2. Introduction 2
1.0 Executive Summary
Contactless payments are a collective term
used to describe payments which can be
made from a card or mobile phone without
the need to make physical contact with a
point of sale device. Recent statistics show
that there has been an evolution in
consumer payment behaviours in the UK
with low value more frequent payments
becoming the most popular type of
payment in the UK. This pattern of
spending behaviour is well matched to
the ‘tap and go’ mentality of contactless
payments, and bodes well for future
adoption of such technologies on both
cards and mobile phones.
The much-celebrated trial of Oyster, the Transport for London’s paperless ticket scheme,
has been a highly successful ‘test case’ for contactless cards in the UK. Oyster’s success
has meant a wider UK rollout of contactless cards is now anticipated within the next
few years.
As such, issuance of contactless cards looks set to increase and we would expect to see
contactless cards becoming an increasingly prominent feature of the UK payment
architecture in the very near future.
Extending this further, continued development of mobile payment software platforms, and
mobile phone hardware also bodes well for future adoption of contactless payments via
the mobile phone. Providing that software and hardware providers can broaden the range
of mobile handsets they can support, the prospect of the consumer managing payment,
loyalty and travel cards using their mobile phone could soon become a reality.
Contactless and Mobile Payments March 2011
3. 3
In addition to this, increasing smartphone adoption, driven by handset manufacturer
competition, network operator strategy and the ‘social dimension’ will fundamentally
change the way consumers see and use their mobile phone. Rather than being simply a
tool for communication, consumers will see their mobile phone as the ‘central hub’ for
co-ordinating and managing their lifestyle, keeping in touch with their friends and family
and completing their day-to-day financial affairs.
Despite the interest and debate about contactless payments and the benefits they can
offer, there has been little discussion within the industry about how to comprehensively
Increasing tackle the issues presented by loss or theft. This is surprising, as past concerns about the
security of contactless payment technologies have been a key factor in restricting
smartphone consumer uptake. Recent moves by government and leading industry players in the UK
have sought to allay such fears, although we still believe that fraud will be a decisive issue
adoption, will which could present a major challenge to the adoption of contactless cards and mobile
payments in the UK, and which we feel the industry is yet to adequately address.
fundementally CPP has identified three scenarios in which the use of contactless payments either via a
change card or mobile phone could represent a risk to the security of consumer payment data,
potentially putting consumers at risk of card fraud or identity theft. These include;
the way - The loss or theft of contactless cards
consumers see - The loss or theft of the mobile handset
- Data security – involving an attack on the mobile payment ‘ecosystem’
their mobile from malware, trojans and viruses
phone As contactless payments grow in prominence, providers will need to consider how to best
protect their customers from these growing threats to their financial, personal and mobile
security. The combined competence of CPP and our heritage with Card Protection, Identity
Protection and Mobile Phone Insurance products makes us ideally placed to deliver new
innovative services and fully maximise the sales potential of this rapidly developing market.
Contactless and Mobile Payments March 2011
4. 4
2.0 What are contactless payments?
Contactless payments are a collective term used to describe payments which can be made
from a card or mobile phone without the need to make physical contact with a point of
sale device.
Contactless payments on plastic cards use a form of technology known as Radio
Frequency Identification (RFID). This short range wireless connectivity standard facilitates
data communication between two separate devices. Although RFID technology can, in
theory, be integrated into a variety of differant mediums in the UK, it is most common to
find it integrated into the design of pre-paid, debit and credit cards.
Oyster, the card used on the London Transport network is a good example of a payment
card with contactless functionality, and more recently MasterCard and VISA both have
introduced contactless functionality on a variety of their payment cards, dubbing this
functionality Pay Pass (MasterCard) and Pay Wave (VISA).
Contactless payments in mobile phone handsets use a similar form of wireless
connectivity to RFID, called Near Field Communication (NFC). NFC devices are able to
send and receive data when they are brought within four centimetres of one another.
Financial information is stored on a secure element within the mobile handset, on the SIM
card or on a peripheral device such as a memory card or adhesive sticker, whilst software
installed on the mobile phone provides the interface for consumer interaction.
Contactless payments remove the need for consumers to verify every transaction made
using their card or mobile phone, and a number of transactions can take place before
consumers are asked to verify their identity using their PIN number or security code.
