Contactless mobile payments (finally) gain momentum

Executive summary

Deloitte expects that 2015 will be an inflection point for the usage of mobile phones for NFC-enabled in-store payment, as it will be the first year in which the multiple prerequisites for mainstream adoption – satisfying financial institutions, merchants, consumers, technology vendors and carriers – are sufficiently addressed.

We predict that by end-2015, five percent of the base of 600-650 million near-field communication (NFC) equipped phones will be used at least once a month to make contactless in-store payments at retail outlets. This compares with monthly usage by less than 0.5 percent of the 450-500 million NFC-phone owners as of mid-2014. Contactless mobile payment will not be mainstream by end-2015, but niche adoption will be a major progression from near nil in prior years.

The core advantage with any contactless smartphone transactions is the potential for greater security, when payments are made with phones featuring either built-in (via hardware or software) or SIM-based tokenization capability. When someone pays using an NFC-device, the tokenization facility creates a unique code (known as a token) which is sent from the device to the merchant’s NFC-enabled till. The credit card number is not transferred which means in the event of a breach, only card information used for traditional transactions would be exposed. The card information is either stored with the issuing networks (such as Visa or MasterCard), or is stored in the cloud (HCE), or in a secure element on the phone. The token is only good for a single transaction and unusable otherwise. A fraudster who intercepted the transaction would only get access to the single-use token but not the card details.

Using a fingerprint, an eye scan or a heart rate sensor as an additional form of authentication makes the payment more secure still. The combination of biometric authentication, an embedded secure element and tokenization may provide more robust security than card swipes or chip and PIN.

We expect the volume of NFC-smartphone transactions and the range of spend value to increase steadily over time as consumers become more familiar with the process, and more banks and merchants in more markets accept this form of transaction. However, contactless mobile payments will likely co-exist for some time with all other means of payment, from contactless credit cards to cash. It will be a long while before the majority of us can jettison our physical wallets.

Contactless mobile payments (finally) gain momentum 

Deloitte predicts that by end-2015, five percent of the base of 600-650 million near-field communication (NFC ) equipped phones will be used at least once a month to make contactless in-store payments at retail outlets. This compares with monthly usage by less than 0.5 percent of the 450-500 million NFC-phone owners as of mid-2014. Contactless mobile payment will not be mainstream by end-2015, but niche adoption will be a major progression from near nil in prior years.

Looking further ahead, Deloitte expects the number of NFC-enabled devices being used for making in-store payment should rise steadily over the medium term, as consumers become more familiar with the process, and more banks and merchants in more markets accept this form of transaction. We expect the volume of NFC-smartphone transactions and the range of spend value to increase steadily over time.

While usage of phones to make contactless payments is expected to increase over time, they are likely to co-exist for some time with all other means of payment, from contactless credit cards to cash. It will be a long while before the majority of us can jettison our physical wallets.

The logic of using mobile phones to make in-store payments has long been recognized, and as far back as the late 1990s prototypes of vending machines equipped to take payment via mobile phones and over cellular networks were being exhibited at trade shows. The benefit of using short-range wireless technologies over a distance of a few centimeters to transmit payment information has also long been understood. Speedpass, the first contactless payment device (a key fob for use in gas stations) was launched in 1997. In the same year, the Hong Kong metro system introduced a contactless pre-paid fare collection system .

Indeed, the combination of contactless payment and mobile phones has existed for over a decade. The first phones with any form of contactless technology were launched in 2004 and the first phone with NFC went on sale in 2006. For many years, smartphones have been used to effect financial operations, such as checking balances, transferring funds, and transacting online.

But prior to 2015 the use of phones to make in-store payments using any technology (such as QR codes, or other short-range wireless technologies) has been minimal, with only a small proportion (ten percent or lower) of the smartphone base claiming to have paid in-store via their phone at any time.

Deloitte expects that 2015 will be an inflection point for the usage of mobile phones for NFC-enabled in-store payment, as it will be the first year in which the multiple prerequisites for mainstream adoption – satisfying financial institutions, merchants, consumers, technology vendors and carriers – are sufficiently addressed.

We expect the largest card issuers in the majority of the largest developed countries to have activated NFC-smartphone payments by end-2015, although adoption patterns are likely to vary by region, due to differing economics and technical (e.g. payments processing) models.
For financial institutions (card issuers and banks), NFC in-store phone payments offer continuity and improvement to their business models. They levy a commission on the transaction value, which they may share with a handset vendor or other entity. They underwrite the risk on the payment. Account holders are subject, with one of approaches used, to the same transaction limits as with a physical card and the repayment terms for credit card holders are the same.

The core advantage with any contactless smartphone transactions is the potential for greater security, when payments are made with phones featuring either built-in (via hardware or software) or SIM-based tokenization capability. When someone pays using an NFC-device, the tokenization facility creates a unique code (known as a token) which is sent from the device to the merchant’s NFC-enabled till. The credit card number is not transferred which means in the event of a breach, only card information used in traditional transactions would be exposed.

The card information is either stored with the issuing networks (such as Visa or MasterCard), or is stored in the cloud (HCE), or in a secure element on the phone. The token is only good for a single transaction and unusable otherwise. A fraudster who intercepted the transaction would only get access to the single-use token but not the card details .

