US Payment Innovation and Regulation

A core “investment assumption” by TCH banks was that “regulators” were going to force the use of tokens in the US. As a primary means for meeting obligations under BSA/AML. The “value proposition” pitched to pilot participants was thus “regs are coming which will drive PayPal out of business.. everyone will be required to tokenize.. pilot participation means you can have a jump on everyone else.” Obviously this has not been the case..

29 Oct 2013

Short Blog.. will update next week. Sorry for Typos

Is anyone else struggling to see the logic of Bank led token initiatives? These folks are smart people.. we obviously see why they want to do it (control)… but they are smart enough to construct some kind of value proposition. It’s not as if they can MAKE every merchant and wallet service convert.

Well… this is NOT necessarily a good assumption (value proposition). I met with a few folks this week, each touched TCH SecureCloud.  A core “investment assumption” by TCH banks was that “regulators” were going to force the use of tokens in the US. As a primary means for meeting obligations under BSA/AML. The “value proposition” pitched to pilot participants was thus “regs are coming which will drive PayPal out of business.. everyone will be required to tokenize.. pilot participation means you can have a jump on everyone else.”  Obviously this has not been the case..

The Banks wanted to start with tokenizing eCommerce Cards on File (COF), as this enabled them to keep the favorable credit card mix (75%+ credit) in a new mobile world. If would have been much easier if they just pushed all of the consumers approved payment products down to Apple, Amazon, Paypal, Google… but Banks don’t really want consumers to have a choice.. they want friction and fear in debit.  This Credit on Mobile Strategy may not be a STATED goal of TCH tokens.. but it is certainly a corollary which Banks don’t care to address.

Visa/MA/Amex did an end run on Bank token plans with a proposed interoperable standard. It thus seems that the 20 odd Bank TCH token participants will give the utility to the networks, with the hope that there will be a continued credit focus. What will TCH do? Probably be a standards body of some sort, and be the token authority for things like ACH.

The ACH LOCKDOWN strategy had 3 prongs: NACHA Rules, Regulation, and an alternative. See related Post around NACHA Rules. With respect to alternative.. this is the driver of Clearxchange, a real time ACH that circumvents NACHA…

One of the Bank leaders quipped “in 5 years we hope to put Paypal out of business in the US”… implying banks could lock out non-banks in riding ACH rails. This would also have significant implications to MCX… My view is that there are ways to get around all of these grand plans IF they ever materialize (ie Bank partnerships).

All of this seems a little too smart, too complex, too dependent on regulations by a regulator that isn’t really doing much to help Banks these days.

Message to Regulators.

PLEASE DON’T FORCE TOKENS.. but rather allow risk to be owned by non-bank entities (ex MSBs) originating transactions. There are so many new ways to mitigate risk and authenticate a customer. Mandating tokens will kill innovation and keep control locked inside intuitions that innovate at the rate of glaciers.

Reminds me of a joke. Did you hear about the Bank mobile SVP that tried to commit suicide? He threw himself in front of a Glacier.

Authentication is key to unlocking billions of dollars in revenue and bringing enormous efficiency to the market… allowing for the REWIRING of Retail, Advertising, Commerce.

Regulators should not focus on payment tokens, but facilities for managing distributed TRUST and AUTHENTICATION. Allowing other entities to assume risk in payments. This may mean creating new quasi bank licenses (regulated trust authority) or a new federally approved MSB that does not hold any deposits. A first start may be to open up Fed Wire to non bank participants. With ability to take risk on settlement funds.

I actually agree with Banks in their token plans.. IF they are ultimately accountable for EVERYTHING.. they must control EVERYTHING.


Divide and Conquer: Commerce Battlefield

What “standards” are there in commerce?

Do we advertise in the same way? Locate in the same geographies? Price products the same way? Have the same eCommerce or mobile “store” and services?

What about Payment?

Payment is perhaps one of the few “standards” that retailers have in commerce. I had an “ah hah” moment at Money 2020. It was from a presentation by Jim McCarthy of Visa.. the theme: Visa is a model where everyone wins, and participants can monetize their respective roles. Of course I should know this.. but it really just struck me on WHY the Banks want to work within the Visa model.. if they break it.. they will no longer be able to monetize payments.

Mobile is a platform which enables a radically improved customer experience. With respect to payments it also offers a unique ability to authenticate a consumer (fingerprint, GPS, cell tower location, voice, camera, …). Yet, no banks are looking to leverage these “new” capabilities in a “new” payment system. After all, given a clean sheet of paper, no one in their right mind would design a payment system like we have in Visa/MA: present a credential to a merchant, who passes to a processor, who passes to network and routes to issuer to approve a customer transaction… giving the auth to everyone in the chain again.. and getting back another message. If everything is connected why not just ask the consumer to send the money from their bank (ex Sofort,  Push Payments also read Banks will Win in Payment ).

Why? Well because Banks can’t make money in a Sofort model.. (would need to create all new merchant agreements). This is why Banks are going through contortions to stay within Visa/MA, yet attempting to alter it fundamentally (ie Tokens). A top 3 Retailer provided me a great example “if tokens are not created by Visa/MA do I have to accept all tokens like I have to accept all cards”?

Defining the Battlefield

My real “ah-hah” came when thinking about how the Card “standard” has been managed for the last 50 yrs. Quite frankly the Banks have been playing Chess while everyone else has been playing checkers (quote from a Retail Client).

This reminds me of Sun Tzu

Whoever is first in the field and awaits the coming of the enemy, will be fresh for the fight; whoever is second in the field and has to hasten to battle will arrive exhausted

Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.

Sun Tzu – Book 6

Retailers have been playing on someone else’s field.. they have been so distracted in competing with each other.. that they did not even identify a common enemy. This has shifted significantly in the last 5 years. The payment burden has become so substantial that Retailers realize they must define their own rules and create a new network (aka field).. thus we now have MCX in the US, SEPA in EU, EFTPOS Australia, CUP/China, Interac/Canada…  This is not just the US, take a look at what is happening in the UK last week, or with Card EU regulation cross border.

Implications of Tokens

I cannot understate the business implications of tokens to Retailers, Processors, Wallet Providers, eCommerce/mCommerce companies, and Start Ups(also see Money2020 and Tokens). It will impact every company that keeps cards on file (COF), or processes transactions electronically.  What is most concerning? These entities have few existing mechanisms to coordinate/collaborate … a coordinated Bank/Network consortium is battling a bunch of unorganized tribes… and setting them against one another. The hectic activity in payments has caused a fog of war which serves to obfuscate the primary advances of the opposition. While everyone is focused on litigation, debit, mobile, MCX…  banks are moving 3 steps ahead.

Banks have wrapped tokens in secrecy (per Sun Tzu) with motherhood and apple pie stories pertaining to protection.  I can assure you that Banks are not dropping over $1B+ to protect consumers.. they are spending this to protect themselves from competition. As I said previously, Banks know they cannot innovate at the pace of Google, Square, Cardspring, Braintree, … thus they must control the battlefield. Tokens enable them to recast the battle.

