Softcard to Google?

17 Janisischoice

As I tweeted Monday, it is now in mainstream press (See today’s WSJ). This has been a very poorly kept secret, as the team at ISIS talks up its suitors.. I found out from a retailer. (BTW I did not return the calls of the WSJ for this article)

My very first blog in 2009 was on ISIS (project mercury back then).Did you know Softcard started as a joint venture between GE, Walmart and ATT!?  Selecting Discover and Barclays as the primary network/issuer to deliver value to retailers (Dekkers was lead at Barclays now CEO of MCX, Abbott was lead at GE now CEO of Softcard). There wasn’t much of a business case for the MNOs (50bps Discover card) so they brought in the mainstream networks, and realized that there still wasn’t a value proposition.. and started charging BANKS $1M a pop for the RIGHT to have their cards in the wallet (leaving 3 willing issuers today). Walmart left after the MNOs moved away from DFS/Barclays (and began planning MCX).

Hard to believe change can happen so quickly.  Just 4 years ago, the carriers wanted $3-4 Billion for the “rights” to NFC, now ISIS is going for around $60M. A price that more closely aligns the real value of NFC in an Apple, Token and Android HCE world.

SOOO many lessons learned, so many funny stories.  How could any company drive enough revenue to support a 12 party supply chain in payments (see blog)? See my “value prop” slide from 2009. Do you see anything that didn’t quite pan out? The WHOLE thing!!Mercury Value Proposition

I’m working on my 2015 predictions, one will be that we have come to a tipping point of … wait for it… COLLABORATION. Yes big companies WORKING with one another. Too much capital has been burned trying to go it alone. No one company can compete against Apple, Google, Amazon… Of course I’m betting on this with CommerceSignals

Look at the Google deal for Softcard (if rumors are true) as Google working to create a starting point for collaboration in payments. I don’t know if softcard is that right vehicle for that.. If Google is buyer, they will throw all of the technology away in days after acquisition.. I have some other very firm views here on why this all makes sense.. but don’t want to share now until deal is finalized.

Here are a few of my old blogs..

ISIS Platform: Ecosystem or Desert

Battle of the Cloud – Part 2

ISIS National Launch

NFC – ISIS has 12 months… (Oct 2011.. I was wrong by 24 months)

ISIS: Antonym of Nimble?

Software Secure Element – HCE Breaks the MNO NFC Lock

NFC and Consumer Choice



Structural Changes in Payments

2 January 2015

Today’s blog is focused on discussing the structural changes influencing consumer retail payments in the US. For those interested in looking at a broader global view of all payments, I highly recommend reading the Cap Gemini World Payments Report ( .

Payment Value - highlighted

Payments have been a focus of mine for 20 or so years… it is perhaps the MOST interesting of all network businesses. Payment is a critical part of commerce and a product of it. It is the event in which almost every commercial contract is based upon. Payments can be simple (cash), complex (bitcoin), and political (interchange, rules). Payment efficacy, reliability and data are important to: consumers, merchants, banks, governments and economies.

Globally, electronic payments are still in their infancy, which makes investing in it so much more exciting. For example, over 90% of the global electronic transactions occur in the top 10 markets (representing less than 10% of the world’s population).  This would seem to point to a future where electronic payments (and the banking/commerce they represent) are poised to grow geometrically as the number of nodes grow. There is a chicken and egg argument here.. are payments the result of strong economic environments or are they the enabler? Perhaps a bit of both, but finding markets where they are growing (ie Brazil, Peru, Philippines, Kenya, … ) are worth exploring (Democratizing Access to Capital – see blog).

Not only are payments poised for exciting growth, there are also tremendous forces driving change within existing systems and networks. Investors must consider these structural changes impacting existing players across the entire value chain.

In its simplest form, payments are a brokering business which manages value exchange between two entities engaged in commerce. Logically, a broker must be removed from the transaction to maintain the trust of both parties, and deliver value through managing the financial risk associated with the transaction. My view is that Card issuing banks, have lost the neutrality of their “brokering” role by creating a card rewards system that incents card use (paid by the merchant). However, this ideal “neutral” world is NOT the nirvana that we should seek, as no one would invest and we would be stuck with cash (and SEPA in the EU .. see blog).

Complexity in payments is driven by the quest for control and margin of the various participants, not by necessity. This is what makes understanding payments so hard…. most of the changes are not logical, but political. The friction (inefficiencies and illogical design) in payments is what makes them work. As I’ve stated before, no engineer would design a payment system to operate the way we do today (see Push Payments). Thus there is beauty in this chaos! The V/MA model created incentives for 1000s of banks to invest in payments, and I doubt if we will ever see any other companies that could repeat this feat (thus my V/MA personal investments).

What changes are likely to impact the world’s oldest profession in the next 10 years? My list (in order of impact)

  1. Risk and Identity
  2. Data/Commerce Value
  3. Consumer Behavior/Trust/Acceptance
  4. Issuance/Customer Acquisition/HCE
  5. Regulatory/Rates/Rules (Fees)
  6. Mobile/Payment in the OS

#1 Risk and Identity: Authentication and Authorization

How would you authenticate someone’s identity? Best practice is to validate a combination of what you are (biometric, image, DNA), with something you have (mobile, token, OTP FOB, …) and something you know (shared secret). Apple’s new iPhone 6 is the first major consumer device that can manage all 3 securely. It is truly revolutionary.  The ability to authenticate a consumer eliminates fraud risk, and thus impacts both Account Opening and Transaction Authorization.  Both of these services in turn impact the “core” banking relationship (see Future of Retail Banking).. How do consumers choose a bank? A credit card? What is the value proposition?PIN Fraud Rate 2013 Value

Before there is payment there must be an account in which to pay from. The key to opening an account is identity (Regulatory KYC or Know Your Customer). Account Opening has been automated (and online) for over 10 years. In 2004, my team at Wachovia was the first in the world to introduce instant account opening (online) for deposit accounts (Credit Cards were just 2 years ahead of us..). 10 years ago I used products like Equifax accountChex or EWS AOA (Validating questions based on prior financial history and credit bureau data), today could I use Apple!?

Identity and authentication is changing rapidly, and if the first two paragraphs were not already enough to ponder on this topic, we must mention Bitcoin. As opposed to authenticating the person to give access to funds and services, bitcoin authenticates itself enabling the holder to be anonymous. It is a self authenticating instrument.. imagine a dollar bill that can tell you it is genuine with 100% accuracy.  Self authenticating instruments exist independently of the holder and are a store of value (ie, Gold, Bitcoin, …etc). Normally there was physical presence required to exchange self authenticating instruments (exchanging gold), bitcoin changed all of that. A virtual self authenticating instrument that can be exchanged remotely and cannot be tracked (easily). Whereas payments are instructions move money (value) from one bank (store of value) to another, a bitcoin exchange is value exchange (not instructions). bitcoinhow-100032615-orig

The power of bitcoin to disrupt payments, companies, government, economies, .. cannot be understated.  How could any central bank manage money supply in this model? How can you tax something that cannot be tracked? The growth challenge for bitcoin is in “connecting” to other payment networks and regulated entities (ie cash out).  Unfortunately the entities which benefit the most from bitcoin are those that seek anonymity… which of course impacts the willingness of mainstream (regulated) institutions to accept it.

Fraud and Risk

As you can see from picture above “risk” in payments has several components: credit risk, settlement risk, fraud risk, regulatory/AML risk, … etc. Fraud risk is the area in the most flux, both WHO owns the risk and HOW it is managed. In the US Card Not Present transactions follow the pattern of ACH and Checks in that the originator of the transaction bears the risk of loss. In a retail transaction, that is the merchant. applepayinapps

Risk and fraud management were historically the key areas where banks excelled and differentiated (big banks have multi billion dollar investments), but the merchants and platforms have now passed banks in their ability to manage it. This mobile authentication advancement had rendered the multi billion dollar bank risk investments moot (for mobile initiated payments).  Proof is in the picture above (see Federal Reserve 2013 Payment Study), all fraud has fallen tremendously! Both for Card Present, Card Not Present and even for Checks. Why? As the former EVP of a Kleiner Perkins backed Fraud Prevention company I’m not going to give you all the details, but suffice to say that identity plays a key role. Paypal, Amazon, Google, Apple all have fraud rates under 8bps, some have the around 3bps.  These numbers will get better for Apple and Google as mcommerce starts to take an ever larger share of eCommerce (see my previous blog) and they bake in biometrics into mobile payments.

