Big Moves in Payments

21 March 2019

Happy First Day of Spring! I don’t know how many people still read this silly blog. I’m in a CEO time warp and just realized I haven’t written anything since NOVEMBER!! This will be a short blog with some random thoughts.

Big moves in Payments this quarter.

  1. Visa, Mastercard, Paypal, Global Payments and others are at ALL TIME HIGHS today.
  2. Worldpay to be acquired by FIS for $43B
  3. First Data to be acquired by Fiserv for $22B (all stock)

What is acquiring?

While investors/Silicon Valley know about Stripe and Adyen, the business of acquiring may be the most overlooked part of payments. As most of you know, the only members of the Visa and Mastercard networks are banks. Issuing banks take care of consumers receiving cards, acquiring banks take care of merchants accepting them.Within the eCommerce world there are gateways (like Adyen, Stripe, Visa/Cybersource, Braintree/Paypal, …et) that provide services to manage card storage, checkout pages, fraud, .. on top of the acquirers.

Per the picture below, the acquirer takes about 50bps from a typical credit transaction and $0.05-0.10 for debit. Picture from US GAO

Acquirers are the closest entity to merchants in the payments world. They have a heavy role in deciding what payments are accepted (example discover card, ChasePay or applePay) how payments are routed, how new payment instruments can be created (example Private Label), and how merchants consumer commercial banking services (ChaseNet, BAMS, Worlpay.. see blog on ChaseNet).

What is the case for Acquirer M&A/Consolidation?

  1. Specialized payment networks (example in Healthcare, Government, eCommerce)
  2. On Us Payments. Both FIS and FISV host core banking for over 5,000 small banks and credit unions
  3. New Global Payment Networks (FIS best positioned here)
  4. Combining issuing and acquiring to create integrated payment platforms (Competing against Adyen, Paypal)
  5. Create a new commerce networks (See blog Transformation of Commercial Networks – Unlocking $2T of Value)

Example

Let me start off with an example. FIS was the payment infrastructure of Citibank’s CGT and Citishare. They ran our technology and allowed us to move money (in real time) across bank accounts globally. FIS provides similar services to government agencies and in healthcare. In the healthcare world they manage the payments between doctors, hospitals and insurance providers ($3.5T market in US). FIS also owns the debit network NYCE, and provides management of core banking services for 3k-5k small banks and credit unions. What is the one entity that they do not serve (substantially)? Yep… merchants.

Worldpay is the largest merchant acquirer (in the world) with a tremendous footprint in “everyday” spend (ie groceries and gas). What new mecrhant value propositions could a combined FIS/WOrldpay deliver? There are so many places.. and the combined group’s new challenge will be deciding where to start. Their best bets should be around “network” and creating a new value equation. This means new services in existing networks or new nodes in existing networks.

Big Picture – Network Transformation

Inefficiency cannot hide. There is a re-alignment of resources guided by consumer behavior, value delivery and information flow. These forces are driving out inefficiencies (both internally and externally). Thus we are in the midst of a massive transformation of networks. Little has changed in Retail, Banking and Commerce in last 150 years beyond Scale Wins. Consumer behavior and new networks are disrupting traditional economies of scale (asset intensive) as well as new information economies of scale.

Effective networks are wonders of business and social interaction that largely re-inforce an existing pattern, product, or social structure. Networks are resilient to as they create value to all those connected… and this value expands as the network grows (network effects). The reinforcing nature of networks has proven effective in insulating participants from being impacted by change and keeping disruptive forces at bay.  Profitable companies are seldomly drawn to models that circumvent them or operate at a different margin/scale (ex innovators dilemma). New networks have reshaped how every entity can both consume and create services; thus resetting the forces that shape the design of a company (ie outsourcing/specialists).

