On the one hand, everyone's getting excited about mobile payments. The credit card companies and mobile companies are working together on it, and lots of surveys show that people like the idea (here, here and here, to name a few).
On the other hand, it's slow in coming. Technology providers are downscaling their forecasts for NFC-enabled phones, insiders think it will take a while to build the necessary infrastructure, and some NFC-powered phones (from Nokia) won't be able to make secure payments. And many users are nervous: they want service from companies they trust, and as much as they want to make fast payments, they're not sure about putting their credit card numbers into their phones.
But Grizzly Analytics predicts that mobile payments, at least in the short term, is about to be scooped up by PayPal and Amazon.
Standard NFC payments work very hard to be safe and secure. This includes having a Secure Chip on the phone that stores private information safety (encrypted) and a secure protocol that uses NFC communication to transmit that information 10cm or so from the phone to the store's register. It sounds easy, but to do it safely and securely is taking a lot of work.
It also involves a lot of companies. The transaction is between the customer and the store, but in between there's a phone manufacturer, a cellphone operator, a cash register maker, a credit card company, and some banks, all of which need to work together (or follow the same standard) and all of which would love their own small percentage of each transaction.
PayPal's new approach to NFC payments is much simpler, based on the phone's Internet connection and PayPal's Internet payment infrastructure. One side (a phone or presumably a cash register or computer) requests money, NFC is used to exchange PayPal ID's (e-mail addresses), the payer enters their PayPal password to make the payment, and PayPal's infrastructure takes it from there.
Why is this better? Well, first of all, there's no need for an NFC Secure Chip. The critical information is all held by PalPal (who already has it), and the phone just has the e-mail address and, when needed, the user enters their PayPal password. Second, if the NFC transmission is intercepted, it's worthless, since the payer will only enter their PayPal password once, and presumably knows not to confirm a payment to firstname.lastname@example.org. Third, users don't have to trust their phones with their credit card numbers. Fourth, all the infrastructure is already in place.
What's more, this approach doesn't really need NFC. The exact same thing could be achieved with a QR code, where the phone would scan the QR code to get the PayPal ID to which money should be sent. Or the cash register could request the PayPal ID over Bluetooth. Or the cashier could tell the phone user to send $10 to email@example.com. Or any of many other methods could be used to initiate the payment, since once it's initiated, PayPal takes it from there.
This could even work on phones with limited NFC capabilities. It's no problem if Nokia phones don't have the Secure Chip, since this approach doesn't use it. It's not even a problem if your phone can only do an NFC read and not an NFC write, since that's enough to receive the payment request.
But the plot thickens.
Along comes Amazon and says that they're working on system for mobile payments at stores, based on their own payment infrastructure. Amazon is another company that already has credit card information for millions of people, and a system for payments that everyone trusts. They, like PayPal, have the infrastructure in place to enable people on Internet-connected phones to make payments to stores or any other recipient.
If PayPal and Amazon move fast enough, they can get their systems into stores with very little work by the stores, while the rest of the payments folks are sitting around getting their trusted service managers and single wire protocols in place. We're betting that they're hurring at this right now, and will have it deployed by the end of the calendar year.
Of course, there are others that have this infrastructure for this as well. Apple has iTunes accounts, Google has Google Wallet accounts, and others also have your payment info and infrastructure. But PayPal and Amazon are the trusted names in the area, and have the most secure and trusted infrastructure.
So what do you think? Would you sooner trust a partnership of a dozen financial and cellular companies, or PayPal? If you're a store, do you want to put in fancy new systems for NFC secure payments, or take payments at the register through PayPal?
Of course, there are advantages of the classic NFC payment approach that Isis and others are taking. It'll work for people without on-line payment accounts, and it'll work without cellular Internet (if you're traveling, or without reception). But pretty soon the classic payment companies will be playing catch-up.
Further analysis was in the Grizzly Analytics monthly report of August 1, 2011. Interested in hearing more? Contact us at firstname.lastname@example.org or +1-908-827-1580.