See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/286591937

M-Payment systems: Technologies and business models

Conference Paper · November 2014

DOI: 10.1109/EMTC.2014.6996626

CITATIONS READS

3 946

2 authors, including:

Alessandro Vizzarri
University of Rome Tor Vergata
14 PUBLICATIONS   42 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

QoS-QoE estimation for 4G-5G wireless networks View project

All content following this page was uploaded by Alessandro Vizzarri on 13 August 2016.

The user has requested enhancement of the downloaded file.

 m-Payment Systems:
technologies and business models
Alessandro Vizzarri
Department of Enterprise Engineering
University of Rome Tor Vergata
Rome, Italy
alessandro.vizzarri@uniroma2.it
Abstract — In only a few ten years payment systems have
undergone an incredible evolution passing from a physical
transfer of cash to transactions exchanging money as digital data.
Mobile Payment (m-payment) refers to one type of electronic
payment, performed through mobile devices, such as mobile
phones, smartphones, and tablets. To ensure trust and avoid
frauds severe security requirements must be imposed. In
addition, interoperability and privacy requirements, as well as
speed of execution and ease-of-use are mandatory requirements,
too. Several technical solutions have been proposed, associated to
generally incompatible business models. From the end-users
point of view, the result of a m-payment transaction is just one
transfer of money from customer to merchant. However, to get
this simple result, m-payments use a plethora of sophisticated
technologies, including SMS, NFC, high-frequency sound waves,
software apps. The heterogeneity of m-payment systems and
economic models is an important challenge for their diffusion in
the next years. Having described the main requirements,
technical characteristics and different business models of
m-payment, this paper underlines relationship of technological
and business approach to m-payment systems.
Keywords: Mobile payment, NFC, Business models, Secure
Element, Virtual money. m-payment platforms.
1. Introduction
Payment systems have undergone an incredible evolution, in
only a few ten years, passing from a physical transfer of cash
for goods or services to transactions exchanging money as
digital data. Electronic Payment (e-payment) refers to any type
of electronic transaction, operated under financial regulation,
involving funds transfer from a buyer to a seller of goods or
services, completed through the Internet, or, more generally,
over an electronic network. More, specifically, the term
Mobile Payment (m-payment) refers to one type of e-payment,
performed through mobile device(s) (such as mobile phones,
smartphones, pads, tablets, etc.) for payments or money
transfers.
In modern m-payment systems the number of involved players
is increasing. In fact, from the traditional “buyer-seller”
exchange we passed already to more complex transaction
models, including also network providers, finance companies
for money transactions management, generally a credit card or
Francesco Vatalaro
Department of Enterprise Engineering
University of Rome Tor Vergata
Rome, Italy
vatalaro@uniroma2.it
debit card issuing company and/or other institutions operating
inside Internet (e.g., Paypal).
Severe security requirements must be imposed, in order to
ensure trust and avoid frauds, as well as interoperability and
privacy requirements. In addition, in this m-payment
environment speed of execution and ease-of-use are
mandatory requirements, too.
In the context of new payment systems, mobile payment is
still one essentially unsolved challenge. Several technical
solutions have been proposed, more or less tightened to
various incompatible business models still competing among
them. However, no one of this multitude of combined
technical-business solutions emerged on the market as the
winning choice, yet.
1.1 Taxonomy
From the end-users point of view (i.e. buyer and seller), the
result of a Mobile Payment transaction is simply one transfer
of money between the customer and the merchant, i.e. it is
very similar to the traditional payment. However, to get this
simple result, Mobile Payments use one or more sophisticated
technologies, including SMS, Near Field Communication
(NFC), Interactive Voice Response (IVR), Unstructured
Supplementary Service Data (USSD), Drop Call, Software
Development Kit (SDK) libraries, WAP protocols, i-mode
protocols, Wi-Fi, and JAVA applications. While the systems
that provide the possibility to carry out m-payments are
expanding, one main goal of many operators is to make these
forms of payment systems natural and intuitive for a daily use.
We can provide a simple taxonomy for mobile payments
(Fig. 1).
Fig. 1: Taxonomy of Mobile Payments.
M-payments can be divided into three main groups:
• Pay online: the user can pay for one good or service via
the Internet;
