Marko Udov

SECURITY OF MOBILE PAYMENTS

Ljubljana, julij 2012

Table of contents
1. 2. Abstract .......................................................................................................................... 2 Security measurements .................................................................................................. 4 2.1. 2.2. 2.3. 3. Security of transfer .................................................................................................. 6 Security of applications ........................................................................................... 7 Digital certificate and signature ............................................................................... 7

Mobile payments in Slovenia .......................................................................................... 8 3.1. 3.2. 3.3. Moneta machine ...................................................................................................... 8 Moneta terminals ..................................................................................................... 9 Moneta in telemarketing .......................................................................................... 9

4. 5. 6.

Mobile payments in Denmark ......................................................................................... 9 Regulations in the EU ....................................................................................................10 Regulations in Slovenia .................................................................................................12 6.1. 6.2. 6.3. The Law on Payment Systems and Services..........................................................12 The Law on electronic communications ..................................................................13 General Act on Transparency and publication of information..................................13

7. 8. 9.

Electronic money ...........................................................................................................13 Conclusion ....................................................................................................................15 References: ...................................................................................................................16

1. Abstract
We are witnessing an almost limitlessly rapid spread of mobile payment schemes the world over, however the legislature still remains vastly undefined, most openly in the region of the European Union. It is because of this fact, that many potential users still regard this as an unproven technology. The question of security remains unanswered, which is one of the biggest reasons, this technology is slow to catch on in the European market; a stark contrast to others, especially in Asia, where it has been, and still is, on the rise. The aim of this study will therefore be the question of security regarding mobile payment schemes, especially in the European and Slovenian markets. I shall study the laws and regulations regarding this subject, most deeply those affecting matters of security. The study will present steps and actions any user could use as preemptive measures, to ensure his or her security using such technologies. It will also briefly address the possible ways of using mobile payments correctly, and some already known ways of abusing the system, with the aim to properly inform potential users.

Key words: m-payment, security, regulations, abuses, protocols, data protection, risk control, e-money.

M-payments have nowadays become commonplace and with this, so have opportunities for their abuse. Therefore new methods of security have had to be developed, making this system capable of making physical and digital purchases. M-Payments can be defined as an extension of mobile networking, and the development of IT and high-speed networking technology has undoubtedly aided its implementation. M-payments can be classified into two main categories: Remote payments and proximity payments. Remote payments which usually take place through a mobile internet/WAP connection, of which most are based on card payment schemes, or through a premium SMS service, the use of which is billed to the user by the Mobile Network Operator (MNO). Proximity payments take place immediately at the location of the sale being made. However, they require hardware and software which is able to perform the task to be available to both parties involved. This second kind of mobile payment has recently become more and more available for an ever-growing number of transactions, such as: stores, restaurants, parking lots, public transport, etc. The result of this is that no clear boundary exists between Mpayments and E-payments, because of the similarities of the processes; B2B (business to business) and B2C (business to customer). There is an undeniable rise of such transactions in the market, with the Asian and Oceanic regions taking the lead. A study conducted by Gartner, an independent research company, has shown a figure of 62.8 million active users in the region, who are predominantly in Japan. Other studies have predicted the total value of M-payments will have surpassed 1 trillion USD by 2014. With corporate giants, such as Google, Visa, Apple, having announced their entries into the market, Europes market still seems unprepared. It is fragmented, because of a lack of cooperation between the constituting participants and also because no clear common policy on the matter exists, leaving the possibilities unrealized, and possible investors reluctant to invest.

2. Security measurements
The security of mobile payment transactions is one of the most cardinal considerations, both for service providers and customers alike, with a loss of trust towards the service provider would prove most damaging. With this in mind it becomes clear, that security, transparency and homogeneity should be the foundations of any such enterprise, with privacy and reliability following closely. Another concerning factor to revue is risk management which, in private payment and micropayment systems alike has no assigned supervision, neither in Slovenia, nor in Europe itself, however implementation of regulations regarding risk management is anxiously awaited. A risk management system can be defined as one having the following activities:

A) Risk assessment identification, structuring of risk, risk measurement, risk analysis.

B) Risk management risks control, establishment of appropriate countermeasures, partially transferring risk to other entities, acceptance of risk.

