2015 End of Summer Payments Update

15 September 2015

Well kids are back in school and Europe is tan. 6 weeks left till Money 2020.. and I just completed our Series A here at Commerce Signals.. wow what a summer!!

This blog is a little bit more of an inventory of things going on.. mixed with some views and general rumblings.

EMV. Its going to happen in October and the big merchants are ready. Two top processors told me that small merchants are in big trouble, particularly as the issuers will be pushing back all fraud to non-EMV merchants VERY aggressively. Think of it this way. EMV does NOTHING to help the small merchant.. currently no business bares cost of fraud in card acceptance. In October merchants must change to accept EMV or they will have the risk of fraud on their business. ISOs to the rescue? This will be a great opportunity for Poynt, Square and other merchant friendly POS/Payment providers.

Acquirers. First Data is moving toward IPO. This is a very tough business.. but as I’ve said before my bets are around companies that can be merchant friendly.. Acquirers are the entity that own the merchant relationship in a 4 party network.. so it is theirs to lose. Nothing has really taken off (incrementally here), Clovr, Card Spring, First Data’s Palantir. Why?? Acquirers have largely been put into a pricing box at the top 500 merchants with a well defined service (not much room for incremental services), and have had their reputation impugned through the ISO channels at the low end (5-7% cost of acceptance). For any Acquiring CEO reading this blog.. my action for you today is to take a look at the invoice you send to a merchant. 2-4 pages of fees that are indecipherable.. When merchants don’t trust you they don’t buy more from you. This is why I would not invest in this space without a clear understanding of the disruption.

Private Label. Rumor is that both Amex and Paypal are looking at M&A here. Makes sense for Amex particularly given need for transaction volume, 3 party model and their state of the art infrastructure. Merchants love Amex customers.. and Amex does the best job in the industry of proving the value that they bring (justifying their hefty cost).

MCX. They are set with payment infrastructure from FIS and First Data. The payment capability is there, and it takes time to build a highly scalable payments company. I just don’t see the need for stand alone app. My guess is that there will be an MCX payment instrument that sits in Apple/Google wallet… just silly to compete on “presentment”. Is the alliance fracturing? I think all participants would love to have a payment instrument that they could own and control. The issue is that there is no agreement on anything beyond payment. Mobile is too important a channel to delegate to a consortium. Also, these are fierce competitors.. The real challenge? Creating a great consumer experience, quite frankly their product team was one of the worst I’ve ever met in any company. No wonder they were considering paydiant.. one of the only options out of the DIY.

Poynt and Square. This seems to fit right in to the flow..  I love both of these companies. Why? As described above the payment industry has been VERY unkind to retailers. Poynt and Square give retailers a greatly simplified hardware, software, and acquiring solution. As a small merchant moving from 5-7% acquiring to 2.75% is a rather simple value proposition. I believe Poynt has several significant advantages over Square: 1) Square has a 6month+ certification process on Apple devices. Whenever it changes anything in its app… it has to go through recertification by Apple. Poynt is the ANDROID of Point of Sale solutions 2) By staying off of Apple AND adding a separate stand alone processor for non-payment applications, Poynt can deploy more applications more quickly and act as a platform for other services. 3) Poynt has a powerful data solution that puts merchants back in control of their data, 4) Ergonomics/Design. Just beautiful. Chip/DIP, Chip Contactless, QR, BLE, customer facing touch screen (not a swivel stand) all work seamlessly without having to pick up the terminal and try to stick your card into a slot. Well done Osama and team.

Paypal? Not much of a stock pop.. I’m very high on the Dan and Bill. But their core asset (eCommerce risk management) is being rendered moot by great mobile auth. When Microsoft (OnePay), Google (Wallet), Visa (Checkout), Apple (ApplePay) all moving into eCommerce they also risk loosing consumers. One of my biggest beefs is their treatment of Venmo volume in TPV (it is 0bps). Rumors are also that they will lose Uber within next 6 months.. and worked a special deal to keep them with take rate below 90bps (perhaps a driver of their margin drop). Merchants are a natural ally here, but Don K really mucked things up with their POS try. It will take 2 years to get things in shape here.

Visa/MA.. They are my biggest holdings.. no change in my views here. VDEP and MDES have positioned both with new power to tokenize and own the rules on mobile. I expect to see a new CNP rate for tokens within next 9 months.

