Dag-Inge Flatraaker is general manager and head of Interbank Infrastructure and Payment System Strategy at Norwegian bank DnB NOR. He has also worked with the European Payments Council (EPC) on establishing a SEPA strategy for e-commerce and m-payments. Flatraaker was speaking to EurActiv's Claire Davenport.
So what are m-payments?
Mobile phones are a channel to access your bank accounts like you do on your PC but now banks can also establish mobiles as a channel to make payments. In the future your mobile phone can act as your debit or credit card.
How does that work?
Well today we have physical cards. But imagine if they had a contactless capability, like the London Underground's Oyster Card for example. The next step is to store payment cards virtually in your SIM card.
So the SIM card stored in your phone effectively becomes your bank card? The SIM will store software, like banking applications or debit and credit card information or even loyalty card schemes. What about cross-border payments? Could my SIM card do that?
Yes, that is the whole point of SEPA, that cross-border and domestic payments are exactly the same. We are trying to make sure the technology is as interoperable as possible so that it can work on any handset and with any operator. Most operators use something called the UICC SIM but there are other options on the market. Does this exist right now then? Are people making m-payments in the EU? This is mostly in the trial phase right now. There is a trial in France and there have been trials in Turkey and in Spain among others. But France is the first country in Europe to try the technology out on a broader scale. And have they been successful? Well, in France m-payments have proven their worth in the transport sector. The next step will be to bring the technology to sales terminals in shops. Also French banks and the telecoms companies are planning a commercial launch this year.
So banks and mobile phone operators or telco companies will have to come to a commercial agreement on this?
That really depends. If we are talking about access to the networks then there is no agreement. But if we are talking about using the mobile phone infrastructure, like SIM cards as carriers, then we will need agreements between operators and banks. This is where the European Payments Council (EPC) and the GSMA, the association of mobile phone operators, come in. We have cross-industry co-operation to establish a model whereby banks can use the mobile phone networks' infrastructure to store the payments applications on SIM cards.
But are we not creating more opportunity for hackers to get our banking data?
Well the EPC and the banks are in the process of defining the security requirements. These will be pretty much the same security requirements we have today with online banking on a PC.
But what if somebody steals your handset? Can't they use it to make payments?
If you lose a phone or if it is stolen, we should be able to stop the applications and we should be able to do so remotely, but we are still working on this.
And if you want to change your mobile phone operator and get a new SIM, will the data be transferred?
The requirements will also define this so that it will be easy to have the same banking applications on your next network.
And can network operators potentially have access to your banking data and behaviour?
When we talk about payments the banking data and behaviour are in the domain of the individual bank's ownership and are not to be accessed by other parties, like the operators, unless the individual bank has agreed to it.
Now that the Payments Services Directive is opening up the market to non-bank payment institutions (PIs), will these new providers be able to enter the m-payments market?
If you are eligible to provide payments services according to the PSD, then yes, of course. It opens up the market to new actors and banks are used to competition.