Carrier billing rides again

Great news from mopay – gaming, social media and dating services are driving an uptake in direct carrier billing as consumers start to see that simply adding the charges for these things to their bill while they are on mobile is actually quite a neat idea.

Couple this with the fact that iPhone5 has no NFC in it and I think we are starting to see how mobile payments is starting to shape up.

And it is all just in time for WORLD TELEMEDIA MARBELLA on 17-19 October, which is now shaping up to help the telemedia industry capitalise on this growing movement to alternative, shall we say, ways of monetising mobile.

With speakers from Spoke, RedBee, Outbrain, Crazy4Media, BuzzCity, Tradedoubler, Tree, ATS ImpulsePay, Square 1, C3, Kwak, txtnation, WorldWide Premiums, Converto Group, Sundial, Telserv, AIME, PPP and many more, the agenda is shaping up to offer a unique insight into how content and interaction with services can be monetised – often through on carrier and related third party billing.

The fact that consumers now seem to be getting it – especially around games, social and dating – really proves that, while the industry has changed, there is still quite a lot of potential left in telemedia services. We just have to get the message out.

And that is really the theme of WORLD TELEMEDIA MARBELLA: showing delegates from the media, TV, advertising, chat, dating and adult how to create engaging services and how to turn that engaging service into revenues – either directly or indirectly.

What is interesting from the mopay study is that some 30% mobile gamers and 25% of mobile daters are using carrier billing while playing on mobile. What is more interesting still is that once they have used it they come back for more. 55% of returning customers complete five or more mobile transactions once they have discovered mobile billing.

The role of mobile payments to monetise social media, however, is perhaps the most intriguing aspect of all this and WORLD TELEMEDIAMARBELLA will feature award winning company ShowCaster talking about how to turn live TV events into engaging social offerings – and hinting at how to monetise these.

There is much more detail still to come on the show as we confirm the last few speakers so keep reading Telemedia-news.com in the coming weeks as the line up gets finalised – so SIGN UP HERE to hear from some of the thought leaders around our industry, see some new ideas in action and, of course, network you're a*se off at the show.

Think global… act global

The introduction by PhonePayPlus in the UK of a mandatory registration scheme across the whole value chain of PRS providers has had some interesting upshots. Not only has it made the system more fair for most of those involved in the industry, as well as protecting consumers to a new an unparalleled degree, but it has also thrown up some very interesting stats about the use of PRS and the location of PRS services.

Of the 4000 companies that registered as providers with PPP, 14% have their HQs located overseas, based in 75 countries, including Australia, Russia, China, India, Nigeria, Argentina, Spain, Germany and the USA.

The attractiveness of the UK PRS market for international providers and investment is underlined by research published in 2011 by PhonepayPlus that shows while the average global PRS revenue per capita (based on 20 bench-marked countries) was US$4.57, in the UK it is US$18.70.

In addition, PhonepayPlus’ annual market review, Current & Future Market for PRS 2011, shows that some providers are capitalising on the ‘borderless’ reach of global sites, such as Facebook, by facilitating mobile payments across a range of international markets. In addition, many UK mobile aggregators are now part of international consortia. 

And this is, in part, why this year’s WORLD TELEMEDIA event is being held in Marbella to not only showcase the international nature of the industry, but also to tap into the growing level of PRS expertise being run out of the Oligarch’s Playground – not to mention the rest of Europe.

Like the show, this issue of Telemedia magazine is also looking at the international market for PRS services and their impact on everything from m-commerce to regulation to the some of the new frauds that are being perpetrated thanks to an increasingly digitally connected and international user base.

And these are vitally important issues. While the ‘traditional’ PRS services of chat, dating, psychic, horoscope and so on are all doing OK – albeit in a somewhat plateaued graph – the new money is certainly in exploiting the burgeoning world of apps, m-commerce and digital media. And, to paraphrase the old Yorkshire adage, where there’s brass, there’s muck.

The world of apps and mobile downloads – not to mention social media – has brought with it not only a raft of new ways to connect consumers with content, services, goods and billing, but also new ways for old scams to be perpetrated.

These are detailed in our feature in this month’s magazine – and will be tackled too in the sessions at WORLD TELEMEDIA MARBELLA (17-19 October), along with how regulators need to look internationally and digitally simultaneously to really nip a while new breed of consumer harm in the bud.

And there is everything to play for. These services are no longer on the edge of consumer markets, but are deeply entrenched in Joe Public’s everyday digital live – and they are the stuff today of big brands. Scams and problems that dent consumer confidence in this broad spectrum of digital commerce is going to have dire consequences all round.

So join the debate and book your place at WORLD TELEMEDIAMARBELLA to learn about new services, new ways to make money – and how to make sure the business is sustainable. 