C) Risk monitoring This is the need to install an efficient information system that can show the current level of risk and any potential shortcoming of currently applied procedures. Risk that the user is exposed to in all payment systems, including m-payments, can be divided and further sub-divided as follows: 1. Financial risks: settlement risk,

liquidity risk, credit risk.

2. Operational risk: organizational risk, technical & technological risk, risk of fraud, abuse or sabotage.

Another gap in the system security has recently been revealed in Slovenia; users were persuaded into a fake online game, which required them to vote on photos of possible new online friends under the premise, that this feature would only cost them a few cents. It turned out, that they were charged 50 for using this application. This being said, various abuses of mobile payment systems are a rare occurrence, and the responsibility for these, in most cases, lies with the users themselves. The corporate heads of the Moneta company have issued a statement, saying that although abuses may indeed occur, the majority of them are direct consequences of the users naivety or the device being stolen. However, there have been security breaches that do not fall neatly in the aforementioned categories. One of these was a professionally planned project, based on a charity donation scheme. The users were invited to donate funds to a charity, and by doing so, they entered a command string, which constructed a fake account with Moneta and performed a purchase. Another system, used on a smaller scale, is users lending their phones to people, who ask to make a simple phone call; they of course do not, but instead this person enters a command string and makes a false purchase with Moneta, which transfers funds to his own account. Due to these possible disadvantages, the countermeasures of the Halcom model are listed bellow: security: digital signature (WPKI) easy-to-use: communication via SMS text message also suitable for high-value payments: payment settled directly from user bank account operates on all normal mobile telephones

low investment for partners (mobile operators, banks, and goods and service providers): no major changes in information systems, relatively simple interface required

When users order goods or services via the web or telephone, the entire procedure is completed in just three steps: 1. the service or goods provider sends the user an m-invoice to their mobile telephone 2. the user signs the m-invoice by entering the PIN number of the electronic certificate on the SIM smart card (not the same as the SIM card PIN number) 3. the user receives confirmation of invoice payment on their mobile phone. Given the high security standards and ease of use, mobile payments are suitable for the following e-services: secure e-payment for goods and services (including high-value payments), internet shopping, share trading, e-banking, public administration e-services, gambling and other services etc. However media still portrays a virtually inflated view of a lack of security regarding mobile payments and report few actually use it, however this view is flawed. WAP (Wireless Aplication Protocol) operates on the basis of standards that ensure the safety of applications and transport in a wireless environment. With the convergence of wireless data communication and the Internet, more and more Internet services are now being used in the wireless area. Mobile payment protocols are necessary for online transactions. A good payment protocol should balance the requirements of security and convenience. However there is still not one common protocol, as it is with regulation.

2.1.

Security of transfer

Transmission channels that provide a secure connection are WP-TCP (Wireless Profiled TCP), and WTLS (Wireless Transport Layer Security). Despite the fact that WTLS is based on the TLS/SSL, there are differences between them: WTLS is designed for narrowband data transmissions and weak network connectivity. WTLS protocol supports authentication using digital signatures and public key certificates, compact coding, datagram support, optimized handshake, fast encryption and decryption algorithm, etc.

2.2.

Security of applications

Standard safety features are the WIM module (WAP Identity Module), a computer chip which is installed to the device and supports WAP and key WPKI (Wireless Public Key Infrastructure). WPKI is Public Key Infrastructure, shifted into mobile world and provides security. PKI (Public Key Infrastructure) is a set of hardware and software, people, policies and procedures, that can manage, store, distribute and cancel digital certificates. WPKI services enable secure transmission of information and support a wide range of applications of m-commerce. WPKI technology (Wireless Public Key Infrastructure) provides the users with the same powerful protection of transactions as with the use of normal computer based transactions.

2.3.

Digital certificate and signature

A digital certificate includes a public key and information about its owner and it purposes, it connects the key with the owner. In that way it provides a certain degree of security using mobile payments. A digital certificate is awarded by a Certification agency or authority. An example of a simple and secure mobile payment system, which uses digital signature security measures and operates on conventional mobile phones, is Hal M-Payments. It uses public private keys, which are stored on the SIM card, with WPKI providing security during transactions. The only difference between this model and any other in e-commerce is that the digital certificate is stored on the SIM card, and the mobile device acts as a reader and computer. "It should be noted that mobile phones are much more widespread interoperable devices than PCs, so the future of digital business is certainly in the use of mobile devices, that can work for a legally valid signature on the distance (mobile electronic pen) and for the safe and reliable remote identification (electronic identity card). " - Halcom d. d. 2012 Another example of an active mobile payment system is the Moneta system, which is well established in Slovenia and is one of the first of its kind in Europe. It caters to many different users, and required high levels of security. One way of achieving this is by the user determining the length of each session and not allowing cookies to be written on the internal memory disk.
7

