The crucial challenge for businesses wanting a piece of the action
in m-commerce is to avoid the security traps that plague the
Internet. Nick Huber reports
Vodafone is the first of an expected stream of companies to offer
micro-payments - the £5 (or less) spending bracket not served by
credit or debit cards. The fact that Vodafone is processing
payments for the service itself is significant.
While telecoms companies have extensive networks and experience in
customer billing some analysts predicted that they would work with
banks to provide payment services. From the banks' point of view
this would certainly make sense, giving them a slice of a
potentially lucrative market.
Vodafone's move into the micro-payment market has been widely
predicted. From April a draft European Commission directive will
allow almost any organisation to provide electronic payment
services. The Financial Services Authority has just finished a
consultation on the e-money directive and will draw up regulations
for the new payment market.
Jim Wadsworth, head of m-commerce at Vodafone, said experience in
billing and payment systems made it logical to offer micro-payment
services.
He also argued that there was a gap in the financial services
market for small-value payment services. "For the higher end
£5-plus [payment services] the financial services infrastructure
works well. But for micro-payments, such as for digital services,
[users] are not well served by the existing infrastructure," he
said.
Vodafone shows no signs of wanting to move into handling larger
value payments. If telecoms companies offered full-blown payment
services instead of the current subscriber-based merchant system
they would become subject to a host of banking regulations.
Industry experts believe this red tape will deter telecoms
companies from taking on the banks.
Wadsworth refused to reveal how long it took to integrate the iPin
payment system into Vodafone's existing systems, beyond admitting
that the project took "months".
The main technical challenge was integrating the new platform with
Vodafone's existing billing and pre-payment systems.
The 50 or so content providers signed up to the service had to
create a Java-based application program interface (API) to the
payment platform. This typically took a couple of days, Wadsworth
said.
But Vodafone faces a more pressing issue than the mechanics of
payment processing - security. To purchase goods on their mobile
phones using wireless application protocol customers give a Pin
number for authentication. For Internet purchases a user name and
password need to be given.
Security for the service will need to cover two main areas: first,
ensuring that the right customers are billed and for the right
amounts; and second protecting the central database of customer
accounts.
Time will tell whether the measures they have developed are
sufficient. They will have to cope with the kind of unpredictable
security headaches that have plagued the fixed-line Internet for
the past few years.
Analysts warn that mobile phones and handheld combination devices
handling payments are likely to become more vulnerable to hacking.
As they become more sophisticated they will be able to
automatically download more software. This push technology allows
users to download anything from e-mail applications to a company's
directory.
Hackers could create software viruses and use their PCs to randomly
dial thousands of mobile phone numbers, some of which may download
the rogue software, perhaps in the form of a Trojan - a program
that appears legitimate, but performs some illicit activity when it
is run. This could be used to identify password information or make
the system more vulnerable to future entry, or simply destroy
stored programs or data.
Graham Titterington, senior consultant at analyst firm Ovum, said
that this kind of threat could become a problem for micro-payment
services when the next generation (3G) phone services hit the
market. "The more functionality you have the more vigilant you have
to become," he warned.
Much will also depend on how users configure their preferences for
their mobile phones, including security.
More sophisticated security measures that could be available for
future micro-payment services include biometrics - either through
fingerprint or voice recognition technology.
Vodafone regularly reviews its security measures and will update
them to deal with new threats when necessary, said Wadsworth.
"If you have infinite security you will have no transactions. We
monitor the situation," he said.