With the use in Australia of Near Field Communication ( NFC ) technology expected to increase, regulators are turning their attention to the implications of this new technology. The latest effort comes in the form of a discussion paper recently published by the Australian Communications and Media Authority (ACMA) 1 which welcomes further discussion and feedback from interested parties, including in relation to whether regulatory or non-regulatory strategies are better suited to facilitating further innovation and adoption of NFC technology
ACMA is not the only regulator to be interested, which is not unexpected given that NFC is at the crossroads of many (intersecting) regulatory questions, including in relation to telecommunication issues, privacy, consumer protection, security and integrity of payments and competition. This article provides a brief summary of the approaches that regulators in Australia have adopted in relation to this new technology and the practical implications for those planning to commercialise it.
What is NFC and how can it be applied?
NFC is the wireless transfer of electronic data over a short-range through a radio signal from an NFC chip to a receiver (which can include another NFC-enabled device). In effect, it allows a user to wave an NFC-enabled device, such as a smartphone, over another device containing an NFC reader to send information to it. The difference between NFC and earlier systems such as contactless smart cards is that NFC allows two-way communication rather than only one-way communication.
One of the main uses of NFC technologies in Australia so far has been in credit cards embedded with an NFC chip to enable “contactless payments”. However, the next step in NFC implementation is likely to be via smartphones, many of which have in-built NFC technology. In fact, an NFC-enabled smartphone can become more than “just” a mobile payment device. Through the installation of an app, a smartphone can become a fully customisable digital wallet, capable of not only making payments “on the go” but also storing more loyalty/membership cards and discount coupons than a person could (and would) ever retain in a physical wallet.
Digital wallets with NFC capabilities have been developed and launched by Google and Square in the United States and by Osaifu-Keitai in Japan.2 Closer to home, eftpos Australia announced in May this year that it would commence a five-year plan with NFC provider C-Sam to begin mobile payment trials, enabling smartphone users to have a comprehensive mobile wallet to conduct NFC transactions related to payments and other value-added services.3
Several other initiatives have also been announced or are under consideration. For example, Mastercard recently announced the development of MasterPass, a “virtual wallet”;4 Coles is currently testing a Coles MasterCard Mobile Wallet app that enables users to make payments and earn loyalty (Flybuys) points with an NFC phone;5 and in 2011 CommBank launched its “Kaching!” product enabling customers to pay one another via email, Facebook, mobile, iPhone and MasterCard’s Paypass terminals.6
As NFC means that there is an increasing amount of personal and financial digital data capable of being exchanged (and collected) using NFC-enabled phones and other devices, regulators are watching this space closely.
In its recent discussion paper, the ACMA signalled that its interest in NFC proliferation is because of its role in developing industry codes relating to telecommunications activities, with issues around privacy and service standards likely to arise. In its role as spectrum regulator, the ACMA will also likely have a role to play in ensuring that growth in the take-up and use of NFC-enabled services is accommodated in future spectrum demand planning and spectrum interference management. In addition, through its consumer protection role, the ACMA requires active devices (such as readers with an NFC chip at a cash register or mobile phone) to meet the relevant electromagnetic compatibility and emissions standards.7
From a technical perspective, it is relevant to consider feedback that the European Commission received during its 2012 public consultation regarding an integrated European market for card, internet and mobile payments. In relation to payment security, respondents identified contactless proximity payments (where the payer’s authentication was not required to confirm the transaction) to be a point of concern, and most stakeholders referred to the potential vulnerability arising from proximity mobile payments and NFC technology. As to the question of where developments to address security gaps should come from, banks and established card schemes stated that such developments should come from the industry rather than through regulatory actions.8 So far, it appears that a similar approach has been adopted in Australia.
From a payments system perspective, the RBA has recognised that initial NFC applications are likely to operate using traditional account-based products and be processed through traditional card scheme networks. This is likely to be a key factor in the RBA’s current position that there is not an immediate need to impose separate regulatory rules for NFC arrangements. Another factor tending to support this is that mobile NFC payments provide incremental benefits in convenience in Australia and other “advanced economies”, as distinct from filling gaps in financial infrastructure, as has been the case in respect of “developing economies”.9
ASIC has not made any specific announcements about the use of NFC technologies. However, it would likely be interested in NFC applications falling within the definition of a non-cash payment facility. While some new applications may benefit from existing relief,10 in other cases new relief may need to be sought. Furthermore, ASIC may wish to encourage NFC developers to agree to comply with the ePayments Code, to the extent that its provisions apply.
From a consumer protection perspective, depending on whether an NFC application operates as a financial product, either ASIC or the ACCC is likely to want to ensure that consumer rights are protected (particularly given the ACCC’s recent emphasis on protecting consumer rights in an online environment). More generally, although the Office of the Australian Information Commissioner has not issued anything specific in relation to NFC technology, its website recognises that smart cards (credit cards with a chip) and radio-frequency identification tags on goods purchased are examples of technologies that may impact on the handling of personal information.11
Finally, both the ACCC and the RBA will watch closely to see whether developments through NFC technology create opportunities for new entry and increased competition, particularly in respect of the delivery of payment products and services. The ACCC, in particular, will most likely be mindful of the risks associated with new technology standards and the potential for anti-competitive conduct to occur through, for example, the exclusion of new entrants and non-bank payment providers. In that regard, the ACCC might draw on the European Commission’s investigation into the standardisation of e-payments by the European Payments Council (the coordination and decision-making body of the European banking industry for payments).12
NFC has the capacity to transform the way that information is collected and used by companies, and to provide an alternative way of transacting payments. NFC may enable the next “wave” of customer-focussed initiatives to be rolled out by companies to enhance the customer experience and differentiate themselves from the competition. Given the rapid uptake of smartphones in Australia, it is likely that over time, consumers will adopt and adapt to using NFC technology.
So far, regulators in Australia have not appeared to be in a hurry to regulate this space. This creates opportunities for developers and encourages further innovation in relation to this emerging technology. First movers are likely to benefit the most, but all potential developers and users of NFC should “watch this space” as the technology is implemented in even more applications and regulators become increasingly interested in the extent to which they should play a role.