The new battle surrounds data. As my friend Osama told Tim Geithner, the value of data exchange may quickly outweigh the value of risk management and clearing in payments. JPMC has even created a new DIVISION run by Len Laufer to focus on data, as Jamie would say “we have better data than Google”.  Bank Card CEOs are furious at the thought of anyone delivering value on their cards, particularly efforts by the networks themselves (, Visa Offers, …). Other token drivers:

  • Control who can be a wallet provider
  • Control who can add value to a card number
  • Control how a merchant can identify a customer via a card number (See payment CRM)
  • Control how payments are cleared (ex. What they did to Google Wallet).
  • Control how and WHEN mobile payments succeed
  • Control what payment instrument is used in mobile POS payments (ie Credit)
  • …etc

Banks are so far ahead on strategy….. I’m concerned Retailers will have no idea of what hit them.

How to respond?

  • Coordinate on a plan of action (glad to assist)
  • Create a new Battlefield.. create a new set of rules that Retailers control (thus the brilliance of MCX)
  • Join MCX.. just to ensure Banks know they must take this seriously
  • Frustrate the Banks on their Battlefield… Visa/MA and the issuers are not on the same page.. help to further the rift.. ensure new rules work to the Retailer’s benefit. For example, push V/MA to create a “certified wallet provider” that can translate cards to tokens WITHOUT THE ISSUER.
  • Regulatory… push payments into DUMB PIPES. Let innovators own the risk.. give banks a pass on payment compliance, open non bank owned pipes (Fed wire)…
  • Find Banks that will partner with Merchants to deliver value. On my short list are: Barclays, AMEX, Discover and Bank of America..
  • Help Banks solve their problems through you.. help Banks leverage their data for your benefit….instead of the other way around. Amex is FAR ahead in this.. 5 yrs ahead (see blog)
  • Break the Card revenue model…. Beyond what Chase did to VisaNet
  • Ensure you are viewed as fighting for the consumer.. NOT for yourself. Banks don’t exactly have a stellar reputation these days.
  • Banks also rightly fear that Debit will move from $0.21 to $0.05 or even $0.03.. making debit the equivalent of a quasi real time ACH system. How can you incent increased use of debit today?

I have a few others that I’m not going to share.. but we have got to stop falling on the same sword over and over again.  Banks are NOT the center of commerce, just as my ISP or MNO is not the reason I shop at Amazon.

Investors.. I’m not saying to short V/MA.. I see nothing to dent their global growth.. but in US/EU.. we will see their revenue drop substantially in 5 yrs.

My predictions

  • Visa/MA will create a rule that no one can wrap their card in a token but them… after all a card is really a token for an account number in the first place. Bank token efforts will die in next 12 months.. unless they can force a strategic change… or they make a move toward a 3 party network like discover.
  • Visa/MA will start off getting feedback from all participants.. but banks will win on their rules like they always do.  Merchants will resist efforts unless carrots are substantial (card present and fraud liability shift). If issuers are NOT on board merchants know (from VBV/MSC experience) that issuers will just tweak the decline rates to make for a terrible customer experience. In the end issuers have control over how any new scheme works for its consumers.. they have an unlimited ability to frustrate Visa’s rules… or leverage networks against each other.
  • Take a look at how long EMV, NFC, … have taken. I would make the case that EMV only succeeded because of regulatory pressure.  I see no impetus for change… no business case for either merchant or consumer.  PCI costs and Fraud are already managed…
  • Mobile successes will work around today’s plastic.. This is the beauty of Square..
  • Merchants have reached beyond the tipping point of collaboration on common payment services. It will happen… and there will be implications to V/MA volume (in 5 years)
  • There is only one entity that has the POWER to change consumer behavior on mobile: Apple. It took them over 20 years to earn consumer trust through their maniacal focus on quality and consumer experience. If Apple makes a move in mobile payments.. we should all “think different”
  • Merchant friendly solutions and big data.. are red hot areas. My favorite case study here is a little restaurant marketing company (Fishbowl).. will write a blog on them this month.

Money 2020

10 Oct

Great Conference! In fact I would vote it the best networking conference I have ever attended. Kudos to Anil, Jonathan and the rest of the Money2020 team.. !

I’m backlogged and jet lagged but had to get a few thoughts out.


I was fortunate to have lunch with Dekkers, though I can’t comment on anything relating to product, I will certainly comment on what I think is most surprising. Dekkers related that the degree professionalism and warmth of welcome has surpassed anything he has ever experienced in his career. It is NOT a herd of cats.. ! It is also not just a bunch of  interchange focused treasury guys.

Retailers are sick and tired of being handed rules by people that have no understanding of their business. They are competitors.. just as different as the Yankees and Red Sox… but they do agree on common rules .. and are determined to set them within their own “MCX” league.


My panelist were great.. the content and answers were predictable.. hence the session was a little dry.  What is clear?

Banks want us all to believe that they support V/MA/Amex token efforts.. and this is all about security. I can assure you this story is complete BUNK!  At least from a business strategy perspective.    Card CEOs are furious at the thought of ANY ENTITY delivering value on top of their cards (see don’t wrap me):  Cardspring, Visa, MA, Retailers, Google, PAYPAL. There is an all out war to stop them.. the war is about DATA AND CONTROL and ESTABLISHING CREDIT as the primary mobile payment product.TCH Scheme

Consumers prefer debit for most POS transaction 8:1 (in Grocery).. but credit usage dominates eCommerce due to the better protections available to consumer (Reg Z) and reluctance to share debit card information online. Logically TOKENS should first extend to DEBIT in order to address these issues and ensure debit account security. Whether from action or inaction, most banks WANT to extend consumer UNCERTAINTY over eCommerce debit use into mobile.. CAN YOU BELIEVE THAT? Of course they would recast this statement “we want to deliver value to consumers [on credit] and ensure consumers are protected on mobile [using credit].. and we are making investments [in credit] to make this happen”.

Banks are investing over $1.5B (collectively) in data, offers and new ways to add value to CREDIT CARDS. However Banks don’t give a hoot about Debit (except BAC and CUs), the rest want to establish credit as the PRIMARY payment mechanism (in mobile POS payments). Their token moves are focused on protecting WHO CAN ADD VALUE TO CARDS ..  Make no mistake, token efforts are focused on protecting CARD BRANDS and the VALUE they deliver, with safety/security a distant second. Supporting Data:

  • Credit only in ISIS
  • No EMV
  • Bank investment in Data/CLOs
  • Bank investment in Tokens
  • Lack of investment/strategy in Debit
  • …etc

These credit focused banks know they can’t move as fast as Google, Square, PayPal.. hence they must stop them from adding value to cards. THIS IS THE PURPOSE OF TOKENS TODAY. Banks are seeking to create a new DATA Network that bypasses Visa/MA to deliver this value… Tokens are just part of it.

We all know this to be the case.. Bank preference for CREDIT the elephant in the room.. it’s the reason ISIS switched from Discover/Barclay card.. it’s the driver behind tokenization by an entity (TCH) that has never touched a credit card in their life. Along these lines, Jim McCarty did a great job of articulating Visa’s Value: [it’s not just about transactions, but a BUSINESS MODEL to drive revenue among network participants].  Credit drives MUCH MORE value to Banks:$0.03-0.12 /tran vs 2%+ of the SALE!

I told the bank head of the TCH initiative  “start with debit and everyone will jump on board … DEBIT FIRST is the only thing you can do to rebuild trust with retailers.. and you can do it without support of V/MA”  his answer  “what if we do both”?

My message to merchants, wallets, acquirers, mobile operators, … do nothing on tokens unless debit IS FIRST. It is how consumers pay at the POS today..  Banks are NOT doing the heavy lifting on mobile payments.. they are NOT the center of Commerce but a supporting actor.  We will never move this ball forward unless we create value to consumer and merchant.. we CANNOT operate in a model where only banks benefit and control the rules.