• Pay in store: the user can pay via mobile terminal for one
good or service while in the store;
• Money transfer: the user can pay for a good or service, or
deliver a sum, using this modality to exchange e-money.
The pay online modality can manifest itself as:
• E-commerce, using all kind of electronic devices except
portable ones (mobile phone, smartphone,…);
• M-commerce, using mobile phone or smartphone, it may
have two operating modalities:
o Mobile web, using the HTTP protocol the user can
browse the Internet page of merchant, OTT (over-
the-top) or financial institution;
o Mob Apps, the user can use pre-installed software
apps to choose goods or services, and then proceed
with purchases or other economic transactions.
The rest of this paper is organized as follows. In Section 2 we
introduce m-payment system terminal architecture, some main
system characteristics, and classification of services. In
Section 3, first we introduce the main procedures for mobile
payments, then we deal with m-payment business models and
discuss drivers, as well as some main delaying effects. Having
realized that fragmentation of systems and business models
are one main reason for the delay, in Section 4 we propose a
concept for an m-payments Management Entity. Finally,
Section 5 provides our main conclusions.
1.2 Classification
The main criteria for classifying systems of mobile payment
cover the following aspects:
• type of involvement of the mobile operator, MNO (Mobile
Network Operator), which can be on-line or off-line;
• distance of the mobile terminal which can be used to pay
remotely or in the vicinity;
• amount of the transaction between the buyer and the seller;
• credit management via software or via hardware.
On line/off line payments
Payments in off-line mode do not rely on a third party during
the transaction between buyer and seller and the exchange of
data takes place directly between the devices and the payer
paid. This avoids the need to connect the device to the payer
and the amount paid to other entities, thus simplifying the
management of security and encryption procedures. On the
other hand, this method requires that the payer's mobile phone
contains an electronic purse (electronic wallet) to be loaded in
advance to be able to execute the transaction.
Usage of off-line transactions is made of a suitable protocol
that involves the use of digital coupons (digital voucher) and
cryptographic methods. The Protocol establishes the rules for
the secure exchange of information between two devices
necessary for a transaction of money in off-line mode based
on voucher allows you to manage two different situations:
• payment for the purchase of property by bringing the phone
to a reader enabled;
• transfer of money from one user to another, bringing the
phone to that of the payer paid.
Mobile phones with integrated NFC device include an element
of security hardware, called Secure Element (SE). Currently
the SE consists of a form chip placed inside the smartphone,
but the goal is to integrate it in the future in the SIM-card user.
The SE can accept new software only from a TSM (Trusted
Services Manager) who possesses the private key to
authenticate itself to the SE. [15]
To use the system off-line payment via NFC, the user must
install on their mobile phone software consists of two parts: a
midlet, which is managed by the operating system for your
phone, and an applet, which is instead handled by the SE. The
protocol makes use of a public key infrastructure, PKI (Public
Key Infrastructure), based on the X.509 standard to create
secure channels for both payments by voucher, the voucher is
to exchange between two users. The PKI allows the
verification of the signature and the original voucher in order
to prevent the creation of fake vouchers. The protocol makes
use of a one-way hash algorithm, in particular the algorithm
called Secure Hash Algorithm-1 (SHA-1), which produces as
output a message digest (digest) of the fixed length of 160
bits. This protocol supports the use of asymmetric
cryptographic algorithm RSA (Rivest-Shamir-Adleman)
algorithm and symmetric-key triple DES, 3DES (Triple Data
Encryption Standard). [16]
Since applications for off-line payment not involve the use of
a central server capable of tracking and verification of
transactions, their development requires particular attention to
the safety of data transferred, mainly to protect them from the
risk of counterfeiting or unauthorized copying of digital
vouchers. In this regard, it is designed a series of message
exchanges between the parties involved.
Payments in on-line mode, by contrast, involve connecting
devices payer and paid with other entities, first of all the
mobile radio operator and the companies that authorize the
transaction in cash, and then check the status of the payment
process . Compared to an off-line system, a payment system in
online mode frees the user from the need to have in your cell
phone a credit to be used for payments, since it can be
