Mobility 2011: The Year of NFC?

(This is part of a series of blog posts on Mobility in 2011)

Near-field Communications (NFC), the very short-range secure communications channel that will enable for a new breed of application interactions, is making a comeback. The year 2011 is, finally, the year of NFC. Today NFC is the new buzzword. NFC is the “next big thing”.

What makes NFC so attractive? From a user’s perspective, convenience. From a developer perspective, imagine application activation by swiping the handset.

NFC is so hot now, that the NFC Forum, the non-profit industry association that promotes the use of NFC short-range wireless interaction in consumer electronics, mobile devices and PCs and leads the standardization of NFC, recently redesigned its logo and marketing efforts.

Introduced around the year 2006, for some of us, it has been an eternity to get here. For example, back in 2007-2009 I co-founded a company called eZee, with the goal of bringing NFC-based applications and mobile payment into the marketplace; see eZee inc Mobile Coupon and Payment Vision. If you ask me, right on the spot, but 3 years too early. ;-)

And as with mobile apps, NFC suffered from the same preclusion by the Operator. The pain was so heavy that many investors avoided NFC-related startups altogether. Those were the days just pre-iPhone and pre-Android. Nokia was the leader on NFC; it pushed the NFC API into J2ME (JSR-257), was doing its best to expand NFC. In the USA it was next to impossible to get your hands on a NFC handset; Operators were not ordering them, not yet, until the issue of the Secure Element was resolved. With trials and more trials, operators basically brought to a halt all related innovation and ecosystem. Note that near-field communications already had been proven in other regions such as Japan. Convenience the obvious benefit – fast, quick interactions.

Now with Google introducing NFC on its Android software stack and device manufacturers embracing Android/NFC, and (rumors that) Apple will be introducing support for NFC, and organizations such as ISIS (a joint venture by AT&T, T-Mobile and Verizon), and in Europe with projects such as the “Six Pack” with operators and financial institutions involved, the right mix of players and events are happening. The NFC ecosystem is evolving!

2011 will be a definite year on the battle between operator control and the ecosystem. This should look familiar to you as it is similar to how apps moved from the Operator controlled deck and into the ecosystem, 3rd party developers and app stores and markets. Operators have a true challenge ahead of them. It actually is an amazing transformation across the board.

While many equate NFC with mobile payments, payments is just one application. Other types of applications for NFC include check-ins, digital-to-physical world interactions, sharing device-to-device (such as contacts), authentication/authorization, transportation and ticketing, discovering information about a place or object, coupons and marketing, and so on. In fact, perhaps over time, most of the NFC-based interactions won’t be payment related.

Next I will expand on NFC, the players and the year 2011.

The NFC Ecosystem

The NFC ecosystem is a complex one. And when involving mobile payments it is not only complex, but it is extremely (greedy) political. Below I attempt to illustrate some of its players:

Past experiences alone tell me that the control of the NFC ecosystem, led by mobile payments, will shift from the Operator (and the SIM card) and into the ecosystem via non-operator and external secure elements and Trusted Service Managers (TSM).

The NFC Specifications and Standards

The NFC specifications focus on link-level protocols and message payloads to enable NFC-application proliferation. The specifications describe NFC at the low-level such as Logical Link Control (LLC) protocol and connection handover, data exchange formats, support for various popular Tags such as FeliCa, and communication protocol formats for various interaction types such as support for Texting, URI and Smart Poster payloads. All the required protocols are there. The NFC software stacks are there. But the SIM-card centered mobile payment debate continues.

The SIM-Card vs. External Secure Elements Debate (or Debacle)

While NFC has uses beyond payments, the debate of who controls that Secure Element (SE), a mobile payment artifact, is the top reason why NFC adoption has taken forever. For those not familiar with SEs, a SE is a secure location in the device, typically a Smartcard, where things such as secure keys are stored and which must be very difficult to compromise.

Many believe the SIM card, which already plays a key role on handsets by identifying the subscriber and related account, should be the SE of choice for mobile payment. At first, this makes sense as from the technical perspective, the SIM card is very secure, it has a secure channel between the SIM card and the NFC chip over Single Wire Protocol (SWP), and the Over-the-Air (OTA) management aspects are in place. But from the business perspective, there is a huge drawback — it gives way too much control to a single stakeholder, the operator.

The truth is that SEs can be implemented in various ways: 1) the SIM card, as explained above, 2) secure internal memory, and 3) external SEs such as in a microSD. The latter is becoming a strong contender for NFC.

The debate of SIM-cards vs. external SEs will have a major implication on who will benefit the most. If it turns out that the SIM card is in fact the top choice for SE, then a new/different kind of battle for SIM control will commence.