Contactless payments therefore offer considerable speed and convenience in comparison
to other existing payment methods available in the market.
The latest data from Barclays and Barclaycard, in November 2010, showed that the total
number of contactless transactions reached over one million and is predicted to reach over
twelve million by the end of 20101, showing that contactless payments are set to increase
even further in the not too distant future.
1 Barclays Media Centre, November 2010
Contactless and Mobile Payments March 2011
5. 5
3.0 Overview of key market developments
Statistics published by the UK Payments Council in April 2010 showed that debit cards
have now become the preferred method of payment over cheques, credit cards, and cash
transactions in the UK. The statistics showed that although average spend per purchase
on debit cards has only risen 50 per cent over the last ten years to £45, debit cards are
being used for more frequently low value payments. Whilst the proportion of payments
Issuance made by cash and cheque are predicted to decline further over the next eight years,
spending volumes on debit cards are set to increase with the UK Payments Council
of contactless expecting debit cards to account for 46 per cent of card transaction volumes by 20182.
This pattern of spending behaviour is well matched to the ‘tap and go’ mentality of
cards looks set contactless payments, and bodes well for future adoption of such technologies on both
cards and mobile phones.
to increase and Oyster has been a highly successful ‘test case’ for contactless cards in the
we expect to see UK, so much so that we anticipate a wider UK rollout of contactless cards
within the next few years.
contactless cards The earliest example of contactless payment technology being used on a large scale
becoming an in the UK, was the rollout of the Oyster Card Scheme on the central London travel
network. Oyster offered consumers quicker journey times and a more convenient way to
increasingly pay for their travel services, but the scheme also played an important factor in driving
down the cost of operating transport services and reducing the level of fraud at
prominent underground tube stations. Between 2003 and 2009 the number of tickets sold on the
London Underground per day dropped from 1.8m to 600,000, resulting in a considerable
feature of the cost saving for transport operators – an estimated £40m per year!3.
UK payment On the back of the success of Oyster, the government recently announced it will bring
forward its plans to implement a ‘smart and integrated’ ticketing system across the UK
architecture within the next few years. This will see the roll out of contactless technology installed
in nine regional areas outside of London and should allow consumers to use a single
contactless payment card to pay for their journey, across multiple transport networks
and providers.
What is not clear yet is whether it will be left to established card issuers or transport
operators to take control of card issuance, administration, activation (to ensure the card
has reached the customer safely) or payment processing. At this moment in time, debit
or credit cards carrying contactless technology may well present the strongest case for the
rollout of contactless technologies on a national scale. Card issuers have the necessary
expertise to provide card issuance and payment processing already provides nationwide
merchant acceptance through the MasterCard or VISA network.
Barclays has been supportive in adopting contactless cards when in 2007 it launched its
One Pulse credit card, which combines the functionality of Transport for London’s Oyster
card with a Visa contactless enabled credit card.
2 ‘The Way We Pay 2010’, UK Payments Council, April 2010
3 ‘Smart and Integrated Ticketing Strategy’, Department for Transport, December 2009.
Contactless and Mobile Payments March 2011
6. 6
It is reported that by February 2010, Barclays and Barclaycard had issued over 6 million
contactless cards4 with business customers’ new or re-issued cards now having
contactless technology included as standard. First Direct is also making headway in the
mobile payments market, launching its ‘app on the go’ in January 2011, allowing
customers to view their balances and last 20 transactions as well as making payments to
an existing person or organisation5.
Transport for London has already announced that starting in 2012 it will be upgrading the
Transport Network in London to accept contactless debit and credit cards, and these forms
of payment are expected to eventually replace the Oyster card system as the modus
apprendi for payments made on the London travel network.
Certainly the London 2012 Olympics will also prove a great opportunity to showcase
contactless payment solutions, with the expectation that a number of banks, mobile
operators and retailers using the event to accelerate the card and mobile products. VISA is
likely to take the lead with the likely installation of point-of-sale acceptance devices at
competition and non-competition venues, all of which are likely to support VISA PayWave,
as was the case for the Vancouver Winter Olympics in 2010.
These developments clearly show that over the next few years issuance of contactless
cards looks set to increase and we would expect to see contactless cards becoming an
increasingly prominent feature of the UK payment architecture in the very near future.