Google. Big news 9/10 (See Blog). Google wallet now on all phones KitKat 4.4 and above (50-60M in US). I love it.. This is the PLATFORM FOR PAYMENT INNOVATION. The user experience is not on par with Apple (or even Samsung Pay).. but Android users are more technical (only 6% of iPhone owners have ever used ApplePay). There are some BIG pluses over Apple, I love that it shows the ereciept and location of purchase for instance (most issuers). Very surprised that Google is still looking for bi-lateral deals from issuers (in order of $10M with no bps). This is why we don’t see many issuers at launch.  What is funny is that there is a “free path” to issuers as well. If they don’t want their card art.. issuers can still just “turn it on” via the V/MA intranet tokenization route (register BINs). Funny that the big hold out is JPM.. given its data play.

Apple. I wouldn’t be surprised to see an ApplePay product announcement in October at Money 2020. Note that my track record is near perfect here so I don’t want to mess up 2 years of predictions. I know that Apple has ApplePay working in Safari, don’t know if they will roll this out our not. I also know that Apple went back to issuers asking for an “Amex like experience with eReciepts”. The issuers said “sure we can do that.. lets first tear up that 15 bps contract and talk about what you will pay me”. My sources say that beacons are a part of the next launch.. they could be just feeding me *&^*(&.  My guess on new release? 1) New Developer Support Program and rollout of Private Label/ Synchrony, ADS and Citi. 2) Improved “eReciept” process (like Amex) in order to compete with Google. 3) ApplePay in Safari (60% chance.. it is working but don’t know if they want to push yet before new token CNP rate tier). 4) Beacons at POS. Improve retail experience with beacons (40%.. again working in lab but don’t know of readiness).

The big Apple news that everyone is talking about is their plans to finance phones directly (end running carrier subsidy dependencies). As I’ve stated before, Apple’s phone is already capable of enabling a virtualized SIM. This is the one step needed before Apple enables consumers to “switch” to the lowest cost network every month.. or every day. This obviously has big implications for Gemalto as well. Google is 2-3 years behind, but is making more progress in enabling wi-fi as network option.

Innovation. Chain getting investment from NASDAQ, Visa, Citi.. is big news. I remain very positive on use of bitcoin as a disruption to Payments (see blog structural changes to payments). I also live industry specific solutions where payments are combined with something else to solve a problem. hyperWALLET for global payroll, justpushpay for construction, WEX for fleet/gas. I also love payments and data (hence commerceSignals), in this Klarna and Sofi are just tremendous ideas.

Going South

Samsung Pay. No change in my views here. What is sad is that they didn’t know that their entire application is incompatible with Android M (until they read my blog). Working with a competing app on their own phones with no registration.. just sad.

Card Linked offers. Guys don’t believe the press.. all of these things are dying. Even the most successful (cardlytics). Citibank is rumored to have called EDO to come pick up the pallet of their equipment (after 300M+ spent).  The good news is that their transactional data is in better shape for use.

Gemalto. Stock is at a 5 year low.. I told you guys to be short here. NO MCX, No GSMA NFC SWP… now Apple is pushing the SIM out of the phone altogether (or soon will).

Monitise. I want to end on a humorous note. This company did a great job at enabling online banking 8 years ago.. enabling “check your balance” functionality via a quick integration to the ATM switch. They pivoted in 2006/8 to support development on an array of handsets (Nokia, RIM, Apple, Samsung, …) with their only competition being mFoundry (acquired by FIS). But the phone complexity went away with 2 mobile OS (Android and iOS) and the rapid shift of mobile from the periphery to the center of the customer relationship. No bank will outsource the CENTER.. mobile development was a specialized skill.. now it is mainstream. As if this were not sad enough, they hired a US network exec with no EU experience, no mobile experience and no network of issuers (that liked her). Then she pushed out the founder.. only to quit last week.  Wow .. I hope the BBC can make a Silicon Valley (HBO) equiv.. only make it more of a Shakespearian tragedy.

Apple Pay- eCommerce – Disruption

30 September 2014

ApplePay/eCommerce/Tokens/Card Not Present

Quick blog, based on Apple Pay in eCommerce.. following on to my March Blog Tokens and Card Not Present (NOT the POS NFC stuff). I won’t do this topic justice, but hey half the fun is getting comments. I’m heads down on a few things.. so this will be my last post for at least 3 weeks.. and I want to make a few key points prior to money 2020.