A key point that investors must understand here is that the large CNP merchants have gotten so good at managing fraud, that they could care less about a liability shift. What they want is a rate reduction (risk based pricing).  After all, if you could manage fraud at a rate of 3-8bps.. what work is the bank doing to justify taking 240 for payments? The Paypal investors read this and say “ahh.. Apple and Google want to become Paypal”.. No they don’t! while Apple/Google COULD assume all the functions of Paypal, their role as commerce orchestrators is of FAR greater value. In this role you must not force a consumer to a merchant, a good, or a payment instrument. “Let the consumer decide” is the common mantra across the Google, Apple, Amazon.

The investor impact is complex. Large merchants have proven ability to manage fraud and risk, and want the consumer to choose the payment instrument of their choice. Banks ability to differentiate in managing risk is greatly reduced, and the cost of issuance/acquisition is dropping to 0. Banks have proven incompetent at creating a Visa/MA replacement. What are the levers in negotiation? How will merchants negotiate a lower rate?

The path in Europe, Australia and the US (Durbin/Debit) has been driven by regulation. No one likes having regulators define the rules, but my investment hypothesis is that there will be a very large TILT of Visa/MA toward the merchant. This will address the both regulatory pressure, and open up new revenue streams surrounding data (below). This tilt means moving rates in the direction that retailers want, creating new rate tiers where risk and identity can be managed by the merchant/platform. Remember Apple is getting 25 bps for their service, the next logical move would be make this same “discount” available to anyone that can drive down risk. Personal-Data-Ecosystem-Diagram-from-FTC-Roundtable

From an identity perspective, Google and Apple have authentication as the CORE feature of their mobile platforms.. it is key to everything they do in mobile. See my blogs on Brokering Identity Authentication in Value Nets, and Authentication – Key Battle for Monetizing Mobile for more here.

#2 Data and Commerce Value

The comments below are largely taken from my blog Banks, Non-Banks and Commerce Networks. As a side note, this is the focus of my new Company: CommerceSignals. We are working with the Fortune 50 to serve as the neutral broker, one layer above the network, supporting companies working together offline and in mobile.

Today, every issuer and card network is chasing after American Express and Alliance Data Systems. Both ADS and Amex have made SUBSTANTIAL progress in working with merchants to deliver new value to consumers. AMEX and ADS have the benefit of working in a 3 party model where they own both the merchant and the consumer relationship.  As I’ve stated before, I believe these 2 companies are 3-5 years ahead of everyone else. Is this data stuff delivering any revenue? Market Size AdvertisingFor ADS the answer is a resounding yes, for Amex the benefits seem to be less direct and more on customer loyalty/spend/engagement. See my blog on Amex Innovation Leader for more details.

Think about the battle in connecting networks, as each of us have limited resources we can connect only to a finite set of “hubs” (unless there is some larger orchestrator). Examples are Wikipedia and Google… these serve as the directories of information. It is almost IMPOSSIBLE to displace an efficient hub. This is why I love Visa, MA and Amex. If they can shake the issuer “tilt”.. and add a few merchant friendly services, they could leverage their networks in many new ways. The revenue opportunity? Payments in the US is roughly a $200B business (issuers, acquires, processors, networks), whereas marketing is $750B (in US).Infographic_Showrooming-lg

Payments work well, but so did the Sony Walkman. The bets that Google, Apple, Amazon, Facebook and others are making is on value orchestration. Does this involve payment? Not really.. at least not as a primary focus.. Payment is there.. but orchestration is about commerce; payment is just one of many important processes (See blog Payment in the OS).  Don’t look at payments as something in isolation, payments are the “connections” made in commerce; they are made for a purpose. Visa and MA also have the potential to expand their “traditional network”, but this must involve a separate agreement with separate rules.

Payments = Network

Here is my network view. Payments are the connections of the GDP. If we were to map payment flows, we would unlock a map of the global GDP at the micro level, from employment to shopping, behavior and preferences, to demand and supply. Free information flow on the internet is enabled through openness and a single primary protocol, whereas payments operate within 100s of proprietary networks with a complex series of clusters and “switches” (there is effort in connecting, authenticating and managing risk). Just as it would be nearly impossible to change the protocol for the internet, it would be difficult to bring fundamental change in payments (see Rewiring commerce).  Now think about the value of payment data. Connecting business is much different than connecting information (the core of CommerceSignals.. but I digress).

From a network strategy perspective, the business opportunity of changing “payments” pales in comparison to the opportunity to influence connections in commerce, banking and manufacturing. Payments support business and consumer needs; they do not alter their path. This insight is the downfall of bank payment strategies around “control”, and their inability to “tilt” toward merchant friendly value propositions.

A top 5 retailer provided my favorite commerce quote

“I think of Commerce as a highway, the payment networks are like a toll bridge. I don’t mind paying them $0.25 to cross the bridge, but they want to see what is in my truck and take 2-3% of what is inside. Hence I’m looking for another bridge… “

ADS, Amex, Google, Amazon, Facebook, Alibaba, V, MA all understand this. Rather than charging toll for crossing their bridge, these networks are beginning to execute against plans to grow the size of the goods in the merchant’s truck.

Existing networks have an existing value proposition, and many don’t like to have their services leveraged by competitors, thus there is a much more highly “regulated” flow of information. Intelligent use of data increases the effectiveness of networks in a way that also benefits consumers. Tilting more toward merchants and consumers.. means tilting away from banks. This is VERY hard for a bank to initiate. It is a change worth making however, as assisting merchants (or consumers) is what brokering is about. My firm belief is that both V and MA have the opportunity to grow Revenue 4x+ in the next 5-10 years. Their principal challenge is to “tilt” their models away from Banks and toward the 2 parties that matter most in commerce: Merchants and Consumers.

#3 Consumer Behavior/Trust/Acceptance

Perhaps nothing matters more in business than consumer behavior (see Consumer Behavior: Discerning and Capturing Value). In payments we learn over and over again that behavior changes slowly in 20 year cycles (Checks, Debit Cards, ATMs, Mobile). Any investor looking for payment innovation should run away unless there is some underlyibranch visitsng commerce value proposition. Payments work REALLY well its everything else that is broken (in OECD 20 countries)…. Among Payment innovators/founders there is a common saying.. you only start ONE payment company.

It is easiest to find the hotspots in payment by looking first for the changes in consumer behavior. For example, the tremendous change in how consumer’s are using their phones, as I outlined earlier this week in eCommerce/mCommerce Convergence.  The banking relationship is also changing, as customers visit branches less than 3 times per year, and the billions spent on huge buildings, huge vaults, sports sponsorships and brand names gives way to value.

Brand reputations for 2014 just came out last week (see Venture Beat), with Amazon, Apple, Google topping the list. How did these companies earn this reputation? Through consbank likabilityistent daily interaction delivering value in every interaction. Value delivery and interaction are my key metrics for assessing investment and focus; both are key measures of consumer behavior and trust. There are many strategies: whereas Google engages with the average consumer 10-50 times per day (winning in frequency and insight), Amazon has a lower interaction but a much greater impact on transaction (value delivery), Apple’s interaction is more holistic within a much more affluent base, Facebook’s is more social.

If I were to outline one KEY point to my bank friends it is this: you can’t reach consumers where you want them to be.. you must reach them where they are. This is the essence of why most bank strategies to engage are failing. Consumers choose to go to Google, Apple, Amazon because of the value and service. As the charts above show, most banks are challenged to deliver value within the core banking products they already delivery, why would any customer want to use a new service in this environment. Thus Bank’s efforts are ill suited to drive a deliver products outside of their core, and outside of existing consumer behavior, banks play a role in SUPPORTING commerce.. not leading it (see Card Linked Offers).Measure Data

Apple is the greatest company in the world in delivering value, experience and changing consumer behavior (see blog Apple and Physical Commerce, and Consumer Behavior). Apple’s reputation is well deserved and earned “the hard way” by remaking: phones, music, mice, computers, apps, …etc.  Through consistent delivery of value within fantastic hardware delivering great (and fun) consumer experiences they earned trust for their products and brand. The greatest NEW opportunity for Apple to influence consumers beyond the individual (music/contacts/calendar) and eCommerce (browser, apps) to the real world: Commerce.

