Embed Size (px)
Citation preview
ABSTRACT
A digital wallet allows a user to make an electronic payment with a financial instrument (such as a credit card or digital cash), and hides the low-level details of executing the payment protocol that is used to make the payment. It authenticates the consumer through the use of digital certificates or other encryption methods, stores and transfers value, and secures the payment process from the consumer to the merchant. It can store multiple monetary and identification implements. Monetary implements include cash, debit and credit cards, and stored value cards while identification includes national or state identification cards and driver’s licenses.
WHAT IS THE NEED
Consider the following scenario: “Jill is at the supermarket checkout line. She fumbles through her wallet to find credit card X, rejecting many other cards in the process, to pay for the transaction. Later in the day, she falls victim to a pickpocket who steals her wallet. Jill is now in a state of panic; she has to remember which cards she had in her wallet and then manually cancel those cards.” The above scenario highlights problems with a physical wallet, namely
Thick, bulky, unmanageable physical wallet.
Finding particular items is time consuming.
Evocating a lost wallet is extremely hard.
Managing multiple monetary and identification implements is not easy. Monetary implements include cash, debit and credit cards, and stored value cards while identification includes national or state identification cards and driver’s licenses.
Reducing the chance of theft by having only one item to manage.
1
COMPONENTS
A digital wallet has a software and information component.
The software provides security and encryption for the personal information and for the actual transaction.
Normally, digital wallets are stored on the client side and are easily self-maintained and fully compatible with most e-commerce Web sites.
A server-side digital wallet, also known as a thin wallet, is one that an organization creates for and about you and maintains on its servers. Server-side digital wallets are gaining popularity among major retailers due to the security, efficiency, and added utility it provides to the end-user, which increases their enjoyment of their overall purchase.
The information component is basically a database of user-inputted information. This information consists of your shipping address, billing address, payment methods (including credit card numbers, expiry dates, and security numbers), and other information.
2
CLIENT BASED WALLETS
software application installed on consumer’s device
automatically fills forms at Online stores
merchant install software to receive client based wallet information
when consumer clicks merchant’s site merchant queries consumer’s digital wallet
more difficult to update as download required merchant’s form changes
Examples - Gator, Master Card wallet
SERVER BASED WALLETS
No special software for consumer required
Financial Institutions market the system to merchants as part of their financial service package
Technology services ( infrastructure for processing payments) & Wallet services provided.
Easy & secure shopping using whichever payment method consumer desires
Lower transaction cost
Lower consumer acquisition & retention costs
Dynamically updates as merchants form change
Consumer provided with Single Sign-In Service(SSI)
Example - Microsoft Passport, Cybercash InstaBuy, Novell DigitalMe, Yodlee
3
TECHNOLOGY
Secure Communication Medium
o New NFC (Near Field Communication) chips are already appearing in smartphones which provide very close range, low power, easy to setup up point-to-point communication.
o NFC acts as the communication medium for exchanging monetary and identification information, such as credit card numbers and receipts, with other devices.
Fast Secure Authentication and Secure Tamper Proof Storage
o Secure programmable chips in cell phones will allow the cell phone to securely store both “digital cash” and the phone owner’s monetary and identification implements.
o This assumes that the cell phone owner secures his digital wallet with a good password. This chip will ensure that thieves are unable to access the digital wallet embedded in the stolen phone. Biometric scanners could also be integrated into cell phones and used for quick and easy authentication.
4
PAYMENT MODELS
For point-of-sale transactions: -
o A NFC-compatible “reader pad” can be deployed in retail stores.
o When payment is required, consumers place their cell phone on/near the pad and all their valid payment options appear on a display.
o They can then select the payment method they plan to use (cash, specific credit card, etc.) for the transaction.
o The pad transmits the transaction request to the appropriate financial institutions using existing banking protocols provided by NETS, Visa, Amex, and MasterCard.
o The consumer can provide any necessary signatures using a digital signature pad located next to the reader pad.
o Once the transaction is verified and completed, the receipt is automatically sent to the cell phone and stored for future reference.