Why iPhone5 matters

It would be rude of us not to look at the iPhone 5 launch this week wouldn’t it? The over-riding message from analysts, commentators and other hacks out there is that “there are no surprises” with the new iPhone. But I disagree. I think that there is one stunning surprise in iPhone 5 that has huge repercussions for the mobile industry and the wider m-commerce world.

No, its not the slightly larger screen, the extra row of apps, the tiny-bit-better camera, the two tone metal case, the 30% increase in size nor the 20% reduction in weight. Its not even the faster processor, the high res screen not the improved battery life.

No. It's the lack of NFC. Everyone was expecting the device to ship with NFC capability built in and, lo, we would see the NFC payments and NFC marketing markets take off.

But Apple’s decision not to include the technology speaks volumes about the long term prospects for NFC – and hints at how Apple sees mobile payments working in the coming months and years.

Mobile payments is certainly flavour of the month. This year’s Meffy Awards, doled out this week, featured a growing number of mobile payments categories and winners. Barclays pingit walked off with an awards and the Outstanding Contribution Award 2012 was given to Hannes Van Rensburg, CEO Fundamo, for his pioneering work acknowledged as paving the way for mobile banking in developing countries.

And this really showcases why Apple, perhaps, hasn’t included NFC in iPhone 5: there is no need. Millions of Africans, Indians, Pakistanis and other ‘developing’ countries’ comsumers are already doing mobile payments, ticketing, loyalty and so on – all with text and feature phones. There is no need for NFC.

In fact, NFC is a red herring. The challenge with mobile payments is how to make it simple, secure, yet ubiquitous and above all service the consumers’ needs, not those of the banks, operators, third parties, merchants or device makers.

Anyone who has signed up to O2 Wallet will realise just how complicated it is. With Project Oscar also on the starting blocks, along with Google Wallet, initiatives from banks and card companies, the market is so overly complex it will never fly.

What will drive mobile payments will be a simple app or text service – for iPhone users, probably based around iOS6’s Passbook app, which is not iPhone 5-specific – and will make payments simple to do and to manage.

This, of course will be the main thrust of one of the main sessions at the WORLD TELEMEDIA MARBELLA on 17 to 19 October, with panellists from mopay, ImpulsePay, and others on hand to discuss and debate quite how it is all going to work – and whether we need less technology and more common sense to make mobile payments fly.

Maybe, Apple’s omission of NFC is the common sense injection the hysterical world of mobile money and mobile payments really needs?

Retailers look for DIY solution to m-commerce confusion

If you want something doing... do it your self. That’s what my mum always used to say, and it is no doubt the advice of the mothers of the heads of e-commerce at some of America’s biggest retailers, who this week have announced that they are to work together to develop their own m-commerce platform and payments solutions in an attempt to by-pass the ever-more complex morass of technology providers that are leading to huge confusion within the retail community as they all look to go mobile.

Under the banner Merchant Customer Exchange (MCX), 7-Eleven, Target, Wal-mart, BestBuy, Sears, AVC and eight other retailers have joined forces to develop a mobile payments application that will be easy to integrate into existing payment back ends and, it is hoped, be so easy to use that it will kick start the mobile payment revolution in stores.

The bold move is a line in the sand for the many other payments providers out there vying for position as the de facto mobile payments standard. Already banks, network operators and the likes of Google, Square, Mobile Money Network and more are all looking to corner the market in mobile payments.

The establishment of a retail-backed consortium means battle is joined. And one can’t help but wonder if the retail industry’s own offering is a shoe-in as the winner in this fight. The retailers in the US who comprise MCX between them have millions of customers and, since they are doing it themselves for their own businesses will have a much better grasp on what they want to get out of it. It will also, probably, cost them a lot less.

Or as Wal-mart puts it: “MCX will leverage mobile technology to give consumers a faster and more convenient shopping experience while eliminating unnecessary costs for all stakeholder.”

Such a move also gives shoppers the confidence to use the service as they will see it in many of the best known stores across the US, giving a much needed fillip to the mobile payments idea. And it avoids the tricky issue of ‘who owns the customer’; something that has dogged any tie up so far between banks, telcos, third parties (bar perhaps PayPal) and retailers to deliver effective mobile payments.

Little else is known about MCX currently, but this is perhaps one of the most significant moves in m-retailing since, well, the invention of m-retailing. Suddenly retailers are empowered to run the payments side of m-commerce in their stores andon their sites and can develop a solution that suits them very specifically.

It also opens up the possibility of kicking many other payment tools into the long grass – and perhaps even scuppers NFC – in the short term.

Personally, I believe that what is more likely is that it will be the much needed boot in the trousers that the telcos, banks and payment companies need. Rather than all competing to become one of a confusing panopoly of payment tools nestling as apps on phones, quickly forgotten and never used, they will be inspired to work with this group to integrate the best bits of their technology into a single payment tool.