Unfortunately Apple is inept at partnerships, even within its own supply chain. While apple has the talent to accomplish this, their commerce, payment and ad teams are buried within a hardware culture. They will only succeed if they are spun off into a separate division, thus my view is that there is a very low probability of Apple acting in an orchestration role across 1000s of Banks, millions of retailers and billions of consumers. If they did move, it my recommendation (and guess) is that it would be a consumer centric orchestration role as I outlined in Brokering Identity.

One technology (and behavior) I’m keeping an eye on is Beacons and mobile use in store (engagement). Qualcomm Retail Systems spun off the IP around Beacons to Gimbal with Qualcom and Apple both rumored to have 30-40% of the equity. Today Retailers are the entity best positioned to change consumer instore activity for 2 reasons: they alone know consumer product preferences, and they physically touch the consumer (trust, value, presence). See Retailers as Publishers , and Apple iBeacon Experience for more detail.greendot

#4 Issuance/Customer Acquisition/HCE

Now this is a mixed bag of topics. What is fundamentally changing in card issuance? Most of you know I ran remote channels at both Citi (06-07) and Wachovia (02-06). Today, most new customer bank accounts are originated online as branch visits go down and direct mail (the old way) even directs the consumer to this “instant” channel.

Historically I had to spend about $150 in marketing for every new card customer, and around $80 for every new deposit customer. Banks still incur roughly these same costs, but prepaid cards have an acquiring cost of less than a tenth of this cost (See Future of Retail Banking: Prepaid). In this pre-paid model banking products sit on a shelf in a retailer and compete for customers just like shampoo and candy bars.

I would challenge all card participants to think about the credit card product… what delivers value? what about it is unique? how do consumers view it? how is it part of a great consumer experience? When you leave Disney World do you think wow.. buying the ticket with my card was just fantastic? How are new customers acquired? Who benefits when cost of issuance is $0? Is charging the average consumer 12-16% on a card, paying them 0.2% on their savings charging merchant 2% a great model?  Do you think that there is room for improvement? Where do retailers win (ADS, Private Label, Co-Brand, )?

What prohibits you from having 20 retailer cards in your wallet today? Bank card issuers will roll their eyes, but you can not understate the influence that trusted retailers have in consumer decisions. Take this trust together with direct sales force and frequent consumer interaction and you have Private Label and industry whose cards outnumber everyone else’s by a factor of 2. As this week’s Morningstar article on Private Label shows, private label (the largest card segment) is making a tremendous comeback.Private label market share

Citi, GE (now Sychrony), ADS, HSBC are leaders in this space, with ADS advancing most in use of technology. Retailers like Nordstrom, Macy’s, Sears and Kohls are fanatical on their private label program, as their most valuable customers use this product. All new customer experience must first address this base, which you can see is one reason why we don’t see ApplePay being pushed here at all. As I described in Retail 101 (and What do Retailers want in Mobile), most retailers don’t know who their customers are today. Private label and Loyalty programs solve this problem.

Let me throw in a little tech now. I’m on the board of advisors of SimplyTapp, the company that created HCE. Instant issuance is key to everyone in the card space, why wouldn’t every retailer want to enable a private label card if card issuance cost is $0!? Credit worth customers can get store credit, sub-prime get decoupled debit (see Target Red Card) and everyone else gets a loyalty only? I believe we will see this happen, not only within MCX but within platforms like Google, with PL managers like ADS and Citi. This is the strategy focus of the top retailers… (focusing on their top customers).Private Label Profitability

My bet on the future of Google wallet is that it will be very merchant and consumer friendly, enabling them to uniquely integrate to 100s of merchant platforms to create great consumer experiences. This linking of PL, Loyalty, in store, maps, mobile, advertising is value orchestration.. but it all starts with consumer opt in. The opt in is both to merchant (private label/loyalty) and to Google. See blog Host Card Emulation for more background.  Google made the right technical move in HCE, but it dropped the ball in enabling merchants through last mile.. not a technical limitation .. an educational / awareness one.

Do I believe that the world will go private label!? No, it will be at the margins. My view of Visa and Mastercard have changed over the last 2 years. Before I was much keener on the development of a new scheme, but no more. Why? How many networks can you list where millions of participants have invested billions of dollars to make it work? Visa has 1.7B cards and 36M merchants.. how could anyone compete with this? This network works REALLY well, with the only issues with their network are in their control (merchant costs and rules).

#5 Regulatory

From a regulatory perspective, the US retail payment system has been impacted by the Durbin Amendment and the EU to an even greater extent by SEPA and PSD (see my blog).  Most of you have also read my token blogs outlining how the US banks were planning to build a new payment network to compete with V/MA (Now dead).  If someone has a info-graph picture of global acceptance rates I’ll put it in here.. but suffice to say that airline ticket pricing has NOTHING on the complexity of payment pricing.

Visa and Mastercard are largely insulated from the regulatory driven pricing changes, as the issuers continue to bare most of the impact. The EU has created a payment nightmare environment with “cross border” Credit card merchant interchange (MIF) at 30bps starting in later this week Jan 1, 2015 (see article and Visa’s response). The EU can not mandate change within country (domestic transactions), but there will be a race to the bottom in fees.

EU competition commissioner Margrethe Vestager claimed that interchange fees are a form of tax levied on retailers by banks and said that the new legislation would reduce those costs and “lead to lower prices and visibility of costs for consumers”.

Ms Vestager may be correct from a transparency perspective, but SEPA and the PSD put governments into the brokering role with no incentives for intermediaries to invest.. making payments a nearly free infrastructure service (with agreement of consumers and merchants). Network work best when there are shared incentives, and minimal regulation.  I believe Visa and Mastercard will work with new vigor to build relationships with merchants and deliver value, to head off the regulatory driven approach. Unfortunately Europe is already too far gone for this to work.

A prediction (next week’s blog) will be merchants providing greater influence in V/MA rules.

#6 Payments in the OS

My blog from this week: Payment in the OS

card-financial-compete view

Comments appreciated.

What do Retailers Want in Mobile?

1 Nov 2014

Money2020 is next week, and I’m moderating the ApplePay session on Tuesday at 5pm… hope you guys can come. I’m more than a little sad that I can’t get any retailers up on stage with me. Why? The top 60 retailers are in MCX, and it makes little sense for them to get on stage and tell the world what they are NOT going to do and why. As I’m preparing to leave for Las Vegas tomorrow, was thinking “what could I write about? What unique perspective can I offer?” Well given I can’t get them on stage with me, let me try to articulate the Retailer’s view of the world. My twitter feed is blowing up as I work to explain why CVS and Rite-Aide turned off NFC. Please know I’m only trying to give perspective…

Payment Services are a brokering activity between two entities engaged in commerce. Logically, a broker must have the trust of both parties, and deliver some sort of value in managing the financial risk associated with the transaction.  Within Consumer Retail, Visa and Mastercard evolved from Bank owned exclusive networks of the 1960s (see History) to ubiquitous independent payment networks. Few remember that back in the 1960s, merchants took either Visa or Mastercharge but not both as the Merchant’s acquiring bank could only be a member of one of the networks. For merchants, the value proposition was clear: consumer credit.

Payment networks thus evolved from a closed and focused value proposition, to a settlement “infrastructure”. However the rules and governance process by which many parties (merchant, acquirer, processor, issuer, network, VASP, …etc) participated in defining operation of this “brokering” activity did not evolve. This is the central issue restricting the future growth of Visa and Mastercard. One I believe both are acting on. My firm belief is that rebalancing network rules will unleash a massive new phase of value creation for these networks.

Let me take a quick side bar here..

