White Paper

Connecting mobile consumers

and merchants
 White Paper

Contents
Executive summary 3

Key drivers of mobile commerce 3

Ease-of-use and convenience 3
Security 4
Easy adaptation to existing payment systems 5

Transaction environments 5
Remote environment 5
Local environment 5
Personal environment 5

Mobile payment landscape today 6

Operator billing 6
Remote transactions 6
Key application areas for remote payments 7
Mobile banking 7
Stock trading 7
Auction 7
Betting 7
Local transactions 7
Electronic purse 8
Person-to-person payment 8
Cross-environment transactions 8
Ticketing 8
Loyalty programs 8
Coupons 9
Receipts 9
Branding 9

Enabling technologies 9
Secure platform services 10

Nokia in the field of mobile commerce 11

Java™ and Symbian platform leaders 11
Mobile wallet for online shopping 12

Technology standardization 13

Expected market development and trends 14

Summary 14

Glossary 15

2
White Paper
Executive summary
The slogan ‘Life goes mobile’ neatly sums
up Nokia’s vision of the role of mobile
devices in our lives today. Thanks to the
unbeatable benefits of size and utility
offered by mobile terminals, we can rely
on mobile applications and services to
make our lives more fluent and
enjoyable. In the developed countries,
purchasing has shifted more and more
towards electronic payments, as cash
use has decreased and card based
payments as well as online shopping
have increased.
Convenience is probably the most
important benefit of mobile commerce.
By reducing the need to carry cash,
credit or debit cards, the mobile device
allows consumers to make purchases
virtually anywhere, such as using
Key drivers of mobile commerce
Mobile commerce can be defined as any
electronic transaction or information
interaction conducted using a mobile
device and network that leads to transfer
of value in exchange for information,
services or goods. Mobile commerce
allows the consumer to carry out the
transaction using the mobile terminal,
whereas many other parts of the trading
cycle – promotion, selection, ordering,
payment fulfillment and delivery –
might occur using traditional channels
or fixed line PCs. Intangible goods such
as ringing tones or Java™ Midlets can
also be delivered to the phone in digital
form, making it possible to cover all
parts of the trading cycle with a mobile
terminal.
Key drivers of the adoption of mobile
commerce services are ease-of-use,
cost efficiency and convenience, as well
as the vital issue of security. In addition,
mobile commerce solutions must be
based on open and global standards
and technologies. In the long term,
they are the only way to mass-market
growth and a balanced ecosystem.
vending machines without change or
buying tickets while on the way to an
event. All in all, the overall aim is secure
and fluent mobile transactions for both
the consumer and merchant. Consistency
as well as convenience needs to be a
priority in order to make mobile
commerce services really take-off.
Currently, digital content purchases
dominate mobile commerce markets –
nearly all business today comes from
selling operator logos and ringing tones,
making the operator billing system the
most commonly used and most
practical payment method. This also
influences content developers, as parts
of their revenue is directed to the
operator commissions in the operator
billing model. To ensure profitable
Ease-of-use and
convenience
Usability issues are critical if a service is
to become a commercial success. With
mobile commerce, the user experience
covers much more than the browser
display of a particular shop site presenting
a list of products for sale. The transaction
process must proceed naturally and
logically, and be familiar after the first
time. The complexity of the payment
infrastructure should be hidden from
the consumer to avoid unnecessary
confusion – consumers should not have
to worry about interoperability or other
technological issues, and should be free
to enjoy seamless access to content.
Ease-of-use depends partly on how often
the subscriber uses the service.
Encouraging the use of the mobile phone
as a payment device will, of course,
require value-added mobile commerce
services. It is not enough to simply develop
mobile extensions of current Internet
services, since not all of them will suit
the characteristics of the mobile world.
business development for all, consumers
would ideally have several different
competing payment options to choose
from.
Today’s mobile commerce markets are
still at a fairly early stage of
development. Yet, mobile commerce is
expected to be an important opportunity,
so the key stakeholders such as network
operators, financial institutions, and
mobile terminal vendors are investing
to develop both the market and the
technology. For developers and service
providers, mobile commerce offers the
chance to diversify their scope of
operation. There is a clear need both for
standardized solutions that merchants
can implement, and to make wireless
processing attractive.
Furthermore, mobile phones themselves
have their limitations, such as a small
display and limited input capabilities.
Nonetheless, factors such as mobility,
availability, personalization, and ease-of-
use can easily overcome the limitations
of a pocket-sized device. Moreover,
technological advancements, with bigger
mobile phone colour displays, XHTML
browsers and faster and safer connections
(GPRS, EGPRS, TSL/SSL) have improved
the experience of the user, making
mobile services much more appealing.
It is worth noting that mobile phones
already outnumber personal computers
and there are currently more than one
billion mobile subscribers in the world.
With mobility, services have become
far more accessible and are no longer
restricted to a specific location or
opening hours. Mobile devices also
provide convenience, because they can
be used in seconds, unlike a PC.
Furthermore, greater session security
and more secure client authentication
methods for mobile payments will give
mobile phones an undisputed advantage
in conducting e-business.
3
 White Paper

Security
Micro-payments Macro-payments
When conducting monetary transactions, Priority on Priority on
convenience security
security is a key consideration. In mobile
commerce, security measures should be
Information
adjusted according to the value of the ty
uri
Video clips Sec
transaction and there are different