NFC Continued development of mobile payment software platforms, and mobile
technology phone hardware bodes well for future adoption of contactless payments
via the mobile phone
may soon Nokia announced in June 2010 that all new smartphones shipped by the company from
become 2011 will come with NFC functionality. There have also been rumours that appointment of
Benjamin Vigier by Apple in August 2010 will see the next iPhone model include NFC
built into functionality. Vigier previously worked at NFC specialists, Mobile Wallet and mFoundry,
as well as working within the NFC function at Sandisk.
smartphones Google recently announced the next version of the Android operating system will include
NFC functionality called ‘Gingerbread’. Google Android’s operating system is now pushing
as standard ahead of Apple’s operating system and Blackberry’s RIM (Research in Motion) and only
behind Nokia’s Symbien system. 25% of smart phones now adopt this system, up from
3.5% in quarter three 20106. This begs the question whether this is the final big push NFC
needs to go mass market.
Looking at existing mobile phone handsets there are a number of relatively inexpensive
hardware upgrades available which can equip the mobile phone with the ability to send
and receive contactless payments. Smartphones with an external memory card slot can
take advantage of a programme similar to that currently being developed by VISA and
Device Fidelity. This solution marries an NFC chip with a standard MicroSD memory card
and provides an almost instant upgrade for any phone supporting MicroSD card
functionality. For mobile phones without a memory card slot an alternative upgrade comes
in the form of a SIM card integrated with an NFC chip which replaces the existing SIM
card in the phone, another low cost upgrade comes in the form of a sticker containing an
NFC chip. This can be attached to the interior or exterior of mobile phone casing.
4 ‘Barclaycard’, NFC Times, April 2010 http://www.nfctimes.com/company/barclaycard
5 First Direct newsroom, 13 January 2011, http://www.newsroom.firstdirect.com/press/release/first_direct_launches_iphone_a
6 Gartner research, November 2010 ‘Worldwide Market Share of Market System’.
Contactless and Mobile Payments March 2011
7. 7
NFC-based payment applications on SIM cards or other secure chips are linked to
payment applications running on the mobile phones. These software applications provide
the user interface which enables consumers to initiate and complete purchases, check
transaction records and collect or redeem related loyalty points. Monitise, Nokia,
MasterCard and VISA already have software platforms which provide mobile banking
services and which support NFC payments on a limited range of handsets, whilst other
providers such as PayPal and NatWest have focused on developing applications
specifically for high end smartphones. Moving forwards software providers will need
to ensure that software support is extended to a wider range of handsets and NFC
hardware configurations to in order to drive consumer uptake.
Providing that software and hardware providers can broaden the range of mobile handsets
that can support the prospect of the consumer managing payment, loyalty and travel cards
using their mobile phone could quickly become a very real possibility.
Increasing smartphone adoption, driven by handset manufacturer
competition, network operator strategy and the ‘social dimension’
will fundamentally change the way consumers see their mobile phone
Recent data from Ofcom in June 2010 showed that nearly three-quarters (73.5 per cent)
of handsets sold with post-pay mobile contracts were smartphones, giving smartphones
an overall penetration level of 26.6 per cent in the UK mobile phone market (equivalent to
12.8 million subscriptions). Increasing penetration of smartphones has been driven by the
arrival of handsets based on Google’s Android platform which has served to extend choice
within the market. In addition relatively new providers such as ZTE, Acer and Huawei, are
now offering low-cost smartphones, with some models priced at under £100. Established
smartphone manufacturers have responded by enhancing their smartphone offerings,
hence launch by Apple of the iPhone 3GS in June 2009 and iPhone 4 in June 2010 and the
increased focus on the consumer segment of the market from Research in Motion owner
of Blackberry smartphone brand.
Continued growth in smartphone adoption will also be bolstered by network operator
strategy as smartphones represent a way for network operators to develop lucrative
revenue streams outside the voice and text arena. Rapid innovation in handset design
will also be a key driver for smartphone adoption as network operators will increasingly
look to provide differentiation between ‘old’ and ‘new’ handsets. This will be driven by the
ever increasing usability of the smartphone, and the clear added value smartphones can
offer over standard mobile devices - such as the ability to download applications and
access additional 3G and 4G services.