My view of MCX’s objective is clear and simple.. enable retailers to deliver value in a debit like model. Banks are not making investment here.. so we must find a way around them.

V/MA/AMEX Tokens

They have ALL the Carrots and ALL the control of existing rules on existing cards.. I see no way around their leadership.  The banks are very upset …

The network opportunity is to involve all commerce parties in rules construction.. a retailer said it best “Visa and Mastercard DO things to me.. they never talk to me.. they direct me.. the never listen.. they mandate… “  (see Network Tokens). Also see my blog outlining the different token strategies.

Money 2020: Tokens and Networks

Short post that I’ll update later in the week. I’ll be leading a panel at Money2020 on Tokenization, Wed Oct 9th 1:20 PST in Vegas. Joining the panel are James Anderson, Matt Dill, Dickson Chu, and Dave Fortney. Would love to have a retailer on.. and working on that still.


Did anyone else have their mother say: “Just because you CAN doesn’t mean you Should“.  My Mom’s advice may be the most appropriate way to sum up the token “mess”.  As I related in Payment Tokenzation and Business Implications of Tokens why on earth would any merchant or wallet provider want to give up Cards on File (COF) for Tokens?  The ONLY token success stories are Plastic at POS w/  a merchant friendly value proposition: Reduce PCI Compliance. For more info, see the 2011 Javelin report on key POS Token players, also see MerchantLink’s  great perspective here in their blog.

Almost every entity below has some sort of token scheme planned. Their primary focus is on “CONTROL” not value. Can you imagine if the internet worked this way? Each site had a different token scheme, requiring you to log on to your Computer, ISP, Search Engine, Site you were visiting, Secure Application, … etc.    Who is trusted by whom? who sets security standards for what? (See blog Who do you Trust?)

Perhaps the best question to ask of parties is: WHO OWNS THE CUSTOMER? Retailer? Apple? Visa? Chase? Consumer is not owned?

token mess

I’m fortunate to work with both banks, merchants and wallets… my views are not necessarily accurate, but they are informed and can be best summarized: no one is listening to anyone else. HUNDREDS of MILLIONS have been spent here.. please stop the madness.. CEOs please have your teams solve a REAL problem first.

Almost universally, new token schemes are designed to benefit only one party. Let me take The Clearing House Secure Cloud token scheme as an example (see my Blog here).

TCH Tokens


  • Physical POS Payments


  • An early form of this is in patent app here
  • Wallet provider exchanges cards on file for TCH token
  • Form A (TCH Pilot)
    • Token is presented to Merchant at POS.
    • POS forwards token to Merchant processor (like Elevon)
    • Elevon translates token into card through TCH
    • Elevon then routes transaction as normal card

Other forms

  • Form B – Wallet Translation
    • Token is presented to Trust Authority by wallet service (note phone data connectivity required at POS… a MAJOR hurdle as companies like Padient discovered)
    • Wallet obtains new temporary card number
    • Temporary card number presented to merchant
    • Processed as normal
  • Form C (C for Chase with their unique VisaNet deal)
    • Token is card number
    • If Merchant is a CMS merchant, Card routes through JPM’s version of Visa net
    • Unique capabilities
  • Form G (G for Google)
    • Token is a card number – Issuer is google
    • Merchant runs transaction as normal
    • Google acts as issuer receives authorization request and routes to selected card
    • After receiving authorization from funding card, google authorizes transaction
    • All works beautifully today.. but my friends at Mastercard pulled the rug out from under them after issuer complaints. Issuers make all of the interchange they did before, but don’t like being wrapped. They also don’t like the data leakage and the fact that this impairs their ability to offer unique services (10% off at Kinkos).
    • Note: this scheme has a value proposition for everyone.. and banks still don’t like it… Google looses money on every transaction.

Now imagine you are a wallet provider… Google is a good example since they are now on all Android and IOS phones…. TCH tells Wallet Service: give me your cards on file and I’ll give you a token…. Wallet Service asks for business case:

  • Fraud? Well given the poor adoption of mobile POS payments there is no fraud problem right now
  • PCI compliance? Already made that investment.. not a problem
  • Cards on File? I still need those because of Google Play and digital goods, Tokens are useless here
  • Banks auto enrolling all of their customers to use my wallet? Well that would be nice, but banks can’t commit to that.
  • Card present rate discounts (maybe in the future with no commitment)
  • Liability shift? yes, we think we can do that.
  • Complete dependence on a bank service with poorly defined rules for every transaction… yep
  • Ability for banks to choose customer’s payment product whenever they want (ex Debit to Credit)? Yep..
  • Broken customer experience… yep
  • Single channel solution only (POS) with a remaining need to keep COF for eCommerce/Google Play? Yep
  • Get to see transaction data…? No way.. you don’t get to see this anymore

Token Success in Mobile

As described above, Plastic Token providers like MerchantLink are successful because they deliver value to the merchant. There are mobile token successes, most notably Starbucks … soon to be Square (see Interpreting the Square-Starbucks Deal). Most of us use the starbucks mobile app to pay for our coffee.. it is a token for the payment instrument behind it. Why is Starbucks successful? Value to Starbucks: Loyalty, customer insight, … Value to consumer: improved commerce experience. Notice that I did not talk about banks or mobile operators.. all other intermediaries need to be in the background (ie white label).. they have no business injecting themselves in Starbucks customer experience. People don’t go to Starbucks because of their debit card brands.. they go there for coffee.  Wallet providers want to enable a generic platform for 1000s of Starbucks like experiences.. card companies want to stop them.

Something has to Change

Visa rates

Banks don’t orchestrate commerce… they are a dumb pipe payment service that cost far more than the value they provide. The greater they work to control the existing pipes, the greater the business case is for going around them, or regulating them into submission.  Retailers are fine with allowing them to offer open loop credit, but not forcing them to accept fees for credit acceptance. If Credit cards add value then drop the accept all cards rule.

From a network perspective the proprietary linkages are obvious indicators that a massive change will occur toward standardization, least cost routing and dumb pipes. My bet is that a new AUTHENTICATION provider (like ?Apple?) will be the tipping point where we begin to see substantial change. Payments work today.. but the costs of payments are primarily borne by merchants (particularly small ones). The bank that can construct a merchant friendly value proposition will win and have a significant lead on peers. My bet is that Amex is best suited to execute here.

G2 This Week

  • Paypal set to by Braintree/Venmo
  • Paul Gallant takes role as CEO of Verifone, was head of Bank/TCH token consortium and head of new “Emerging Payments”  at Citi. Talk about a projects.. good luck Paul.
  • Facebook enables autofill with a portfolio of providers (Braintree/Venmo, Stripe, Paypal). Paypal seems to be a partnership afterthought. General theme: if consumer has cards in your wallet, we will ask you for them to autofill the merchant. I love this approach, but don’t quite see how wallets will make any money here… merchants are not changing their processors. Winner is consumers and Facebook.
  • Google wallet off NFC only and on IOS. See google blog.
  • Square is in the midst of a capital raise. Rumor among institutional investors is that it is a net down round … and includes restructuring of existing investors.
  • Apple’s new phone and OS.. See Bluetooth Low Energy/Beacons What does this Mean?