Value in a network is created at the intersection thus value of the network = f( number and type of participants, # of services ) which roughly correlates to the number of intersections. Most of today’s networks focus narrowly on solving a specific problem for a group of similarly situated participants (ex Mastercard, eBay, AT&T, NYSE, …) and creating substantive standards for the participants to follow. The most valuable company in the world (Google) has created an open democratic network of heterogeneous nodes and services that have connected consumers and businesses in new ways. Thus demonstrating that there is more value created in connecting heterogeneous participants than peers. There are 1000s of companies with better data than Google, but with none with overarching network or rules for data exchange (ie principally focused on privacy and control concerns,  not the “how” of  technology transfers of data).  This is the problem my company is focused on.

Traditionally, business networks are UNICORNS. After all, competitors rarely agree on any standard to interact unless there is clear business incentives that lift all (big players) equally (think NASDAQ/Visa), or to the best of their ability. In this traditional world, economies of scale (assets and information) have kept profitability with large participants who themselves have their own networks of suppliers and standards. We are about to see many more Unicorns, as new business networks form that have far greater value (ie Google) from intersections of dis-similar nodes.

This is what FIS and FISV just bet on.

 

Payments and Rocket Science

My Forbes Article Last Week

What We Can Learn From Rocket Science About Closing The Sales-Marketing Loop

Payments plays a key role in trust, not only during the sale.. but also in providing transparency to merchants on marketing effectiveness. Sales is the ultimate report card on what happened.  Using this data in real time can double marketing effectiveness.

While Commerce Signals has taken me away from my Space Analyst stuff (see link), I’m very proud to know that my old team is landing Elon’s rockets (see Wiki).

Token update – TCH + 2 Big Banks and Paypal

I’ve been writing about this token stuff for over 5 yrs. Wow.. This is an update to my June 2013 blog – Tokens: any volunteers ,  SRC- W3C and Tokens and the Trojan Horse.

First my bias.. I may be naive.. but as I stated in Tokens and the Trojan Horse

Visa and Mastercard provide a level playing field for Issuers and Merchants (with few exceptions). Per my blog Payments Civil War, V/MA are a fantastic creation that have experienced profound success (and growth). As I outlined in the Changing Economics of Payments, the beauty of the V/MA model is that it creates incentives for millions of businesses to invest billions of dollars. For investors, the attraction of V/MA is that it is scale free.. with minimal effort required to add volume. While there are MANY more logical ways to deliver payments.. there are none with more profitable incentives for investment.

Tokens are an enormously powerful control point for the payment networks. 9 years ago the banks were working to “build a new Visa” within an initiative launched by The Clearing House. The idea was to create a new scheme that “wrapped” account numbers with another number (token) and avoid network routing (see wrapping). The networks smartly came down and issued clear guidance, if you wrap my card number with another number …. It is still a Mastercard/Visa.

TCH has been seeking a partner for tokenization since Paul Gallant led the 27 bank consortium 8 yrs ago.  Can you imagine the sales pitch (as I reviewed in the Trojan horse) “give me all of your customer information, I will lock it up.. and give you one of my keys for you to access it”. Google, Apple and Amazon have all smartly said no. What is the remaining “big” eCommerce Cards on File (COF) home? You guessed it PayPal.

While I’m not 100% sure about this.. it is the only group left AND two of these banks told me this week “Paypal is the only one that can move merchants effectively”. I was shocked … paypal can move merchants more than Google? They responded “Google has the best technology, but they just can’t sell merchant more than adwords”.. wow.

Thus my best guess is that 2 of the top banks are working with Paypal as the processor/gateway  to move “W3C” in the direction of the TCH tokenization service. The head of the W3C WG wrote me on twitter

Quite frankly my head is spinning. W3C is a browser standard.. how can Paypal get their TCH tokens in? I haven’t figured this out yet, but what I do know is that the complexity is enormous. We have 3 different token services

  • Visa VTS/MA MDES (Apple is primary customer)
  • Google (see Blog) – had no choice but to develop a new custom “standard” by which the encrypted FPAN flows to the merchant acquirer
  • TCH – Paypal + ??

And also multiple new eCom standards

To read what is happening you must therefore take a matrix view.  Obviously Google is moving with their own token service and W3C. Paypal seems to be moving with TCH and W3C.  Apple with network tokenization and ApplePay.