accessed via the web bank account and use the phone as if it
were a real credit card. In the following we will describe two
protocols for mobile payments in on-line mode.
Remote / proximity payments
The mobile payments from remote, RMP (Remote Mobile
Payment), include the payments made through a mobile
device, in which the distance between the terminals is
irrelevant, but which need to rule the connection with the
mobile operator. These types of payments are based on the use
of the web browser or SMS. A practical example of the RMP
is the purchase by a user of a software application (App) for
your smartphone. These payments remotely can be
implemented using the existing infrastructure for payments
using payment systems or closed-loop (ie, internal systems of
mobile payment companies created by the same vendor) in
which the buyer and seller create an account with a third party
or with a MPSP (Mobile Payment Service Provider). [17]
The proximity mobile payments, PMP (Proximity Mobile
Payment) instead involve the entire infrastructure of the
payment industry. A mobile phone equipped with NFC uses
for the payment process a specific app provided by the
financial institution of the buyer, which can exploit or not the
operator's data connection. Apps and related account
information necessary for the payment are encrypted and
loaded inside a secure area of the phone. The phone uses the
NFC technology which is fitted to communicate with the POS
(Point Of Sale) of the seller. The process of payment and the
balance paid by the buyer are the same as those of a payment
made through a traditional credit card or debit card.
Amount of transaction
Mobile Payment Systems can also be classified according to
the amount of the transaction. In fact, depending on the
amount of the sum exchanged electronically between customer
and merchant, we can identify pico payments, micro payments
and finally macro payments, as summarized in Table 1. [18]
Transaction amount [€]
Payment type
From To
Pico payments Few cents 1 ensured;
Micro payments 1 30
Macro payments 30 Thousand
Fig. 3: classification of payments by transaction amount
Credit management via SW/HD
Payment systems in mobility via software (software-based)
require the use of tools generated digitally (such as bitcoin),
while those in hardware (hardware-based), also commonly
called card-based systems, are based on 'use of credit
preloaded on plastic card with a magnetic strip, both debit and
credit.
2. Mobile Payment Systems
2.1 Terminal architecture
The general architecture of an m-payment system is composed
of four modules, as shown in Fig. 2 (a): a data transfer
module, one Security Element (SE), HW/SW components,
and, finally, the payment circuit SW module. The data transfer
module is in charge of managing connections among terminal
devices in order to enable transactions. It can provide
proximity or on-line connections, using different technologies.
The Secure Element (Fig. 2 (b)) is a platform in which to
store, customize and manage customer’s confidential data.
(a) (b)
Fig. 2: (a) Modules of a Mobile Payment system; (b) Alternative
implementations of the Secure Element.
Therefore, the SE is a crucial system component due to the
extreme importance of information stored inside it, such as,
e.g., the login credentials, credit card numbers, the
transactions identification number. The SE is tamper-resistant
and is composed of sub-modules: Integrated Circuit on UICC
(Universal Integrated Circuit Card), Operating System (OS)
and application to store and manage user data, transactions,
and operations.
Additional HW components useful to manage payments are
vocal synthesizer and recognizer, biometric devices and
sensors, while other SW components are built in dedicated
applications and widgets. The payment circuit module is in
charge of connecting with financial institutes to accomplish
bank transfers, and transactions with credit/debit cards.
2.2 Main characteristics
A mobile payment system must fulfill important requirements,
such as:
• simplicity and usability: effectiveness, efficiency and user
satisfaction in the execution of the transaction must be
• universality: any type of transactions must be allowed
between users, such as Consumer-to-Consumer, Business-
to-Consumer, and Business-to-Business, and they must
apply on all micro-payments and macro-payments;
• interoperability: system components must be based on
open standards and technologies, to allow transparent
interaction between multiple different systems;
• security, privacy and trust: the Mobile Payment provider
must ensure high levels of data protection;
• cost: the benefit/cost ratio for the use of the mobile
payment system must be higher than, or at least equal to,
traditional payment systems;
• speed: the operations necessary for carrying on one
mobile payment do not require time perceptibly higher
than that needed for traditional payment systems.
