Is RCS set to transform Mobile Payments and PSD2 SCA?

Mobile telecommunications services, and the devices consumers use to access them, are evolving rapidly – and, with the roll-out of 5G, the integration of IoT and wearables, and the adoption of embedded SIM, mobile services will soon be available everywhere.

Service providers relying on mobile apps, however, face several challenges. These include falling consumer retention figures, as app transaction abandonment rates increase; the cost of developing and maintaining mobile apps; ensuring adequate security for accurate billing and fraud prevention; and meeting regulations such as PSD2.

Rich Communication Services (RCS) – the mobile industry’s upgrade to SMS, which brings enriched multimedia services and enhanced security to mobile messaging – provides a range of solutions to these challenges, and with them new commercial opportunities in the delivery of consumer payments.  RCS is now gaining momentum in the consumer market, and is a key platform to watch in 2020 and beyond.  Adoption of RCS is mainly driven by buy-in from mobile platform providers such as Samsung and Google, more than 20 device OEMs, and over 90 mobile network operators to date.

From the consumer’s perspective, the RCS experience means forgoing the need to download multiple different apps and instead using a native messaging app on their device which is not limited to plain text, but is capable of handling feature-rich communications in the style of WhatsApp, Facebook Messenger or WeChat. The RCS infrastructure consists of an IP Multimedia Subsystem (IMS) core with implementation-specific Application Server (AS) functions. The messaging feature in RCS is enhanced by RCS Business Messaging (RBM) supported by backend platform components.

Security and trust are scarce in the messaging world, where unwitting consumers can fall victim to phishing attacks leading to monetary loss and compromise of personal information. RCS can help here with Verified Sender, a feature of RBM which provides proof of the sender’s identity. This proof is technically based on a digital signature and, for consumer confidence at a glance, can be shown as a visual tick-mark, with a verified name and logo of the sender on the messaging client.

Consumer authentication has been commonly based, until recently, on the use of a one-time password (OTP) sent over SMS, in conjunction with a memorable secret. Since the arrival of PSD2, however, strong customer authentication (SCA) is required for all electronic payments. PSD2 SCA requires the use of at least two from the following elements (see Figure 2):

  • Knowledge – something the consumer knows
  • Possession – something the consumer has
  • Inherence – something the consumer is (typically using a biometric)

Although OTP-over-SMS is a permitted possession factor under PSD2 (acting as proof of possession of a SIM card), RBM can offer better security – the question mark over where a given message has originated is now, thankfully, gone.

The GSMA – working with Consult Hyperion, thought leaders in mobile telecommunications, payments, ticketing, and digital identity – has produced a white paper on what RCS has to offer in digital payments. ‘RCS and Payments’ provides a detailed investigation of RCS’ potential in meeting PSD2’s SCA requirements, including the potential of RCS to replace SMS for delivery of OTP, and explores various payment options across the RCS channel.

Also considered are the additional security mechanisms RCS can offer to gain customer confidence and protect payments: the platform for instance offers service providers advanced functionalities such as message recall if a device is offline; additional controls to validate SIM swap requests; rapid service provisioning; and providing continuous customer engagement via AI chatbots.

In short, RCS offers the most exciting opportunity for service providers and MNOs to work together on providing consumers with secure payments and strong authentication since the availability of NFC and HCE on consumer mobile devices.

Read the latest ‘RCS and Payments’ whitepaper for more details.