The ‘social’ aspect of mobile phones is fast becoming the backbone that mobile services
are built from. Facebook accounted for almost half (45 per cent) of total time spent online
on mobiles in December 20097, demonstrating that consumers do not just want to collect
content, they want to create, share and comment on it. Combined with the recent
developments in contactless payment technologies this means that the level of sensitive
data sent through, stored on or accessed by the mobile phone is likely to increase in the
foreseeable future. Rather than being simply a tool for communication consumers are
starting to use their mobile phone’s as the ‘central hub’ for co-ordinating and managing
their lifestyle, keeping in touch with their friends and family and managing their day-to-day
financial affairs.
7 The Communications Market, Ofcom, August 2010
Contactless and Mobile Payments March 2011
8. 8
4.0 Contactless Payments and the issue of fraud
Despite the benefits offered by contactless
payments, consumers still have
reservations about security of such
technologies
Despite the anticipation about contactless payments and the benefits they offer, there has
been little discussion within the industry about how to comprehensively tackle issues
presented by loss or theft. This is surprising, as in the past, concerns about the security of
contactless payment technologies have been a key factor in restricting consumer uptake.
In a US survey conducted by the Smart Card Alliance in November 2006, a total of 51 per
cent of both current users and potential adopters rated security as their main concern with
Fraud will be a using contactless payments whilst a further 61 per cent indicated that they were unwilling
to adopt contactless payment because of security issues8. Four years on it still remains to
decisive issue be seen as to whether industry players have decisively resolved these concerns.
A recent survey in April 2010 by Forrester Research demonstrated that one fifth of
which could consumers surveyed did not believe mobile banking was safe9.
Recent moves by government and leading industry players in the UK have sought to allay
present a such fears. In an effort to increase confidence in contactless card payments card issuers
such as Barclays have guaranteed that customers will receive the same level of fraud
major protection on a contactless card as they do on Chip and PIN cards. Furthermore in August
2009 the UK government, working in partnership with the mobile and banking industries,
challenge to released a series of measures designed to prevent criminals targeting contactless card
the adoption of and mobile payments technology. These guidelines included, suggesting a single point
of contact to report lost or stolen mobile phones (with or without contactless functionality
contactless and encouraged registration of mobile phones on the National Mobile Phone Register
to ensure that any lost or stolen devices could be easily disabled along with the SIM card
payments and any financial service applications installed on the phone) In the case of contactless
cards the guidelines aimed to ensure that user liability would be limited in line with
a relevant code of practice (such as the Banking Code), as well as recommending a
process designed to block the contactless payment functionality of the card in the event
of loss or theft.
Although CPP welcomes these developments, we still believe that fraud will be a decisive
issue which could present a major challenge to the adoption of contactless payments in
UK, and which we feel the industry is yet to adequately address. CPP has identified three
scenarios in which the use of contactless payments either via a card or mobile phone
could represent a risk to the security of consumer payment data, potentially putting
consumers at risk of card fraud or identity theft.
8 ‘Contactless Payments: Consumer Attitudes and Acceptance in the United States’, Smart Card Alliance, November 2006
9 ‘Smart phones to drive European m-banking take-up’, Forrester Research, April 2010 http://www.finextra.com/news/fullstory.
aspx?newsitemid=21333 NB: Based on a survey of 14000 people in France, Germany, Italy, the Netherlands, Spain, Sweden and the UK
Contactless and Mobile Payments March 2011
9. 9
The loss or theft of contactless cards
Growth in contactless card issuance will mean that the consumer will be carrying a variety
of cards including debit and credit cards, pre-paid transit cards and loyalty cards
potentially all from separate issuing institutions, some of which they will carry in their
wallet or purse, and some of which will be ‘virtually’ stored in their mobile phone. In the
event of loss or theft of their wallet or mobile phone there will be a need for a service
intervention to quickly cancel and subsequently reorder lost or stolen cards. The ability to
cover multiple types of card, to be able to differentiate between this ‘virtual’ set of cards
stored on the mobile, and the ‘physical’ set of cards in the consumer’s wallet, and cancel
only the compromised cards will be an important factor in limiting the impact of card loss
or theft for the consumer.