My head is spinning. I must say I did buy Paypal stock this week. I’m just floored that top tier issuers are innovating with Paypal.. focus, partnerships and execution are moving them into the bank friendly category.

Google/Mastercard.. The new Oil or Uranium?

Bloomberg published a thorough article today on Secret Google/MA Deal and how the data is used in attribution (I wrote about this in May of 2017 Payment Data and Google Attribution). Attribution is big business. Most marketers still grapple with the old adage “Half the money I spend on advertising is wasted; the trouble is, I don’t know which half.”. Accurately closing the loop between advertising and incremental sales allows marketers to know what is working and what is not.  As outlined in Bloomberg,

“Beforehand, the company received $5.70 in revenue for every dollar spent on marketing in the ad campaign with Google, according to an iProspect analysis. With the new transaction feature, the return nearly doubled to $10.60”.

The GREAT news is that cards are an instrumental part of helping retailers improve the marketing! The bad news:  inconsistent controls, “leakage” of payment data, concerns over consumer privacy and the raw “power” google and FB have in gaining further “data advantage” over everyone else.  

Summary
  • Attribution and “closing the loop” is a strategic priority for Goog/FB because when you know what’s working, you can optimize spend and double marketing ROI. We have seen the same thing at Commerce Signals as we measure the sales impact of client ads outside of the walled gardens. The economic value created is a tremendous opportunity for banks here.
  • Google has “access” to 70% of US transaction data through Mastercard, 1-2 participating processors, a bank data aggregator, and retailers sending data to Google directly (last week’s blog).  However, there are substantial issues with granting Google/FB ad hoc access to payment data. While there are no doubt agreements associated with access and use, the data owner has given up control and thus placed themselves at unnecssary risk.
  • Commerce Signals provides this same closing the loop service in a way that allows the data owner to maintain full control and protects re-identifcation of private consumer financial information.
  • Trust is the core of both banking and marketing. All parties should be able to report on WHO is using their data and HOW they are using it. This requires transparency (and auditability).
  • Building great consumer experiences take collaboration. Collaboration will be the center of all future payment networks (ex Alipay). Commercial networks are transforming – a process which will unlock $2T in value.  (Small Wins and Transformation of Commercial Networks)
  • Data has been called the “new oil”, I would posit that it is the “new uranium”. While great power can be unleashed by refining it, you must control how it is disseminated and used… or it will everyone will be at risk

Transparency and the 3 Rules of Data

There are 3 basic rules to consider for any party participating in a data exchange

  1. Right to have the data
  2. Right to use the data
  3. Right to share the data

Transparency is critical to creating trust and enabling data. To be clear we have no relationship or business with either Google or Mastercard and I have no knowledge of the precise architecture, my educated guess on the structure is below a purely “hypothetical” design based upon experience.

Mastercard sees transaction data, but has no consumer information tied to it. In other words they only have the Primary Account Number (PAN) and no nothing else about you. Within 4 party networks only issuers have consumer information. V/MA schemes are designed to protect consumer anonymity through to the POS. However, there are agents that can map a consumer to a PAN, either through seeing things like online transactions (where you put your name and PAN to order goods), credit card bureaus, …etc. These entities can help holders of PANs map to an anonymized ID.  These anonymized IDs in payments are also held by advertisers. Each party has a “unique” anonymized ID and can’t coordinate with each other without the “key pair translator”

DATA “COLLABORATION” WITH WALLED GARDENS

Google and FB. The issues in making payment data work with Google and FB are the data rules set by Google and FB: they do not let data leave their control (ex media exposure files).  Thus data must go INTO GOOGLE. The 3-4 yrs of delay in MA/Google operation would likely be surrounding where the Google Data and MA data would collectively reside. Google is in a place to financially take risk on this, and my guess is that payment partners (like MA) have agreed to a “white room” where their payment data resides which can be accessed in a controlled/structured manner by Google.

Consumer information leaving Mastercard:  Contractually none as they probably maintain “ownership” of the neutral white room (perhaps a separate legal entity). There are also likely controls placed upon the structure of analysis (example cohorts must be greater than 50 matched consumer records) within an operating agreement.

