Enabling Multi-Provider Services with Third-Party Service Providers

Managing secure credentials on smartphones to enable NFC (Near Field Communication) services is a dynamic new business opportunity, requiring actors sitting amongst legacy mobile, banking and retail industries to lessen the complexities of bringing these new services to market. The question of which parties are best positioned to enable the business rules of the future state is the subject of this article.

Without independent third-party service providers to minimize the short-term IT impact of early commercialization and long-term logistical and technological complexities related to access, administration and lifecycle management, it is possible that maturation of the ecosystem will take far longer than otherwise anticipated. The breadth of use cases and the resulting economic benefits are at the core of the NFC promise. For example, using NFC on a smartphone to provide credentials (room keys) to a hotel guest over the air means that the hotel can:

 

– Remove the overhead of physical check-in and check-out;

– Communicate with the guest throughout her stay through the smartphone to enhance the hotel experience without hassle; and

– Drive a 1:1 contextual dialogue, both inside and outside of the hotel, marketing time-sensitive offers during the stay at the hotel and more.

 

Use cases, such as the above, will demand new business rules to enable and manage third-party secure data on smartphones and possibly unique multi-party customer care situations.

The secure management of third-party data is required to straddle market dependencies of (i) a near-term state, where only a few actors are launching commercial NFC services with few select partners and few normalized rules, with (ii) a mature state where millions of consumers are activating thousands of diverse secure credential products on their devices from dozens of industries enabled across the majority of carriers and deployed on a multitude of devices.

In accordance with the standard set forth in GlobalPlatform 2.2, there are effectively three critical roles for any one use case where secure credentials are issued on a smartphone:

 

– The owner/issuer of the secure credentials

– The owner of the secure element on the smartphone, where the secure credentials are stored in the device

– The administrator of the secure element, responsible for secure credential lifecycle management and campaign management

 

The actors of the first two roles are straightforward. Banks, merchants, hotels, transit authorities and employers control facility access or others will issue the secure credentials. Carriers or smartphone OS providers will own the secure element. Because the condition precedent for the mature state demands that early players wishing to issue secure data be able to do so with as few internal resources as possible, the role of administrator is absolutely critical.

There is broad debate as to who could play such a role. Banks, carriers, smartphone providers and existing personalization bureaus all believe they are in a position to offer such services. While years from now, when defined business rules may allow many types of actors to provide this administrator function, third parties are the most viable option today.

Why? The most important role of an administrator is to enable win-win solutions that do not negatively impact any party’s objectives in deploying commercial NFC services. A bank, for example, seeks to ensure its secure credentials are available on all smartphone types across all carriers. Conversely, smartphone makers and carriers have incentive only to ensure that a bank’s card products are available to its subscribers rather than on a ubiquitous basis.

Carriers’ growing rivalry with banks at merchant point of sale creates an environment whereby banks and merchants are less incented to drive their legacy products and services onto devices in direct relationships with those same actors trying to compete with them. Rather, it is likely that third-party surrogates can (i) administrate on behalf of the merchants and banks, and (ii) in doing so for a number of such parties, create leverage to force those with competing agendas to ultimately be willing to provision these bank and merchant products on the devices.

The role of administrator is about far more than business models. The administrator must ensure the integrity of the credentials across new devices, lifecycles of device firmware, upgrades of applications on devices that interoperate with the credentials and restoring of credentials in the case of lost/stolen phones. This is an infrastructure role that is new for any actors, and the advantages of an independent third party that does not have legacy service obligations are several-fold:

 

– No need to learn mobility or focus on value proposition: A third-party administrator lets issuers of secure data maintain focus on leveraging the benefits of NFC smartphones without dealing with the technicality of device lifecycle.

– Minimizes IT integration: Banks, merchants and other issuers of secure credentials will not be able to support infinite integrations for endless number of carriers, devices, OS, etc., so the third-party single point of integration lowers the barriers to NFC viability.

– Neutrality forces normalization of business rules: Neutral third-party service providers reduce friction amongst service providers otherwise competing for control of the subscriber relationship.

 

The third-party service provider, if it is true to this mission, has but two enemies: the post office that loses out on mailing of plastic card products and the plastic card manufacturers. All other actors benefit from the role of a third-party service provider.

If an abstract consideration of the need of independent third-party service providers to enable a commercial NFC environment falls short, then examining customer care in an NFC-enabled world ends any debate.

The use case can be as simple as a failed consumer attempt to make a payment at a retailer using her smartphone with her bank-issued credit card. Who does she call? Whoever she instinctively thinks to call. It could be 611 to call her carrier; it could be that she dials the number on the back of her credit card (now present on the screen of her smartphone); or the consumer may prefer to ask the merchant to see a manager. Regardless of action by the consumer, the use case is very challenging for both the consumer to provide adequate description of the variables at play and for the care representative that is responsible for resolution. Why? Any care representative from a legacy industry will have inherent limitations as to his knowledge. The transaction in this case could fail for multitudes of reasons, including:

 

– Smartphone software problem (e.g. a bug)

– NFC hardware problem (e.g. secure element locks)

– Carrier account problem (e.g. unpaid bill)

– Credit card account problem (e.g. over limit)

– Reader failure

– Human error

 

The challenge for the care representative is discerning the correct resolution path as quickly as possible without aggravating the consumer by asking questions the consumer cannot reasonably be expected to answer.

The challenge for care from any one legacy player is to have the necessary information or cross-ecosystem pathways built to resolve the care concern. It would seem straightforward to have the consumer call the carrier’s technical customer support, and once device concerns are addressed, to roll over the call to a care representative of the issuing bank. Aside from the challenge apportioning the costs of care actions, this approach would require integrations and willingness to hand customers off between banks and carriers, which is highly unlikely. The process of case by successive elimination is simply consumer unfriendly.

A neutral third-party service provider measured on call resolution provides a completely beneficial alternative to all actors in the NFC ecosystem. Merchants can train all personnel that a single care point of contact has the highest chance of resolution, and consumers can be provided access to that care center by dialing a number or by transfer from their instinctive call to a carrier or a bank. The goal for such an intermediary is to provide a single point of contact for the consumer that is committed to helping them solve their problem and remain delighted with NFC. The challenge is the numerous exogenous issues that may impair the attempted transaction, of course, so this intermediary cannot operate in a vacuum. Rather, that intermediary must become a trusted third party of the major banks, carriers and merchants so that its representatives can: (i) open lines of communication with care representatives of the various actors for fast resolution; (ii) warm transfer care issues to banks’ or carriers’ billing, risk, fraud or account status groups; and (iii) serve as a resource for those third-party banks and carriers and others to develop a knowledge base of case resolution.

We are witnessing the early stage of a dynamic new ecosystem that promises exciting benefits for both consumers and service providers. However, unless the right actors are established early to drive the best business rules to enable cross-ecosystem interactions, there is risk that the benefits of NFC will remain elusive. The goal for all players should thus be to drive towards normalized integration as quickly as possible to generate positive opinions and use cases for consumers. Some legacy actors who anticipate playing broader roles will have to look in the mirror and realize that such objectives are not in the best interest of their long-term market objectives. Neutral third-party service providers will be critical to accelerating the market adoption not only of NFC technology but also of NFC-enabled services.