Main benefits allowed by the adoption of a mobile payment
system should be:
• reduction of frauds: Mobile Payment systems (especially
those based on a microchip module) can bring benefits in
terms of security through the use of encryption carried on
at several levels, such as the combination of double
password. By doing so, control of user credentials can be
combined with other control information provided by the
Mobile Network Operator (MNO);
• reduction of costs: although the transition to the new
Mobile Payment context generally involves start-up costs,
over time it may reduce recurring costs, such as those
related to the physical realization of the payment cards, as
well as service management and maintenance (think also
of the reduction of costs related to frauds);
• flexibility of access to data: adoption of security
techniques, combined with the processing capabilities of
devices and networks, allows users to enable or disable
certain services in real-time; therefore, data protection can
be ensured allowing access only to authorized entities and
only for the time necessary to perform a certain service;
• speed and efficiency: m-payment systems allow a greater
ease of use, in addition to shortening the purchase time.
2.3 Classification
Two main criteria adopted to classify Mobile Payment
systems are based on: a) offline or online payments; b) remote
or proximity payments.
a) Offline or online payments
In off-line payments the transaction between buyer and seller
is direct, so data exchange exclusively takes place between
their respective devices. Thus it is unnecessary to involve
third-party entities, and management of security and
encryption procedures are local and simple. However, this
method requires that the buyer’s device contain an electronic
wallet which needs to be charged in advance before executing
any transaction. A proper protocol for off-line transactions
involves the use of “digital vouchers” and strong
cryptographic methods. It establishes the rules for the secure
exchange of information between the pair of devices involved
in the payment.
On-line payments need the involvement of third-party entities,
such as MNO and companies that first authorize the money
transaction and then check the status of the whole payment
procedure. In contrast to off-line payments, in an on-line
payment the user does not need a pre-charged credit stored
into the phone, since she can directly access her bank account
via web and can functionally use the phone as a credit card.
b) Remote or proximity mobile payments
Remote Mobile Payments (RMPs) include those made via one
mobile device when the distance between seller and buyer
devices is immaterial for the transaction. As a consequence,
for such payments the MNO provides a data connection via
web browser or SMS. RMPs can be implemented using an
existing infrastructure for payments or using a closed-loop
payment system (i.e. an internal mobile payment system
created ad hoc by the same vendor) in which buyer and seller
create an account with a trusted third-party or with a Mobile
Payment Service Provider (MPSP).
Proximity Mobile Payments (PMPs) include payments that
need buyer and seller located physically close. Proximity
connections are based on protocols, such as RFID, NFC or
high-frequency sound waves.
One NFC-embedded smartphone uses a dedicated software
(generally an app) provided by the user’s financial institution
to complete the payment process. Depending on the
implementation, the application can or cannot require one data
connection.
The application and the account information needed to set-up
and complete the payment process are encrypted and stored in
a safe area of the phone. Thus mobile phones use the NFC-
embedded technology to communicate with the Point Of Sale
(POS). The whole payment process and the costs incurred by
the buyer are equivalent to those underlying a traditional credit
card or debit card transaction.
3. Mobile Payment Procedure
In general terms, an m-payment transaction operates according
to the following generic procedure (see Fig. 3):
0) contractual agreement between the consumer and the
payment service provider;
1) at the time of purchase, consumer’s request to the
merchant to pay with one mobile device (proximity mode
or remote mode);
2) transit of the request from merchant to service provider;
3) authorization request of the service provider by a third-
party trustee;
4) communication to the merchant of the consent received
(the m-payment transaction is now activated);
5) service provision or goods supply – the subject of the
transaction – is effected from merchant to consumer;
6) communication to the consumer from the relevant third-
party of transaction ready to be completed on the account;
7) consumer’s authorization to the third party (e.g., insertion
of confirmation with PIN);
8) remuneration fees for the service received from the
payment service provider, shared between the service
