Privacy, Identity and Security Concerns: Enterprise Strategic Decision Making and Business Model Development for Mobile Payments in NFC
30 Pages Posted: 2 Mar 2012 Last revised: 6 Jul 2017
Date Written: March 1, 2012
This paper assesses the privacy, identity and security concerns arising from the use of NFC (near field communications) technology in public transport systems. NFC is increasingly visible as the technology of choice for ticketing in public transport systems providing electronic and contactless payment. NFC is considered a disruptive technology competing with other alternative money payments, with innovative business propositions to both service providers and users. However, there are shortcomings and opportunities that arise from taking into account those aspects as part of the business models propositions for this technology.
The case study is a comparative study of six cities around the work (London, Hong Kong, Helsinki, Berlin, Seoul and Tokyo), with particular focus on the variations of NFC public transport business model implementation. We pay particular attention to the enterprise strategic decisions taken by stakeholders resulting in a variety of business models in the access and usage of services. Some transport authorities prioritize revenue, others profit, others the expansion and consolidation of services. At the core of those decisions were mandates for the protection of citizens’ privacy, identity definition and security implementations which different levels of compliance and regulation.
The demands that emerged from the regulatory aspects - or the lack of them - provide a dynamic set of alternatives that are used by stakeholders of the transport systems to develop their business models. We show how privacy and security default settings are adopted and later adjusted based on the demand of users and services. Our analytical model shows how this technology fosters diversity of business models. We analyze the stakeholders and the context on three layers: firstly, the architecture aspects related to the use of mobile technology, communication and transport networks, payment systems, services, etc.; secondly, the shareholder and public transport originators of the services; thirdly, the variety of rules and regulations for competition for the established forms of provision of services and the types of business solutions with variations driven to a strong private, state hybrid drive of business solutions.
We show how this analysis fosters our understanding of the value chains for a technological innovation that is disruptive. We consider who are the winners and losers and especially assess the positions of network operators, since they so far have participated only tangentially in something that fundamentally depends upon their engagement. For users of NFC enabled transport systems, privacy is granted, in some cases, by current regulatory frameworks, but it is not properly embraced at the core of the current business models being implemented. This amounts to a loophole in regulation that will become critical in the future as NFC is extended to provide not only transport services but also other services such as banking.
This research is novel in its approach to understanding the complexity of the strategic decisions taken by public transport operators by using a three element model. Our model considers the technology, the users and service providers, and the regulation and business models associated with privacy protection, identity definition and transactional security for NFC. We show how far this model can be transposed to other sectors that might be using NFC in the near future as well as discussing the potential policy and or regulatory rules to be implemented in order to provide a sustainable business environment which can also protect and nurture the privacy and identity of consumers.
Keywords: Privacy, Identity, Security, NFC, Business Models, Mobile Payment, Regulation, TPRC
Suggested Citation: Suggested Citation