While the above takes place, two technologies are filling the gap: 1) 2D barcodes and 2) RFID stickers:

2D barcodes have great potential and uses; I love them. But are not as convenient as NFC, as it requires multiple clicks from the user to start the app and read the barcode itself;
RFID stickers I see as a temporary solution. RFID stickers can be provisioned with info such as account information, and may require multiple stickers for multiple purposes. RFID stickers are “standalone”; with no application interface on the handset itself, the sticker is very static. This is opposed to NFC-based apps, which have an application component, a component on the SE, and the application can interface with the NFC channel and the SE, allowing you to create any UI experience (differentiation) on top.

Apple & Google and Financial Institutions Take the Lead

Enough trials. Enough debates on SEs. Time to move on. And this “move on” means for the ecosystem to take lead. Enter Apple and Google, and financial institutions. The Operators should be very concerned. The whole app scenario is repeating, that is, control shifting from the operator and into the ecosystem.

And it gets better.

Not only Apple and Google have/will be introducing devices (and sofware) that supports NFC, but expect them to become major players on NFC-based payments. Providing NFC hardware and software support is just part of the story. Expect Apple and Google to position themselves right in the middle of this; in the middle of each mobile payment transaction. But how? There are different ways, with different levels of control and influence:

One way is to position their own “Checkout” application and back-end system at the center of each payment transaction and getting a percentage for each;
Another way is to position themselves as a financial institution;
And the third way, is to become a Trusted Service Manager (TSM).

I suspect that Apple will supply their own mobile payment app (#1 above), but also become a TSM (#3). Google probably will use a different angle, one focus on their Search, Places and Recommendations, Ads and Hotpot, combined with their own Checkout payment app; we will see, but they should also consider the TSM route.

Similar to Google and Apple, financial institutions will take lead on NFC and mobile payments by providing mobile payment apps and potentially also taking the TSM route. Most likely financial institutions will go the microSD route:

Source: Nearfield Communication World

This is similar to how Visa Europe last year used a microSD-based NFC solution for mobile payments based on DeviceFidelity‘s In2Pay. Expect more of this happening.

What is a TSM?

A Trusted Service Manager or TSM is the entity that manages the process of provisioning a device (Secure Element) for mobile payment. Gemalto defines a TSM as follows:

“In mobile payment, the Trusted Service Manager (TSM) works behind the scenes to make the entire process of downloading your payment account onto your cell phone efficient and secure. Mobile commerce and payment necessitates a new level of cooperation between wireless operators and financial institutions. A TSM knows both banking and mobile phone security and systems, bridging multiple banks and operators while ensuring that consumer credit card information is completely secure. ” – source Gemalto.

The diagram below provides a simplified view of a TSM; as you can see, TSM are at the center to the whole mobile payment process.

TSMs are basically right in the middle; provisioning payment applets (on the SE and/or SIM card), payment apps, and the secure keys. TSMs can mainly focus on the provisioning aspects, or can offer additional services such as communicating with financial institutions over secure channels for payment processing related tasks, with the device, and with the network.

For Apple and Google, and perhaps the financial institutions, this could mean “TSM on-demand” with user-initiated provisioning via their respective app store/markets and tools; imagine using iTunes to securely setup your iPhone for payment, downloading the secure keys, apps and applets, all integrated into one experience.

Note that becoming a TSM doesn’t preclude others’ apps (and related secure keys) on the same SE, meaning that if Apple or Google, or the operator for that matter, decided to become a TSM, they can be ecosystem-friendly.

You might recall in 2010 a deal between Apple and Gemalto. This rumor was centered on Gemalto-provided SIM cards to enable iPhones to be activated on any operator via an App Store download. While this might be true, this deal felt to me like something else; I will not be surprised if perhaps Apple is planning on using Gemalto’s Trusted Service Manager (TSM) technology to help Apple become a TSM for mobile payments on iPhone.

Will companies like Apple, Google and financial institutions collaborate with ISIS and the like?

ISIS

It is not the first time we have seen a conglomeration of operators that gets together to address NFC and mobile payments. Just a few years ago at Mobile World Congress, a number of operators joined forces on mobile payment. Nothing came out of this.

In 2010, ISIS, a mCommerce joint venture by AT&T, T-Mobile and Verizon in the USA was formed. This is a natural response to the threat by 3rd party companies such as Apple and Google trying to take over mobile payments. I do expect for ISIS to succeed somehow, but to be determined how this in fact will play out.

Note that ISIS is an all operator venture, and the “Six Pack” project in Europe does consist of operators and financial institutions together. Operators have the upper hand, but we live in a new world of mobile ecosystems; it is imperative they work with the ecosystem.

In Conclusion

The year 2011 will (should) be the year of NFC. But it is just the beginning. It really is about preparing for the decade of mobile payments and contactless interactions. Imagine using your handsets to learn about items on the store or places via NFC, exchange your contact info with others, check-in into places, redeem your coupon, and/or make payments, just by swiping your mobile handset.

NFC brings a new kind of interaction — it is about convenience. For me, I’ve been waiting for this for a long time and it is very exciting due to the new kind of apps that will come out of this.

You can read more about NFC, including the JSR-257 Contacless APIs for JavaME, in the NFC section on my blog About Mobility.