Number of transactions
Ringing tones
solutions available for different needs. Digital
Single city transport tickets signature
The following figure illustrates the
Screen savers
different levels of security needed by Music
Event tickets Trading
varying types of services. All in all, Games Travel
Bill payment, banking
the question is about risk management CDs
Flowers
and matching the right services and Gifts
Simple
solutions together. authentication Catalog shopping
(e.g. MSISDN)
Public transport season ticket
During its existence, the WAP Forum
specified security components that can Value of transaction
be used to provide high session security
when making mobile commerce Figure 1. The level of security depends on the value of the transaction.
transactions in remote environments,
that is, over a wireless network.
The Open Mobile Alliance (OMA) has
continued this by adopting former WAP
WAP 1.x
Forum specifications as part of the
overall architecture. Wireless Transport
WTLS WAP Gateway SSL
Layer Security (WTLS) enables server
Connection is Secure as such,
authentication and data encryption, secure only to The whole end-to-end but data may have
invisibly encrypting and decrypting the WAP gateway security cannot be assured been manipulated or
due to the security gap read in the gateway
information sent between a WAP client in the gateway
and a WAP gateway and aiming to
prevent a third party from deciphering WAP 2.0
the communication between these two
parties. The protocol also protects the HTTPS/TLS, SSL
integrity of communications, enabling WAP Gateway
acting as
the recipient of information to verify a WAP 2.0 proxy
that content has not been altered in
Security is comparable to the Internet model –
transit. transaction all the way to the origin server will be secure

The evolution to WAP 2.0, the next step
in mobile browsing, allows access over
TCP/IP, which is the standard Internet
transmission control protocol that
allows data to be sent in fixed or mobile
networks. Nowadays nearly all new
terminals support WAP 2.0. Compared to
the WAP 1.x stack, TCP/IP enables greater
end-to-end security and means less
protocol conversion – it also provides
reliable connections with larger data
files. Previously, there were different
encoding protocols used between the
mobile device and the WAP gateway and
between the WAP gateway and the
network. TCP/IP enables Transport Layer
Security (TLS) to be used all the way
from the device to the origin server.
This is depicted in Figure 2.
Figure 2. TCP/IP enables improved security over data connections from the mobile device to the network.
Based on the Internet security protocol A digital signature can be used for
Secure Sockets Layer (SSL), TLS is a authentication or non-repudiation
standard for enabling secure Internet purposes (e.g., signing a document or
connections between the devices and confirming a transaction), which are key
origin servers by establishing a TLS conditions in establishing the merits for
tunnel in the gateway. SSL and TLS will legally binding commercial transactions.
ensure real end-to-end security with no The digital signature is executed in the
security gap (that is, security protocol WAP application security layer and
conversion inside the gateway). confirmed by a code.
In practice, this means improved
security for information-sensitive Mobile wallets, used alongside digital
applications such as mobile payments. signatures, greatly improve security in
mobile transactions, and are also
convenient and easy to use.

4
White Paper
Easy adaptation to
existing payment systems
Existing payment methods and protocols
have gone through a long process of
evolution and it has taken a long time to
develop payment systems that are
globally accepted and adopted. For this
reason, it is important for mobile
payments to be based on existing
methods and standards if they are to
penetrate the market quickly. Up to now,
most mobile services have been based
on SMS, and have thus been charged for
in the phone bills of mobile network
operators. By developing applications
and services that support other payment
methods, a larger number of consumers
will be able to buy a widening set of
goods and services.
Credit cards are widely used on the
fixed-line Internet and can be adapted
to mobile use. Personal transaction
information, such as the cardholder’s
name, address, credit card number,
and expiration date can be filled in quite
easily via a PC keyboard, but it takes
time and effort with a mobile phone
keyboard. Some Internet services support
an automatic information exchange
specification called Electronic Commerce
Modeling Language (ECML). Likewise,
the same standard can be used in mobile
services. Nokia’s wallet application
supports the same specification and
offers a user-friendly solution for
transferring transaction information via
a mobile phone.
Transaction environments
Mobile transactions can be performed
in three environments – remote, local,
and personal. Each environment has its
own mobile commerce services and
characteristics that may require specific
technologies. Mobile phones will become
the ultimate transaction devices by
combining all three environments.
Remote environment
In a remote – or online – environment,
transactions are conducted over a
wireless network, and the physical
location of the consumer is not very
relevant to their actions. Most remote
transactions, similar to those conducted
online over the Internet, are conducted
with menu-driven applications, resulting
in a higher latency in transaction time.
In remote transactions, the phone’s UI
is of paramount importance as it must
relay all relevant information to
maintain the user’s trust and ensure
usability of the services.
Remote transactions range from online
purchases and banking to more impulsive
activities such as downloading digital
content. In most cases, the underlying
technology used is Wireless Application
Protocol (WAP) over a network
operator-provided bearer, such as Circuit
Switched Data (CSD) or General Packet
Radio Service (GPRS). The payment
method can vary from card payment to
operator billing, depending on the
nature of the purchase. The transition to
Extensible Hypertext Markup Language
(XHTML) as the standard browser
language and the switch to using the
TCP/IP stack at the transport layer are
expected to increase the number of
remote transactions, as they provide a
richer browsing experience as well as
faster and more secure connections.
Local environment
In a local – or proximity – environment,
the consumer is in the vicinity of the
“other end,” and mobile transactions
are usually initiated over short-range
wireless technology. Performance
requirements for local transactions,
such as speed and ease-of-use, are high,
meaning that transactions must be
simple “swipe” transactions with
extremely low transaction latency.
Radio Frequency Identification (RFID)
is an example of a technology that can
give convenient local transactions as
RF technology is already used in many
places, such as access control and public
transport.
Local purchases can be both low cost
and impulsive, such as buying a soft
drink from a vending machine, or mid-
to high-cost and non-impulsive, such as
buying and using an event ticket.
The payment method can vary from
card payments to prepaid accounts.
Personal environment
In a personal environment, mobile
transactions are usually conducted on
the UI of another device and augmented
by security, connectivity, or other
functionality provided by the user’s
mobile phone. This implies that the
user’s interaction with the mobile device
is limited to, for example, security-
essential functions such as PIN entry,
since the primary interaction is with
the device at the other end of the
connection.
5

