Near field communication (NFC) technology for payments is hitting the silicon valley area, according to Near Field Communications World. They point out that Apple has spent recent months rushing through patents to try and lock down the profits for payment options on the iPhone.
[In April 2010] we reported on Apple's first four mobile payments related patents. The first two relate to peer-to-peer (P2P) payments and show an iPhone menu that would enable the user to choose from a variety of payments options at the time of purchase. Here, there is an indication that iTunes could evolve into a mobile currency, with mention of the service as one of the payments options along with bank transfer, credit and debit card options. The second pair of patent applications, meanwhile, cover the use of a 'portable device' — such as an iPhone — as a mobile point of purchase or POS terminal, able to capture information about an item for sale, determine its purchase price and process payments.
Much more interesting than this trend, however, is a new company with a strategy to sell NFC stickers (RFID tags). They are said to be winning attention from local cities, PayPal, Google, Facebook and even Apple.
Bling Nation's mobile payments pilot in Palo Alto has now expanded to include distribution of mobile contactless stickers to staff at Facebook's headquarters and to the Stanford University campus. The City of Palo Alto has also backed the trial, enabling local residents to use their Bling Tags to pay utility bills, long-term parking bills and parking fines with plans to include city libraries, community centers and various museums in the coming months
The tags are adhesive-backed microchips about the diameter of a soda bottle cap. They do not store any information about the consumer, just a unique identifier. Consumers get a tag by registering with an "issuer" such as a local bank or credit union.
Last August Bling Nation tied their NFC tags to PayPal accounts. They will likely do the same with anyone who wants to join the new payment processing system.
Each time a purchase is made by touching the chip to a reader a text message is sent to the mobile device for confirmation.
The tag is marketed as something that should be stuck to the back of a mobile device, but that removes text confirmation from being a separate factor. At least it still gives less exposure with more security possibilities even compared with payment cards that use chip and PIN.
The Bling Nation site gives the following explanation:
Bling Nation builds multiple levels of security into the Bling system. First, we eliminate the need to store personal information on your BlingTag or on a business' point-of-sale terminal, in order to help protect your identity. Second, we use dynamic key encryption to transmit any transaction data through the BlingTag and Blinger point-of-sale device. Thus, transactions at Bling businesses are encrypted, preventing easy hacking and helping to ensure secure communication between the business and any Blingag issuer, such as PayPal. In addition, each transaction is assigned a different identification number. Transaction data is stored securely and the BlingLink network complies with Payment Card Industry (PCI) standards and other payment privacy and security regulations. Our system is also audited regularly to help ensure the maximum level of security.
People sometimes ask when payment cards will get encrypted communication and chip and PIN in America. The problem has always been said to be related to the cost of rolling-out new point-of-sale devices. Perhaps the time-line will speed up if a competing system is setup. On the other hand, BlingTag have a similar issue — they need new point-of-sale devices to be installed. That also might speed up if Apple engineers are thinking what I am thinking.
There is actually no reason (yet) to put the tag on your phone. It is something of a marketing gimmick to either parody cell phones that actually do payment or condition consumers into thinking about the phone as a payment device.
In other words, cell phone manufacturers are not yet building NFC chips into their devices. The immediate workaround is to stick one on the outside and pretend like it is in the inside. Another possibility is that the NFC chip could use BlueTooth to talk directly to the phone but that does not appear to be the case with Bling Nation.
The company says the real reason they suggest this is because of the text confirmation and "you usually have your phone with you and it can go anywhere". I take my wallet everywhere more than my phone, but maybe that is just me.
You can of course disable the text message confirmations. Even if you leave the messages enabled, you might find it most convenient to stick the chip to a payment card already in your wallet.
Thus, instead of pretending your phone makes payments this could be the first step for Americans who want to pretend that they have a chip and PIN payment card. Oh, actually, I guess MasterCard also released a NFC sticker program in 2009. Make that the second step.
So far I have just covered the basics of the service. I also have avoided asking why a payment company would name themselves with a word like "bling" that hints at shallow and vapid behavior.
Later I will post analysis of the deeper security issues like fraud and abuse of these tags. For example, you are allowed to have more than one tag, but each one has to be linked to its own unique phone number.