  • So much for Paypal being acquired.. wow!! Dan Schulman is the right guy here, and I must congratulate the eBay BOD. This thing can NOT survive without a major change. Dan is a “direct to consumer” Innovation Superstar: Priceline, Virgin mobile, Serve/Bluebird, .. etc. He knows how to run a global organization, he knows mobile, he knows payments, he knows retail. His biggest challenge will be rebuilding a house on fire during a Hurricane.
  • Apple and eCom: No change in CNP rates with Tokens.. Tokens in Apple Pay are used for both POS and eCom, but the issuers revolted at the prospect of a CNP revenue loss. I do see “next phase” where we will see A NEW RATE TIER for tokens in eCommerce.. for any online merchant replacing their Cards on File (99% confident). Funny battle here is “who” will lead this. Visa/MA have the TSP up and running now. 3-5 issuers should have theirs running in next 5-7 months. Can you imagine having to work with each and every issuer separately to tokenize? NO WAY. But they just don’t get it..
  • Big issuers are concerned that the Apple Pay launch was a watershed “freedom” moment for V/MA. However Issuers did win a very important battle.. keeping a primary control point: token binding (deciding when and where their cards can reside), and the also have the ability to create their own token authority.. but they have work to do.
  • ApplePay’s focus is 1) POS $15-$20B and 2) “in app” payments $5B 2015 GDV.. US eCommerce payments will remained locked in the status quo battle among the giants of Amazon, Visa/CYBS, Paypal..  with Google, Off Amazon On Click and Alipay as 3 of the new challengers here.
  • Apple Pay Tokens: Visa and Mastercard did 90% of the work to get this scheme from concept to reality in 12 months. The fastest time to market for a new scheme IN HISTORY. It is a thing of beauty.. seriously. I believe the networks learned many lessons here (like build it first then bring the Banks on board to tweek it).
  • There will likely be a new rate tier for tokens in eCommerce with liability shifting back onto the banks, but issuers must support in order for this to gain traction and merchants learned from VBV that you don’t get into a scheme where issuers don’t support (ie declines matter more than interchange).
  • iPhone 6 is a revolutionary product, which will impact identity, trust, retail, banking and payments. I see the revolution beginning outside of payments, where value can be created.
  • eCommerce wallets are an aggregation function. There are only 4-5 companies that can possibly make this work, each having a different value proposition. Visa and Google are the leaders here.

What did I get wrong on Apple Pay?

  • I did not see the NXP SE. I thought that Apple would encapsulate the SE functionality within the Secure Enclave. While the Secure Enclave has secure storage, it did not have secure execution, nor did it have a way for a third party to update applications and data in secure storage/execution. Hence the SE, with First data running the “TSM” function.
  • The tokens within Apple Pay are NOT provisioned at time of manufacture (not burned). They are provisioned by the Visa/MA after a binding process. The token issuance/binding process is just fantastic, leveraging the existing AUTH message set to avoid network changes. Issuer process to ApplePay: sign an agreement, turn on the Visa services (most are not EMV enabled), decides who’s BINs you want (your own or Visa’s), and prepare to respond to auth requests for binding/tokenizing cards.
  • There does not seem to be a beacon/BLE experience within Apple Pay (yet). My guess is that there is a 3 phase road map. Phase 1 traditional NFC, Phase 2 Merchants enhance the checkout process with Beacon at the POS to improve application “wake up” and perhaps another loyalty app that can interact, Phase 3 All BLE, with perhaps an NFC handshake to “sign”.
  • Issuers giving up 15bps. I can’t believe they went for this.. Issuers only sustainable business case for this is around shifting spend to credit cards.
  • Visa and Mastercard did and amazing job in this token design. Getting all this done from concept to production in 12 months is just incredible. There is much to celebrate here, and it could be the most successful network accomplishment in 20 years. There are major implications here, shifting roles of control, managing consumer identity, and of course a new “model” process for change in the future (no design by committee, let the banks comment after it is complete).
  • Paypal was thrown out of the Apple Pay deal… They were in, but they were thrown out. My guess (and this is purely an informed guess) is that the Issuers and V/MA gave Apple an ultimatum: you can launch with us, or with them.. your choice..  Enabling Paypal allows Apple and consumers to end run the card network.