Not on my Rails

We now see network resistance “Not on my rails”. Why on earth would Visa or MA want to let a Token ride on their rails? Perhaps the best example of “Rail” ownership is First Data’s refusal to support routing and processing of any Paypal/Discover BINs

In last year’s post “Don’t wrap me“, I described how issuers were responding to having their cards “wrapped” by Digital wallets and new Plastic aggregators (Serve and Paypal). Examples:


  1. Paypal’s plastic. MA established a Staged Digital Wallet fee of 35bps, when its card brand was not used at the POS, but was the funding instrument for the transaction.  Amex and Visa also pushed back, although I don’t have details on rule changes here, they made clear that they wanted their brand at the POS.
  2. Serve. Hit by similar issues above,
  3. Google Wallet/Plastic. Visa reportedly issued a cease and desist to Google at the behest of Chase (See NFC Times)

All of these wallets (Virtual, NFC, Cloud, …) led issuers to wonder “what card is top of wallet”?.. and how does a customer select my plastic. Issuers have been (to date) the drivers of rule changes and resistance. They seem much more concerned about one physical plastic card wrapping them (ie Serve and Paypal) than a virtual wallet, but they are also very concerned about data (see blog). Letting a new intermediary see transaction data (and add offers/services on top of them). In other words “DON’T WRAP ME” (see blog Paypal at POS).

Issuers subsequently got together and developed the concept of tokens (see Business Implications of Tokens). The summary: IF issuers had the opportunity to give the customer an account number in a digital wallet. Why would it be a Mastercard, or a visa card number? They are thus working on a system for distributing 16 digit tokens which they own and control (see Secure Cloud PR from TCH).

We now see network resistance “Not on my rails”. Why on earth would Visa or MA want to let a Token ride on their rails? Perhaps the best example of “Rail” ownership is First Data’s refusal to support routing and processing of any Paypal/Discover BINs.  This means that every new “Home Depot” or “Jamba Juice” Paypal signs up must be serviced by a supporting processor (like Vantive).  Making your merchants switch processors in order to accept a more expensive payment instrument (240bps compared to debit pricing of $0.07-0.12) would seem to be a difficult sale. Quite frankly I didn’t see the weakness of Discover’s 3 party network until now.. it only acquires directly for top 100.. and is dependent on many other acquirers. Amex does not have this problem… paypal home depot

My guess is that Visa and MA will also throw up walls soon, but not sense in doing it now.. let the banks work feverishly to build a token machine.. only to find out that the tokens don’t fit in any “slots”.  The only bank globally to have worked all this out is JPMC with its new Visa deal, which bifurcates VisaNet to a new Chase version. Of course the other issuers will eventually ask for same… but these are 5 yr cycles.. All of this means V and MA will continue to rule the mainstream, and that any new competitor must have network control, issuer control and merchant control.

End Game

These rule and ownership battles make my head spin. Investing in this space is not for the faint of heart.  Perhaps the best way to really “change” payments is to first ride existing rails and establish a fantastic consumer/merchant value proposition .. THEN move that solution to a different network… or better yet enable a switch where payments are cleared on a least cost routing basis (like switching IP traffic).

Hopefully the Venture Community is aware of these pitched control battles: Network, wrapping, secure element, trust, card present, tokenization, … But information certainly does not flow well here. Just this week I learned of a start up about to launch a new P2P service built around Visa Money Transfer … allowing a user to “instantly” move money to another account.  Unfortunately they didn’t read my 2.5 yr old VMT Blog, or ensure it would work at ALL of the top 5 retail banks.

… I don’t have time to lay out the scenarios here.. but I like investment thesis that recognize DEBIT as equivalent to ACH…new rules may bring cost down from $0.21 to $0.07… Although PIN Debit and Signature debit both cost the same),  PIN debit is not routed through Visa/MA and operates under separate rules. For example, I love the way First Data and Cardspring are leveraging STAR for non payment data.. without any issuer participation. a VERY good model. Thus I see PIN debit as a ripe area for both for merchant led payment products, and for new bank products.

Issuers are just fuming over the fact that AMEX is completely untouched by Durbin and EU SEPA pricing.  Which is why I see Wells Fargo’s move to Amex as “possibly” strategic… is wells switching railroads? with a first “test” of affluent?.

Payments Part of OS: What does that mean?

Payments in the OS is perhaps best described as the intersection of the 2 major disruptive forces at work: Connectivity of Consumer and Merchant during shopping and purchase, Authentication. As I outlined in Cloud Wallet, it makes little sense to store anything in the mobile phone. If everything is connected, I should just need to authenticate my identity and payments, promotions, reminders, receipts, … everything else could happen in the background. If everything is connected, the nature of payment settlement risk changes (see credit push).

28 July 2013

Continuation of Friday’s Blog BIG Changes to NFC: Payments Part of the OS.

In 1996, I remember launching the first Client Server application for FirstUnion (Smalltalk, OS/2, Win 95).  I had left NASA just 2 yrs prior, and having a Sun Sparc, connected to Arpanet on my desk since 1987 had spoiled me..  The Win95/LAN environment was not designed for engineering… it was a poorly assembled toy for business. It didn’t have native TCP/IP in the OS, actually Microsoft itself didn’t even offer the protocol, I had to install a third party vendor stack on over 2000 PCs around the bank.  Hard to believe this was just 15 yrs ago.. MSFT seems to have embraced a few changes since then, and what was “outside” its platform is now part of it.

The same platform “integration dynamic” can be seen in: video boards, laptops (remember the external slots), mobile phones (Cameras, Bluetooth, Wifi,…), and now NFC from a dedicated NXP chipset to Integrated chipset (ex Broadcom BCM43341, plus firmware).  Most of my readers are not hardware people, so in layman’s terms.. dedicated hardware and software are merging into integrated “platform”.  Mobile phones are thus evolving. from telecom, to Toy, to entertainment, to COMMERCE CAPABLE, connected, devices beyond the browser.  For those interested in reading further, one of my top 10 business books is PLATFORM LEADERSHIP, a tremendous read.

The title of the book above is a great transition into the meat of this blog: Platforms require leadership.  Apple needs no lessons here, as they view stewardship of hardware, design, OS, app store, experience as core to their company. The “distributed” innovation model is akin to WINTEL, where generic industry standards were set, and again we see a core group (this time Google/Samsung/MOT) leading definition of a new platform, against a vision of MNOs (who customize and subsidize Android).  As hardware becomes a commodity, differentiation shifts to orchestration and network applications, this requires a central “orchestrator”.   MSFT itself shifted into this role in PCs, but Orchestration success is dependent on the number of nodes you touch.. and MSFTs nodes are still PCs, thereby allowing Google and Apple to more rapidly gain on their already advantageous positions.   

One way of look at the chaos in payments is to see existing players attempt to create an orchestration role across platforms. Google did this in PC search in 02. Payment Clusters attempt to leverage old nodes (Cards) and current market position to form a new orchestration role (or platform) where others will coalesce (ex: See Network War). Examples: Telecom and ISIS, Visa, Amex, US Banks, Retailers and MCX, Google, Apple, Qualcomm (old),  (links for each of my blogs discussing).  For example, existing beneficiaries of current interchange model are working to retain their 2% tax on commerce (in consumer credit). Among Payment Players, Amex is furthest along here, as they can uniquely help merchants know who their customers are … and market to them.  Visa is working to build services around cards to increase “stickiness” and barriers to entry/change, Banks and retailers are working toward the same goals. All participants realizing that payments in and of itself is a rather ubiquitous service with many different options. The central problem for all of these initiatives: a SUCCESSFUL PLATFORM must deliver value to ALL participants. For Payments, the problem to be solved is COMMERCE.. a rather long process of which payments is only the last, easiest part.  Network Clusters

Focusing on payments, the NFC “platform” provided a way for a telecom/TSM to “control” a user’s data, and a radio on the phone. NFC is great “walled garden” strategy for the MNOs.. but why would anyone want to support an MNO holding the “Key” to mobile commerce? MNOs created a great technical solution without a supporting business model (see Carriers as Dumb Pipes). Mobile is uniquely positioned as the point of confluence between the virtual and physical world, a platform of untapped value to date.