In the case of low value payments (typically those of £15 or under) contactless payment
technologies will also remove the need for the consumers to authenticate every payment
using their PIN number supplied with their card. Consumers will be able to make a number
of low value payments until a ‘ceiling’ limit is reached – prompting the consumer to enter
their PIN number to confirm their identity before further transactions can be made. This
could potentially leave the consumer at risk of fraudulent transactions if their card is lost or
stolen. We believe there will be a continuing need for consumers to protect their
contactless cards and mobile devices that incorporate NFC technology to ensure
fraudsters do not gain access to their bank accounts and spend fraudulently.
Data Security - An attack on the mobile payment ‘eco-system’ from
malware, trojans and viruses
As mobile phones become increasingly prominent as a payment tool, fraudsters will seek
to exploit weaknesses in the software and hardware of these handsets for commercial
gain. This has already been seen in the case of internet banking which has been the
repeated target of attacks by malware and trojan viruses designed to harvest consumer
login and payment data. Recent research from Ovum suggests that as mobile banking
grows in prominence it will start to attract similar kind of attention because of the potential
rich pickings which can be made by harvesting financial information stored on the mobile
phone. Ovum also believes that mobile phones will become increasingly vulnerable to
malware attacks due a greater range of software platforms and the vulnerabilities of these
platforms which hackers will seeking to exploit. Providers will need to consider how to
best protect their customers from these growing threats to mobile security.
Contactless and Mobile Payments March 2011
10. 10
The loss or theft of the mobile handset
In recent research conducted by CPP misuse of the mobile phone featured as the
second largest concern voiced by our customers following the loss or theft of their mobile
handset10. In addition to the risk posed by mobile security threats providers will need to
consider how best to protect customer information in the event of a loss or theft scenario.
As more and more sensitive information is sent through, accessed by and stored on the
mobile handset we believe that the ability to swiftly ‘lock down’ access to the handset to
secure sensitive data will be of paramount importance in limiting the extent of
compromised personal and financial data.
Our research has also shown that the desire to protect against loss, theft or damage
is a key factor in informing the decision to purchase mobile phone insurance11. With high
value mobile handsets such as ‘smartphones’ growing in popularity, we believe that
providers will also need to consider providing their customers with the option of protecting
their handset against lost, theft or damage along with additional options to protect against
the fraudulent use of voice calling and data plans.
10 Fonesafe Compliance Research Q3 2010, Conducted by Optimisa Research and CPP
11 Fonesafe Compliance Research Q3 2010, Conducted by Optimisa Research and CPP
Contactless and Mobile Payments March 2011
11. 11
5.0 Opportunities available with CPP
CPP’s portfolio of Life Assistance products may offer one way of adequately protecting
your customer’s interests, whilst at the same time generating incremental revenue streams
and strengthening customer loyalty with your organisation. CPP has particular specialisms
in the following areas:
Contactless and Mobile Payments
In line with the Home Office’s Directive and the Mobile Contactless Forum’s appetite for a
single point of contact for consumers in the event of a lost or stolen handset which may
hold potentially sensitive data, CPP is considering development of a mobile security
product which may address these areas of concern.
Card Protection
Card Protection provides a single point of contact should our customers need to cancel
their cards. We then re-order them on their behalf – taking the stress, worry and hassle out
of this unfortunate experience and if their bank holds them liable for fraud we also cover
this. Additional services such as lock and key replacement and emergency cash are
available, to ensure that customers can continue their life as normal until their new cards
arrive.
Identity Theft and Fraud
Customers who hold an Identity Protection policy with CPP gain access to a
comprehensive suite of preventive measures, including access to their Experian Credit
report and regular alerts to inform them of any significant changes to their credit status,
we can also actively monitor use of personal information online, and alert our customers
if we believe that their personal data has been compromised. Should the customer
become victim to identity theft CPP can not only address, but help to rectify any
outstanding issues. Should the customer need financial assistance we can also provide
£60,000 worth of cover for legal liabilities, lost wages or rejected credit application fees.
Contactless and Mobile Payments March 2011
12. 12
Mobile Phone Assistance and Protection
Should customers find that their mobile phone is lost, stolen or damaged one call to
CPP will ensure that the handset is reported as lost or stolen with the network provider.
Customers are fully protected for any unauthorised calls made from their handset during
this time, and should the handset need to be repaired or replaced, this can be easily
organised over the phone. For additional security all the mobile handsets which we
protect can be registered on the IMMOBILISE national property register.