Apple Pay and eCommerce

This Custora blog provides an excellent economic view of Apple Pay’s eCommerce impact. Today I wanted to comment on a few additional items which influence the dynamic:

  • Macro Environment – eCommerce
  • In app vs browser
  • Future: What if Tokens in eCommerce had card present rates/Liability Shift
  • Tokens + Identity kill fraud, but they also create a whole new biz strategy for CONTROL
  • Wallet = Trust
  • Platform: Partners and acquirers for acceptance
  • Other Strategies

Macro Environment – eCommerce

What is eCommerce? eCom is normally defined as buying physical goods in a browser. However, if your browser is an iPad or phone, this is typically categorized as mCommerce. I break mCommerce down into 3 major categories:

  1. Physical goods/services in a browser,
  2. Physical goods/services in an app, and
  3. Digital goods (songs, armor, movies).

eCommerce sales in the US are around $185B, while all mCommerce sales are about $20B. In a perfect world I would love to label ALL browser, and in-app purchase of physical goods/services as “eCommerce” and just track the consumer preferences in the app/browser that led to purchase.. but I might be alone in that quest.

The Apple Pay buy button is only available within approved iOS 8 applications (on iStore). This means that Apple will be focusing within the rather small “in-app” sub-segment of overall mCommerce market. This means that Apple Pay will have minimal impact Paypal, Visa Checkout/Cybersource , Masterpass, Checkout by Amazon, Google Wallet  or any of the other eCommerce payment specialists .. …at least not in 2015 (estimate is $5-10B max). Apple is the dominant mobile platform for “purchase” even though it represents only 18% of handsets), accounting for over 70% of purchases.. wow talk about a great consumer base!! Of course this “in app” only could all change in 2 ways: 1)  IF most retailers shift “sales” to APPs (like Target and Amazon) that exceed the functionality of browser based experience (ie App vs HTML 5), and #2 if Apple creates an eCommerce Apple Pay Button for the Safari Browser.


If online Fraud costs were the only justification for card not present (CNP) interchange, then logically the new EMVCo token process should eliminate the “barrier” between card present and card not present rates. But CNP rates are not based upon fraud, for example Google, Apple, Amazon, Paypal all have fraud rates hovering around 3bps, whereas the CNP to CP delta can be over 100bps. If you were in the room with one of these big eCom guys you would hear them tell issuers they want risk based interchange (aligning costs of acceptance to ability to manage risk). However, aligning the cost of payment acceptance to the cost of payment (and credit) provision is the crux of the merchant issues with card payment networks, particularly when the costs include loyalty schemes that do not deliver loyalty for the merchant (even though they pay the cost).

Banks are not keen to support Apple in creating great consumer experiences which they can’t control. For example, if tokens in eCommerce were treated at card present rates, they could be transmitted and exchanged in many different protocols (QR Codes, BLE, Wi-Fi, …). Tokens + authentication enables uncontrolled innovation in presentment and acceptance, thus destroying MERCHANT Incentives to support the bank driven uniform NFC contactless acceptance (ie BLE vs NFC) and uniform behavior (credit card, tap and pay), and limiting Banks ability to influence consumer behavior.

eCommerce Wallet?

eCommerce in US is a lumpy business where the big 3 rule over 60% of spend and processing: Amazon, Cybersource (Visa), Paypal/GSI (eBay). To re-emphasize, Apple Pay does NOT impact the battle for a ubiquitous eCommerce wallet, which explains why we see all those cool Visa Checkout commercials on the NFL games this week. The INDUSTRY’s eCommerce problem is eliminating card numbers stored in 100s of locations.

With respect to eCom wallet.. most consumers just scratch their head.. “Why do I need one of those”. Amazon’s one-click, Chrome’s auto fill, Paypal checkout, iTunes buy.. it just works. Why do I need something that spans across merchants when 90% of my spend is with one of these 4 already? Additionally, consumers don’t really care about security, because they don’t bear the costs of fraud. So we have a situation where Banks want to solve for cards stored everywhere, and consumers won’t take part. This means that banks must develop a merchant value proposition to TOKENIZE their cards on file (COF). Hence the prospect of a new rate structure for tokens in eCommerce.