Commerce Services

As I stated Friday, Mobile Platforms (Apple/Google/?MSFT?) recognize the key to margin in an undifferentiated hardware world is in Orchestration/Services. Platforms can’t afford to give the keys to this Platform away to anyone, and are thus integrating all commerce functions into the platform.  Take for instance the service of AUTHENTICATION, this function is critical to both physical world commerce and virtual world (cloud access, pictures, music, online services). Commerce services from advertising, to in-store marketing, and obviously to payment. Thus Google/Apple’s M&A and R&D activity in the space.  Diagram_android

Many of my own “bets” are locked up in the “other services bucket” within the platform, and therefore I’m not able to comment much further here. But as an example, think of the primary categories: infrastructure HW/OS (legacy telecom, embedded SIM/HW mgmt, authentication, location, connection management, secure storage, data management, authorization…), Platform Services/APIs (Administration, Service provisioning, data access, hardware access, service access, location, preferences, payment, …), Core Platform Apps (ie Passbook, Maps, Wallet, …), 3rd Party Apps,

Example Future View – Transit

Today, the top success stories in Transit are Octopus/HK, Oyster/UK, EZ-Link/SG, and Suica/JP. All have a version of mifare compliant interface in transit station gates, with a dedicated card (Japan/Suica  can do mobile top up/reload).  Today all are experimenting with NFC/TSM model. In future “platform” all will be able to create an app on phone to access radio capable of MiFare communication, simplifying the creating and testing process without a hardware NFC dependency or TSM.  A GREATLY simplified development process. Further, given that Platform’s like Apple have existing payment instruments stored, funds could be either transferred into a dedicated stored value account prior to ticket purchase, or authorized on the underlying payment instrument at time of purchase. NFC solves NONE of these funding problems.. it only solves a single secure “presentment” problem.

Example: Store Checkin

Today with Square, Foursquare and others you “check in” to a business, either though GPS, wi-fi or QR code scan.  Similarly Target, Macy’s and other retailers have developed custom apps to enhance in store experience. Its hard to imagine loading an app for every retailer you deal with, or even using the app for any one of them. With future platform services, consumers could publish rules for merchants and store applications leverage a broader set of “platform” services which may include customer insight.  When you walk into any store, a future retail application would give you relevant information depending on your preferences. Platforms will support store branding and communication, enabling a much broader reach (no app install) and capability (insight, payment, ). In this future, the “Platform” is taking on an orchestration role independent of the store you are in. The platform is a working on your behalf, but also transparently supporting retailer objectives. Today, we see Target mobile delivering a price comparison application that doesn’t compare prices. Is there any wonder that usage suffers.. ?

Not Mobile Payments…  CLOUD PAYMENTS

Payments in the OS is perhaps best described as the intersection of 2 major disruptive forces: Connectivity of Consumer and Merchant during shopping and purchase, Authentication. As I outlined in Cloud Wallet, it makes little sense to store anything in the mobile phone. If everything is connected, I should just need to authenticate my identity, allowing requestors cloud access to: payments, promotions, reminders, receipts, … everything else could happen in the background. If everything is connected, the nature of payment settlement risk changes (see credit push).  iPhone-6-Fingerprint-Detection-And-Apple-Release-Date-Rumors

Payments in the OS presents a disruptive opportunity for banks. If there is going to be a PAN (“number”) in the iCloud or iOS why on earth would Banks want to make it a Visa or Mastercard? This is yet another reason they are working on Tokens.. to ensure control of the process.  Problem is that for a new “token” scheme to gain adoption, is must deliver increased benefit to: merchant, consumer AND to the Platform. Bank token advocates will say that the benefit of mobile payment is that the consumer would never need to see the PAN, and thus Consumers do not need to be incented.  Even if this is the case, they must still incent merchant and Platform, particularly when Apple ALREADY HAS the PAN.  In their tokenization efforts, Banks are attempting to resurrect the TSM role, to justify their payments revenue.

However, my view is that IF authentication is owned by the platform, there is very little that banks can do to retain their fee. Just imagine a world where the retailer could proactively offer store credit based upon an individual’s data and behavior (accessed through platform). Where open loop cards displaced store credit 25 yrs ago, the forces could be easily reversed, enabling a new breed of consumer credit companies which support merchants. Banks are working to add value to their existing 16% interest premium credit product which costs merchants 250bps. Merchants may be well positioned to capture all of this revenue, if they had the data (and platform) to make this a seamless experience.  My personal bet is that we will first see a new credit card product which will offer a greatly enhanced value proposition to both consumer and merchant in exchange for consumer data sharing. This product would completely disrupt existing cards.

POS –> CRM and Digital Marketing

We can also see the new opportunities for Payment Enabled CRM when a platform can work with retailers. Leaders here are Square, Levelup and Fishbowl.   The “platform” works before the checkout.. here the key is consumer insight for targeting and relevance. Consumers will only pay attention to “items” which deliver value.

Closing Thoughts – Commerce a very BIG and Broken Market

Commerce is a very, very big market (see $1.46T non-grocery US retail sales, 2013 Deloitte Global Retail Study). US eCommerce sales last quarter were $61.2B, or an annualized $245B, making eCommerce just 17% of non-grocery and 5.5% of total Retail Sales (see US DOC).  Digital Ad Spend is over $100B globally, with the US taking about 40% of that. Google alone accounts for over 40% (eMarkter) and over 50% of mobile (eMarketer), with self reported revenue of $14.1B for 2Q13, (US 45% of Rev).digital ad spend

Looking at US numbers alone, there is ~$750B in total marketing spend (see Chart). Why is digital marketing only 5% of total non grocery sales? Note that this figure is off by 2x as a very large portion of online spend is by service providers (banks, tree cutting, accounting, ..) and restaurants. These 2 categories are not part of Retail sales.

My view on why more marketing spend is not digital:

  • There is no CROSS CHANNEL marketing.  Online ads are most effective when there is an online purchase (or at least most effectively tracked).  Advertisers typically don’t advertise online when products aren’t sold online.
  • Amazon/eBay and other large companies have locked up a substantial portion of eCommerce.
  • Digital advertising is fundamentally BROKEN (when was the last time you clicked on a banner ad).
  • Madison Ave is bypassed as most companies go direct, or use specialized agencies. “Brand Advertising” is big and sticky… big corps like to spend about what they did the year before.. independent of what value it is providing to the organization


US Marketing Spend



CEO View – Battle of the Cloud Part 5

There is a payment cluster war going on right now and it is the subject in the C Suite in Banks and the Payment industry. The battle is happening at every level. I’ll be leading a panel at Money 2020 which addresses several of these items, with participation from V/MA… should be interesting. Here are a few updates.

22 July 2013

This post is a continuation/update to my post back in March Network War – Battle of the Cloud Part 4. Sorry for typos.