System security is achieved at many different levels and in many ways. That means restricted access to certain levels, payable sites and databases, encryption of usernames and passwords, verifying the authenticity of "cookies", a reliable hardware and a sufficient throughput of links at all levels, etc. Continuing on the example of the Moneta system, security is provided on multiple other levels, such as: The users identity is uniquely determined on the basis of the SIM card in the mobile phone, the authenticity of the payment terminal and of the payment center is verified by the digital signature based on a cryptographic ECC system, the successful digital signature is the basis for encrypting transactions.

With the above mentioned contingencies in place, all participating parties are thoroughly protected throughout the transaction.

3. Mobile payments in Slovenia

Mobile payments in Slovenia are supported only by the three main operators; Mobitel, which took the lead in this field of commerce and was later followed by Simobil and Debitel, but non of the last two, is comparable with Mobitel in the range of features provided. All three operators are using mobile payments through already mentioned Moneta system, by which is possible to perform a purchase all over Slovenia or on the internet. All purchases are charged with the next month with the next month bill or via bank account (Monetas partners are only Nova KBM and Potna banka Slovenije).

3.1.

Moneta machine

One of the ways of paying with moneta is through moneta machines at the at the location of the sale being made. It operates on the basis of sound transmission from the moneta mchine to the center of Moneta and back. For the purchase there are not any special requirements, only normal phone and operator availability.

3.2.

Moneta terminals

The service is easy, fast and user friendly. Terminals are marked with Moneta symbol and are located all over the Slovenia. Characteristic of Moneta terminals: no any other communications infrastructure is needed, data transfer occurs via cell phone it can be used at many different selling points, classical and mobile it enables micro payments it is completely based on-line system; it provides better control over payment transactions data transmission are completely secured, it is based on EEC Encryption; better security is provided than at existing magnetic card systems

3.3.

Moneta in telemarketing

Customers are nowadays able to settle their purchases immediately by using Moneta system. This is very convenient for merchants and customers, nevertheless many bureaucratic procedures are spared. Moneta can be therefore ideal for buying and selling tourist bids, all sorts of tickets etc.

4. Mobile payments in Denmark

A good example of a well established mobile payment market is definitely Denmark. Denmark is one of the first among European countries, that have adopted mobile payment system and is now the fourth-highest user of non-cash payments in European Union. Among major service providers with experience in mobile payments is Danske Statsbaner (DSB), Denmarks largest railway company, which provides a service to Copenhagen residents enabling them to remotely purchase rail and bus tickets via their mobile phones. In the first nine months of 2009 some 600,000 tickets were purchased via this service, according to DSB.

Denmark has also in year 2009 established the system of purchasing post stamps via mobile phone. Customers are now able, instead of paying with cash for classical post stamp, to perform a purchase via mobile phone. In response for their purchase, customers receive a digital code, which is written down on the letter by the users themselves. The system proofed as efficient especially when all post offices are closed, but the purchase of a mile stamp can still be done. By the classical way that would not be possible and the customer should have waited till the next day. Also long queues at the post offices are no longer a problem, because need for going to the post office, to buy a stamp, is no longer needed. The only disadvantage of the mobile stamp is slightly more expensive purchase (additional cost for the sms) and expiry date which last only seven days, instead of almost limitless at normal one. Otherwise mobile stamps have many advantages and are already making their way to other European counties. Mobile payment has in Denmark an important role and therefore Denmark's four mobile network operators have created a joint venture company to bring NFC to

market. TDC, Telenor, TeliaSonera and 3 will use the joint venture company to provide a common platform and a common brand for NFC services with the aim of ensuring consumers safe and smooth experience, regardless of which mobile network operator they subscribe to. There aim is that consumers would not experience any slightest change in the use of the digital wallet when changing telecommunications company. The four operators have ambitious plans for NFC and expect NFC mobile wallets to be widespread "within a few years". They said that in a few years everything we currently physically have in our wallet or purse will soon be available digitally on our SIM card as ordinary everyday functions on our mobiles. Due to this kind of thinking and mentality, Denmark will therefore always be the leading country in this modern technological era.

