2007 is shaping up as the year of the new user interface. First we had the Wii, then the iPhone, and now the Economist is briefing us on the end of cash – apparently we will soon be swiping our mobile phones against retail terminals to pay for things.
The Economist pictures consumers swiping their phone, checking the details of their purchase on its screen, and finally clicking ‘ok’ and typing their pin number on their phone keyboard. They could also use their phone to check their bank balance.
Swiping a device is a wonderful user interface metaphor. It’s a physical way of requesting something – pointing to it and saying “I want this”.
Done via the web, the object you’re purchasing is represented at a URL. And swiping your phone is requesting that URL in your phone’s browser. This brings up a web page describing the object.
To achieve this in today’s browsers, you have to type in a URL, or click on a hyperlink. I see swiping as another method of doing this, which avoids fiddly typing – you a requesting a specific web page by reaching your hand out to the resource it represents.
Of course, on the web page is a form for confirming the details and authorizing the purchase. This is easily achieved using simple HTML.
What I’m proposing is that the technology of Near Field Communications (NFC) is based on the internet. The data is represented in HTML and transported via HTTP.
There are several benefits to this approach:
- Modern phones already have browsers, and HTML allows the use of images, styling and sophisticated user interface elements that consumers are already used to
- Retail groups already have web infrastructure in place advertising their products and services
- HTML allows tailored web forms, for confirming details and entering authorization.
- Web security measures such as SSL and secret password fields can be reused.
As it stands above, the security model is the same as used on the internet today. But there are ways to make it even stronger.
Because the mobile phone is uniquely personal, it can be used to provide extra authentication of the user. Many people have suggested using the phone in two-factor authentication. Usually, this is where you type in a pin number, the phone uses it to generate another number, and this second number is submitted. The phone updates its algorithms every minute, so the second number will only work for a minute – then it is useless.
I would suggest a new HTML Form element – the “pin” input element – where the browser should carry out this algorithm automatically based on whatever is typed in, so that the second number is submitted.
That way, the “swipe” becomes even more secure than normal internet transactions.
Will the bank or the phone company handle these transactions?
In line with previous posts, I think it’s very difficult to see the phone company as anything other than the bit pipe along which data transmission occurs.
That’s because phone companies don’t have the expertise to handle financial risk, or the willingness to be regulated as banks.
However, I can certainly see phone companies making a tidy sum by creating exclusive deals with banks to handle the transactions, or at least by providing a default bank. In some cases this could be a white-labelling service, with a bank handling the underlying transactions under the banner of a phone company.
I can also imagine my phone offering me choices – for that sofa, I could choose to use a selection of credit cards, rather than my usual bank account.
And there are opportunities for retailers to learn more about their customers. Rather than having to issue “club cards”, why shouldn’t they simply associate membership with your phone? Whenever you make a purchase, this gives them more information about you, and allows them to supply tailored adverts and special offers to your text message inbox.
The power of the swipe
What could be more intuitive and simple than swiping at something to request it? By combining swipe technology with the internet, payment systems will be revolutionised, providing many benefits to consumers and retailers.