Using a fingerprint, an eye scan or a heart rate sensor as an additional form of authentication makes the payment more secure still. The combination of biometric authentication, an embedded secure element and tokenization may provide more robust security than card swipes or chip and PIN.

For merchants, NFC-equipped phones can enable fast and, with some systems, high-value transactions . All forms of payment have friction points: cash requires change and credit cards require PINs or signatures; but contactless payment requires only a card or device to be placed on a compatible reader. A fundamental benefit with some contactless smartphone payment systems is that the spending limit can be the same as the account holder’s credit or debit card limit. By comparison, contactless cards typically have a payment threshold (typically under US$50) and a transaction limit (the number of contactless payments made) before additional identification is required, so as to mitigate the impact of a stolen contactless card. As one example, the 23.8 million contactless card transactions in the UK in June 2014 had an average value of $11.03. This was about one seventh of the average transaction value of all credit and debit cards in the UK in the same month ($78.52).

Accepting NFC payment requires compatible point-of-sale (POS) terminals, and new POS terminals cost several hundred dollars. As of the start of 2015, there were already millions of NFC-ready payment terminals globally, out of the tens of millions of terminals in use around that world. Over the course of 2015 that base is likely to see a significant increase, particularly in the US where merchants are replacing their terminals to comply with the EMV mandate, these will most likely to be ones supporting NFC.

By end 2015, we expect a minority of merchants to be supporting contactless smartphone payments. These will often be retailers that have already made the investment in replacing POS systems, and will often be stores with a high volume of relatively low-value transactions, such as fast food outlets.

For most of the parties involved in the adoption of NFC mobile payments, the reason to adopt is financial. For consumers it is also behavioral. Using NFC-equipped smartphones to make payments will be adopted only if it can make the payment process simpler, sleeker or provide specific incentive in the form of digital coupons or discounts.

The multiple components that enable NFC-smartphone in-store payments have been falling into place over the last few years. Hundreds of millions of smartphone owners have already submitted their credit card data (one or multiple cards) to a range of vendors so as to be able purchase apps, or download songs, or purchase additional cloud-based storage. Tens of millions of consumers have become acclimatized – over the course of many years – to the idea of contactless payments using their credit and debit cards, and in some markets their contactless transport cards. For most people, using a fingerprint reader is a rare requirement, typically occurring only when passing through border control in some countries. But as of early 2015 it has become an everyday action for approaching 100 million individuals using phones equipped with a fingerprint reader.

So for smartphone users who already have credit card data linked to their phone, have made contactless payments and are accustomed to submitting a fingerprint to unlock their phone or authorize an app purchase, submitting a fingerprint reading to authorize a contactless payment should not feel unfamiliar.

The existence of hundreds of millions of contactless credit and debit cards should not constrain the usage of NFC-enabled smartphones as an additional means of payment. We would expect that when offered a choice, about 30 million individuals may opt to pay using their phone instead of a contactless card.

For some, this will be because they are more likely to be holding their phone than their wallet. A few may decide to pay by smartphone to signal their status as early adopters. With some approaches, a smartphone may offer a higher payment limit than a regular contactless card.

Some NFC-based smartphone payment systems require pre-payment. We would expect these systems to remain popular, and co-exist with approached linked to debit and credit cards. Pre-pay would prevail among the under-banked.  

Bottom line

Contactless payment, initially in single-vendor closed-loop systems, has already been available for decades, but it is only in recent years that contactless cards have started to enjoy a surge in adoption. 2015 should see strong growth in contactless mobile and card payments usage, but the rise will be from a small base to a slightly less small base. Customer education and marketing will be essential to increase awareness of the ability to pay using a phone .

While we expect significant growth in usage in 2015 relative to the prior base, there many challenges remain before smartphone contactless payments can become mainstream, even in developed countries.

For financial institutions, smartphone contactless payments offer an additional way to transact which also may help maintain the current ecosystem, albeit at a cost in terms of commissions.

Retailers should consider four main benefits: reducing the need to protect customer data, the higher speed of contactless transactions relative to other payment means, the ability to attract consumers with higher disposable incomes, and the opportunity to provide more personalized experiences, for example by integrating loyalty schemes .

Handset vendors can differentiate their devices through the inclusion of components, such as a fingerprint reader, or a tokenization engine, that would enable contactless payments. These functionalities need to be offered as part of a payment ecosystem, and should be easy to use.
Over time, other contactless processes such as premise entry and exit could be incorporated in a handset; and contactless payment is likely to be combined with other processes at the point of transaction, such as collection and redemption of loyalty points .

All players should consider how contactless smartphone payments could be made even more secure. One possible way of doing this would be to use the location data routinely collected by smartphones as a security check . Deviations from a normal purchasing location could trigger a request for further verification, such as PIN entry.

In the medium term the impact of contactless mobile is wide: it provides the opportunity to deliver new customer experiences such as displaying special offers in store to NFC based devices, it may catalyze the removal of point of sales systems for merchants. And NFC may become incorporated into a wider range of devices beyond phones.