(keitai-l) Re: Vodafone enters m-payment arena

From: Nick May <nick_at_kyushu.com>
Date: 01/13/02
Message-id: <fc.000f76100006593c3b9aca00dfa3ef68.6593d@kyushunet.com>
cjs@cynic.net writes:
>
>Let's face it; a piece of plastic is pretty darn "mobile."
 

....
>that Vodaphone is inserted into the consumer -> credit card issuer
>Which is good for them, if they get a
>little piece of what goes by, but not good for the others, because
>that money has to come from one of those three parties
.

At the moment, ALL of those parties are paying a large "fraud tax" of one
sort or another. If this system could reduce fraud by even a tiny, tiny
amount, it would cut everyone's costs and they would be happy to fork out
to Vodaphone. Leading to lower interest rates and charges for the
consumer, amongst other benefits. If a "keitai credit card" was cheaper
than a "standard card" I would certainly be attracted.  I would also be
attracted, as a consumer, from the security aspect. (see end)


This is the key point presumably....
>This sees Vodafone rapidly overtaking NTT DoCoMo as the largest provider
>of m-payment services today, via its i-mode network. 

Entering all one's credit card details through a keitai is a pain and
would put people off right away. It is not clear if there is any reliance
on  identifying the handset - in addition to the pin number. In other
words, whether it is "what you have" security (the handset), plus "what
you know" security (the PIN). I guess there must be or there is not much
point.

The "mobility of a piece of plastic" presumably is part of the problem -
it can be thieved. So what you know and what you have go together. You can
add a PIN system to it - but then why keep all the other *info* on the
credit card? Any "token" would do. A keitai can also be thieved, but
without the pin, that is of limited use... (Of course you can add
additional "what you know" constraints, but these are usually trivial,
like NetworkThievingSolutions asking for your postcode.)

It is not clear from the article which "handset" the user enters their pin
into. The "keitai" presumably. But then the pin is flowing across the
network, so that would have to be secure.  It is very unclear what the
"workflow" would be.

>For physical goods, at least, it looks as if the only change is
>that Vodaphone is inserted into the consumer -> credit card issuer

Which is a benefit for ordering through a keitai if one does not have to
enter all one's cc details. Of course, if you are physically in the shop,
it has little additional benefit EXCEPT that it might be more "fraud-proof"

I don't use credit cards on the net because I do not trust the vendor to
keep the details safe. (There are too many cases of the details being
hacked (this is British English 'hacked" by the way). With Vodaphone's
system, my guess is that those credit card details never actually leave
their system.  That makes me happier as I trsut vodaphone to have decent
security ina  way I do not trust "Fred's Compabt Disks". As a vendor, I
would be attracted by the fact that I don't have to be responsible for
storing all of my customer's credit card details on my server - an
additional security issue a vendor may not want.


Nick
Received on Sun Jan 13 09:12:26 2002