5
For peer-to-peer cash exchange :-
o Use the phone’s NFC capability together with an easy to use peer-to-peer cash application.
o Using the application, the payer can enter how much cash he needs to send to the other person.
o The payer then taps the cell phone of the payee and the cash is transferred instantaneously using NFC.
o The recipient is then informed of the exact amount transferred.
6
HOW TO SUPPORT CASH TRANSFER
From the consumer’s perspective, cash transactions have many benefits, they are fast and easy to perform, they provide a built-in spending limit, and they are anonymous.
The anonymity factor is crucial for consumers who, for various reasons, want certain transactions to remain anonymous while the spending limit is used, for example, by parents to limit their children’s spending.
Supporting cash transactions require two key technology components :-
o Place cash in the digital wallet either by :
Topping-up the cash on device at specific top-up machines which are integrated with existing automated teller machines
Online by logging into bank’s online portal and transferring cash into phone.
o Transferring that cash to a retailer or another digital wallet by using NFC.
7
WALLET ARCHITECTURE
1. The Instrument Manager manages all of the instrument instances contained in the wallet, and, for example, may be queried to determine which instrument classes and instances are available to execute a given payment or other operation.
2. The Protocol Manager manages all of the protocols that the wallet may use to accomplish various operations, and invokes protocols to carry out the interaction between the digital wallet and the vendors and banks. The Protocol Manager relies on the Communication Manager to process low-level communications requests with other computers representing banks and vendors.
3. The Wallet Controller presents a consolidated interface for the wallet to the client. The Wallet Controller hides the
User Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
WalletController
UserInterf
ace
ClientAPI
UserInterf
aceAPI
Instrument Instances
Protocols
8
complexity of the other components of the wallet, and provides a high-level interface to the client. A non-human client, or software agent, can make method calls on the Wallet Controllers interface through the Client API. A human client may use a graphical user interface (GUI), which may make method calls on the Wallet Controller. The Wallet Controller coordinates the series of interactions between the User Profile Manager, Instrument Manager, and Protocol Manager necessary to carry out high-level requests received from the client, such as purchase a product.
4. The User Profile Manager manages information about clients and groups of clients of the wallet including their user names, passwords, ship-to and bill-to addresses, and potentially other user profile information as well. In addition, the User Profile Manager keeps access control information about what financial instruments each user has the authority to access.
5. The Communication Manager provides the wallet with an interface to send and receive string messages between wallets and peer commerce components by setting up a connection with a remote Communication Manager. The Protocol Manager builds on top of the connection abstraction to support the concept of a session. A connection is typically asynchronous, while communications between peer commerce components in a Session occur in (message, response) pairs where one peer sends a message, the other peer receives the message, executes some action, and returns a response. Depending upon the implementation of the Communication Manager, the messages may be sent over different types of networks using different communication protocols.For example, one implementation of a Communication Manager may send and receive messages over the Internet using HTTP requests and responses over a TCP/IP Ethernet network. In this case, a Session may be made up of a sequence of several HTTP GET messages and their corresponding responses. Note that the Protocol Manager is responsible for making calls to the Cryptographic Engine to encrypt any data that is passed to the Communication Manager, such that the data can be
9
securely transmitted over the communications medium. The Communication Manager cannot be responsible for encryption of sensitive data from the wallet because it is formally outside the wallet architecture, and can be replaced by another Communication Manager to run the wallet on another device. If the Communication Manager is relied upon to encrypt sensitive data, then the Communication Manager might be replaced with a malicious Communication Manager that sends all sensitive data to an adversary.
6. The Client API is an interface provided by the Wallet Controller that may be used by an autonomous software agent acting on behalf of a human user.