Issues: Google has ad hoc access to payment data within a set of rules. My rule #3 (right to “share” the data) may be broken here as permissions must be granted by either:  the consumer, merchant, or issuer (depending on data).  Standard questions anyone should ask on this architecture:

  • Who created the operating agreement?
  • Who granted the permissions?
  • Who is managing the controls?
  • What auditability is granted to the impacted parties?
  • Who bears the risk of breach?

Banks and Merchants (the advertisers) must be able to clearly communicate: who used their data for what purpose? For example, while there may be aggregated data controls, what if Google asked the same question for a group of 50 buyers of Joe’s sporting goods, and then changed the cohort by 1 person (Tom). They would know what I bought during the time period.

Federated Data = Controlled Use

At Commerce Signals we do not have any payment data inhouse. We recognized that for data to be controlled it must stay within the premises of the owner, it can only be released if you understand both WHO is requesting the data and HOW it will be used. All data exchanges are tracked and operate within defined terms and agreements. If agreements stop, so does the data flow.  We ask our financial partners a question that like this:

For this group of 1M consumers. What was the total spend of this group during the period before the advertisement and what was the total spend of this group during the media period

Consumer level information leaving financial partner: None. Just the aggregate spend of the group of the 1M. As a neutral party we hold no consumer level payment data, or ad exposure data. We provide all parties with transparent view of both USE and permissions. The only way to make TRUST operaterative in networks is to have a neutral party.

In our Joe’s sporting goods example (above), Commerce Signals monitors ID velocity, and takes actions based upon the direction of the data owner. We work as  the neutral traffic cop that enforces rules of all parties. We enable quality data to play with transparency. For example, we recognize that ID partners must be able to have clarity into how their information was used (example PAN to ID mapping). While ID agents may permission a mapping for the purpose of aggregate measurement, they may choose to defer on others. Enabling ID partners to permission use improves the market for deterministic ID providers (vs probabilistic). Tracking use also allows Commerce Signals to manage opt outs across multiple partners and ID providers consistently.

Data has been called the “new oil”. I would say it is rather the “new uranium”. While great power can be unleashed by refining it, you must control how it is disseminated and used… or everyone will be at risk. This is our business at Commerce Signals.

Industry recommendations:

  • Quality data can only play where there is transparency and control.
  • Retailers should view measurement and optimization as a core IN HOUSE responsibility. Card Networks and merchant processors are great partners to accomplish this with no work on your side. You can enable the same optimization described in the Bloomberg article across all of your marketing.
  • Google and FB must recognize that payment data is of greater sensitivity than ad exposure data. While 3rd party data partners have been curtailed, 1st party data is greatly accelerating. I believe consumers will be shocked to find out that their real time purchase information is made available to Google and FB. While there is an immediate media effectiveness impact in turning this on, there are better ways to accomplish it.   
  • Retailers should recognize the double edge sword of data sharing with Google. While it does improve marketing results, and they can write very big checks, it also leaks consumer preferences. 
  • We are at a Data Tipping Point (blog) where all parties must be accountable for HOW data plays with WHOM for WHAT use.  Create a mission control for all of your data interactions. Who is using your data today?  It is your data, and it must operate under your rules (more here)
  • Banks… must work to ensure transparency of data use, and that the actors participating abide by the rules (see my Bank Recommendations)

Payment Data.. Banks are NOT the problem

Loss of Anonymity in Payments and the threats to Banking, Retail and Consumers

Compelling WSJ article yesterday on Facebook and Bank data. This article doesn’t begin to touch the extent of the problem. When it comes to data, there 2 very very distinct camps. Those that care about consumer data and their role in managing it, and those that don’t. 

Banks and payment networks care and are “squeaky clean” compared to the rampant data sharing going on within marketing (retailers directly to the big ad publishers). While Cambridge Analytica brought about changes to 3rd party data sharing the entire ad industry has DRAMATICALLY increased direct first party data sharing. In other words many large retailers are sending their real time SKU level purchase data (for all customers) directly into the big Ad Platforms.