Network Theory – Openness

As I’ve stated many times, closed networks always precede open networks until scale is reached (Building Networks and “Openness”, 2011). Weak Links (nodal affinity) influences network creation, and there are VERY few open networks which exist in Nature. This is logical as Networks form around a function rendering generic open networks less “efficient” than specialized networks around any given specialized need.

Scale-free distribution (completely open networks) is not always the optimal solution to the requirement of cost efficiency. .. in small world networks, building and maintaining links between network elements requires energy…. [in a world with limited resources] a transition will occur toward a star network [pg 75] where one of a very few mega hubs will dominate the whole system. The star network resembles dictatorships in social networks.

-Weak Links

Networks NATURALLY form around a function and other entities are attracted to this network (affinity) because of the function of both the central orchestrator and the other participants. Open networks (internet/TCPIP, Visa, NASDAQ, … ) succeed where a common infrastructure benefits MANY NETWORKS.

Visa and MasterCard have transitioned to become common network infrastructure, a position FAR MORE valuable than that of a closed credit delivery system. They are a network of networks. However their rule making and governance processes do not match the other open networks listed above (NASDAQ, Internet, …). Most Banks, have also lost their traditional role of “brokering” and risk management (in retail) by creating a card rewards system that encourages card use paid by the merchant. This creates a brokering incentive separate from the commercial transaction… impacting brokering independence.

What do merchants want? A neutral broker!!

A top 5 merchant told me a few months ago “Retailers like Starbucks have proven that we are best placed to deliver value and influence consumer behavior. I don’t want to force my consumers to do anything, but similarly I want to networks that let me play on an even field. These next 5 years are going to be complete chaos for consumers. What do we want them to do? Swipe, dip, chip, pin, tap, QR…? We have been planning for EMV for 3 years… am I really supposed to jump to Apple in 4 weeks?”


These guys are good friends of mine, and I think their business vision is well placed. They want a network where they can play on an equal footing. A neutral broker.. or at least one where they can have a seat at the table when rules are set. Will MCX be a massive success? It depends on the consumer value proposition. Are the merchants motivated to work together in creating a neutral broker? Hell yes.

One merchant said it this way “Tom I didn’t think we would ever have someone more difficult to work with than Visa and Mastercard, but I was WRONG. Apple is a nightmare! At least we knew what was coming with Visa and Mastercard, with Apple they don’t talk to us, respond to our letters, or offer any kind of value proposition. Why on earth would I want to let another brand in my store without understanding what it will do for me? They are a great company, with great products, and certainly have a much better approach to data than Google.. but anonymity is NOT a value proposition, in fact Apple makes our efforts to deliver value to the consumer even harder as we have no defined way of using Apple to engage our consumers”. See Brokering Identity – Part 1, ApplePay and Merchants, Digital Transactions ApplePay Issuer Agreement.

Getting a card number from consumer to merchant is NOT innovation. There is just no problem here. My payment friends are already rolling their eyes. Apple does have great security and great ability to manage fraud.. but fraud losses for CP are 3.2 bps. What about store data losses? That is not “fraud”, and certainly a problem for merchants that keep PANs. Tokens do solve this problem… but so does better security, and more intelligent approach to tracking loyalty. Apple must move to create a merchant value proposition, and define how they will help with consumer engagement. I believe Google will far outpace Apple here.

Retail is a zero sum game.. I’m not going to buy MORE gas and groceries.. differentiation is about switching, product selection and pricing on data, ..the fluxonce this flux dies.. steady state resumes.  Perhaps all iPhone owners will only shop at whole foods, but data shows that consumers don’t make decisions this way. In fact payment is not in the top 5 reasons for consumers choosing a new iPhone.

Why are MCX merchants turning off NFC? To give themselves a little breathing room, make Apple create a merchant value proposition (engagement), get a seat at the table in a new network, and help to establish a consumer behavior that works for them too (Most Important Payment Race: Consumer Behavior, Apple’s Platform Strategy: Consumer Champion ).

What do Retailers want in Mobile?

Following from my big blog Static Strategies and the Rewiring of Retail.

  • Consumer Engagement
  • Consumer Acquisition
  • Consumer Loyalty
  • Allow Retailer to be in control of data
  • Partners that allow Store’s brand front and center
  • A Partner either IN CONTROL of the consumer experience (Apple/Google) or one that already has massive consumer adoption (ie Facebook).
  • Creating a fantastic customer experience from end-end
  • Ability to manage campaigns, data or your business
  • A Partner that can reach/influence consumers WHERE THEY ARE.. not where you want them to be.
  • Payment..? I guess if that comes too… 

shopper marketing

How will this play out?

  • Much has been made of the MCX contract provisions that prohibit participating retailers from allowing other forms of mobile payment. This is just not accurate. Any retailer can choose to turn on NFC, any retailer can sign up for MCX. Can an MCX retailer turn on NFC? Yep.. Large retailers are not participating in ApplePay because Apple has completely failed in a merchant strategy, they have not articulated one, nor have they worked directly with merchants. This is really no different than Apple’s failure to work with Banks. Banks are just fuming over the take it or leave it terms Apple offered to them. Merchants had no terms…
  • Apple will rollout a merchant friendly beacon product, and loyalty product for consumer engagement in next 6-9 months, this will also include a renewed focus on BLE. The product will fall flat until they can create an new merchant organization. Google has 4,000 sales people working with merchants, apple has around 16… so it is a big task.
  • Apple will ROCK in App payments.. it will be their homerun… I will make a further bet: Apple will WIN in every situation where they can control the consumer experience from beginning to end.
  • Visa and Mastercard are beginning a shift toward the merchant. They may not win the top 60, but Visa has 36M merchants.. that leaves 35,990,940 that will be open to new ideas. These are my biggest personal holdings, and I know both of the CEOs. Everything I’ve written here they know already.
  • Consumer authentication is VERY disruptive to retail and banking. As Ross Anderson said “if you solve for authentication in payments.. everything else is just accounting”. The need for an independent broker and their services are dramatically different if either the consumer or payment can be authenticated (ie cash, bitcoin). Why do you need a payment product at all? Just present the identity to the bank. This is what Sofort/Klarna does… Why not do this? Because the banks have no ability to MONETIZE the transaction (no merchant agreement). There are many better ways to leverage authentication, but no other ways to currently MONITIZE IT (outside card). Perfect Authentication… A Nightmare?
  • Apple is pursuing an “anti-google” approach: keep no data, closed platform, control everything. Google is 2-4 years behind on platform security.. but is catching up. The Google platform is much easier to build in and control (ex HCE), but consumer adoption lags as each Android participant must move consumer to their vision. Apple has successfully delivered security and authentication, but has not laid out a way for many apps to leverage it. Retail is a REALLY big business, with 1000s of specialists. It cannot be throttled by one company.. thus Apple will work fantastically in environment it can control. (sorry to restate).
  • ApplePay and overall contactless adoption will begin with small merchants and infrequent purchases. Most phones have the capability today. MCX will not stop contactless.. but it will impact consumer behavior substantially

ApplePay Vs Google

  • Is NFC/Contactless Acceptance required as part of EMV rollout? NO!!  This is the most widely held mis-understanding. While the large terminal manufacturers have no products in their official product list without contactless, the top 60 merchants order bespoke or custom terminals to fit their needs.

Paypal at Crossroads (? buying Blackhawk)

25 June

Big things are in store for my favorite eCommerce payments company. Really, I do like Paypal. I may ding them on their POS strategy… as it makes no sense at all… but I love Paypal online.. the “original” ecommerce payments solution that adds value to merchant and consumer. In 98/99 Thiel and Levchin were the first to dream up digital wallets, and first to solve a REAL problem of card acceptance online for small retailers. Perhaps even better than the great Paypal PRODUCTS, were the great PEOPLE that grew out of PayPal.. that have done soooo many great things: Peter Theil, Max Levchin, Elon Musk, Keith Rabois, Premal Shah, Osama Bedier, Amy Klement, Steve Chen, .. (list too long sorry to those I left off).

