New way to pay: Wireless point-of-sale

Making your way through the crowds at Macy's during the busy holiday season, you spot the perfect silk scarf for your mother and sweep it up to the register. But instead of pulling out a vintage credit card to pay for your purchase, replete with a 1970s magnetic stripe of 120-byte capacity, you reach for your mobile phone and navigate to the "Pay Me" section of the retailer's Web site. You punch in the number displayed at the register, and quickly view your bill, already approved by your bank. The cost of the scarf is deducted from your account before you can say "Season's Greetings."

These wireless point-of-sale transactions are expected to be more common than PC transactions in two years due to the convenience, low cost and improved security of mobile commerce.

How is this wireless transaction made possible? Many companies are developing models for payment gateways that will link a wireless device and merchant point-of-sale terminal to provide the instant payment of m-commerce.

As of yet, no comprehensive solution has been adopted. The winning gateway model will be the first functioning system backed by a team of major players, including telecommunications companies, merchants, payment processing com panies and providers of hardware and software.

Mobile commerce has the potential to be more secure than payments over the Internet. Both the merchant's point-of-sale terminal and the mobile phone will have a digital certificate, or electronic identifying file, that validates the identity of the merchant and consumer. Mobile phones use encryption standards embedded in the Wireless Application Protocol — an industry standard for linking mobile devices to the Web — to allow users to engage in secure transactions. Similar security systems will be used for personal digital assistants and electronic pagers.

The transfer of this payment information will be protected by public key infrastructure (PKI) technology. A certificate authority acts as a trusted third party and validates the identity of consumers and merchants, and then issues each party a digital certificate. This is used to authenticate the identity of both parties in a transaction.

With PKI, each party has a public key and a private key. The public key is made available to other parties, but the private key is never shared and remains with its owner. When a transaction is sent, the receiving party verifies the signature with the sender's public key. The digital certificate authenticates that person — proving he has a real-world identity that can be trusted — and the transaction is complete. A password or personal identification number is also used to ensure that someone who picks up a misplaced phone cannot make a transaction.

Eventually, technology providers plan to offer consumers and businesses secure access to all of their financial resources and enable them to make or receive payments electronically via any wireless device. This would include person-to-person payments, electronic billing, online banking and a host of other personal commerce services.

"M-commerce and mobile location-based services are the killer applications of the mobile Internet," says Tim Sheedy, a wireless and mobile communications analyst at International Data Corp. According to an August 1999 IDC report, the number of digital wireless phones in use is expected to reach 1 billion world wide by 2003. That figure is backed up by an August 2000 report by Cahners In-Stat Group that forecast there will be 1.3 billion wireless data subscribers by 2004, up from 170 million today.

The momentum driving secure e-commerce has never been greater, as evidenced by the federal E-sign law that became effective Oct. 1, giving legal standing to documents "signed" online. Digital signatures are the trans mission of data that verifies the sender's identity, ensuring documents being sent cannot be opened by unauthorized recipients and that they have not been altered.

Before everyone can avoid the long checkout lines, however, adoption of the tech nology is necessary. Payment processors, credit-card issuers, software infrastructure providers, telecommunications pro viders, merchants and consumers all are part of the mobile commerce picture.

Adoption is occurring as parties recognize the potential for m- commerce and its ability to validate both the consumer and merchant's identity, protect the integrity of transaction data, and ensure that the transaction will not be refuted. By integrating m-commerce and PKI, consumers will be able to enjoy both the convenience and safety of a transaction using year 2000 tech nology rather than an outdated magnetic strip.

Ian Drysdale is managing the development of m-commerce for SurePay, a joint venture between First Data Corp. and Entrust Technologies, and is actively identifying partners to provide trusted wireless payment solutions.