Merchants may RUN toward tokenizing Cards on File if the recipe is right, however tokens by itself may not be enough to overcome the terrible history of VBV/MSC launch in EU (see my blog Authentication in Value Nets for detail). In addition to rates, Google has potential to bundle eCom payments with advertising (consumer acquisition),  Amazon could do the same, and Apple.. . Consumer win for eCom tokenization? Anonymity, consistency, security, ease of use, more targeted advertising. A funny battle over tokenizing cards on file is taking place right now. Each issuer is trying to work with Amazon, Google, Apple, WMT… to tokenize. Can you imagine trying to do deals with each issuer? with seperate proprietary “on ramps”.. This issuers are concerned that Visa and MA will take this token issuance/binding process away from them .. but I don’t see another way.

Who else could win the eCom “wallet” war? Visa! Their advantage? Brand, reach, marketing, Cybersource assets, rule making and acting as one of the only TSPs. Their challenge? signing up consumers.. and they seem to have the marketing muscle (and intent) to do it (V.me blog). Innovating in a 4 party network is normally next to impossible (see blog), but they have gained tremendous momentum in learning a “new way” to innovate through the Apple Pay experience.

This is a very, very major point.. and should lead V/MA investors to take a new fresh look at what these networks could accomplish beyond their traditional switching role. These are my largest personal holdings, so I am a little biased here.. there is so much upside.. but most of the future is dependent on tilting toward consumer and merchant.  In emerging markets, I expect these network will assess their regulatory structure: do they become a bank? An MSB? An acquirer? in OECD 20 markets.. An advertisers? A merchant friendly loyalty provider?… YES!!. This is the YEAR for a network pivot away from issuers toward consumers and merchants.

Strategies in eCommerce

I think about eCommerce with the context of an acquisition funnel. Where did the consumer start? Where did they finish? Today more product purchases start with Amazon than with Google.  Does anyone really thing Amazon wants to let another brand come in and help them (Sorry Chase Wallet). Where can anyone add value here? Amazon and Google may position that same day distribution of goods is far more important than payment (and I would agree). But perhaps the barrier for every mom and pop shop having their own self managed eCom sales site is fraud and payment acceptance. If Tokens solve for this, and help broker identity/preferences.. then EVERYONE could compete with Amazon, online retail becomes disrupted by taking away the advantages of scale. This model would be a huge boon to Google and Alibaba (they see a world of a million merchants and billions of products).

  • Payment Networks are working to take risk out of payment acceptance, solve for consumer anonymity and improve on their only weakness: no direct consumer relationship. Thus they endeavor to directly enroll consumers in a direct service offering to serve the eCommerce wallet role (see Battle of Cloud Part 3). I am very high on these efforts. Why? Because they have ability to create a new value proposition when coupled with their tokenization efforts. I predict within 2 years that we will see a new rate structure for use of Tokens in eCommerce .. something near CP rates.
  • Issuers are working to improve value to card holder and keep consumers within a Branded experience. JPM has created a new data division and purchase a card linked offer company. Banks are working to create their own “wallets” (Why on earth would a Amazon add a Chase Wallet button.. just plain stupid). Banks love the NFC and ApplePay token model where cards must be “provisioned” into a wallet. Banks thus control of which wallets to “authorize” and hide purchase data from the wallet provider.  Why would any merchant accept this? EXACTLY!
  • Apple, Google, Samsung, Microsoft working to make payments part of the OS (see blog). Payments in OS will impact “In App” first, eCommerce “browser” next.. authentication removes risk. This enables unstructured retail and disrupts marketplace concentration. I moved their strategy to the next section below (brokering trust)
  • Marketplaces like Amazon, Rakutan, Alibaba have integrated payment into their platform and are not keen to exchange Cards on File (COF) for tokens without a liability shift and risk based pricing. I’m slowing down here.. should be able to put a few more things in..
  • Paypal? Well.. let’s give Dan a little time here.

Brokering Trust (Platform strategy)

The ability of a mobile handset to authenticate consumers, and allow the consumers to delegate trust to 3rd parties (identity and secure data) will have major implications to retail, loyalty, payments, healthcare, social, MNOs, government, access management (see Brokering Identity). To understand the different strategies in this area, we must look at how tokens impact the existing model, who controls platforms/OS, who sees the data, where do consumers begin their product search (ie Amazon), who bears the cost of fraud, who is regulated?, what restrictions does entity have in collaboration/data? what is the consumers current behavior?, and who does the consumer trust to manage identity (see Who do you Trust?, Perfect Authentication – Nightmare for Banks, Token Assurance, KYC – $5B Opportunity, Authentication – Core to monetizing mobile).