As its early leaders went on to do great things, the company “evolved” from an innovative start up to take on a bank flavor. Scott Thompson came from Visa and all his direct reports had bank backgrounds… the top tier of the organization led to a culture change (in a bad way) and it went from the coolest company in the valley… to … errrr… something else.  Pierre and the BOD recognized this and tried to get the mojo back with putting David Marcus in at the helm. They wanted to recapture what made Paypal great (people).. to reset the culture. David is a great guy, as he says this week he was an innovator.. but one that never ran a team larger than 200.. and certainly not a global one which was highly regulated.  It didn’t help that eBay’s CEO essentially undercut David by allowing Don Kingsborough and Gary Marino end run and make decisions directly with John. How could any CEO make it in that kind of environment!?

Now that David is gone (see Venture Beat) who can lead them (today) and what is their new strategic imperative.. their vision for growth beyond eCommerce?

Next 12 months

I believe Paypal will see competition in its core business like never before, As I stated previous Payments are moving into the OS… and Paypal doesn’t have one. Apple, Amazon, Google are new competitors in core eCommerce… all with an OS.

Paypal’s new competitors?

  • Apple will own payment presentment and authentication on all iOS devices.
  • Amazon will begin to get off Amazon traction (example today is Gogo wireles)
  • Google’s massive success in Shopping Express (Free shipping and payments). Google also just launched wallet in iOS (see google’s blog)
  • Bank Token Schemes and forthcoming rules for cards on file

As a side note, Paypal did squeeze itself into the Apple wallet (for NFC/POS transactions), but Apple will be expanding the iTunes buying experience very soon, and it won’t be looking to drive Paypal merchant adoption, as it is in the process of negotiating card present rates for CNP transactions (See my Apple blog).

Paypal at the POS is a complete joke (see blog). The business guys that have been running the show (or end running David) are focused on a Visa/Mastercard like strategy… not on one that delivers value to their core constituents (merchants and consumers).  Paypal was the company best positioned to execute on a Braintree/Stripe product 5 years ago (remember and also the best company to have built a Square/Clover like solution. They missed all these things because their business heads were focused on quick transaction volume deals and solutions.. NOT ON VALUE.

POS – Buying Blackhawk?

This is my big theory today. With eBay repatriating $9B and taking a 30% tax hit, we all know that acquisitions are planned. But what?

Obviously Carl Icann, David Marcus and the BOD have had some disagreements. Rather than guess the strategy, lets take a look at WHO is staying at Paypal. Don Kingsborogh is the former CEO of Blackhawk and head of Paypal’s POS strategy, and Discover Network strategy/relationship.

Paypal has promised its institutional investors progress at the POS.. and they have NONE. Jamba Juice and Home Depot numbers are terrible. The Discover partnership did nothing for them, as MCX merchants REFUSED to accept Paypal (routed as a Discover Card) or new processor agreements (that ran as high as 210 bps). Paypal has “learned” it cannot sneak in payment products within an existing network (Discover), nor can it deliver enough value to push merchants toward a new agreement. Few eBay investors realize that the Discover relationship is yielding NO FRUIT.  Even IF they could convince a merchant to TRY paypal at POS.. they first have to line up the Processors to support, and big ones like First Data were not playing (WSJ Article). This Paypal was paying $50k-$250k+ for merchant to SWITCH to Vantiv just to do a pilot.

Paypal at POS needs a ubiquitous merchant acceptance solution and a physical connection to all major merchants. They also have learned how both Google and Apple have developed strategies to end run the traditional payment terminal and integrate directly with the POS (see the brilliant Google/TXvia Patent US 8676709 B2. )

Blackhawk may fit the bill, as it has a merchant network and POS integration solution today. Every time you pull one of those pre-paid cards off the shelf the SKU bar code is tied to the card Primary Account Number.  The Retailer’s POS system sends the SKU to Blackhawk upon payment and Blackhawk activates the card.

Blackhawk is working to leverage this transaction flow to create its own scheme to fund the transaction.See Blackhawk’s patent US8676709 B2. An item in the shopping card becomes a payment instrument. This could be “THE” enabler to someone like Apple too.. a new payment “gateway” that end runs the traditional payment stream. For Apple, all they would have to do is get a secure “TOKEN SKU” to the POS and the POS would leverage Blackhawk to route. Of course items in a basket usually have a cost, but settlement could be accomplished through a 100% discount, or by capturing the merchant ID and terminal ID to push the payment back through their current processor.

I think this is THE most brilliant scheme EVER!! I love it.. If implemented via ACH.. and MCX. I just don’t love Paypal delivering it because of “cost” and ability to coordinate/execute in delivering value from  all merchant data.

I’m only 50% confident here.. just put a small $10k bet along these lines for fun.  But at a $1.4B market cap.. this would not be a bad bet for PayPal.. problem is that merchants will never go for it.. this does NOT solve the VALUE problem (for consumers or retailers).. it only solves the network acceptance problem. This approach continues the “we will sneak it in” approach. It may “solve” a short term problem of Processors.. but it creates a new one for the merchant in having to deal with multiple processors (one for swipe one for … something else).

IF the merchants would go for this, it may be the best payment design on the planet.. as it would give a way to provide discounts and rebates within the POS system. Integrating with the POS would completely disrupt the processor/payment terminal process, and we would begin to realize the “power of tokens”.

Secure Element, NFC, HCE, EMV, Tokens and Cards

7 May 2014

This blog is for my non-techie, non payment friends.. helping to make sense of all these acronyms.. experts may want to pass on this one.

The GSMA/NFC community is quite stirred up at the moment. This is quite understandable…  after all they spent 8 years perfecting their vision of NFC only to have it thrown under the bus by Apple and Google. I’m not knowledgeable enough to go into the depths of the protocol, or EMVco 4.3 Book 3. I’m giving the quasi technical business explanation of what is going on. There is room for disagreement here, as there is substantial interpretation, as well as understanding of what is REALLY happening vs the specifications.  Remember this is not my day job… so your comments/corrections are welcome. By far the most useful reference/summary page I have found online is located here

It’s easiest for me to explain all of this in the context of an example. Credit cards are the easiest example as they are in the market today, with a few different implementations of contactless and touch the areas above.EMV


EMVco has a contactless specification which I challenge any non-techie to read. For this short blog, the key point I wanted to make is that the Credit card number (PAN) is given to the POS unencrypted, in the clear. That’s right… don’t believe me? See:

Your next question is probably “Where is the security?” the answer is that that along with the card information, the device sends a cryptogram that is uniquely signed. In other words there is a digital payload that rides along with this credit card primary account number (PAN). This digital payload uniquely identifies the device that EMULATED THE CARD. Think about is as someone validating your SIGNATURE on the document with your social security number on it… Your number is there.. but they make sure it is you by validating the signature.

So why is the SIMAlliance extolling the virtues of a Trusted Execution Environment (TEE) and SIM/UICC? After all we seem to live without this capability quite well in the PC world. Mobile operators want the ability to SIGN and AUTHORIZE more than access to mobile towers. That SIM card in your GSM phone signs and authorizes access to the mobile network, much as MNOs envisioned doing for payments. That is how the GSMA’s version of NFC evolved.. “hey we do this for network access.. lets do it for payments”.  To be clear there is nothing technically wrong with the GSMA NFC approach.. it is beautiful… but there are substantial business model issues (see Payments part of the OS).

Apple and Google are both moving aggressively to act as Commerce Orchestrators as handsets become commodities and data moves to cloud, enabling the mobile phone to be the key services platform at the confluence of the virtual and physical world is critical. It is not about payment. Authentication is core to this orchestration role.. authentication is not something that can be given away to MNOs or to Banks.