  1. Google Offline Conversions API
  2. Facebook Offline Conversion API
  3. Agency Example
  4. Gartner CDP Magic Quadrant

What enables retailers to identify consumers and send this data to Ad Platforms? Historically, only retailers with loyalty card schemes could do this, but recently Payment cards have transformed to become the virtual loyalty card used to accurately identify consumers (without Bank/Network permission). This is shocking, as Payment cards have a solid track record for protecting consumer identity (ie anonymity in payment), with payment anonymity a core “feature”. Within the 4 party network schemes only issuers could identify the consumer, enabling issuing Banks maintain the critical role of Identity broker (see blog). As former banker this makes my head spin, as the Payment Card Industry (PCI) has invested BILLIONS to protect transaction data.. Only to have it pour out from a hole.

Example

Today, when a consumer uses their V/MA card to purchase the retailer creates an “anonymized ID” and stores the transaction set internally (at ~50% of the top 10 retailers) with the entire inventory of items purchased. There are few rule or privacy issues here (IMHO), as general trends and loyalty are measured.  However, retailers are voluntarily sending this transaction data (mapped to consumer ID not PAN) directly to the big Ad Platforms. The ad platforms then map this activity to the “anonymized ID” customer behavior it maintains (ex preference for soccer and CNN.com). Issues with this model:

  • Replacing the PAN with another Anonymized ID SHOULD NOT cause it to run under a different “rule set”. If ANY card information was used in the mapping, it should run under network rules
  • Neither the issuers, the networks nor the consumers have permissioned this data sharing.
  • Banks will never have a data business if data plays in this way
  • Retailers are giving away enormous consumer insight and strengthening the pricing power of Google/FB
  • The value of the “raw data” will diminish. Once reliable predictive models and preferences are established (ex Tennis player that likes Lacoste) I no longer need the raw data
  • Data is the “new uranium” we must work to control dissemination or it will destroy those touching it.

Obviously data is following the path of least resistance to centralization points that can act on it efficiently (covered in my blog Equifax, FB and Dangers of Data Centralization). However the ABILITY to act on data is different than the rules which data should act within. Transaction data was developed with VERY thoughtful rules and controls. For example, when a party submits a transaction or request the counterparty is known as is the legal agreement under which the “transaction” operates. Trust developed as a result. Trusted data must be managed.

Russ Schrader (Commerce Signals GC/CPO and Executive Director of the National Cyber Security Alliance) put together these 3 simple rules of thumb when thinking about data use:

  • Right to have the data
  • Right to use the data
  • Right to share the data

To be clear my goal is NOT to create a government imposed GDPR in the US. Rather I want Banks and Retailers to have a data business, and create great new consumer experiences.

Yes I have a bias here, it is what I built my company around (see Federated Data®). Data centralization is the v1.0 architecture of data science. Sure you can learn great things if all the data is mashed together but the value of data is based upon use. If you can’t control use… you can’t control the unique value that is unlocked (or the rights) within a given use.

Bank/Network Actions

Let me be clear.. banks must have a role in data! The economics of payments are changing. Banks must protect their ability to deliver value beyond the transaction. Banking is a commerce function and Alipay has shown what the future holds for “commerce orchestrators” .. payments allow them to become banking orchestrators as well (see WSJ and Ant Financial).  There are both offensive and defensive actions that must be taken. 