5. Regulations in the EU
The area of payment services in the European Union is regulated by the Directive on payment services, abbreviated PSD, which provides all legal foundation for the creation of an EU-wide single market for payment systems. It refers to all types of electronic and cashless transactions, direct debit payments and payments made by credit card and as well for

10

payments via mobile phone systems and the internet. The PSD aims at establishing a modern and comprehensive set of rules applicable to all payment services and to ensure a standardized approach to the rules governing electronic payments in thirty European countries (European Union, Iceland, Norway and Liechtenstein). The target is to make cross-border payments as easy, efficient and secure as 'national' payments within a Member State. The PSD also seeks to improve competition by opening up payment markets to new entrants, thus fostering greater efficiency and cost-reduction. At the same time the Directive provides the necessary legal platform for the Single Euro Payments Area (SEPA). (Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC) Even though the Commission was already active in the past, in the area of card payments, mostly in the frame of a Single Euro Payments Area (SEPA) and with the introduction of competition policy, the payment via the internet and mobile phones on the European level, is still relatively a new area of policy. The European Commission has in January 2012 published a Green paper "Towards an integrated European market for card, internet and mobile payments." The paper includes evaluation of the current card, internet and mobile payments in Europe, identification of differences between the current situation and vision in relation to a fully integrated payments market and identifies the obstacles that have made such a difference. The document deals with market access and entry for existing and new service providers, payment security and data protection, transparent and efficient fixing of prices of payment services, technical standardization and interoperability between service providers. Green Paper launched a consultation with purpose to collect information from all interested stakeholders on the existing situation of the card, internet and mobile payments market and the potential hurdles for integration at European level in these markets. The Commission is expected that before the end of the second quarter of 2012 declares the following steps. Proposals will be made whenever necessary by the end of 2012. European Union has also dealt with the legal aspect of electronic commerce, which did not change radically, so the directive that deals with it is from the year 2000, but this is just one of the documents. Directive 2000/31/EC of the European Parliament and of the Council adopted in June 2000 refers to certain legal aspects of information society services, in particular electronic commerce in the internal market sets up an Internal Market framework for
11

electronic commerce, which provides legal certainty for business and consumers alike. It establishes harmonised rules on issues such as the transparency and information requirements for online service providers, commercial communications, electronic contracts and limitations of liability of intermediary service providers. The various security aspects of mobile payments are dealt with in the following EU directives: E-commerce directive Directive 95/46/EC Directive 2002/58/EC

6. Regulations in Slovenia
The many aspects of mobile payments in the Republic of Slovenia are regulated by the following acts: the Law on Payment Systems and Services (Official Gazette. 58/2009, no. 34/2010, No. 9/2011), the Law on electronic communications (Official Gazette. 13/2007- OCT1, no. 110/2009, Vol. 33/2011), the General Act on Transparency and publication of information (Official Gazette. 96/2004, no. 59/2008, Vol. 55/2010).

6.1.

The Law on Payment Systems and Services

This Act regulates: -conditions for the establishment, operation, supervision and termination of payment institutions, -conditions for the performing of payment services in the Republic of Slovenia, -rights and obligations of users and providers of payment services in relation to the performing of payment services and -rules regarding modifying and management of payment systems.

12

This Act also determines the sanctions for breaching obligations for charging cost and information in accordance to Regulation of the European Parliament and European Council (EC). 2560/2001 from 19th December 2001 on cross-border payments in euro (OJ L no. 344, of 28 12th 2001- Regulation 2560/2001).

6.2.

The Law on electronic communications

According to Article 153. of the National Assembly of the Republic of Slovenia, from the session on the 1st February 2007, National Assembly consolidated text on the Electronic Communications Act, which includes: -The Electronic Communications Act - ZEKom (Official Gazette. 43/04 26 4 2004) -Law on Personal Data Protection ZVOP-1 (Official Gazette. 86/04 of 5 8th 2004) and -Law Amending the Law on Electronic Communications - ZEKom-A (Official Gazette. 129/06 of 12 12th 2006)

6.3.

General Act on Transparency and publication of information

This is the general act governing the transparency and publication of information on applicable prices and tariffs and on terms and conditions of access and use of public available telephone services.