It makes most sense to jump to TOKENS now.  You can imagine that Banks don’t exactly like having their card numbers sent in the clear. In fairness they were involved in the specification, but the EMVCo contactless model is essentially a card number plus authentication. There is more than one way to achieve this, and improve on it by hiding  the PAN… this is what tokens are (a few examples described in Money 2020: Tokens and Networks, Apple’s Plans and Google/TXVIA).token

Tokens are not new (see Tokens… 10 Approaches). However Tokens are now an official EMVCo specification as of March 2014, with the major issue of Token Assurance outstanding. In this token model, the issuer chooses at Token Service Provider (or does it themselves) and creates a number to replace the PAN. This takes your PAN out of the open… and makes it useless. To be used the Token must be presented by the right party, with the right assurance information. All of this aligns VERY WELL to how banks and networks work today, which is why it is so popular (see blog on HCE).  In the GSMA NFC model, the a cryptogram goes along with a PAN in the clear with the PAN stored in the phone in a secure element.  In the token/HCE model a Token representing the card is stored in a less secure space, and presented with device and network information for translation by the TSP to the actual PAN. There are substantial Business Implications of Payment Tokens (blog) which I won’t go through again here, but clearly it cuts the mobile operator out of the “signing” role and they become dumb pipes.

My Gemalto friends will howl at how unsecure this is, or how it won’t work if the device has no network access. They are wrong. It is working today, and is secure enough. There is no connectivity requirement, that software token in the phone can change every 10 seconds, 10 minutes or 10 days. The TSP and Issuer can decide whether or not to accept an “old” token based upon the transaction. In other words the intelligence sits IN THE NETWORK.. NOT IN THE PHONE. This is why V/MA/AMEX love it so much. It cements their position (See Perfect Authentication… A Nightmare for Banks?)

Host Card Emulation

emvco token

This is an Android construct (see Software Secure Element – HCE Breaks the MNO NFC Lock) that allows any application to access the NFC Radio. Without Tokens, HCE would be useless for payments, as payment information can’t be securely maintained without an SE.  Think of HCE as dependent on tokens, now a card emulation application can be certified to run outside the secure element.  I don’t like to put Apple in the HCE boat, as they have a proprietary secure architecture using tokens. This is a uniquely apple construct where the networks seem to have certified Apple’s card emulation application(s) as well. It is important to note that they use none of the GSMA’s architecture (to my knowledge) and have embedded the TEE in the apple processor (see Apple Insiders note on Secure Enclave and Authentication in Value Nets).

Secure Element

Is it needed? Certainly it is needed for at least 2 functions: Mobile network access (SIM/UICC) and Biometrics. Fingers and Eyes are very hard to reissue.. so the actual information must be highly protected. Apple is handling biometrics in the A7 Secure Enclave (oddly enough has the same “SE” acronym) and Google is a tad bit behind but handling in ARM’s trustzone. Trust zone is largely a hardware construct, and much is made of Gemalto’s marketing announcement here. My view is that there are many more than on software solution for ARM.. and ARM is much more tied to Google and OEMs than Gemalto.

The “big news” here is that both Google and Apple are EMBEDDING SEs in their hardware architecture. Embedded SEs are a threat to Mobile Operators and their preferred Single Wire Protocol architecture. As you can imagine, an embedded SE has all the capabilities of the SE within that micro-SIM card.. and sets up the prospect for a Virtualized SIM (no more of those GSM cards popping into your phone). If the SIM can be virtualized you can switch your network provider anytime you want.. or have them bid for your phone call ( see Carriers as dumb pipes? , Who do you Trust?, Also see Apples patents on Virtualized SIM). To be clear, I believe MNOs can take a leadership position in Emerging markets and payments, but for POS Payments in OECD 20 markets it makes most sense for them to focus on the $5B KYC/Authentication/Fraud opportunity (NOT payments).

OK… now you can shoot me… Open to feedback.



Apple’s iPhone 6: GSMA’s NFC thrown “Under the Bus”

28 April 2014

I must get 10 calls a week on Apple/NFC.  I’m quite concerned that Apple’s new capability will be completely mis-understood by the press, so i thought I would preempt all the NFC zealots out there with my own tag line.. So far I have a 100% success rate in predicting Apple and NFC (blog). Don’t know if I can keep it up as I read the tea leaves. Let me start with facts, then give you my informed opinion


  • There are 2 aspects to NFC: 1) the communication protocol as defined by the NFC Forum (this stays as is), #2) The GSMA’s construct and standards for how NFC can be deployed in a handset (things like TSM, SE, SWP, …). See
  • Neither Google, Apple, Merchants nor Bank Issuers are in favor of the GSMA’s NFC platform. This is a fact in my mind… particularly in the US.
  • Host card emulation has created a way for all Android 4.4 and above phones, with and NFC compliant radio, to provide application access to the NFC radio. Phones cannot be certified for 4.4 unless they demonstrate support for HCE. See blog HCE – Now the Preferred Contactless Approach
  • The new card present scheme “Tokenization” was announced Oct 2013 at Money 2020, with the specification out last month (see EMVCO details). See my blog Payment Tokenization.
  • HCE and tokenization play together well. Tokens must be coupled with something else (Device ID, Bometrics, PIN, …). For those that have been MIS informed by Gemalto… there is NO NETWORK connectivity requirement for HCE/Tokens. A token representing a card is in software on the phone. It can be stolen.. but it is a worthless piece of information without the other identity/device information. HCE gets around the EMVCo Contactless encryption requirements.. and operates under the TOKEN specification. But there is much grey area here.. as “acceptance” of token is not clearly defined (including pricing). Thus the only “covered” presentment method from a phone to a POS is through a card emulation application. Token acceptance will be coming later, but “assurance levels” are making this a cracy space (tomorrow’s blog).
  • Update – I see that the smart card alliance has already responded to my blog here. The need for a trusted execution environment.. blah blah blah. Did you know that in an EMV contactless transaction that the PAN is sent in the clear? Yep… the need for the TEE is around signing a cryptogram (to verify where the card came from). Obviously I would much rather hide the PAN in a token, and enhance with phone information than give the PAN in the clear and sign something. There is no need for a TEE in payments, just as I access my bank through my browser on my PC without a TEE.. I can also do so with a phone. arghhh…
  • Tokens align well to banks and payment network dynamics and investment. US Banks had been working on a tokenization initiative for the last 3-4 years in the Clearing House (blog).
  • In both HCE and Tokenization scheme, the ISSUER IS IN COMPLETE CONTROL of their card. Issuers generate the token, and authorize the transaction.  US issuers have their own token infrastructure in place from the TCH initiative (above). I wish I could emphasize this more. With HCE, issuers control which application(s) can present a card..  just as they did with within the TSM provisioning model.
  • There are HCE pilots that are live and functional. So much for not being “viable”. The issues are not around technology, but rather validating fraud controls and device ID. Issuers can be up and running with either Mastercard or SimplyTapp in weeks.
  • Perfect authentication and security is a nightmare to Banks.. Banks make money on ability to manage risk. There is no risk in a world of perfect authentication. Or as Ross Anderson says “if you solve for authentication in payments… everything else is just accounting”. See Blog – Perfect Authentication is a Nightmare for Banks.
  • MNO led payment schemes (the GSMA’s platform) are failing in OECD 20 (mature markets, but are leading the way in Emerging Markets). I have seen the transaction numbers… Reasons are multifaceted (see blog for reasons).  The technology works.. it is beautiful.. problem is business/consumer value proposition and consumer behavior.
  • Historically, new POS payment instruments and POS payment behaviors are established through frequency of use. There are 3 categories: Grocery, Gas, Transit. Transit is the global success story (Docomo, Suica, Octopus, …)
  • 4 Party Networks have a limited ability to change rules, Issuers dominate in influence. Amex is 3-5 years ahead of every US issuer in terms of capability, strategy and execution.