7. The User Interface provides a graphical interface to the services offered by the Wallet Controllers interface. The User Interface is an optional component of the wallet. Some devices, such as most smart cards, do not have the ability to display a graphical user interface, and hence the Wallet Controller interface must be accessed through the Client API. Note that the user interface is a core component within the wallet because certain parts of the user interface have access to sensitive user data. For example, the edit box object into which a user enters the password to unlock the wallet should run within the wallets protected address space. On the other hand, users may want to customize the wallets interface by plugging-in GUIs developed by other software vendors. To accomplish both these conflicting goals, the user interface exports parts of its interface as the User Interface API that may be overloaded by software vendors to render customized parts of the interface.
10
WALLET INTERACTION MODEL
Open Session Instrument Class Negotiation Protocol Negotiation Protocol Selection Instrument Selection Transaction Execution Close Session
Open Session
Instrument ClassNegotiation
ProtocolNegotiation
ProtocolSelection
InstrumentSelection
CloseSession
TransactionExecution
11
INSTRUMENT CLASS NEGOTIATION
TRANSACTION EXECUTION
User Profile Manager
Instrument
Manager
Protocol
ManagerCommunication
Manager
WalletController
UI Customer Profile
ManagerInstrument
Manager
Protocol
ManagerCommunication
Manager
VendorController
UI
User Wallet Vendor Wallet
User Profile Manager
Instrument
Manager
Protocol
ManagerCommunication
Manager
WalletController
UI Customer Profile
ManagerInstrument
Manager
Protocol
ManagerCommunication
Manager
VendorController
UI
User Wallet Vendor Wallet
12
WHAT IS ECML?
An existing Internet standard, commonly used in Internet shopping, aims to produce common methods for transferring transaction information from the client wallet to the server application.
It can be used whenever applications need a common method for transferring e.g. address information, and not just transferring credit-card information – It is a structure, not a protocol – ECML is security mechanism-independent, and can/will be integrated to other transaction protocols and security elements when available.
13
A DIGITAL WALLET MENU
The wallet application menu contains three different modules: Cards, Personal notes and Settings.
The Cards module is used for storing personal card information, such as payment card (credit, debit, etc.), loyalty.
The card details consist of card info (name, number, etc.), account info (billing address, etc.) and shipping info (shipping address, email, phone number, etc.).
From the wallet, the user can fetch the required information (stored in the ECML: Electronic Commerce Modeling Language) format via the WAP browser and easily fill in the required fields.
The Personal notes function is a notebook where the user can store private information.
From the Settings, the user can switch the wallet code request on and off and change the wallet code when necessary.
14
IMPLEMENTATION
Reuse the back-end infrastructure that routes credit card and debit card information between retailers and financial institutions. Also retain the existing ATM networks and online banking solutions.
Provide retailers with a single NFC-enabled point-of-sale device that replaces the current separate machines for credit cards and debit card purchases.
Extend the physical ATM machines to also provide cash top up/removal services for digital wallets. In addition, consider methods to extend existing online banking solutions to support the digital wallet.
15
HOW TO USE WALLET FOR PAYMENT
1. Browse the merchant’s WAP service and select the items you want to buy.
2. To pay for your purchase using your mobile wallet, select wallet payment and you will receive a payment request, i.e. a payment data form that you have to fill in. Note: to be able to use the wallet for payment, the acceptable payment methods indicated in the WAP service have to include mobile wallets.
3. Go to the Options menu and select Use wallet info. To gain access to the wallet, enter the wallet PIN code.
4. Select the payment card you want to use and ask the wallet to fill in the required information parts. Check the information has been entered onto the form before accepting the order.
5. In the case of more costly purchases, the merchant may require you to digitally sign the payment. After accepting the order, you will get the signing request (such as an electronic receipt with date, amount, etc.)
6. Sign the payment with your personal signing PIN
7. The merchant sends you an acknowledgement of successful payment
16
CHALLENGES
Mass Market Appeal: Ensuring a mass market appeal for the digital wallet is important to leverage scale economies and the network externality effect. One way to increase the mass market appeal is to make the digital wallet usable for all day-to-day transactions. Hence it is important to support both point of sale transactions and peer-to-peer transactions between individuals. Both of these require support from financial institutions, retailers and government bodies; coordinating these stake holders is a real challenge.
