The Butt Ugly Weblog

Why payment isn't the killer app of NFC

I've been meaning to write this a long time, but not until now did I get some real pressure to do so.

NFC is one of those old technologies that's making a new comeback. Most of the transport in big, industrialized cities runs on NFC cards, made by a handful of companies. The payment industry is slowly moving to NFC as well, changing the cumbersome physical contact (which is always dirty or broken) into robust and durable wireless cards that you just wave at the reader.

The great thing about wireless is that you're no longer bound by the card sizes, and you can put the NFC payment chips anywhere that's big enough - a keyfob or a mobile phone for example - imagine how complicated it would be to figure out a standard for a physical connector on mobile phones that would work with every manufacturer - and still be fast and durable in use.

Mobile phones have a few other advantages as well as a payment instrument; they're connected and updateable, the NFC functionality can be turned off and be protected by a password, and you're actually far more unlikely to lose it than your wallet. (No, seriously; I'm told that it takes on the average about 2 hours to notice that your cell phone is gone, whereas wallets average around 23 hours. Unfortunately I don't have a reference to the study, so you have to take that with a grain of salt. Your mileage may of course vary; I'm pretty sure some of my readers keep losing their phone all the time and their wallet is always in place - but I claim it's because you need your phone so much more that you are actually noticing it's absence much more readily.)

There's also big money in the money business. So it's no big wonder that everyone is going apeshit on how NFC is going to transform payments and mobile technology and how it's a game-changing technology.

Sorry, but I don't really care.

Fundamentally, NFC payment and ticketing is a replacement business. Changing the underlying technology for credit cards is unlikely to make a person to consume and pay more as there's no fundamental reason why paying with a phone is easier or faster than with a plastic card. Yes, it may be more secure, but that's not usually a consideration for people. We're funny that way.

Then why is NFC being pushed for payments? Two reasons: it's a lot harder to copy a mobile phone than it's to copy a plastic card. It's not impossible by any means, but credit cards are essentially a risk management business. If a credit card company can save X billion a year simply by switching to a more secure technology to reduce fraud, even if it's not absolutely secure, it's obviously worth doing.

The second reason is that it introduces new players into the market: the mobile phone operators like to think they own the customer. So do the banks. So do the credit cards. You can't make an NFC payment system that works on phones without talking to the operators first, who'll want to take a small cut from every transaction. And this is all fine, but it's a very good reason for them to push the technology.

But herein lies the problem: if we have a replacement technology, and the amount of money in the system stays the same, then multiple players means less money for everyone.

What this all means is that NFC payments are a big boy's game. In order to get your payment application on the secure chip on the phone in any usable amounts, you need to have someone else's permission. Then it becomes a matter of agreements and deals and SLAs and revenue share and all that jazz that bigco's are very good at, but which takes a long time to happen.

So fundamentally, I don't believe that NFC payments and the whole secure game are at all interesting. It's just the same old stuff, hashed in a new way, split even more thinly among rich players. Even if Apple enters the payment game (and they're the only one with enough clout to ignore the operators and make their own payment system) it's still going to stay a closed ecosystem.

But what makes NFC really interesting is it's potential for creative hackery. Every NFC phone can also talk to other NFC phones, and every NFC phone will also carry a card writer, not just a card reader - and these are accessible by all developers. For many applications, you don't need banking/military grade security. You could even develop money transfer applications - imagine e.g direct BitCoin transfers from phone to phone; untraceable virtual money transactions. There's a disruptive business model right there. Skype for money, anyone?

Also, I'm really stoked to see what people will create when it becomes possible to annotate physical objects in a whole new way. Unlike 2D barcodes - which, while cheap, just don't look that nice in a lot of places - NFC tags can be embedded pretty much anywhere with only the faintest signal of their existence (this can obviously be a suspicious thing too). Also, NFC tags can be dynamic - their value can change over time (say you could have a tiny chip which measures temperature and moisture directly baked into your bathroom wall - just read it with your mobile phone whenever you're suspecting a problem.)

I'm not going to go and wave the big red security flag here. NFC has some advantages, which allows fairly secure systems to be built around it, though in quite a few cases security isn't really that important because of the short range imposed by physics. Eavesdropping on an NFC transaction can be done, but it's not trivial by any means (quite often the examples are very contrived, for example the infamous "exploding trash canister if you happen to hump it with your passport in your front pocket" -video). Security is still all about risk-management; as long as the possible gain is bigger than the cost, there's motivation for someone to break it, no matter how exquisite the security is. The practicality of the attack always needs to be factored in, and these days there's pretty much nothing easier to copy than the old magnetic stripes, which still are on the credit cards for legacy reasons. At least with an NFC phone you have to make a big effort...

Now that everyone and their cousin is rolling out NFC phones, the real power will be in the hands of the hackers. I don't think that the big guys can really innovate anything that's going to take people by the storm (except perhaps Apple, but the fact that they haven't done so yet shows that it's not easy for them either. They don't in general roll out new features unless there's a way to tie a user more tightly into the Apple ecosystem. Obviously this will be heralded as the greatest revolution of all times, but even then the real power will be in the fact that NFC phones will be available to masses.) Google is showing only weak usecases that remind me of the ideas that everyone else had around 2003 already; even if they've got NFC support in Android, their power will be in providing great development tools for startups (which they will subsequently acquire and integrate - or kill).

There's interesting potential for location-based gaming. For example, imagine a game of Shadow Cities where you can go for an item hunt, and by touching the item can get temporary superpowers. A sort of real-world capture-the-flag. The nature of NFC makes it easily embeddable in all sorts of narratives. Rovio is already shipping a version of Angry Birds, where you can unlock new fields by finding other players and asking them if they'd be willing to enable your fields by touching your phone - instant social component to a solo game. There's already an NFC-enabled geocache out there.

All in all, I'm pretty excited about NFC entering the consumer market right now. But not for the reasons that everyone else seems to be - I don't really care at all about NFC payment and ticketing. It's boring. It does not create new business. It's about big players shuffling money in a new way, that brings only incremental benefits to the consumer. The real power, the real innovation, and the real revolution will be in the NFC applications created by passionate people who wish to change the world.