  • Apple’s biggest asset is their ability to change consumer behavior (blog).
  • Apple’s iPhone 6 will be coming out in October (my best guess) with payment capability. It will have the capability to communicate in the NFC protocol.. but nothing about the new iPhone will be compliant with the GSMA’s architecture
  • Apple’s new capability is NOT ABOUT PAYMENT, but about Commerce (see blog) as they act as a CONSUMER CHAMPION (see blog).
  • Tokens play very, very well into an iBeacon model. Given that tokens are worthless “keys” that refer to a card.. these keys can be exchanged in the open with BLE. There is no need for near field if the information is worthless.
  • -Update- From my perspective I would not refer to Apple’s efforts as HCE. Where Google’s HCE repurposed an existing chipset to create a new software model. Apple has designed a new hardware model. Apple will be using bank issued tokens. Banks will look at using these delivered tokens in combination with: 1) Apple derived authentication score, or 2) MNO device ID from Payfone, 3) Bank mobile application information, 4) combination of above.
  • Authentication is key to Apple’s role in consumer trust and commerce. Per my blog Authentication in Value Nets, Apple is 3 years ahead of Google and everyone else in integrating software and hardware level security (ex Secure Enclave). Google has a path for a secure execution environment through Arm’s Trustzone, but this is more challenging as Google does not mandate hardware architecture (yet).
  • Apple’s new POS payment method will involve finger print on phone, and token presentment to retailer. It can be transmitted via NFC, BLE, QR Code.. or whatever the merchant and consumer can agree on.
  • How does Apple make money on this? I don’t think they will make money on payment, but rather on #1 Authentication (charging the card issuers for an authentication score), or #2 Marketing (charging merchants for consumer insight/ability to reach consumer).
  • Gemalto continues to cast stones, and miss revenue targets. Mobile Communications revenue of €225mn (-5.7% YoY growth, -1.0% constant currency) came in below consensus of €245mn (2.7% YoY). This is the second consecutive disappointing quarter for Mobile Communications, with revenue down 4% YoY in 4Q13. Why would any MNO invest in a secure vault on a Android handset when any application can go around it. That’s right.. there is no lock on the capability. This tremendously impacts the willingness of MNOs to “invest” in incremental features.. when their “investment” can be used without their permission.
  • What will REALLY impact Gemalto is a VIRTUALIZED SIM. Don’t think this is coming in iPhone 6.. but is it coming (see Viritualized SIM).
  • The next 2 years will see mobile payments as a “1000 flowers blooming”. Top card issuers will extend their mobile banking applications to enable card emulation (BLE, NFC, QR, … whatever).
  • Payment Networks will be working to expand the 16 digit PAN to something much larger to support dynamic tokens. They will be working to transition Cards on File to tokens.. with perhaps a card present value proposition.
  • MNOs will realize that they have a unique ability to create a device ID that competes with Apple’s biometrics. Payfone is the leader in the US, Weve in the UK. Beyond this, they may also begin to realize the $5B KYC opportunity I outlined 5 years ago.

Apple’s Platform Strategy: Consumer Champion

Apple’s Platform Strategy: Consumer Champion

I’m trying to read the tea leaves on Apple and it seems they have devised a unique.. brilliant platform strategy around securing consumer data. I think of it as the anti-Google strategy.  As we see so much commonality between the functionality of IOS and Android.. along with the associated legal wrestling, what could Apple do that would be something Google never could?

Per my previous blog Apple and Physical Commerce, Apple has an unmatched level of trust with the consumer, and ability to change consumer behavior. I also outlined how Apple is completely reworking the role of authentication in the platform (see this great article from Networked World), this work, combined with Apple’s efforts to limit ad tracking are frustrating advertisers (see Tech times ). But there is hidden genius in all of these mechanizations.  Apple seems to be making a bet that there will be a tsunami of coming issues with privacy and anonymity. In this they are turning themselves into the ultimate consumer protector… both online and in the physical world.  They are the gatekeeper… the only entity that can know what a consumer is doing.

How can they monetize this role? In hardware sales…  Don’t look at them as an ad business.. (although they could build it later).. but right now protecting your consumer from data leakage and loss is a VERY big competitive differentiator, a feature that is particularly well aligned to Apple’s demographic. It is also a very hard one for Google/Android to match.



Targeting and Attribution – Facebook’s Substantial Lead

6 March 2014

A very very hot topic in digital advertising today is attribution. My definition of attribution: The process by which an advertising campaign measures its influence on consumer behavior. Digital advertising is typically measured by: Ads presented (Impressions), Click Through Rate (CTR), Cost per thousand (CPM), Interaction time (see DoubleClick Data and Top 10 Metrics). Marketers have more data for online advertising than for any other channel, the problem is that people don’t live online. For example, eCommerce sales are around $180B, compared to total Retail sales of $2.4T (excluding Auto, Financial Services and Gas). Similarly Google owns 50% of the digital ad market, with US revenue running at over  $30B/yr, which is just a small slice of the overall US marketing spend of over $500B. The CPG vertical for example is the has the largest marketing spend (P&G $3.2B), but very low digital spend (see Retailer as Publisher).

The marketer’s key “nut to crack” : how does online advertising influence offline behavior? (attributing behavior). Facebook is leading the world in 2 critical areas of advertising: Targeting and Attribution.


Facebook is highly differentiated here, think lasers vs nuclear weapons. Not only can you build a custom audience based upon email, phone, … etc. You can have Facebook expand that to a lookalike audience, or use external data to form a partner audience (consumers that drive a Mercedes, are over 40 and drink OJ). There is no platform on the planet that does a better job targeting. Tech Crunch covered most of this in an April 2013 Article.  Also a consumer privacy group has a very detailed article on issues surrounding facebook/datalogix.


This is where the stakes get much higher, and the facts are VERY closely guarded. Why the secrecy? Perhaps data use is beyond the scope of use agreed to, or at least the “value” of the use has not been realized by the owner of the data. For example the Tech Crunch article outlined how Datalogix used grocery store loyalty card information in custom audience creation (targeting) and attribution. However, Datalogix may not be authorized to use the data in this way (at least for all of the Retail clients).

Lets assume that they have no rights to use Safeway’s data for either targeting or for attribution, how do they get around it? For Targeting: my guess is that they are using a smaller Grocer’s (GroceryX) data to construct an initial data set that Facebook expands (via lookalike). For attribution, they then use loyalty card purchase information to statistically project the performance of the original data set (projecting the purchase behavior of the GroceryX’s loyalty customers on the larger data set).

If this is the case, then GroceryX’s data contributed all of the attribution performance (as well as for targeting). Subsequently the revenue that SV should receive is far above their data’s representation in Datalogix’s grocery macro database. In otherwords, SuperValu (or another unknowing participant) may not be getting paid for the value they are creating.

Regardless of the data use, Facebook is becoming a CPG’s dream channel, far exceeding the performance of anything they have ever worked with (by a factor of 5+!). This is one of the reasons I’m very high on Facebook, and I do own the stock. It may have taken them awhile to figure out targeting and mobile advertising, but they are absolutely killing it today. I believe they could easily grow their CPG advertising 10x in next 18 months.

Purchase Behavior.. Who has it?

There is SIGNIFICANT data leakage going on today. It is a Tsunami that is about to hit every retailer. Data is being used far and above its intended purpose. Another grocery example is what was UPromise, and now SavingStar.  UPromise was an original construct to earn points toward college tuition from SallieMae. Every grocery provided their data to the program so their consumers could participate. SavingStar has tremendous data.. but what can they do with it?  Bank of America’s card linked offer program started to use this data, but the issues of use, ownership and the latency (ex getting credit on day 3) issues persist.

Retailers run a very profitable business in data today. It is core to the current status quo, particularly as it relates to trade spend ($200B/yr). Most retailers are very, very conscious of issues surrounding data leakage. The leading Retail analytics companies (Catalina, dunhumby, Spire, Inmar, ..etc. ) could do wonders in attribution if their data owners would let them.

Purchase Events

Another entity that has purchase data in the US is Argus Information, a Division of Verisk. A little over 10 years ago, Argus evolved as a US bank marketing utility for measuring/targeting cards. Banks send Argus all of their card transaction detail and Argus creates reports for banks (ie Average Customer spend vs competitor in region, average customer balance, …) it was a benchmark service, plus a way for Banks to target Card mailings.  Argus’ former CEO Len Laufler is now running a new data Division at Chase for Jamie.

My friends tell me that Argus has been openly discussing how it can sell its purchase intelligence to non-banks and advertisers (this year). I can tell you one thing for certain, Banks are not cool with this. The head of Retail at a top 3 bank called up Len 2 years ago and told him in no uncertain terms, that the moment they sold their data outside of its intended use they would no longer receive it, and find themselves in front of a judge. The Banks are at risk, Argus is at risk, Consumers are at risk.. if data is used beyond the approved usage. The only way to get this data is with the approval of issuer and consumer.