Mobile payment landscape today
Commissions for mobile payments are
currently all generated from the digital
content micro-payments. Consumers
personalize their mobile phones with
ring tones, graphics, and so forth and
games, downloadable phone
applications, as well as music and video
clips, are also growing in popularity.
Because remote and local payments are
not expected to play more important
roles for a few more years, there has
developed a huge gap between digital
content payments and all other forms.
Actually, due to the enormous
dominance of digital content micro-
payments, it is very difficult to estimate
when and to what degree local and
remote payments will take-off. This is
illustrated in more detail in Figure 3.
This forecast figure is based on the
assumptions that digital content
payment commission is on average 25%,
for remote payments approximately 9%
and for local payments around 6%.
Operator billing
Operator billing is currently the
dominant method of micro-payment.
This is mainly seen as very convenient
by the consumer, although at times they
might also value the flexibility of
different payment methods. Moreover,
the choice of products and services is
limited because of the billing system.
For the operator, there may be legal and
practical hindrances as not all goods or
amounts are billable on the phone bill.
Furthermore, there might also be a
credit risk for the operator when content
value increases.
The long-standing tradition and
dominance of operator billing is most
likely to do with the fact that there has
yet not been business cases for financial
institutions in this field. Also, it has
been so easy for the users to be able to
purchase goods without any specific
registration and have all the digital
goods purchased just added to their
phone bill.
6
Payment commission m€
8000
Digital content
7000
Remote payment
6000
Local payment
5000
4000
3000
2000
1000
0
2002 2003
Figure 3. Mobile Payment Commissions, Source: Nokia Mobile Services forecast 2003.
For additional mobile payment methods
to grow in usability, banks and card
associations need to come up with
solutions that are as simple and easy to
use as operator billing is. Also merchants
need to be provided with similar
payment handling options that have
been traditional for physical and Internet
payments. These solutions need to be
familiar to the ones people are already
using, merely a way to bring similar
transactions safely into the mobile
environment.
The merchants also see benefits from
operator billing, as it is currently the
only way to handle micro-payments
economically. The possible hindrances
here come in the form of several
integrations required, each with a
proprietary interface.
Therefore, due to the overall
functionality of the operator billing,
merchants are now taking a closer look
at alternatives. These could include,
for instance, subscriptions and
transaction aggregation. In addition,
there are also other players interested in
the field of micro-payments. These could
be banks (e.g. Mobilecash: a multi-bank
mobile payment service using existing
banking infrastructure and consumer
and merchant relationships) and credit
card companies (e.g. Visa, pre- or
White Paper
2004 2005 2006 2007
postpaid shopping account that can also
be used for non card owners – parents
topping up children’s accounts).
Operators too are interested in reducing
the number of integrations and have
started to form payment consortia e.g.
SIMpay. All these are steps to improve
the field, yet they all must compete with
the convenience of operator billing.
Remote transactions
Mobile on-line shopping is a mobile
extension to established electronic
commerce where goods, services or
digital content are purchased over the
mobile Internet. The mobile phone adds
value mainly through its mobility and
availability, yet on the other hand,
the pocket-sized device with its limited
UI capabilities has some challenges for
service providers. This has raised the
possibility of using different channels
product selection – (PC, Catalogue) – and
for actual payment (mobile phone).
The main mobile on-line shopping items
are prepaid account top-up, digital
content, tickets, familiar “top-ten”
products, games, DVDs, CDs, etc. Digital
content shopping has so far has been
mainly operator logos, screen savers,
pictures for messages and ringing tones.
New terminal technologies such as Java,
White Paper
music/video players, DRM, etc. will
expand the consumption of content and
the digital content business.
Typically, the following phases can be
identified in a mobile on-line shopping
transaction:
• Browsing including goods selection
• Payment method selection
• User authentication
• Transaction authorization
• Transaction acknowledgement
• Goods or service delivery either
digitally or physically
Key application areas
for remote payments
Mobile banking
Since nearly everyone has a bank
account and pays bills regularly, mobile
banking can be seen as a mobile
commerce application with very good
potential. A key driver for e-banking
services has been the general cost
reductions in the banking branch
networks. It has been estimated that by
2006 two-thirds of invoices will be
electronic (Litan – Gartner Research
2003). Mobile banking will continue this
trend, adding value with virtually
anytime mobile phone capability and
new push type services for e.g. bill
payment. These, combined with
convenient and strong authentication,
digital signature functionality, and the
ability to get rid of costly one-time
password lists will be the key drivers
for mobile banking.
Banks have been very concerned about
potential security risks jeopardizing
their reputation as a main trust provider.
Yet, many of the most advanced banks
are making significant numbers of
transactions and related services
through the Internet. Ease of use, cost of
service and security are also key
components to allow high volume
banking services. Mobile banking can be
implemented as a browser service or
using some specific midlet – both
options are currently gaining support
from the industry.
Stock trading
In many western countries, stock trading
and money investing have become
much more common among the wider
population. The ability to monitor the
market and trade wherever and
whenever they want are the key
elements for investors who are looking
for short-term earnings.
Although the actual target consumer
group for mobile stock trading is very
small, the typical value of the stock
trading is high and therefore there is a
need for strong authentication and
non-repudiation. Push type information
services combined with transaction
services will increase the value of the
mobile phone for stockholders.
Auction
There has been great deal of interest in
online auctions, especially in the US.
Used cars and business items have been
sold online on the Internet for the best
offer. The biggest advantage for bidders
is that they do not need to be physically
present at the auction and a bidder can
receive a message on their phone when
their bid is beaten.
However, a mobile channel is seen more
as a customer service providing only
monitoring. The channel itself is not
seen as a revenue generator – rather,
money goes to the company arranging
on-line auctions when people place
something for sale. The starting of
auctions through the mobile device is
not seen as likely.
The use of a digital signature feature
would provide non-repudiation for
mobile auctions.
Betting
Horse racing and betting have
traditionally gone hand in hand.
Nowadays betting is an essential part of
many sporting events. It is a huge
business and betting offices are
constantly developing new betting
methods and new alternatives for
betting. Online betting on the Internet
has already taken off, providing freedom
from betting outlets and enabling last
minute betting at home or from the
office. Mobile betting however is
providing even more freedom of place
and time, allowing people to watch a
football match in the arena or in a bar
and bet on who will score the first goal
in the second half.
Local transactions
Not all merchants are interested in how
people pay, yet they are all interested in
having them as customers. If given a
choice, customers will decide, and for a
wireless payment method to prevail,
it has to be easier than cash and card
payments. Questions such as “Does it
speed up the transaction process? Does
it bring value?” need to be answered in
order to make local transactions
successful in mobile commerce.
In general, to make mobile commerce
happen, the user’s experience with
payments needs to be consistent, fast,
convenient, transparent, employ
hassle-free technology and provide a
beneficial, value-added service.
The mobile phone can be used as a
payment instrument in the local
environment instead of cash or payment
cards. The primary market for local
payment solutions will be consumers in
unattended or “loosely attended” trading
places such as fast food restaurants,
filling stations, retail stores, ticket
dispensers, vending machines and
parking meters. Mobile payment fits well
with unattended stations where
magnetic stripe or contact card based
terminals can be inoperable because of
vandalism or where cash management
is clearly not cost-effective. It seems that
the overall solution for places such as
these will be achieved with contact less
cards, with mobile phones employing a
contact less card interface.
Mobile phone payment in a normal retail
store is very tempting because of the
potentially large volumes, yet it is also
very challenging – it’s very hard to beat
the speed and convenience of the existing
payment methods. The possibility of
combining loyalty programs with the
payment transaction and speeding up
the actual payment process could be
selling points for mobile payment in
this area.
7