Banks have historically played the central role in brokering commerce. They created the payment networks, and are central to many commercial payment processes we don’t see. Perfect authentication of consumers will completely disrupt payments, as the many new intermediaries can participate in risk (ex clearing and settlement). This is all happening at a time where retail banking is being turned upside down (WMT/GDOT Checking, Future of Retail Banking). The winner in this risk/identity battle will have the trust of the consumer and the ability to broker it against all possible market participants.  Merchant “trust” can NOT be won without a merchant friendly value proposition.. hence the problem for any of the eCom wallet providers. My view is that Apple and Google are better placed to execute here, not because they are more trusted, but because they know how to partner and move more quickly.


ApplePay: Debit issues

Update Oct 1

Apple forced all the top 5 launch partners to launch debit and credit at same time. Right thing to do!!.. but debit is messy.

My bank friends are having kittens over Apple Pay debit compliance. Issue isn’t Apple, but forcing debit cards to EMV (industry not ready) and dealing with the conflict between EMV rules and Durbin. For example, EMV rules state transaction must be routed to primary AID as identified by issuer. This is fine for credit, but Durbin requires routing flexibility… this requirement just never bubbled up through the EMV specs. Tokens exascerbate the problem, particularly if the AID is from a Visa BIN.. Specs must be updated to address need for routing flexibility (using the secondary AID) …but this breaks network rules.. and there are no payment terminals that read secondary.


Previously I stated that debit cards in ApplePay are not Durbin compliant. I am retracting that comment completely.  The debit card in ApplePay seems to be Durbin compliant, as Bank of America spent significant time with First Data’s Star network to make it so. Problem is that the rest of the debit industry is scratching its head trying to figure out how to make this stuff work… so don’t expect to see any ability for all your debit cards to work in ApplePay anytime soon.. just the top 5.

The Challenges with Debit

Debit in the US is broken down into 2 primary segments: Signature Debit (processed through Visa) and PIN debit processed through 8+ PIN Networks. See this Federal Reserve note for more background. Retail banks exert almost complete control within PIN debit, after all it is their “ATM” acceptance infrastructure that allowed for this network.

PIN Volume2

While the new EMVCo token scheme is available to Debit, coordinating implementation across 8+ PIN Networks (and large Retail Banks) is a big chunk of work. Particularly when these same banks are working to consolidate PIN networks, and create their own centralized token solution (see blog).  I’m painting a picture of many companies and many moving parts in PIN debit and tokenization. Add to this picture Apple, who worked with networks to compartmentalize and maintain secrecy with a handful of partners.

To get anything done in this environment, it is best to work with the biggest gorilla, solve their problems, show the way, and hope everyone else gets in the boat. This seems to be what happened and the Gorilla is Bank of America. This is the only Debit card I’m confident is in ApplePay. I believe BAC has been working with Apple for over 4 years on this.

There are 2 essential problems with debit in mobile wallets

  1. Debit cards must be PIN capable
  2. Debit cards have complex routing requirements (more detail below)

Durbin Challenges – Routing

The Durbin amendment requires that Debit cards give merchants flexibility in the routing debit transactions (see this excellent Paul Hastings note). From Financial Reform Insights

As noted above, all banks, regardless of asset size, must comply with the prohibition on network exclusivity and routing requirements. The Fed has implemented requirements to prohibit network exclusivity arrangements on debit card transactions and ensure merchants will have choices in debit card routing. In addition, the network exclusivity and routing requirements apply to both debit cards and prepaid cards.

The final regulation requires issuers to make at least two unaffiliated networks available to the merchant, without regard to the method of authentication (PIN or signature). A card issuer can guarantee compliance with the network exclusivity regulations by enabling the debit card to process transactions through one signature network and one unaffiliated PIN network. Cards usable only with PINs must be enabled with two unaffiliated PIN networks. ATM transactions are not subject to routing and exclusivity regulations.

Note: A smaller payment card network may be used to help satisfy the two unaffiliated network requirements; however, if the second payment card network is unwilling to expand its coverage to meet increased merchant demand for access, that would trigger noncompliance with the network exclusivity regulations.

In real world terms, the Durbin amendment allows merchants to treat all debit cards like bank PIN debit cards (they can be routed around Visa/MA switch and switched through PIN networks Star, NYCE, Pulse, Cirrus, … etc). Large merchants have also started routing debit transactions DIRECTLY TO BANKS, skipping the PIN Networks all together.  This is all very straight forward in the world of a 16 digit PAN. The merchants (or their processors) use BIN routing tables that can be customized by issuer/debit network.