Outside the US, we should all watch this initiative with bated breath. If it succeeds then it needs to be replicated everywhere for the best of breed payment ideas to be integrated into a truly universal payment tool so that I can have just one payment app on my phone and for m-commerce to reach its true potential.

Of course this move will have huge repurcussions for the telemedia industry as it involves payments, primarily, but also m-commerce in general. Its impact on telcos could be huge and billing companies need to take note. And we will be debating this at length in the payments and retail & m-commerce sessions at WORLD TELEMEDIA MARBELLA (17-19 October), so book your place to help work out how we work with retailers and not lose this huge opportunity.

Passport? Money? Sun hat? Semi-skimmed milk?

Tesco's bold move into rolling out virtual shops as part of a two week trial at Gatwick Airport is, in many ways, rather innovative. Not for the technology – this sort of thing is the backbone of Japanese vending machine culture and has already been successful for Tesco itself in Korea and Covent Garden, as well as for Ocado in London last summer and Birmingham this –  but more for the it's boldness as an off-the-wall ad campaign for its multichannel (or should that now be ‘omni-channel’?) offering in general and it's grocery app in particular.

As our story this week reveals, Tesco has installed ten interactive screens the size of vending machines in Gatwick's North Terminal with the top line mission of getting consumers who are about to jet off on their holidays to pre-order their victuals – bread, milk, cheese, olive oil, wine; to name but a few of the 80 items on offer – so that they can be delivered just after the happy holiday makers step through the door of their house all tanned and relaxed. (WARNING: this is assuming that French air traffic controllers don't unleash sudden industrial action as you wait to board your homeward bound Airbus and you sit in Alicante knowing that your groceries are rotting on your doorstep or have been taken back to the warehouse.)

But joking aside, really what these virtual shops do is advertise in a very large and shiny way that if you download the Tesco app onto your smartphone you can do your shopping where ever you may roam. But is it such a great idea? For starters, if I had battled my way through security and was finally in the departure lounge waiting to jet off to the sun, the last thing it'd want to do is my shopping.

But, I may be prompted to do it the day before I head home using the app from the comfort of my sun lounger, hotel wifi permitting. I may also be reminded that I have the app and I might just start doing my shopping from it again. So perhaps the mega-omni-retailer is on to something.

But what's in it for Tesco? The retailer is adamant that multichannel retailing — or “offering the consumer as many easy and convenient ways to shop at Tesco as possible”, in the company's own parlance – is its future. But not at the expense of pushing people from one channel to another, but in being so convenient that new people start to use its channels.

And this is really the driver behind the trial at Gatwick. It lets Tesco push new people to its app, get existing app users to reignite their usage (and perhaps this time stay sticky – which is crucial: as revealed in the news below, according to comScore only one in eight European smartphone users have bought anything through their smartphone). The services could also make loyal Tesco mobile and online shoppers feel even more warm and fuzzy toward their favourite supermarket.

But it also serves another even more useful purpose for Tesco: it lets the company see whether consumers will shop using these virtual shop fronts as part of the shopping mix. If they do then the company will no doubt roll them out elsewhere at travel hubs and all sorts of other places, including perhaps their own storefronts (for the gentleman shoppers amongst us – they may even think of putting them in pubs, at football grounds or even the bookies). It is in essence a proof of concept of something that could either cut Tesco’s store costs or extend the reach of the company to many, many, many new locations and tap into a whole new way of shopping.

I went to the launch of the service at Gatwick and have no idea if I had just seen a really expensive but cool ad campaign for an app, or the future of shopping? Even if the former is the case, and given that Webcredible has found that UK consumers only use an average of four apps regularly – and they are the four they consider most useful, as our story below shows – getting consumers to include Tesco’s grocery app as one of these ‘can’t live without’ apps is probably worth this sort of elaborate marketing. And who knows, it may even actually fulfil a consumer demand, I just can’t tell. Perhaps I need to jet off to a beach somewhere and think about it?

Lessons Learned from Mat Honan’s Epic Hacking

by Rob Sobers

“ Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.”

If you haven’t read Gizmodo writer Mat Honan’s gut-wrenching play-by-play of how his entire digital life was evaporated in the matter of hours, do yourself a favor and Instapaper it. Or, if you’re too busy to read the whole article, I’ve created a quick-and-dirty summary that retraces the hacker’s steps and highlights some steps we can take to protect ourselves from similar attacks.

How It Happened

1.) Hacker targets @mat via Twitter

2.) Hacker browses to @mat’s personal website, which is linked from his Twitter profile

3.) Hacker sees @mat’s Gmail address on his website

4.) Hacker tries to login to Gmail using @mat’s (knowing he won’t get in)

Hmm, if the hacker can’t break into @mat’s Gmail account, why is this important?