  1. Defense. Change the rules to protect your data ensure every party “in the network” is operating on your data with permissions. Your data is playing in the market today.. and you don’t even know it. Banks have permissioned and distributed their data to marketing, loyalty, and shared market insight vendors. While individual transaction data may not be distributed by your partners, consumer level models are built and shared (see Banks as a Data Business). Typical network rules allow for merchants to use card information for the purpose of “loyalty and marketing” these rules need to be tightened up as the rights to share this data with many parties was never part of the original intent.
  2. Retailers are not big enough to force change within the ad world. You are..  Ensure that all data operates within the simple rules above.
  3. Banks must collaborate in data. As a top 3 bank told me “… we have learned some very hard lessons in data, no one bank is big enough to go it alone. What we should have remembered is the success with V/MA. Even though we compete with [Banks] a common network allowed millions of businesses and consumers to work with us consistently….” and another “ The real threat to banks is the Alipay. We need a common data network with common rules. Banks have a role to play in creating great consumer experiences however there are only a very few of them we are poised to lead”.  
  4. Take on the roles of transparency and consumer champion.
Retailer Actions

Retailers have a right to payment data. While big data can create great new insights if we centralized and analyzed all conversations, there is a downside. Digitally, every interaction you have with a consumer is a conversation. Brands must manage who gets to take part in these conversations and build insight from them. If your downstream data “partners” mis-use your data your customers will go to Amazon (which doesn’t share data with Google and FB).  You must create great consumer experiences, but you must balance against consumer privacy and your rights to the data.

  1. Maintain control of your data supply chain. Both WHO is using your data and HOW it is being used. Create a mission control that allows you to see what data is shared with Whom, for which Use under which legal agreement (a shameless plug for our service)
  2. Rather than sending out raw transactional data that improves pricing leverage of Goog/FB build a CDP and enable your own targeting. Make partners bring their insights to you, or ask you to append a propensity score for a specific campaign.. not raw data for all of your customers. This is what Commerce Signals enables. 
  3. Hold all marketing partners accountable to performance against a common benchmark. This does not mean a measuring against a panel of 8M location based “presence” participants. But leverage your transaction data to measure performance consistently. This means Google and FB must be measured against your metrics.. Not report their own. Mark Pritchard of P&G is the most vocal advocate of this approach

For more information, please see my previous blogs

Paypal is on a TEAR.. iZettle and hyperWALLET

Note: I’m not subjective on this one as I’m both an investor and former BOD member of hyperWallet. Of course I’m biased on all of my others too.. but just don’t have much of a financial stake.

Paypal has been on a tear in 2018, and is the leading payment stock performer in last 12 months – up over 60%. Continue reading “Paypal is on a TEAR.. iZettle and hyperWALLET”

Data Tipping Point.. Good things will happen

Recent issues with Facebook, Equifax, GDPR compliance, … have brought us to a tipping point in data. The basic structure of how data is: permissioned, shared, used, accumulated, analyzed, sold, regulated, … must change. Google and FB operate in a Big Data 1.0 architecture powered by the “virtuous cycle”. Edward Snowden showed us how the NSA also acts in this centralized model as a data vacuum (not so virtuously). Literature and entertainment have created broad awareness of the dangers of centralization and loss of privacy: 1984, the Borg, The Circle, Black Mirror, … etc.   Continue reading “Data Tipping Point.. Good things will happen”

Tokens and the Trojan Horse

I can’t believe I’ve been writing about this stuff for almost 10 yrs. If any of you have suffered through my 20 blogs (on tokens) I certainly don’t want to rehash anything.. just bring everyone up to speed on what I see as major issues on the horizon for V/MA, Issuers and Merchants.trojan-horse-small

Headline: Visa and Mastercard have made it easy for millions of businesses and billions of consumers to work together consistently. V/MA are a thing of beauty, creating incentives for multiple parties to invest in payments (and grow network). Continue reading “Tokens and the Trojan Horse”

Banks as a Data Business – Example Amex Advance/Acxiom

Traditionally the core of bank margin is in risk management. The core of risk management is data.. thus Banks have been the among the best data businesses (as IBM knows). Banks “learn” about their customers through bank interaction: payroll, card transactions, lending. This has helped banks make better risk decisions (both credit and fraud/identity). Within the bank data cycle the traditional use of data is for an internal benefit: risk and cross sale of the bank’s products and services (not that of consumers or merchants).  However the “virtuous cycle of banking data” is very different from that enjoyed by Amazon and Google, both in the scale and type of data and consumer facing use.  Continue reading “Banks as a Data Business – Example Amex Advance/Acxiom”