provider, third-party involved and merchant (if any).
Fig.3: Mobile Payment system workflow.
A payment service provider is the subject involved in
processing the fee. This can be done by a bank institution, an
institute of payment, or an electronic money institution. Both
the institute of payment and the electronic money institution
may be hybrid subjects and not necessarily a bank, provided
that their business activities are not in conflict of interest with
the emitter of electronic money.
4. Enabled business models
At present, the rate of increase of m-payment seems to slow
down. This is due to several reasons [1], [2]. For a long time
the different players involved in the new system (MNOs,
banks, credit card institutions, HW and SW manufacturers,...)
defended different and not convergent positions. This had
impacts both on choice of technical solutions and on
promotion of business models.
From a technical point of view, the location of the SE
identifies the economic player that owns the control of the
system. MNOs and mobile terminal vendors took some time to
agree on how to implement the SE into the mobile terminal.
The agreed solution was inserting the SE inside the phone’s
SIM card (more precisely, the UICC). One more reason for
slow-down is the selection of the NFC as the preferred MNOs
technology. In fact, on customer’s side, use of NFC requires
acquisition of more expensive mobile terminals, and, on
merchant’s side, adoption of a special POS infrastructure [3].
Among the reasons for slowdown some are related to business
models uncertainty. This is mainly related to the definition of
a sustainable economic model, agreed among different players
who should manage transactions and distribute property rights
among several different business partners.
There are three main models: a) MNO-based model; b) Bank-
based model; c) Trusted Third Party (TTP)-based model.
a) Mobile Network Operator – based model
In the MNO-based model the MNO provides the technology,
manages the operations and rewards all involved players, as
shown in Fig. 4. In this case, the potential for development,
however, depends on the importance of the initial costs of
setting up the infrastructure. Some examples are: (i) Isis
Wallet, a joint venture between Verizon and AT&T, which
allows to make financial transactions through the operator’s
SIM connected to a traditional circuit of payment (bank or
credit card); (ii) M-Pesa, a Safaricom (Vodafone subsidiary)
project in Kenya, replicated in some other African and Asian
countries, enabling citizens to perform payments via their
mobile phone, to transfer money between two users using
encrypted SMS, and to recharge their SIM card with cash.
Fig. 4: M-payment interactions in an MNO-based model.
b) Bank–based model
Bank-based model can be considered an evolution of the credit
card model (Fig. 5). Users are associated with their bank that
provides them with the payment method via mobile terminal.
Fig. 5: M-payment interactions in a bank-based model.
Users who receive the payments, often commercial
intermediaries, are not generally customers of the same
debtor’s bank. So, it is necessary to establish a compensation
system among banks. The partner banks of this compensation
system must also match the payments to one or more MNOs
associated with the transaction. The solutions adopted by
several banks, including e.g. Poste Italiane, the Post Office in
Italy, belong to this model.
c) Trusted Third Party – based model
In this model (Fig. 6) a third party is involved, with role
different from financial agents or MNO companies. In fact,
this new player is an intermediary among banks, operators,
retailers and customers. It takes on itself all the organization
and operational functions. In this model, neither the banks nor
the MNOs are in charge to manage the SE, but the TTP
operates as an independent intermediary between them.
(a)
(b)
Fig. 6: M-payment interactions in a TTP-based model: (a) OTT as
TTP; (b) Merchant as TTP.
The independent TTP manages the payment service, as well as
the sharing and distribution of property rights with all parties
involved. Internet over-the-top companies are ideal candidates
to act as a TTP, due to their solid experience with the
organization of e-commerce production chains and, in
particular, with money transfer. In addition to OTTs, this
model is suitable to be used also by large retail distribution
chains (merchants), directly acting as trusted parties.
This model has been already adopted in several initiatives
related both to OTTs (Fig.6(a)) and merchants (Fig.6(b)).
Different OTT companies have already implemented payment
systems, based on m-commerce solutions, both with Mobile
Web and with Mob Apps. Google and PayPal are among the
Internet players to which this model is most frequently
associated. Google Wallet is one example.
Some merchants also took initiatives directly addressing their
customer base. Similar to the OTT-TTP model, therefore, can