7. Electronic money
Electronic money, abbreviated e-money, is an electronic means of payment which can, like coins and notes, be used to pay for goods and services in various physical transactions. It may be carried on a number of different electronic devices and may be downloaded from a cash machine, a shop based terminal or the internet. It can be used: to perform the same transactions as with physical money to purchase varying goods and services to redeem for physical money
13

to exchange interpersonally

Its use in the physical world takes place by inserting a card into a terminal, or by transferring funds onto it by use of wireless networking. In virtual use it can be used to purchase goods and services online and be stored on various media. Directive 2009/110: This directive covers the rules and regulations concerning the taking up, pursuit and supervision of electronic money institutions and that the rules in the E-money directive are adhered to in all EU member countries by the 30th of April 2011. This directive aims to enable new, innovative and secure electronic money services to be designed, provide market access to new companies and to foster real and effective competition between all market participants. With the use of e-money the chances of abuse increase and therefore it is of the greatest importance that users are acquainted with all the information about the inherent risk and safety precautions available. The following abuses may occur when using e-money: unauthorized transfer of funds, disclosure of confidential information or counterfeiting of it, infections with various malware/virus applications, false denial of executions of payment, the emergence of a server that simulates a bank, destruction of personal data, disabling of labor and the use of resources.

For the aforementioned safety concerns, the following safety measures apply: encryption; with symmetric crypto algorithms being the norm, an all-electronic signature being in place which is a valid substitute for a handwritten signature in electronic commerce, digital certificates, identification certification, usually with a password, and security protocols such as SSL. But despite all these elaborate safety mechanisms, the best security is the caution of the users themselves.

14

8. Conclusion
The often lop-sided view of m-payment schemes as presented by the media, which shows this technology as unsafe and risky to the user, can easily be discarded. This is reinforced by the findings of the Juniper enquiry into the fiscal values of mobile payments, which predict the total value of future payments, for digital and physical goods alike, banking transfers of funds and NFC transactions with 185 billion dollars in 2011, to achieve 515 billion euros by 2015. This result is hardly surprising, if we consider, the ease and practicality of NFC (near field communication) transactions, which are defined by a rapid transfer of data over short distances, between the users mobile phone and the payment terminal. Making long distance payments is arguably no less practical; the system is based on using safety protocols, such as SSL and TTLS, which serve to protect the system from any security breaches, making credit cards all but redundant. Safety features such as using public and private keys stored in the mobile devices SIM card only enhance the security, so does use of digital signatures (WPKI). Ensuring even greater depths of safety, the use of a secondary PIN code when making a purchase, and SMS services to confirm successful purchases are possible. The technical aspects of the security options differ from one service provider to another, but most of the above are commonplace. From a technical point of view, security is well managed in mobile payment technology; a higher risk lies with the users themselves. Most abuses take the form of either a stolen mobile device, which hasnt been reported stolen promptly enough, or more simply, the user being nave and falling into a trap; both resulting in financial damages. Because of the widespread use of this technology, more and more emphasis is being put on prevention, by notifying the users of rules and regulations. The EU still lacks a common regulative framework with regards to mobile payments, but major changes are to be expected by the end of the year, as the Green Paper entitled Towards an integrated European market for card, internet and mobile payments was published in January. It focuses largely on mobile payments and states, that more guidelines in the area are to follow by the end of the year, with passed legislature soon after. Thus far, however, the Directive on Payment Services, abbreviated PSD, provides all legal foundation for the creation of an EU-wide single market for payment systems. A similar situation characterized by a gross lack of regulations and a deep need for changes exists in Slovenia; there is no complete law to govern these areas, rather there are fragments of different acts and laws, the applicability of which is sometimes questionable. Nonetheless, there are three main laws dealing with this subject: the

15

Law on Electronic Communications, the Law on Payment Systems and Services and the General act on Transparency and publication of information. To sum up, despite their already wide-spread use, mobile payments are projected to take a sharp climb in the near future, which is mostly due to its ease of use and, of course, security. To enhance security even more, users should be better informed about the possibilities of abuse of this new form of technology, as when a mobile device is used for payment, the user becomes more vulnerable, than if the device was only used for making simple phone calls. And it is the users themselves, who can contribute most towards attaining a higher level of security, as, technologically speaking, the system has been proven safe and secure.

