United Kingdom


  • Service: Advisory, Risk Consulting
  • Type: Business and industry issue
  • Date: 11/02/2013

M-commerce: revolution, risk management and reward 

Mobile Commerce

Mobile commerce isn’t just about influencing a consumer at the point of sale: it brings the point of sale to the consumer. It’s a business revolution –  and one which has already started. 58%of companies around the world in financial services, technology, telecoms and retail already have a mobile payments strategy. Half of those  already sell via mobile devices.[1]


The proportion of consumers worldwide buying goods and services via a mobile device soared from 10% in 2008 to 28% in 2010. The surge is led by the fastest-growing economies, with figures rising to 44% in China and 38% in India  American mobile payments already totalled around $100 billion last year. New devices already coming into use (such as m-wallets holding electronic money and transaction data) will ensure rapid growth in the scale and reach of m-commerce.[2] 


Handheld devices – smartphones, palm pilots, slates – mean more than not queuing for the till; it means not waiting until you get to a PC either. You can browse, compare prices, and buy from the street, on the train, from the car. The quantum leap in convenience easily matches that of home computing or broadband and will drive business into new channels.


Promotions can literally follow the consumers anywhere, with alerts tailored to individual preferences. Almost 60% say they would be willing to allow their online usage and personal profile to be tracked, provided this leads to lower costs and more tailored services (National Retail Federation).


The potential for customer feedback and relationship building is obvious, and enormous. Take shoppers: they can be contacted as they leave a store and asked to rate any aspect from layout and choice to service. It’s literally a ‘push-button’ affair.


Brand awareness will grow, customer relationships will be managed more dynamically, faster and more closely targeted product changes will occur.


Risk management is key – not merely to avoid danger but to attain success. Companies face a choice: whether to make essentially technical adaptations, or to take a holistic view of risk for the entire business. The various ‘m-risks’ can be grouped into four main challenges:


1. Business Models

2. Security

3. Technology

4. Regulation



1.     Business Models: Clash or Collaborate?


Industry lines are already blurring. Take the Vodafone-backed experiment in Kenya, where employers are paying wages to smart phones rather than to banks, with customers using them for money transfers (Mobile Industry Review). Manufacturers, like Procter & Gamble, are now selling products direct to the consumer (Financial Times).


Yet the revolution can drive sectors together too. Its promise of convenience to the consumer – ‘three clicks and you’re there’ – can often be best realised through collaboration.


Businesses need new skills to deliver goods and services via mobile devices: some will have far more experience of direct selling and global markets, others of technology and IT security. Leveraging the right kinds of experience required for m-commerce is already leading to joint ventures and will sometimes involve partnering with potential rivals from other sectors.


Nor do supply chain relationships need to be jeopardised. Some big firms are refusing to antagonise retailers, choosing instead to devise new online-only products, sold via separate websites.


Compete or collaborate? In what areas? With whom? These are challenging choices demanding a global, multi-sectoral perspective.


2.     Security: Higher Walls or Defence-in-Depth?


'92% of Information Security Officers believe mobile commerce will drive an increase in e-crime'. [3]


Current security measures risk being overwhelmed unless corporate thinking keeps pace with m-technology. Bigger doses of existing policies won’t do.


Existing control frameworks provide an illusion of assurance. Their focus is on catching errors, frauds, and data breaches after they have happened. And there is still too much reliance on manual controls.


Security in the m-commerce era will be more highly automated, backed by more sophisticated tools to support employee compliance and decision-making. Data will be more precisely classified according to the level of protection it requires. Data analytics will move centre stage in order to spot fraud trends. Security awareness will need to penetrate all aspects of a company’s business.


3.     Technology: Leading Edge or Bleeding Edge?


M-commerce demands vital technology choices. For instance, compare the approaches of using a mobile device either as a dumb terminal to view web delivered content (like internet banking from home PCs), or to deliver secure apps to the device and defend them from threats on the system, (such as Good for Enterprise for mobile email) or to build a chain of trust from secure, tamper proof hardware or the SIM? Each has its own benefits, risks and customer appeal.


And will the solution be channel independent and solved at the server end? Will the telco provider deliver a service? Will the solution be in the OS, or as an app, or in the handset hardware, or will it use the anti-tamper within the SIM? How will payment services like Visa and Mastercard fit into the new eco system? And what are the pros and cons of mWallets and mPayments services compared to good old cash or cheques?


Finally, who can you trust to help you? Will they come selling a package, or help you choose from a range of options, tailored according to your needs?


4.     Regulation: Wait or Anticipate?


M-commerce is already caught in the web of law and regulation. Its transnational character makes it easy for companies (RC) to fall foul of measures like the EU’s Distance Selling Directive, as well as national rules like British advertising standards. Detailed and timely counsel on the legal regimes in individual markets, and the connections between them, will be required.


Governments will in due course get together and devise specific regulations for this new form of business. To take one example, we may well see manufacturers facing the same pressures as banks as they facilitate and finance mobile payments. But business has a choice: to wait for external action, or to start policing itself, setting a framework for subsequent national and international rule-making.


M-commerce poses real challenges and offers immense opportunities. The revolution is progressing at an accelerating pace so the question is not whether to join in, but how, and how much. Impartial, expert, across-the board guidance will be crucial to success.

[1]2011 KPMG Mobile Payments Outlook, a global survey of nearly 1,000 executives

[2]2011 KPMG Mobile Payments Outlook, a global survey of nearly 1,000 executives

[3] Re-imagining Information Risks Today: Embrace or Deny? KPMG, 2011



Share this

Share this


Gerry Penfold

Gerry Penfold


KPMG in the UK

+44 (0) 7802 608 549