be one variant in which the merchant itself, when it holds a
large chain of points of sale (e.g. Starbucks/Target, having
overall more than ten thousand shops in the U.S.) provides the
customers with m-payment systems, generally associated to
fidelity programs. Starbucks allows the user to pay via an
appropriate card charged using cash or traditional payment
circuits. Data transfers are performed both in remote and in
proximity connection (via NFC or barcode labels).
5. Market trends
5.1 Mobile payment drivers
Among several reasons that will presumably promote
m-payment we can mention the following ones.
a) Smartphone penetration
Smartphone owners in the U.S. are already today more than
60% over all mobile terminals, while penetration is 75%
among 18-to-24 years old people (source: Nielsen, 2013). In
Europe, smartphone penetration forecasts in 2017 are 80.9 %
in UK, 80 % in Germany, 77.5 % in France, 73.1 % in Spain,
and 68 % in Italy. In China penetration in the same year will
reach 49 % (Source: eMarketer, 2013). These figures represent
a solid basis for estimating significant progress over the next
five years for m-payment technologies and services.
b) Machine-to-machine communications
Progress in M2M technologies and application to many varied
fields will continue steadily. Usage of wireless technologies in
many daily operations will bring with it in several cases the
need to complete micropayments in a fast and simple way.
c) Innovations in vending machines
Vending machines are more and more becoming complex
network interfaces able to gather and store vast amounts of
data in the cloud. They will be able to profile customers, to
extract out of the cloud data on past purchases and
preferences. They will be enabled to identity the voice, face,
or gestures of the customer, who will be able, once
recognized, to avoid to take the smartphone out of the pocket
to make the payment. [4]
d) Increased use of virtual currencies
Several forms of virtual or digital money (e.g. Bitcoin or,
more generally, freecoin) will proliferate inside the Internet,
generally in use within a specific community. They can be
convertible or not convertible with real economy money. In all
cases these currencies will bring along the convenience to
fully carry on every aspects of a transaction digitally. [5]
View publication stats
e) Governmental policies against use of paper money
In several countries, in order to reduce room for tax evasion,
usage of electronic payment means are being incentivized by
the law, so that transparency of transactions can be more
easily ensured.
5.2 Last trends: technical approach vs business approach
In the last period of the m-payment market has been
increasingly characterized by fragmentation of the
technological solutions adopted and applied by the various
players involved. [5] In fact, if it is true that the traditional
classification is based on a technological approach
characterized by functional mode (remote or proximity), last
approaches are focused on business. So four different business
models (MNO-based, Bank-based OTT-based and Merchant-
based) are defined, each of which is strictly related to involved
technologies and related security levels [7]. Figure 6 shows
the mapping of both approaches.
Technological
Business approach
approach
Technology Business Model
Proximity Mobile
MNO- Bank- Merchant-
Payment (NFC, -
based based based
RFID, Bluetooth)
Remote Mobile Bank- OTT- Merchant-
-
Payment based based based
Fig. 6: Technical approach and business approach
6. Conclusions
This paper presented different characteristics and
implementation criteria of Mobile Payment systems. This kind
of payment is not yet very diffuse due to fragmented technical
approaches and business models, in addition to lack of
sufficient awareness by end-users, especially in terms of
transaction security and fraud prevention. The relationship
between a technological and business approach is very strong.
Only taking in account right end users, right payment circuit,
technology factors and business models can produce a
successful m-payment solution. The cooperation of other
players is very crucial and it needs to be managed through
right compensations fees.
References
[1] Gartner group, “Forecast: Mobile Payment, Worldwide,
2013 Update”, May 2013.
[2] L. Chaix, D Torre, “Which economic model for mobile
payments?”, 23rd Europ. Regional Conf. of the Int.
Telecommunic. Society, Vienna, Austria, 1-4 July 2012.
[3] V. Coskun, K. Ok, B. Ozdenizci, Near Field Communi-
cation (NFC): from Theory to Practice, Wiley, 2012.
[4] J. Lumetta, “Vending Machines Undergo a Complete
Overhaul”, Design News, 3/2013.
[5] ECB, “Virtual currency schemes”, Oct. 2012.
[6] L. Abedi, M. Nematbakhsh , A. Abdolmaleki “A Model
for Context Aware Mobile Payment”, J. of Th. and Appl.
Electronic Commerce Res., Dec. 2012, pp. 1-10.
[7] A. Vizzarri, M. Vari, F. Vatalaro, “Security in Mobile
Payments”, AEIT Congress 2013