There is a payment war going on right now and it is the subject of C Suite strategy talks. The battle is happening at every level. I’ll be leading a panel at Money 2020 which addresses several of these items, with participation from V/MA… should be interesting. Here are a few updates.

Network Clusters


  • $8B Revenue Impact. I apologize to my EU readers for my constant US focus. Let me break the mold now to emphasize the earth shaking changes going on in the EU (See today’s NYT blog, and today’s WSJ). Going from 250bps + cross border fees to 30 bps will be tremendous, and may set a precedent for the US litigation between Visa/MA and top retailers.
  • EU provides a glimpse at what a world of payment “dumb pipes”  and least cost routing looks like (see Blog Payments Innovation in Europe).  Canada and Australia also follow these lines in debit (see Blog). Also see my favorite case study in Europe  Sofort – ECB analysis, and Push Payments.
  • Networks, and their members are reacting to regulation and positioning themselves (individually) to “push” their respective vision of innovation in order to protect their brand and network (see Visa Money Transfer, and Visa Portfolio Manager). I don’t mean to limit this to just Visa and Mastercard (see picture, and blog).
  • New networks are forming (see Blog on Clusters)
  • Large issuers like JPM have successfully forced Visa to break/segment its Visa net, and run under unique JPM/CMS rules with new capabilities. Visa’s CEO comments to investors: “rules must be consistent with Visa”..  My view is that this is a major crack in Visa’s network ownership (see Golden Goose on the Menu).payments pyramid
  • From a wallet perspective the rules on “wrapping” are killing much innovation (see don’t wrap me). Top issuers are actively working to inhibit wrapping of their payment products (ex Mastercard’s staged digital wallet fee of 35bps on PREVIOUS years volume of over $50M..  which only impacts paypal).  Similarly Amex and Visa are working to ensure their cards are not wrapped.
  • Rules are being issued and ignored, from Visa Money Transfer to EMV (see below). Banks tell Visa “do you want me to write the waiver or will you send it over… as we are not going to do this”.. which is one reason JPM just created its own unique rule set. Similarly US merchants face a liability shift (on to them) if they do not accept EMV cards (chip and pin). All are playing a game of chicken as no one wants to re-issue plastic. Visa has created a new type of EMV, chip and SIGNATURE, which makes absolutely no sense at all, but helps them keep customers away from PIN (which Visa despises, but everyone else loves).
  • Cross boarder fees (see blog). As 20%-30% of network revenue moves to these fees, it is becoming a substantail pain point for global banks like Citi, HSBC, Barclays, .. A big topic I can’t fully cover here


  • US Banks are spending 90% of their time in innovation around Credit Cards. Exception is Bank of America and to some extent my old team at Wells. In either case the banks have hit a wall, and recognize that innovation can’t happen in a 4 party network. American Express is 5 years ahead of them and they can’t catch up.. they must change.
  • The NATURE of card completion is changing in both credit and debit. Traditional Payment revenue is being REGULATED AWAY as payments become “dumb pipes”. The goal most have recognized is that the real value to be unlocked is in commerce data, particularly Payment Enabled CRM (see blog). Examples of just how focused this effort is: 22 Banks working in Secure Cloud, ~$1B in Google Wallet Investment,  ~$500M in ISIS investment,  JPM just hired Len Laufler (former CEO of Argus Data) to be the new CEO of Data in Chase.
  • Banks thus need to build a network which can accommodate both payments and “other data” which they own and control (like Amex)… hence “tokenization” (see Blog, and TCH Announcement).
  • Tokenization is currently going nowhere.. but it is “impacting” the industry and many start ups as banks and networks position themselves (see JPM/Visa Blog, Start up implications).
  •  Visa and MA also have their own secret token efforts. Merchants have a much better short term win in this approach with a liability shift and reduction in interchange, but they also know from past experience that if the issuers are not on board, there will be a much broader business impact in declines (see VBV post, and Visa’s Token Strategy).
  • Retailers are attacking from below. Bottom 40% of mass market customers are not profitable for banks (Durbin related items ranging from NSF fee changes, to debit interchange) . These customers are profitable for retailers like Walmart, Tesco, Target, .. (see Blog).
  • Telcos have a chance to own a new payments network, as they have both physical distribution, customer relationship, connectivity and device.. but they are focused on controlling a handset in a walled garden strategy. To succeed they must refocus efforts on COMMERCE, which means partnering with all participants to construct a value proposition (see blog).


  • The first hurdle of any “New” network is to get the merchants and acquirers on board.
    1. This is NOT going well for companies like Paypal … hence the complete failure of their DFS partnership (see blog). Specifically, there is at least one major acquirer which is refusing to route traffic on any of these new Discover/Paypal BINs, as well as at least 2 major retailers. Although Discover is a 3 party network, they only acquire directly for their top 100 merchants. Therefore Paypal must “incent” and negotiate with every single other acquirer AND merchant.
    2. Chase is working to build a new CMS acceptance brand, which will be different from Visa.
    3. Retailers are building their own network (MCX), and have hired Dekkers Davidson, a tremendous executive, to lead it.
  • Roughly 60% of acquiring profits come from bottom 30% of merchants. There are small independent merchants that are paying over 5% in acceptance fees thanks to the poor transparency within the ISO sales process. Companies like Levelup and Square are changing this (2.75% flat, or free if you commit to marketing). I’ve eaten my shoe on Square, as I never fully understood how badly the ISOs were treating small independent retailers. Their solution solves a short term pain point and also improves customer experience.
  • Acquirers are making POSITIVE headway in merchant friendly services (see blog), particularly helping merchants “merge” consumer data to gain new insights for loyalty and incentives. They are challenged to quickly ramp up this services revenue, in order to overcome the new aggregators acting on the side of small independents (ie Square).

POS Acceptance

  • Has anyone seen the graph of Verifone’s stock? Market cap of under $2B. A hardware company that could not adapt to a software world. At the bottom end they are being eaten by free Roam/Square dongles at the top end are facing integrated POS Terminals from IBM/Toshiba and Micros. Dedicated payment terminal are commodities, and thus suffer from commodity like competition. Grand hopes for re-terminalization with EMV and NFC are not happening (see blog). New dongles and mobile acceptance infrastructure is developing even in the complex EMV space (see )stand
  • POS strategy centers around data as well. Google’s Zave purchase has given them opportunity to help retailers focus advertising and eliminate paper coupons independent of payment network. Other leaders like Fishbowl and Open Table in Restaurants have integrated into the POS. The BIG idea here is to integrate the POS to the cloud and Google is now 5-7 yrs ahead of everyone (2 yrs engineering, 2 yrs IBM Certification, 3 yrs to sell and test w/ retailers, +++ yrs in content/ads/targeting).
  • Square’s new Stand is an integrated payment, POS, inventory management, CRM, marketing and loyalty system.. all on an iPad.
  • Payment Terminal “software”. Verifone’s Verix architecture and equivalent schemes have failed. Idea was to allow 3rd party developers to create “apps” for a non-secure space in the payment terminal. For example, 2 years ago, Google’s first version of wallet leveraged NFC to communicate “coupons” to the payment terminal, which then relayed to the POS.  Problems are obvious..  A grocer like Safeway has 2,000 person development team around their IBM 4690 POS, guess how many engineers support the payment terminal? NONE. They don’t want apps on a PCI compliant payment terminal.. it goes beyond question of who will manage them. Also note that payment terminal interaction with the POS is simple today (payment request and authorization).  There is also significant development work to RECEIVE coupons from a PAYMENT Terminal.


