minute information. On the forefront of the First Wave, will be several special wireless solutions to act on that information. Including - wireless banking (Montreal Bank), stock trading (Charles Schwab), and shopping assistants (barpoint.com, pricewatch ).
The Second Wave will be global wireless access to ubiquitous any media (voice, data, video) mobile services from /to wherever you many be (Home, offices, hotels, airports, in the air, or at the beach) and for any device (cellphones, PDAs, Internet aware appliances, ATMs, POS devices, Kiosk, PCs, Laptops, etc). This will all be enabled with technologies like Bluetooth, WAP, DSL, and cable modems that integrate seamlessly, Personal Area Networks (PAN) and devices with long distance high-bandwidth wired/wireless internet and public telephone network access.
Wireless killer apps of the Second Wave will include services like voice/data integration, trusted electronic payments between devices, mobile shopping, and full service banking. Considering the environment of a Bluetooth home-office PAN (as in figure 1), one can envision the need to freely transfer data from one device to another. Such as displaying faxes, email, or web pages received on the cell-phone on the TV and then responding on a Bluetooth aware keyboard or from a VOX device embedded in the cellphone. This will increase the need to re-purpose data and information that here-to-fore transverse only proprietary and protected interfaces to public formats (XML, WML, DTD ) so that the information maybe readily understood and routed as needed.
In moving the PAN to a more public setting like a department store, Food market, or an airport (as in figure 2), many new exciting and convenient Mobile Commerce Services including wireless payment transactions become possible. You may soon be able to arrive at an airport without adequate funds and then quickly pay your cab fare with a wireless transaction between yours and the drivers cellphones (most US cabbies now have cellphones). Or convert stored e-cash to international currencies. You will also be able to withdraw e-cash from your ATM, or pay for your goods at the checkout using your Bluetooth capable cellphone, exchange coupons, and receive an e-receipt to later download.
However, the implementation of secure wireless transactions in the easily spoofed open air PAN that connects everything and everybody to anything and anyone else has several interesting challenges including:
Link Security (Bluetooth option)
User authentication (Bluetooth provides device authentication)
Common secure transaction formats
Common transaction processing (e.g. OBI, OTP)
Compatible mobile services
Authorize transactions and authenticate customers (with/without a financial institution involved)
One of the key enablers here has to be reaching agreement on general-purpose wireless e-debit/e-credit transactions and data formats and then making those publicly available. These should be based on XML and WML to maximize interoperability.
There are many ways to overcome the user authentication roadblocks and provide the necessary interoperability using exiting standards as a basis (WAP, WML, SyncML, PKI ). However, something simpler than Digital Certificates is needed. Perhaps one could use a combination of stored financial data (credit card data) and the Caller ID service of the service operator to Identify and authenticate the registered owner of the device. Im looking forward to exploring these and other solutions in the Mobile Workshop at www9.
West Columbia, SC 29170