When you tell Gmail that you’ve lost your password, it responds by showing you the partially obscured alternate email address it has on file for account recovery.

This is a big hole. Why? Because m***n@me.com was enough information to know which service to attack next – iCloud, which, as you’ll see in a minute, is extremely vulnerable to social engineering.

It’s worth noting that, as @mat mentions in Wired, if Gmail’s two-factor authentication was enabled, the nightmare ends here. Hopefully Google will figure out a better mechanism for securing your alternate email account other than blanking out a few characters (a security question would be a good start!).

Email is the skeleton key to your online identity since so many services reset your account via a confirmation link sent to your email address. Guard it well.

How can you protect your Gmail account?

Go enable two-factor authentication for your gmail account…now! Jeff Atwood wrote an excellent tutorial for Gmail in his Make Your Email Hacker Proof post and Matt Cutts posted a video today.

5.) Hacker obtains @mat’s billing address by doing a simple WHOIS lookup on his website’s domain name

I can’t really ding @mat here since, as he points out, most peoples’ billing addresses are obtainable via WhitePages or a similar service unless you’re unlisted, which isn’t a bad idea. If you own a domain name, think about paying the extra $20/year for private registration.

6.) Hacker obtains last 4 digits of @mat’s credit card

Why was the hacker after the last 4 digits? Because this was the last piece of the iCloud-cracking puzzle. In order to verify your identity, AppleCare phone support requires: 1) name, 2) email, 3) billing address, and 4) the last 4 digits of the credit card on file. The hacker already had 3 of the 4.

Where might someone’s credit card number be stored? Amazon!

The hacker (correctly) assumed that @mat had an Amazon account that used one of his two known email addresses as the account name. But how did the hacker gain access? Hint: he didn’t crack the password. He used social engineering.

The hacker placed a call to Amazon tech support claiming to be @mat. He provided his name, address, and email (yikes!), and then asked the tech support rep to add a new credit card number to the account. Then he hung up the phone and waited.

Later, the hacker placed a subsequent call to Amazon saying he lost access to his account. Upon providing name, address, and the newly added fake credit card number, Amazon support let the hacker add a new email address to the account (e.g.,hacker@danger.com).

Game over.

The hacker could now click “forgot password” on the Amazon login page and the subsequent password reset email would go tohacker@danger.com instead of @mat’s real email address. Having reset the password, the hacker then logged into the Amazon account and nabbed the last 4 digits of the real credit card on file.

@mat notes:

“And it’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example. If you have an AppleID, every time you call Pizza Hut, you’re giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.”

How can you protect your Amazon account?

Until Amazon rethinks their identity verification process, the only way to protect against this social engineering hack is to delete any credit card data you have on file with Amazon. Yes, it’s painful to have to enter your credit card information every time you place an order, but is it as painful as having your digital identity stolen?

Let’s recap: Hacker grabs public information: name, gmail address, billing address. Gmail’s login system reveals that @mat has an AppeID (m***n@me.com). The hacker knows that in order to own that AppleID the only missing piece is the last 4 digits of @mat’s credit card, which can be socially engineered from Amazon support. Whew.

Still with me? Good. Here’s where it gets really ugly.

7.) Hacker calls AppleCare with the information required to infiltrate an iCloud account: name (public), email (public), billing address (public) and last 4 digits of a credit card (virtually public).

How can you protect your AppleID?

Apple requires you to have a credit card on file if you want to use iTunes and the App Store, so deleting your credit card data might not be a viable option. However, you could dedicate a single purpose credit card for Apple. If the card @mat stored with Amazon didn’t match the card stored with Apple, the attack would have stopped here. Regardless, Apple needs to seriously rethink their identity verification process.

8.) Hacker remote wipes @mat’s iPhone, iPad and Macbook Pro

There are more security steps involved to opt into a MailChimp newsletter than to remotely decimate an entire laptop. The way iCloud’s remote wipe process was designed leads me to believe they didn’t even think through the possibility that an iCloud account could be hacked.

How can you protect your data?

Backup your data. No excuses. Have multiple backups and test your restores. You can get a 2TB external hard drive for $120 on (wait for it…) Amazon, and online backup services are a few bucks a month for unlimited data. (Anecdotally, the only hard drive failure I ever experienced was 1 day after my very first online backup completed. Most people aren’t so lucky.)

So many systems are interconnected in the cloud making things more convenient than ever before, but we have to realize that this same interconnectedness makes security exponentially harder. Passwords are no longer good enough—not for the important stuff. If Apple, Amazon, and (too a much lesser extent) Google—companies with a combined market cap of 900B—can’t get security right, what are the lesser known providers doing?

www.varonis.com