  • This section could fill a book, so I will make this brief. All network participants are working to deliver services. The 4 party networks cannot innovate. For example, take a look at my very first blog, topic was Googlization of FS. Visa built an offers services with Monitise and Clairmail 3-4 yrs ago, but the large issuers refused to use it, preferring to innovate themselves. Another example is, a topic which makes Card CEOs red faced. These points exemplify the dynamic w/ V/MA and the large issuers.. Issuers want to dumb down the pipes and limit services, V/MA want to grow them and relationships with consumers.
  • Current state is myopia.. everyone is working as if they uniquely own the customer. Banks and Card Linked offers are top example. When you go into a bank branch, do you want to buy socks? dog food? Of course not! Banks have great data but they are in no position to run an advertising campaign. I’ve run 2 of the largest online banks in the world (Citi and Wachovia) and can tell you retail customers spend about 90 seconds with me, they log on check their balance make a payment and leave. They don’t stay around to click on coupons. Commerce, and retail, is in the midst of a fundamental restructuring as online and off line worlds converge in new ways (beyond show rooming).
  • Payments are just a small part of the overall commerce value chain, yet they have by far the highest cost. The proposed 30bps EU fee cap may occur in other markets, thus banks are working feverously to build services to replace this revenue (primarily around credit cards), with CLOs largely failing to deliver value (see blog). Yesterday we say Ally Bank discontinue Card offers, following Amex last week.

Tokens: Any Volunteers?

19 June 2013

I’ll be leading a panel on Tokens at Money 2020 so thought I would spend a little prep time this week.

V, MA, TCH token initiatives all share one very big problem: no volunteers. Visa is the furthest along organizationally.. they tried tokens before (2010 Token best practices), technically there was nothing wrong with Visa’s previous efforts. The primary problem was that network participants (POS, Card Reader, Gateway, Processor, Acquirer, .. ) were ill suited to transmit anything but a 16 digit PAN.  Now that we have 16 digit tokens (likely based upon ISO/IEC 7812 BIN ranges owned by individual banks), the network CAN forward them for resolution..  these tokens are not Visa, MA, or ACH numbers.. they are an identifying “key” to information (other cards).. which only the holder can determine. This is the heart of what I referred to in Directory Battle Part 1.

If you were a merchant and a vendor came to you with this proposition “give me all of your customer information, I will lock it up.. and give you one of my keys for you to access it”… would you do it? There are some possible business cases around fraud/data leakage liability…. but customer information is somewhat important to most businesses. Token value propositions are not much different.. give me all your stored cards and I’ll give you a token.  At least Visa and Mastercard have rules around PAN.. but what are the business rules around tokens? Think of the Amazon world where I select from a list of stored cards… does the customer have to consent to exchange of PAN for token? In instances where I have multiple bank accounts/cards. Will there be a token for each bank? for each card?  (Networks are prohibiting “non compliant” schemes today). How does customer select instrument (debit/credit) if multiple products are behind token.

I believe that if the consumer has given a merchant payment information, it is an asset that they should only part with if there is a significant value exchange (data, rates, …).  The idea that a merchant would willingly part with card data is just plain silly.. and hence the lack of pilot participants.

The only way I see this working is if banks “push” tokens into every wallet/retailer. Automatically enrolling them into Google, Amazon,, Apple, PAYPAL, … In this model consumers are permission banks to assist with “fast checkout”. In the NFC world this is akin to “provisioning” a card.

We are very far away from seeing tokens at the POS “work” in any business sense, as there are no clear business drivers (beyond giving banks greater control of payments). Banks are not solving a consumer problem, nor are they solving a merchant problem. It is a strategy to maintain control (rules, rates, liability, speed, clearing, network, …). There is also friction within competing networks as MasterCard and Visa do not want to be wrapped by a TCH token, nor vise-versa… As stated previously, in the eCommerce world V/MA could see substantial success if they replace VBV/MSC with this token approach, shift liability to banks and give discount CNP rates. Banks would have great trouble replicating this eCommerce approach because they are in a very poor position to influence eCommerce gateway/processors.

From my view the future of any Token must be driven by customer first. This is where the best opportunities exist for MNOs, and the Banks (physical distribution). I call this federated identity management. Enabling a way for your real world ID to be associated with your virtual accounts and IDs (see my blog on Apple –  Currently Apple, Google, Amazon and Square are leaders here… although there is a$5B opportunity for MNOs if they could put a team together with some focus.

My updated view on TCH token framework – Usage (“Wallet” transaction for JPM Visa Credit Example)

  1. Consumer presents Token (virtually or physically) held by consumer (or 3rd party)
  2. 16 digit “token” treated same as card (although not a V or MA PAN)
  3. Processor routes token to Bank Token Authority (TCH) in an ISO 8583 transaction
  4. TCH can resolve token directly (switch to network), or forward to participating bank for resolution (switch to network)
  5. JPM resolves token to Visa Credit, if on Merchant is CMS customer.. then on-us (No Visa Interchange). If non CMS, route through Visa.
  6. Authorization sent to Acquiring bank/Processor
  7. Authorization sent to both merchant payment terminal and to 3rd party wallet provider (?). Pilot prospects.. negotiate this one HARD
  8. POS settlement

Business Implications of Payment Tokens

US mobile payments will have a new “network”, a system to use tokens which are neither V or MA card numbers. Thus Banks need not route these transactions through either V or MA, but will be able to leverage same acceptance infrastructure. Virtual card numbers will be bank numbers that banks resolve. JPM’s is first to align w/ plastic, leveraging common authorization authentication and other services

21 Feb 2013 (pardon the typos as always)

US mobile payments will have a new “network”, a system to use tokens which are neither V or MA card numbers. Banks’ position is that the need not route these transactions through either V or MA (in order to leverage same acceptance infrastructure), whereas V/MA clearly say that an account can’t be both a network account and a XPAY account (see no wrapping).

The banks desire in 2011 is that Tokens will be bank numbers that banks resolve.  JPM’s is first to align w/ ChaseNet and ChasePay.  Banks are putting in place “controls” around ACH debit and card rules which will “encourage” token adoption.  Watch out payment start ups.. rough seas ahead. As I stated: Banks will WIN in payments.

In the US, merchants own liability for Card Not Present (CNP) fraud which aligns online merchants to the risk of using a payment instrument for a consumer they cannot physically verify (see VBV exception). However well an individual online merchant manages their own payment risk, their remains extraneous indirect risk to banks, as card data loss could result in: counterfeit plastic, identity theft, other first party fraud, …etc. Thus the fallibility of the current card “token” which relates Bank to Consumer relationship. Through this NEW token initiative, Banks are seeking to expand the account identifier by making it unique to: consumer, bank AND merchant.token

Today merchants receive an authorization for use of the card and behind the scenes Banks use very large sophisticated risk models (ex software HNC’s Falcon) to make authorization decisions. As eCommerce merchants are responsible for fraud, they perform their own risk management either directly or through payment specialists (Cybersource, PayPal, Amazon, Digital River, …etc). Banks have few problems approving online transactions.. as they bear none of the loss… and hence a game is played. Banks have little incentive to share their fraud data and merchants have little incentive to share theirs. Remember that within banking, margins are driven by the ability to manage risk and banks therefore incented to differentiate capability (not harmonize it). Which leads to other interesting dynamics (perhaps a topic for a later time).