Packaged Services
CPP’s packaged service solution connects the individual product elements together so the
customer has the choice to access the service elements in one place. This approach gives
the customer control, through choice, over the benefits they select and business partner’s
choice to manage the usage risk. Operating as the central hub, CPP can co-ordinate and
manage all the product activities, third party relationships and services involved in the
efficient and smooth delivery of the packaged service to the banking provider.
In summary, CPP can offer an end-to-end proposition design package and development,
as well as supplier sourcing, service and channel delivery.
Business Process Outsourcing
CPP offer a range of service to sales telemarketing services the key benefits of which
include driving out cost from your operating model, enabling greater pricing efficiency
through volume delivery of products and services,
and providing an enhanced customer experience by delivering high levels
of customer service.
The combined competence of CPP and our heritage with Card Protection, Identity
Protection and Mobile Phone Insurance products makes us ideally placed to deliver new
innovative services and fully maximise the sales potential of this rapidly developing market.
6.0 Further Information
Any further queries about the opportunities available with CPP should be directed to:
Jason Walsh – Divisional Director, Mobile Protection Division
CPP Group Plc,
Holgate Park,
York
YO26 4GA
Contactless and Mobile Payments March 2011
13. 13
CPP is an award-
winning organisation:
- Winner in the European
Contact Centre Awards,
Large Team of the Year
category, 2010
- Finalist in the European
Contact Centre Awards,
Best Centre for Customer
Service, Large Contact
Centre of the Year
categories, 2010
- Winner in the National
Sales Awards, Contact
Centre Sales Team of the
Year category, 2010
- Finalist in the National
Insurance Fraud Awards,
Counter Fraud Initiative
of the Year category,
7.0 About CPP
2009
The CPPGroup Plc (CPP) is an international marketing services business offering bespoke
- Finalist in the European customer management solutions to multi-sector business partners designed to enhance
Contact Centre Awards, their customer revenue, engagement and loyalty, whilst at the same time reducing cost
Large Team and Advisor to deliver improved profitability.
of the Year categories,
2009 This is underpinned by the delivery of a portfolio of complementary Life Assistance
- Named in the Sunday products, designed to help our mutual customers cope with the anxieties associated
Times 2008 with the challenges and opportunities of everyday life.
PricewaterhouseCoopers
Whether our customers have lost their wallets, been a victim of identity fraud or looking
Profit Track 100
for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to
- Finalists in the National enjoy life. Globally, our Life Assistance products and services are designed to simplify the
Business Awards, 3i complexities of everyday living whether these affect personal finances, home, travel,
Growth Strategy personal data or future plans. When it really matters, Life Assistance enables people to live
category, 2008
life and worry less.
- Finalist in the National
Business Awards, Established in 1980, CPP has 11 million customers and more than 200 business partners
Business of the Year across Europe, North America and Asia and employs 2,300 employees who handle
category, 2007, 2009 millions of sales and service conversations each year.
and Highly Commended
in 2008 In 2010, Group revenue was £325.8 million, an increase of more than 12 per cent over
the previous year.
- Named in the Sunday
Times 2006, 2007, 2008 In March 2010, CPP debuted on the London Stock Exchange (LSE).
and 2009 HSBC Top
Track 250 companies What We Do:
- Regional winner of the CPP provides a range of assistance products and services that allow our business partners
National Training to forge closer relationships with their customers.
Awards, 2007
We have a solution for many eventualities, including:
- Winner of the BITC
Health, Work and - Insuring our customers’ mobile phones against loss, theft and damage
Well-Being Award, 2007
- Providing assistance and protection if a customers’ cards and keys are lost or
- Highly Commended in stolen.
the UK National
Customer Service - Providing advice, assistance and insurance to protect customers against the
Awards, 2006 insidious crime of identity fraud
- Winner of the Tamworth - Assisting customers with their travel needs be it an emergency (for example
Community Involvement lost passport), or basic translation service
Award, 2006. Finalist in
2008 - Monitoring the credit status of our customers
- Highly Commended in - Provision of packaged services to business partners’ customers
The Press Best Link
Between Business and
Education, 2005 and
2006. Winner in 2007 For more information on CPP visit:
- Finalist in the National
Business Awards,
Innovation category,
www.cppgroupplc.com
2005
Contactless and Mobile Payments March 2011