Local transactions can be divided into
two categories, as depicted in Table 1.
The key requirement for local payment
is to adapt to an existing payment
settlement backbone.
Electronic purse
Electronic purse is a smart card
application containing real value in the
form of electronic money paid for in
advance. The card, which can be
reloaded with further funds, can be used
for a range of purposes. From a pure
technology point of view, a mobile
electronic purse solution could be very
similar to a mobile ticketing solution
for public transport – the value (money,
ticket) is downloaded remotely in a
secure way to the phone and then used
locally over a RF interface. This is a very
important area that demands that
operators and banks provide micro-
payments economically, with the key
being lower fixed costs per transaction.
This type of solution will compete with
operator billing for micro-payments
and will probably provide the basis for
local micro-payment solutions, yet
currently it is not widely implemented.
Person-to-person payment
Person-to-person payment in the mobile
environment means that a person
transfers electronic money from his
electronic purse or server based account
to another person’s electronic purse or
account. Although the technology used
in person-to-person transactions may
use the remote connectivity of the
mobile phone, it can also be used very
locally, with two persons being together
when the money is lent or paid back.
8
Fast and convenient “swipe”
transactions
Low-cost, impulse purchases
High-volume commodity transactions
Extremely low transaction-latency
expected
Applications: vending machines,
ticketing, parking
Table 1.
Cross-environment
transactions
This section gives more details of the
mobile commerce sectors, which are
valid for both remote and local
transactions.
Ticketing
A ticket serves as a certificate, license,
or permit. Traditionally in paper format,
digital tickets are already quite widely
used in areas such as public transport.
The concept can be roughly divided
into event (cinema, concert, match, etc.)
and transport (bus, train, plane, etc.)
ticketing.
Tickets can be time-based (e.g., a season
ticket), value-based (e.g., purse
application), one-time or a multi-time
ticket or a combination of these and a
mobile ticketing platform should
accommodate all types of ticketing.
Tickets often have a monetary value,
and so the security of ticket transfers
and processing is important.
Ticketing can be divided into three phases
– ticket purchasing, most likely over a
remote connection, ticket management
including browsing of ticket details,
and ticket usage (i.e. validation),
typically over a local connection. Digital
tickets combined with mobile phone
local and remote connectivity and ticket
management capability, will offer clear
benefits for ticketing compared to any
existing ticketing models.
White Paper
Menu driven transactions
Mid-to-high cost, non-impulse purchases
Lower-volume, non-commodity
transactions
Higher-latency in transaction time
accepted
Applications: ticket purchases, groceries,
restaurants
Multi-application environments will be
built up, such as a city-card system
where one device can be used for several
purposes. The technology will be contact
cards, contact less cards and/or dual
interface cards including both contact
and contact less interfaces. Although
ticketing is one of the main applications
in the card, the issue is how to manage
the different applications and will there
be a main card issuer? How can the
new applications be set in an easy and
secure way? The mobile terminal may
help in this case if applications can be
downloaded over the air, turning the
mobile phone into a secure multi-
application platform.
The main motivations for going to
mobile ticketing are convenience for the
user, cost savings for the ticket service
provider and the mobile terminal as an
information channel for both parties.
The solution where the ticket has been
bought over the public network, stored
in the phone and used locally will offer
the most interesting benefits for all
ticketing applications.
Loyalty programs
Nowadays loyalty programs are an
essential part of customer relationship
management. Their target is to increase
customer loyalty in the traditional local
payment environment, such as retail
shop chains. They are also a way to
collect important customer information,
which can be used for direct marketing
purposes, or trading customer
information if this is permitted. So far,
White Paper
loyalty programs have not played an
important role in Internet e-commerce.
A mobile phone can add value for remote
payment by combining a payment and
loyalty method in an easy and flexible
way and convenient loyalty card support
is certainly crucial to enable local mobile
payments.
Coupons
In certain countries, coupons are widely
used to entice consumers to shops or
certain Internet market places or to buy
things they would not otherwise be
aware of. Since the mobile phone is a
personal device with remote
connectivity, it can be considered as an
attractive direct marketing object.
Coupons with a certain value require
security functionalities such as DRM and
a method of using them in financial
transactions. Moreover, if direct
marketing (privacy) legislation allows,
coupons may play an important role as
a direct marketing method including
commercial value.
Receipts
A receipt is a document provided by a
merchant, recording the details of the
transaction for the customer to retain as
a proof of purchase. The customer may
use this proof of purchase in several
ways, for example as:
• a detailed transaction record for
tracking their personal finances
• as evidence of a reimbursable expense
to an employer
• a warranty, i.e. a proof of purchase to
enable the return of goods to the
retailer with whom the original
purchase was made
Replacing paper receipts with digital
ones in a mobile phone would give
numerous advantages for the mobile
phone user:
• Eliminating manual entry of
transaction information for personal
financial accounts or creating expense
reports
• More detailed tracking of items
purchased based on date, location,
and amount
• Reduce or eventually eliminate the
loss of receipts
• Lighten the physical wallet
These advantages may see digital
receipts become a key functionality that
will boost the use of mobile phones for
payment.
Branding
Branding, in this context, refers to
conveying information to the user about
the branded services that form part of
the payment transaction. This is
accomplished by displaying the media
(images, animations, sounds) associated
with the said brand. This media is
made familiar to the user beforehand,
by the brand owner’s publicity effort
and through day-to-day use.
While brand media does not directly
convey any monetary value, familiar
brands are an integral part of the
payment process. The customer expects
to see the logos of a shop chain, credit
issuer or loyalty scheme displayed
during the transaction and as such
they help boost confidence that it will
proceed in the correct way.
When moving from physical to digital
payment transactions, digital may seem
to the user to be too detached from its
Enabling technologies
When conducting remote payments,
the connection between the content server
and the mobile phone is established via
a PLMN (Public Land Mobile Network),
such as the GSM cellular network, which
includes bearers such as SMS and GPRS.
Currently, most mobile content is still
paid based on premium rate SMSs,
the biggest advantage of which is that it
does not require a special web services
payment interface. Premium rate SMS
use will be expanded to Java midlets.
GPRS has taken over as a primary bearer
for mobile Internet. Its adoption along
with mobile terminals with color screens
has brought notable benefits to the user,
both in terms of speed and the overall
experience of mobile browsing, which
remains one of the most important
phone applications and the main way to
real-world counterpart to be understood,
let alone trusted. This can be alleviated
by adding metaphors and associations
to the physical realm that make it easier
for the user to understand what is
happening and assess the level of trust
he has in the proceedings. The presence
of the trusted brands that the user
normally associates with payments thus
makes the digital transactions feel more
familiar.
Nowadays the brand information is
mostly conveyed via images – printed
logos on receipts, credit card
organization logos on plastic cards etc.
Thus the user’s familiarity with and
trust in transactions via the mobile
terminal can be enhanced by displaying
the same brand imagery throughout the
digital transaction – that is, showing a
credit card organization’s logo (or media
clip) in connection with paying by credit
card, or showing a loyalty scheme logo
in order to assure the user that the
loyalty scheme has been active during
the transaction. However, it is crucial to
understand that there are other
important factors in creating trust, such
as consistency of use.
discover downloadable content and
infotainment.
With the introduction of XHTML Mobile
Profile and Wireless Cascading Style
Sheets (WSSC), the industry is now able
to offer compelling, rich and full color
services to users, providing revenue
opportunities for operators as well as
service providers, content owners and
media companies.
The next generation mobile services are
specified as WAP 2.0 from the WAP
Forum. The specifications have two key
elements – the mark-up language
changes to XHTML MP and the
transmission protocol becomes Wireless
Profiled TCP/IP. The industry started to
implement Wireless Profiled TCP/IP in
mid 2003 – it is compatible with
9