At the Physical POS, the situation is different. Merchants bear little fraud and with EMV (Chip and PIN) the US will further reduce fraud where plastic is presented (if EMV in the US does happen). As I described in EMV Battle Impacts Mobile Payments, Retailers love EMV and are biased toward PIN and Debit. Retailers are continually looking for a way to reduce payment costs and influence consumers AWAY from Bank reward schemes.Payment-Gateways-growth

Mobile payments remain “green field”  and may be significantly disruptive at the POS. One of my favorite quotes around payments ” if you solve authentication.. everything else is just accounting”  (Ross Anderson @ KC Fed). The mobile device can provide a much richer set of information which to authenticate (vs a piece of plastic). Banks have invested billions in their card risk and authentication infrastructure. Mobile could render most of this investment moot, thus Banks are working to control and influence mobile payments at POS, particularly given NFC’s complete failure. Additionally, new payment providers like LevelUp, Google Wallet, MCX, Passbook, …etc all present large challenges to banks efforts to own the consumer relationship and payment choice at the POS (See MCX Blog).  Banks have some latitude to create incentives around mobile. For example is an MCX QR code backed by a Visa Debit card a CNP Visa transaction? Card Present? Or will MCX try to encourage consumers to back with DDA like the Target RedCard model?  Mobile payments are a key battle ground for many parties.. it is imperative to recognize that mobile payments are not just about payments.. but also about loyalty, relationship, data, influence, banking… etc.

In architecting incentives, banks have diminished ability to force V/MA to change acceptance rules. The same is true for retailers. Thus both are looking to create networks based on direct consumer accounts with account numbers (tokens) they can control. This is a very big statement.. if the banks can create a “token” which represents a credit account or a debit account.. they have “wrapped” Visa and MA (see blog Don’t Wrap Me). If successful, they could subsequently change networks anytime they wanted… or create their own. Why on earth would they want to route any debit transaction through V or MA if the token represented a debit card that represented a DDA? Or similarly doubtful: a token that represents a credit card which represents a credit account? (see  PayPal at the POS). Taking card number out of merchant (and consumer) possession, and replacing it with a token, enables banks enormous flexibility.

Yes my head is spinning too. I am implying that banks could leverage their entire acceptance and authorization infrastructure without routing anything through V or MA. No direct consumer involvement would be necessary in this token scheme since something like an MCX QR code could be mapped to multiple tokens in a single back end process. Banks are looking to make ACH changes as a defensive play to ensure that ACH rails are protected against funding a Retailer/3rd Party wallet directly (as PayPal, Target RedCard, Safeway Fastforward do today). This was my point in yesterday’s blog on ACH Debit.

Business Drivers

As I outlined this week in New ACH System in US, my view of Bank business drivers for Tokenization are:

  1. Stop the dissemination and storage of Card numbers, DDA RTN and Account Numbers
  2. Control the bank clearing network. Particularly third party senders and stopping the next paypal where consumer funds are directed to unknown destinations through aggregators.
  3. Own New Mobile POS Schemes to protect their risk investment
  4. Improve ACH clearing speed (new rules, new capabilities to manage risk). In a token model the differences between an ACH debit and a debit card will blend as banks leverage common infrastructure.
  5. Create new ACH based pricing scheme somewhere between debit ($0.21) and credit cards
  6. Regulatory, Financial Pandemic, AML controls (per  blog on HSBC)
  7. Take Visa and MA out of the debit game (yes this is a major story)
  8. Maintain risk models (see both sides of transaction)
  9. Control Retailer’s efforts to form a new payment network

What banks seem to be missing is that mobile payment is not just about payment (see Directory Battle Part 1). Payments SUPPORT commerce, Banks therefore do not operate from a position of control but rather of enablement. Most retailers recognize that Consumer access to credit has resulted in improved retail spending, however most would also say consumer addition to bank rewards has been detrimental to their margin.

Tokens for Mobile POS?

Why would any merchant or wallet provider choose to exchange consumer payment instrument(s) for token(s)?  Reduction in CNP rates, liability shift are significant. But the mobile device has many additional “identifiers” that far exceed what is available on a piece of plastic (IMEI, location, history, password, interaction for challenge). IMHO the bank business case for tokens must be built on CNP rates and Customer Choice. If Banks directly assist consumers provision their account into a mobile wallet, every wallet provider should support it. In other words the bank has done the work to integrate and “push” the customer’s choice into a given wallet from their online banking site (ex yesterday and SavetoAPI).

But this bank led provisioning does nothing for the millions of accounts that consumers have already provisioned themselves in: PayPal, Apple, Amazon, Google, Target, Safeway… All of these companies have worked to deliver consumer value and obtained a direct consumer relationship, which subsequently resulted in the consumer choosing to store payment information directly. I can’t imagine a scenario (or business case) for them to part with that asset, particularly prior to 100% acceptance of tokens by all merchants (online and offline).

Token Acceptance

The value of a bank issued token is completely dependent on: ACCEPTANCE, cost and Risk Mitigation. At the physical POS Retailers are firmly in control of acceptance, unless the tokens perfectly mimic existing card schemes. Banks will likely work to ensure that any non-tokenized payment (QR Code) will be treated as a CNP transaction with merchants bearing fraud responsibility. If tokens are in the format of a 16 digit account number than there will be very little change necessary to the payment terminal. However, the downside of using 16 digit account numbers is that it would not enable banks to firmly separate from V/MA bin routing (and network fees). It will certainly be interesting to see the plan here.

Retailers, Banks, Networks, Consortiums… are all at odds… all trying to own the consumer relationship and control a directory which they can resolve.Payment Value

In general I see the token initiative as a distraction for banks. They are far too focused on control and throwing sand in the gears of commerce. Commerce will find the path of least resistance in an open market.


My guess is that many Card CEOs are skeptical of all this network tokenization strategy. Banks card teams have tremendous assets in their consumer relationship, established consumer behavior, brand, network of acceptance, merchant white label relationships. Why not work to partner and extend today’s model in a way that benefits consumer and merchant? Example Payment enabled CRM.

This tokenization project’s ability to positively impact mobile payments and retailers may be like squeezing Jello… American Express can only be laughing to themselves. As US Card issuers are 5 years behind them in innovation  Amex is extending their lead as they endeavor to “pull their weight” by while helping retailers obtain new insights on their customers. This sounds like a much better idea than tokens.. probably one that investors will understand better as well.

My message to Bank CEOs: stop trying to lock in your market position and start trying to justify it through value.  Tokens will provide you more control, but it is significantly detrimental to your acceptance network (V/MA). You have brilliant payment executives.. there is true genius in the token design here, but it is completely myopic. If you had a cross functional team with experience in retail, advertising, data, processing, CRM you would realize that mobile will change the way consumers interact with their environment. Banks will NOT be the intermediary in every interaction. The barriers you are constructing will only further inhibit your ability to partner and take part in processes which add value.  Remember your customer is not yours exclusively, we also are customers of Google and WalMart and Verizon…. Banks have an OPPORTUNITY to orchestrate commerce IF they deliver VALUE.  Payment people design payment solutions to payment problems. Banks must redefine the problem and the opportunity.

The questions banks must answer (for a retailer): when was the last time you brought me a customer and helped me build my brand, and consumer relationship?

Another scenario Card CEOs should consider: if Payments become “dumb pipes” …. where retailers and non bank intermediaries can perform Least Cost Routing (LCR)… how do we compete? How strong is your customer relationship?  Why did the consumer choose you as the bank in the first place?