9. References:
1. http://www.google.si/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CFAQFjA A&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D 10.1.1.113.1051%26rep%3Drep1%26type%3Dpdf&ei=CD_T5bZCs3asgaG9J3hBg&usg=AFQjCNEcwyZ3x84FTbYtTxk4ZMw4ExKMg&sig2=B07Fhllox20ZBwBW_jQ22A 2. http://ec.europa.eu/internal_market/payments/legislation_en.htm 3. http://www.delo.si/clanek/143694 4. SEPA Slovenija. Dostopno prek:

http://www.sepa.si/sloprenova/sepaprodukti_storitve/e_m%20placila/sepaprodukti%2 0in%20storitve_e_mplacila.htm#Mobilna_ 5. http://www.slideshare.net/CashlogMPay/the-future-of-payments-wwwcashlogcom10560188 6. http://www.readwriteweb.com/archives/mobile_payments_2011.php 7. http://www.simobil.si/sl/services.cp2?cid=AD453184-2EE4-75D8-72BC6B0A166AA7CD&linkid=service 8. http://en.wikipedia.org/wiki/Public_key_certificate 9. http://www.stotka.net/345979/Ra%C4%8Dun-prosim-Pla%C4%8Dal-bom-s-telefonom 10. http://podjetnistvo.finance.si/354906/Mobilno-pla%C4%8Devanje-letos-z-62-odstotnorastjo 11. http://ec.europa.eu/internal_market/payments/fraud/index_en.htm

16

12. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52011DC0941:EN:NOT 13. http://www.dolceta.eu/united-kingdom/Mod2/Introduction-to-e-money.html 14. http://www.waset.org/journals/waset/v47/v47-80.pdf 15. http://people.scs.carleton.ca/~kranakis/Papers/swpp.pdf 16. http://arxiv.org/ftp/arxiv/papers/1111/1111.3010.pdf 17. http://www.vrl-financial-news.com/cards--payments/electronic-paymentsintl/issues/epi-2009/epi268/psb-aims-to-boost-mobile-payme.aspx 18. http://www.nfcworld.com/2011/06/23/38261/danish-mobile-operators-create-nfc-jointventure/ 19. http://www.delo.si/clanek/143694 20. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2011:0941:FIN:EN:HTML 21. http://ec.europa.eu/internal_market/payments/framework/index_en.htm 22. http://ec.europa.eu/internal_market/e-commerce/directive_en.htm 23. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML 24. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML 25. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:267:0007:0017:EN:PDF 26. http://ec.europa.eu/internal_market/payments/cim/index_en.htm 27. http://www.moneta.si/ 28. http://www.tusmobil.si/ 29. http://www.mobitel.si/pomoc-in-nastavitve/tarife.aspx 30. http://www.halcom.si/index.php?section=1 31. http://zakonodaja.gov.si/rpsi/r01/predpis_ZAKO3781.html 32. http://zakonodaja.gov.si/rpsi/r05/predpis_ZAKO5485.html 33. http://zakonodaja.gov.si/rpsi/r08/predpis_DRUG2038.html 34. http://www.competence-site.de/mobile%20payment/list/cns-cut_~any-i 35. http://www.google.si/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CEoQFjA A&url=http%3A%2F%2Fwww.europeanpaymentscouncil.eu%2Fknowledge_bank_do wnload.cfm%3Ffile%3DEPC49209%2520White%2520Paper%2520Mobile%2520Payments%2520version%25202.0% 2520finalrev.pdf&ei=J9__TKKFcfOsgbWtr2sBg&usg=AFQjCNG3PQmUKRx6Rzb6rAGae_F5BBNKzg&sig2=dO 6n06PVsPwXurZNhmApzA

17

36. http://www.europeanmobilepaymentsacceptance.com/en/Home.alej?gclid=CJbw6ullrECFQrN3wodF3qxdg 37. http://www.mobilepaymentsworld.com/ 38. http://ec.europa.eu/internal_market/consultations/2012/card_internet_mobile_paymen ts_en.htm 39. http://inswitch.us/mts.htm?gclid=CNfUkvillrECFUFO3wodjlB1dQ 40. http://www.gfkorange.si/?option=com_gfkorange&Itemid=54&id=453 41. http://www.readwriteweb.com/mobile/2011/05/nfc-in-2011-operator-led-mobilepayments-initiative-isis-changes-strategy.php

18