standard TCP/IP, but includes optimized
settings to improve performance over
wireless links. Both XTHML and TCP/IP
are standards on the fixed Internet,
so this migration supports the
convergence of the mobile and fixed
domains.
WTCP/IP will also provide faster data
transfer for larger files, better end-to-end
security, and more advanced
applications, resulting in an enhanced
browsing experience for the consumer.
Financial applications such as banking
and Verified by Visa payments will
benefit from end-to-end encryption
enabled by migration to wtCP/IP
transport, as they can now waive their
own secured gateways and instead
specify a normal Internet address, in the
same way as on the fixed Internet.
With local payments, the methods for
data transfer are numerous, for example,
Bluetooth and RF are all possible options.
Bluetooth is a radio interface operating
at 2.4 GHz and is specified by the
Bluetooth Special Interest Group. It has a
theoretical range of several 10s of meters
and will work out of sight through
non-shielding materials. The data rate
depends on the implementation and
the balance between up & down traffic
and has a maximum of 721 kb/s in one
direction. It requires power at both
ends and the basic interface supports
bi-directional, full duplex block exchange
with transport level encryption.
Radio Frequency technology enables
a short-range bi-directional RF
transmission for operation at 134.2 kHz
and 13.56 MHz. It is a battery free
technology transferring power and
data at the same time over the air.
The cheapest RF tags are read-only
with a very small memory. The most
powerful chips include microprocessors,
which can be used via contacts or
contact less (so called dual interface
chips) with all the security functions
developed for smart cards. The most
important feature of RF contact less
technology is easy and fast local
connection with adequate security.
10
Moreover, a new RFID technology,
Near Field Communication (NFC),
is currently being standardized. As well
as RFID reader and tag functionality,
this technology specifies a truly
bi-directional, active communication
mode between two reader devices.
Other than that, functional capabilities
of NFC resemble the ones described
earlier in this section. Note that
bi-directional communication in
mobile terminals is not seen as a likely
development.
There are several radio frequency
technologies using different frequencies
and modulation methods. Nokia’s
solutions in mobile commerce are
based on open technologies hence ISO
14443 A/B (supported all over the world)
standard is preferred.
RF contact less technology is most
suitable for fast and convenient “wipe”
transactions and impulse transactions
(vending machines, ticketing, parking,
etc.) with low-cost and applications
based on it are already used all over
the world: authentication (SpeedPass,
Toll Tag), asset tracking (Ford, luggage
at airports), access control (automobiles,
corporate campuses, public transport,
ski lifts), etc.
RF contact less technology can be
adapted to a mobile terminal either
based on a smart card or as an
integrated solution. RF contact less is
definitely the most promising candidate
for local transactions from a technology
perspective.
White Paper
Secure platform services
Various mobile commerce applications
need secure platform services – a good
example here is secure storage to store
sensitive payment data in a mobile
wallet. Such services can be offered
through a terminal platform.
Terminal platform based security
The platform security approach has
become something of a trend due to the
increasing requirements of new
application areas, such as mobile
commerce and content delivery requiring
copyright protection. The opening of the
terminal platform to third party
applications is the biggest motivation
here – issues such as protecting a user
against hostile content is very important
– obviously with links with mobile
commerce security too. Until now, most
mobile commerce concepts requiring
high security have been able to rely on
smart cards, with the help of e.g. SIM
Toolkit support from a terminal.
The idea of a phone as the only wallet
for a user will challenge this approach in
the near future. Sensitive transactional
data including various payment
instruments is not technically feasible to
implement based on smart cards only.
The same is also true with other relevant
features such as Secure UI, where the
purpose is to make sure that a user
interface is protected against attacks,
such as trying to steal a user’s PIN code
by mimicking some real transaction.
Secure UI functionality is relevant not
only for Nokia made applications,
but also for 3rd party network based
functionalities.
The importance of OS security is
currently very high. Clearly, the terminal
platform will notably increase its role
as a secure application platform in the
next few years.
White Paper