Stake Holder Dynamics: Any successful digital wallet deployment will need the cooperation of multiple stake holders such as banks, retailers, regulatory bodies, and consumer. This is a challenge because satisfying the business and strategic goals of multiple stake holders is difficult. For example, bank A may choose not to be a part of a consortium where competing banks play a leading role. In addition some stake holders may have already invested in alternative technologies and may not be in a position to make further investments. Achieving buy-in from all stake holders may require the support of the government and regulatory bodies.
Compelling user experience:The third challenge is designing a digital wallet that consumers want to use. This requires a usable interface, and support for all financial transactions that a user may want to perform. This involves reuse some of the user interfaces and design principles developed. However there are many important features that still need to be created. These include comprehensive backup and restore solutions, integration of a large number of monetary and identification implements, and support for peer-to-peer cash transactions.
17
WHAT IS IN YOUR WALLET
18
FUTURE OF DIGITAL WALLET
The electronic wallet is poised to become a personalized portal for each individual. The following are just some of the capabilities individuals will come to expect from their electronic wallet.
1. Online shopping from mobile devicesThe electronic wallet will be able to facilitate purchasing from mobile phones and PDA’s. The poor user input of mobile phone keypads is presently a barrier to mCommerce. The electronic wallet can minimize the number of key clicks required to purchase from these devices by automating the online purchasing process.
2. Price comparison shoppingThe electronic wallet will allow comparison shopping at any Internet access point. This will be used for online and offline purchasing. It is now possible for a consumer to access price comparison services from a mobile device while shopping at a physical location. This will provide true price transparency and consumer control.
3. Bill PaymentsThe electronic wallet will be able to make bill payments on behalf of the user. This will include scheduling payment intervals for electronic bills and invoices and receiving bill reporting from any Internet access point.
4. Loyalty RedemptionThe electronic wallet will give consumers realtime reporting of points accrued under loyalty schemes and their conversion entitlements. This will actually promote a convergence of loyalty schemes and may lead to loyalty points becoming fungible with value.
19
5. Personal Information AccessThe electronic wallet will become a single access point to all personal information. This will including medical, insurance, motor vehicle, mortgage, superannuation and investment reporting. This is the personal financial portal which we have all been waiting for. This information aggregation will also extend to online auction monitoring and online gaming.
6. Virtual Personal OrganizerThe electronic wallet will store the user’s calendar, contacts, tasks and lists on the network allowing this to be retrieved and updated from any device. This will eliminate the need to hot-sync.
7. Wireless purchasing at physical locationsThe electronic wallet will allow purchasing in physical stores when the wallet is installed on an infra-red or blue-tooth device. The electronic wallet software will retrieve a person’s credit card number from the network and use the native capabilities of the device it is running on to transmit the credit card number to a Point of Sale unit.
8. Pre-emptive PurchasingThe electronic wallet performs the purchasing process for the consumer and therefore has a record of purchases made. The electronic wallet will be able to pre-empt purchasing based on habits and actually remind the consumer to make purchases on a regular basis.
9. Device to device Person to Person PaymentsThe electronic wallet will be able to facilitate person to person payments in the physical world. Once installed on a mobile device it will be possible to transfer a payment from one person to another simply by pointing two “wallet-enabled” devices at each other.
20
REFERENCES
1. Electronic Wallets: Past, Present and Future, by Brent Clark.
2. Thin is in, The future of Digital Wallets, by Christina N. White for SapientNitro.
3. Digital Wallet Technology, by Riyazuddin Khan.
4. SWAPEROO, A Simple Wallet Architecture for Payments, Exchanges, Refunds, and Other Operations by Neil Daswani, Dan Boneh, Hector Garcia-Molina, Steven Ketchpel, Andreas Paepcke from Stanford University.
5. http://en.wikipedia.org/wiki/Digital_wallet
6. Digital Wallet: Requirements and Challenges by Rajesh Krishna Balan, Narayan Ramasubbu, Giri Kumar Tayi from Singapore Management University and SUNY at Albany.
21