AdAge had Amex/Mastercard story along these lines in April.   I was also told last month that another source for the data could be Yodlee. As Yodlee’s very first customer (Wachovia 1999) I would say that they have an advantage of customer permissioning. They also have experience in dealing with 3rd party use (Mint, offermatic, …), problem is that it takes time to get the data (customer must register), and there is a latency between transaction, bank record keeping, OFX polling, attribution logic, .

GoogleZave Reciept detail

Quite frankly Google has all of the assets to kill CPG/Retail. Their Zave purchase has put them IN the IBM/Toshiba 4690 OS (run by 16 of 20 top retailers).  Every time I shop at my local Harris Teeter and use electronic Coupons.. it is Google powering a fantastic consumer experience. Customer level SKU information attribution nirvana. They also have a unique content delivery mechanism (targeted incentives) that Facebook can’t match. Manufacturers are not keen to issue coupons to everyone.. they want to target incentives to specific buyers… However Retailers DO want coupons for everyone, unless someone will pay them more to change their behavior. It will take Retailers, Manufactures and Consumer participation to make this all work.. which means tremendous focus (and investment).



What is NFC? What part is Dead? A: The GSMA part

23 Feb 2014

I decided to turn this into a Wiki update.. as the prior entry is somewhat lacking. For example: Who created the TSM? Single Wire Protocol in the UICC? Who certifies a device for payment?

The New Wiki is now (with the last 2 para’s just added)

Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into proximity, usually no more than a few inches.

Present and anticipated applications include contactless transactions, data exchange, and simplified setup of more complex communications such as Wi-Fi.[1] Communication is also possible between an NFC device and an unpowered NFC chip, called a “tag”.[2]

NFC standards cover communications protocols and data exchange formats, and are based on existing radio-frequency identification (RFID) standards including ISO/IEC 14443and FeliCa.[3] The standards include ISO/IEC 18092[4] and those defined by the NFC Forum, which was founded in 2004 by NokiaPhilips Semiconductors (became NXP Semiconductors since 2006) and Sony, and now has more than 160 members.The Forum also promotes NFC and certifies device compliance[5] and if it fits the criteria for being considered a personal area network.[citation needed]

In addition to the NFC Forum, the GSMA has also worked to define a platform for the deployment of “GSMA NFC Standards”. within mobile handsets. GSMA’s efforts include“Trusted Services Manager”., Single Wire Protocol, testing and certification, “secure element”..

The GSMA’s standards surrounding the deployment of NFC protocols (governed by the NFC Forum above) on mobile handsets are not exclusive nor universally accepted. For example, Google’s deployment of Host Card Emulation on “Android KitKat 4.4”. in January 2014 provides for software control of a universal radio. In this “HCE Deployment”., the NFC protocol is leveraged without the GSMAs standards.


From a mobile payment perspective, NFC is

  1. Protocol. NFC Forum owns the Protocols making up the ISO specifications.  These protocols are the “universal” aspect of NFC that is NOT changing.
  2. Platform for How NFC works in a Phone
    • GSMA NFC Specifications, reference architectures, platform constructs (TSM, ..) outlining a SCHEME for how NFC manifests itself within a Handset Architecture
    • HCE
    • Apple Secure Enclave
    • ??
  3. Payment Network Standards and Certification. Exxon Mobile and Mastercard were the first contactless payment mechanisms, and Mastercard PayPass was the first Network Standard with reference implementation and certification for presentment and acceptance.

With HCE, the entire GSMA “NFC platform” is dead, but NOT the protocol (No UICC/SWP role, No TSM, Access to “controller” and Secure Element, no Handset Certification).

Comments on Wiki and blog welcom



Token Acceleration

20 Feb 2014

Let me state up front this blog is far too short, and I’m leaving far too much out. Token strategies are moving at light speed… never in the history of man has a new card present scheme developed so quickly (4-6 MONTHS, see announcement yesterday). As I tweeted yesterday, the payment industry is seldomly driven by logic, and much more by politics. Given many of my friends (you) make investments in this industry, and EVERY BUSINESS conducts commerce and payments, movements here have very broad implications. The objective of this blog is to give insight into these moves so we can all make best use of our time (and money). I was flattered at Money 2020 when a number of you came up and told me that this blog was the best “inside baseball” view on payments. Perhaps the only thing that makes our Starpoint Team unique is that we have a view on payments from multiple perspectives: Bank, Network, Merchant, Online, Wallet, MSB, Processor, … etc.

It’s hard to believe I’ve already written 12 blogs on tokens… more than one per month in last year. As I outlined in December there are (at least) 10 different token initiatives (see blog).  Why all the energy around tokens? Perhaps my first blog on Tokens answered this best… a battle for the Consumer Directory. It is the battle to place a number in the phone/cloud that ties a customer to content and services (and Cards). The DIRECTORY is the Key service of ANY network strategy (see Network Strategy and Openness). For example, with TCH Tokens Banks were hoping to circumvent V/MA… (see blog). The problem with this Bank led scheme (see blog): NO VALUE to consumer, wallet provider or merchant. It was all about bank control.  The optimal TCH test dummy was almost certainly Google, and the “benefit pitched” was that Regulators were going to MANDATE tokens, so come on board now and you can be the first.Token schemes

Obviously this did NOT happen (perhaps because of my token blog – LOL), but the prospect of a regulatory push was the reason for my energy in responding to the Feds call for comments on payments. In addition to the failure of a regulatory push, the networks all got together to say no Tokens on my Rails (see blog). Obviously without network rail allowance, a new token scheme would have to tackle acquiring, at least for every bank but JPM/CPT (see blog).   Paul Gallant spent 3 yrs pushing this scheme uphill and had no choice but to look for greener pastures as the CEO of Verifone (Congrats Paul).

In the background of this token effort is EMV. I’m fortunate to work at the CEO level in many of the top banks and can tell you with certainty that US Banks were not in support of Visa’s EMV announcement last year. One CEO told me “Tom I found out about EMV the way you did, in a PRESS RELEASE, and I’m their [Top 5] largest issuer in the world”. Banks were, and still are, FUMING. US Banks had planned to “skip” EMV (see blog EMV impacts Mobile Payments). The networks are public companies now, and large issuers are not in control of rules (at least in ways they were before). Another point… in the US EMV IS NOT A REQUIREMENT A MANDATE OR A REGULATORY INITIATIVE. It is a change in terms between: Networks and Issuers, and Networks and Acquirers, and Acquirers and Merchants (with carrots and sticks).

In addition to all of this, there were also tracks on NFC/ISIS (which all banks have walked away from in the US), Google Wallet (See Don’t wrap me),  MCX, Durbin, and the implosion of US Retail Banking.

You can see why payment strategy is so dynamic and this area is sooooo hard to keep track of. Seemingly Obvious ideas like the COIN card, are brilliant in their simplicity and ability to deliver value in a network/regulatory muck. This MUCK is precisely why retailers are working

Payment Value

to form their own payment network (MCX), retailers and MNOs are taking roles in Retail banking, and why Amex has so much more flexibility (and potential growth).

Key Message for Today.

With respect to Tokens, HCE moves are not the end. While Networks have jumped on this wagon because of HCE’s amazing potential to increase their network CONTROL, Banks now have the opportunity to work DIRECTLY with holders of CARDS on File to tokenize INDEPENDENT of the Networks.

Example, if JPM told PayPal or Apple we will give you:

  • an x% interchange reduction
  • Treat as Card Present, and own fraud (can not certify unless acquirer)
  • Access to DATA as permissioned by consumer
  • Share fraudulent account/closed account activity with you to sync

If you:

  • Tokenize (dynamically) every one of our JPM cards on file
  • Pass authentication information
  • Collaborate on Fraud

This is MUCH stronger business case for participation than V/MA can create (Visa can not discount interchange, or give access to data).

This means that smaller banks will go into the V/MA HCE schemes and larger banks, private label cards, … will DIY Tokens, or work with SimplyTapp in direct relationship with key COF holders.

Sorry for the short blog. Hope it was useful