Nokia in the field of mobile commerce

Nokia actively improves mobile
applications with a special focus on Millions
usability. For the consumers, using 800
services needs to be self guiding and Total shipments
700
effortless and the technological Worldwide Java phone shipments
advancements in display sizes and 600
more intuitive graphical user-interfaces
500
are of high value.
In 2008,
400 85% of the
Furthermore, in the field of mobile shipped
300 terminals
commerce, Nokia supports all relevant support Java
scenarios with secure and safe 200
transactions and with the aim of making
100
them easy to use for the consumer.
Nokia supports several different user 0
authentication methods – certificates 2002 2003 2004 2005 2006 2007 2008

and WIM as well as GSM authentication

for operator transactions. Secure Figure 4. Java enabled terminals’ share of total global shipments. Source: ARC 2003.
transmissions are achieved with WTLS
and SSL/TLS connections.

To protect content, OMA Digital Rights Smartphones shipped (million)

Management (DRM) is applied. The basic
requirement is that copyright protection
is achieved through forward lock. More
flexible content business is achieved
with the option to preview protected
content before purchasing, as well as
applying time and play count-based
usage rights. Reliable delivery can be
ensured with the use of Java and OMA
DL technologies.
Now that service discovery has improved
greatly, the latest technological
advancements, such as high-quality
colour displays and next generation
XHTML browsers over TCP/IP, allow users
to enjoy richer and more compelling
graphical content and increased
efficiency for large data files. Perhaps
the most tangible advancement in the
field of mobile commerce is the new
mobile wallet application, which brings
added confidence and convenience.
Java™ and Symbian
platform leaders
Although digital content is already the
dominant form of mobile commerce
goods, there is still plenty of new
business potential in this field. Here a
key accelerator is Java technology,
120
Symbian
100 WMS
Linux
80 Palm
Other
60
40
20
0
2003 2004 2005 2006 2007 2008
Figure 5. Symbian terminals constitute the largest and fastest growing segment in the category of smart phones and PDAs.
Source: ARC Chart Nov 2003.
which allows services to become much Symbian terminals are based on a
more versatile, ranging from games to dominant smart phone software
information and enterprise applications platform, with total volumes exceeding
using richer multimedia and advanced those of Palm and others together
network capabilities. This makes Java a (ARC Chart Nov 2003, see Figure 5).
major opportunity for developers and For example, an estimate in 2003 from
service providers. Both Java and Symbian Canalys estimates that phones based on
OS are open platforms for application Symbian OS accounted for 94% of all
development and are also widely feature phones and smart phones in the
supported in Nokia terminals. EMEA region in Q2, 2003.
Java will be a standard feature across
terminals in the next few years. Figure 4.
illustrates the expected growth in this area.

11
 White Paper

Mobile wallet for online

shopping
Electronic commerce frequently requires
a substantial exchange of information in
order to complete a purchase or other
transaction. The person making a
purchase needs to enter his name,
payment card number and expiry date,
possibly also the delivery address and
other details. Particularly with a mobile
device, which in many cases have
limited input capabilities, keying in all
the required data can be rather time-
consuming and error prone. However,
the main factors driving the usage of
mobile transactions are ease of use and
convenience.

The new version of the wallet application,

first introduced in the Nokia 6220 and
Nokia 6600 phones, makes service
access and mobile payment easy and Figure 6. An example showing how a wallet populates the transaction details and Verified by Visa authenticates the user
convenient for mobile users. It allows before the transaction is completed, Source: Modirum.
users to store a range of personal
information on their mobile phone,
such as usernames and passwords for Consumers Financial institutions Developers
different mobile services, credit and other Easy and convenient More secure and New business opportunities
service access and user friendly using existing standard
payment card details, delivery addresses mobile payment payment services technologies and tools
and personal notes, and retrieve the
data easily during a browsing session to
fill in required data fields.