Within the EMVCo Token Scheme, the only way for the underlying card to be “resolved” is from the Token Service Provider (TSP) as described in part 3.2 of the EMVCo spec.  Visa and Mastercard are the only TSPs in the current version of ApplePay. Although, both networks have committed to allow Issuers to serve in the TSP role directly none appear to be ready October 2014. These unique TSP roles are probably due to the speed at which the EMVCo spec materialized (fastest new Scheme in history of V/MA), and also to the secrecy surrounding its first use (ApplePay). Thus, in the current ApplePay EMVCo token scheme neither the Issuers or PIN Networks are in control of the tokens, and hence cannot make “at least two unaffiliated networks available” without first resolving the token with the TSP.

To solve for token resolution, each and every processor must have the ability to work with a multitude of TSPs to resolve tokens into something that could be routed based upon the MERCHANT’s options (2 unaffiliated networks). The problems here are not insurmountable and resemble the problems associated with the Internet’s DNS system, where multiple copies of DNS routing tables exist to convert www.domain-name.com to an IP address. Tokens have an added advantage of identifying the owner/TSP through the BIN. For example, a Visa debit card within the ApplePay system could be a Visa Bin, a Chase Bin, a Wells Fargo bin.. So a token identifies its “owner”, or the TSP which can translate it.

To solve for this problem, Visa and Mastercard have made a “detokenization” service available, and other TSPs/PIN networks must do the same (running Vaulting / PIN transformation).  But to do this for all cards, all processors and all merchants takes a little time. There are technical and business issues here.

What is most surprising to me? I spoke to the head of debit cards at a top 5 banks, and he didn’t even know there was a problem..

PIN Capable

While it is great that they included debit in the launch, the debit issue had plagued other schemes as well. ISIS initially launched with a Chase Debit account to hold balance. Chase’s regulator told them that this card was not compliant (no PIN capability) and thus they had to pull weeks before the ISIS launch. ISIS had to run to Amex Serve for the solution, as Amex was not under durbin constraints. This PIN issue will also hit ApplePay, but the more immediate problem is routing.

Google solves the PIN problem by wrapping in a non Durbin debit. Specifically, banks with under $10B in assets, and non-banks (like Amex) don’t have to comply with Durbin. Google thus has one token (non Durbin debit), where they are issuer with Bancorp Bank (TBBK).

I am laughing a little bit on the PIN side, can you imagine, unlocking your phone, touching the ID, tapping to merchant, then also keying in a PIN. Merchants are in a place to “steer” toward PIN for every debit card. But downside is that if consumers get too frustrated with experience they will just use their credit card.

Merchants know…

A few months ago, “a merchant group” sent Apple a “formal notification” telling them that their scheme was not Durbin compliant. I don’t know if Apple’s team just sat on the notification, or hoped it would just go away once all the good launch activities came to pass.  I’ve been convinced over the last 2 days that there is a durbin compliant card in the wallet, but Apple Pay is certainly not ready for every debit card. Why didn’t Apple respond to the merchants and tell them they were investing to make sure this works? It is not a great way to start off a relationship… particularly when you have your own plans for engaging the consumer.

This is the graph that merchants see in their minds when they think of Apple pay

non cash payment

Notice the flat line on credit card spend.. and the 20%+ CAGR on debit. Merchants worry that the strong banker presence at ApplePay launch is a key message.

Industry Confusion

My friends in the Debit industry are scratching their heads this week: Retail Bankers (debit card owners), Processors, PIN Networks and Merchants. What do they do to get their debit cards in ApplePay? If only one of them is ready (meaning has ability to resolve and or issue PIN debit tokens) what does it mean for the other 7?. Is this the first path toward an industry PIN consolidation? Who “owns” the token resolution service, standards and approach? What are the service levels on directory synchronization and response times? No one told them about an industry body to standardize… Man this debit stuff is complicated.

The underlying PIN Network industry problem is there is really no single authority to coordinate EMVCo token implementation across 5000+ banks and 8+ PIN Debit networks. Perhaps there is really no single way to get debit cards into a wallet, and this mess just further helps the 800lb gorillas that can invest in semi-proprietary schemes to get it done.