The obvious benefit for the user is that

there is now no need to remember
passwords, card numbers and best of all,
no need to manually fill in the data
when using the mobile channel for
transactions. In practice, this reduces
significantly the number of actions
required by the user during a browsing
session. The necessary data can be
sent to the application over-the-air by
service providers and card issuers or Mobile operators Merchants
Increased data traffic Opportunity to easily add
alternatively, consumers can manually and a growing number a mobile channel and to
enter data into the wallet. By using data of mobile purchases create totally new services

that is pre-stored in the terminal, there

is a smaller risk of typos and errors,
which are quite common, particularly
with long number sequences.
All the data in the wallet is encrypted
and the application can be accessed only
with a wallet PIN code. This way, mobile
shopping is not only more convenient
and faster, it is also much safer as the
owner of the mobile phone is the only
Figure 7. Key benefits of the mobile wallet.
one who knows the secret password for
the wallet application. The wallet is most
appropriate for remote macro-payments.
In Figure 6 there is an example of how a
wallet can be used with a 3D Secure
mobile Verified by Visa transaction.
The 3D secure model is a global solution
for online payment authentication
supported by Visa, MasterCard, banks,
retailers and 3rd parties across North
America, Europe and APAC. The main
aim of the 3D model is to help merchants
reduce the cost of online fraud. 80% of

12
White Paper
the costly charge backs occur when
cardholders state that they did not
participate in or authorize the
transaction. If a merchant supports the
3D model it automatically means a shift
in liability from merchant to issuer
bank. Visa and Nokia have successfully
tested the 3D secure model in a mobile
environment.
Technology standardization
As an avid supporter of open platforms
and technologies, Nokia has been an
active participant in forming and
shaping the standardization landscape
for the needs of digital convergence in
numerous different standardization
organizations. Here is a brief account of
some the standardization fora that are
also relevant to mobile commerce.
MeT Initiative – MeT is the voice of
mobile phone manufacturers. Financial
institutions and operators may require
manufacturers to include excessive and
proprietary features in mobile phones –
MeT counteracts this by proposing a
reasonable set of standardized services,
which enable mobile commerce
applications.
MeT focuses on mobile phones, defining
the minimum set of additional
functionality that may enable the
maximum application area, while
preserving the best usability. Nokia has
a strong presence in MeT.
Mobile Payment Forum – The Forum
was launched late 2001 by the four major
payment organizations, American Express,
JCB Co., Ltd., MasterCard International
and Visa International. It currently has
approximately 50 members representing
the mobile, technology and financial
industry, with a strong presence from
mobile operators.
The main focus of the MPF is to enable
mobile commerce by evaluating and
improving payment methods based on
existing card relationships. The Mobile
The wallet was created in order to
improve the usability of mobile services,
yet, it is not only the mobile users who
will greatly benefit from this application
– all the players in the field will benefit
from the growing amount of service
usage. Figure 7 summarizes the key
benefits of the wallet application.
Payment Forum complements the work
of other industry consortia and has
endorsed several MeT specifications.
The mission of Nokia in MPF is to
identify and promote solutions that are
of business value to operators while
preserving terminal value.
MoBey Forum works as a consolidated
voice of the financial industry regarding
mobile commerce and other financial
services and acts as a forum where needs
can be expressed and requirements can
be discussed. In addition, the forum
promotes mobile commerce to financial
institutions.
Nokia representation is strong at the
management level and within the
Business Workgroup.
It is expected that the main outcome
from the Forum will be the continuous
discussion that will shape the acceptable
requirements. Further, Nokia is using
MoBey to try out new solutions for
mobile commerce.
Java Community Process – The JCP is
an open organization to develop
components of the Java platform and to
offer suggestions for improving and
growing the technology.
The terminal-side mobile commerce is
addressed currently by JSR120 (Wireless
Messaging API) and JSR177 (Security and
Trust Services API for J2ME). JSR120 can
be used for payments using premium
rate SMS. JSR177 effectively defines the
signing/authentication API and the
smart card access API. Currently Nokia is
looking to start a new JSR to define Java
payment API.
OMA – Open Mobile Alliance is chartered
to deliver the open architecture for
mobile services. The m-commerce
workgroup was created in late 2002 to
analyze the gap in the global m-commerce
landscape. It is uncertain what the next
charter of the group will be. The main
driver has been the standardization of
operators’ back-office payment interface
for web services.
IrDA – The goal of IrDA is to develop and
promote infrared communications for
use in the local environment. IrDA has
successfully developed several standards,
which are widely used.
Bluetooth SIG is developing the Bluetooth
short-range radio communication
standard. Current work concentrates on
development of release 2 of the standard,
which will address several usability issues.
The SRFT group within Bluetooth SIG has
been specifying requirements for the
effective use of Bluetooth for mobile
commerce. SRFT has no plans to define
an alternative payment system.
It is believed that the second release of
the Bluetooth radio specification will
enable the use of Bluetooth for financial
transactions. However, Bluetooth will
remain as the communication channel
rather than the mobile transaction
standard.
13

Expected market development and trends
A major trend among mobile terminals
is that they can handle more and more
applications and new types of content,
which is a clear expansion on current
ringing tone and logo sales. Symbian OS
and Java are opening up new
possibilities for application developers
and the user can easily configure and
personalize the functionality of the
terminal to match his needs. Third parties
can also implement the applications.
A healthy content and service providers’
business requires convenient, secure,
versatile and cost-effective transaction
capabilities.
There are increasing opportunities to
leverage SMS, due to its convenience
and users’ continuing trust in system.
In addition, a standard micro-payment
system will create new business models,
such as paying for smaller features or
local add-on services to general, more
expensive ones, enabling a consumption
model instead of one based on
subscription. Operators also see an
opportunity in local transactions to
Summary
Today, a considerable proportion of
mobile commerce consists of the
purchase of different types of digital
content that in most cases is used in the
mobile phone. Symbian OS and Java
technology offer new possibilities for
application developers, while users are
able to easily configure and personalize
the functionality of the mobile device to
match their needs and preferences.
Consumers increasingly personalize
their mobile phones with ring tones,
screen savers, and wallpapers. Games,
downloadable phone applications,
as well as music and video clips are also
growing in popularity. Once people
become more familiar with buying
digital content and services with their
mobile devices, they will then more
easily adopt the mobile payment
mechanism for physical goods and local
transactions as well.
14
reduce fraud by leveraging their
authentication capabilities. However,
reducing fraud vs. merchant cost would
require additions to the payment
back-end. An increasing focus on stored
value is making micro-payments more
economical for merchants.
Now Visa and MasterCard have launched
their 3D secure model, shifting global
liability from the merchant to the issuer.
Therefore, there is an opportunity for a
convenient, secure and merchant
friendly authenticated payment method
to become the de facto standard for
mobile payments.
Remote (macro) payment is expected to
produce the lowest number of
transactions. However, it is playing a key
role by enabling for example micro-
payment account top-up, purchasing
higher value (over 5€) digital content
and enabling remote payment and local
usage habits. Ticketing is expected to
gain in popularity among mobile
commerce applications and is seen as a
As stated, currently digital content is the
only relevant form of mobile commerce
and based on their billing relationships,
operators continue to dominate micro-
payments. Mobile ticketing in public
transportation is becoming a spearhead
for mobile commerce, with event
ticketing to follow. Technically, the aim
is to have a smooth adaptation to the
existing and coming payment and
ticketing systems.
A recent step forward in the field of
mobile commerce has been the
adaptation of the 3D Secure Internet
payment model (Verified by Visa) to the
mobile environment. Here, both the
merchant and consumer are
authenticated and can rely on the
transaction to be handled properly.
With the aid of new and improved
Wallet applications and the SSL
White Paper
concrete and easily identifiable benefit
for the user. The necessary enabler for
ticketing will be remote payment.
Merchants will be in a key position in
the development of mobile commerce.
This new concept must be sold to them,
since they need to invest to update their
current point of sales (POS) terminals.
It’s not realistic to expect merchants to
make radical changes to their existing
payment systems overnight, so a smooth
addition to an existing payment
settlement backbone is a must. The key
drivers from a merchant’s point of
view are fast throughput time, cost-
effectiveness, customer satisfaction and
higher customer loyalty. By speeding
up the payment process, merchants
may decrease their operational costs
and potentially increase sales. Fast and
convenient payment methods also
favour users in this hectic world.
Moreover, a mobile terminal’s
messaging capabilities provide many
opportunities for customer relationship
management.
connection for ensuring end-to-end
security in Nokia phones, these
transactions can easily be conducted
over the mobile channel, extending
mobile commerce possibilities from the
currently dominant digital content,
e.g. ringing tone and operator logo
selling, to more diverse choices.
For mobile commerce to really take off,
it must build on established habits,
practices, and infrastructure, and then
add specific mobility value. The added
value can be, for instance, instant access
and delivery, flexibility, convenience,
personalization, location awareness,
or better customer service. The key
drivers in the adoption of mobile
commerce services are ease-of-use and
convenience, keeping the issue of
security in mind. Applications and
services that are too complex and time-
White Paper

consuming discourage consumers from

“going mobile.” The challenge is to Glossary
implement a secure payment scheme so
that it remains convenient and simple 3D Three-domain payment model
to use. API Application Programming Interface
DRM Digital Rights Management
Nokia’s main interest in the field of ECML Electronic Commerce Modeling Language
mobile commerce is to deliver world-class EGPRS Enhanced General Packet Radio Service
terminals that offer the level of security HTTP Hypertext Transfer Protocol
and trust demanded by the consumers IrDA Infra Red Data Association
and service providers now and, thanks MeT Mobile Electronic Transactions
to incremental improvements, in the MoBey MoBey Forum
future as well. Nokia’s role as mobile NFC Near Field Communication, two-way RF contact less technology
terminal manufacturer is to provide a OMA Open Mobile Alliance
technological ecosystem, which improves OS Operating System
the user experience in all mobile PIN Personal Identification Number
applications, and, very importantly, POS Point of Sales
in mobile commerce. RF Radio Frequency
RFID Radio Frequency IDentification
SRFT Bluetooth SIG Short Range Financial Transaction Study Group
SSL Secure Socket Layer
SW Software
TLS Transport Layer Security
WAP Wireless Application Protocol
WSSC Wireless Cascading Style Sheets
WIM Wireless Identity Module
WTLS Wireless Transport Layer Security
XHTML Extended Hypertext Markup Language

The contents of this document are copyright © 2004 Nokia. All rights reserved. A license is hereby granted to download and print a copy of this document for personal use only.
No other license to any other intellectual property rights is granted herein. Unless expressly permitted herein, reproduction, transfer, distribution or storage of part or all of
the contents in any form without the prior written permission of Nokia is prohibited.

The content of this document is provided “as is”, without warranties of any kind with regards its accuracy or reliability, and specifically excluding all implied warranties,
for example of merchantability, fitness for purpose, title and non-infringement. In no event shall Nokia be liable for any special, indirect or consequential damages, or any
damages whatsoever resulting form loss of use, data or profits, arising out of or in connection with the use of the document. Nokia reserves the right to revise the document
or withdraw it at any time without prior notice.

Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation. Nokia product names are either trademarks or registered trademarks of Nokia.
Other product and company names mentioned herein may be trademarks or trade names of their respective owners.

15
 0104 Indivisual
Copyright © 2004 Nokia. All rights reserved. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation.
Other product and company names mentioned herein may be trademarks or trade names of their respective owners.
Products are subject to change without notice.

P.O. Box 100

www.nokia.com
Nokia Mobile Phones
NOKIA CORPORATION

Phone: +358 (0) 7180 08000

FIN-00045 NOKIA GROUP, Finland