Tilting the Networks… a MASSIVE Change

4 July 2015

Payments make up far more than 70% of my personal portfolio.  This investment strategy has been a great bet. Take a look at the 5 yr investment performance of Visa and MA. 333% growth in MA and 247% for Visa.  5yr return payment stocks

From Mar 9 2015 Seeking Alpha

5087541-14257348899867501-Market-Pinnacle

With this exposure, I keep close track on structural changes in the industry, which I outlined in my January blog Structural Changes in Payments:

  1. Risk and Identity
  2. Data/Commerce Value
  3. Consumer Behavior/Trust/Acceptance
  4. Issuance/Customer Acquisition/HCE
  5. Regulatory/Rates/Rules (Fees)
  6. Mobile/Payment in the OS

Will these structural changes… is my current V/MA at risk? Is there something else I should be moving toward? No way!  I think Visa and Mastercard are start ups that have just begun realizing the value of their network as they EXPAND NODES and SERVICES Let me try to explain why am I such a bull on these  payment stocks.

Network Tilt – Toward Merchants

As most of you know, V and MA were started as Bank consortiums (see Wikipedia and MA History). Rules (and rates) were thus defined by banks for both credit and debit (see this blog for debit history). As a former Banker I never fully understood the Retail view of Visa and Mastercard. For example, Walmart pays an estimated $1.3B in interchange. Most merchants would admit that the benefit from electronic payments and ubiquitious acceptance. Even Mike Cook says that “no one complains about the network fee side of card costs… it is the issuer side that everyone has a problem with”. In other words Visa and MasterCard earn their fees (it is the issuer reward schemes that drive merchants bonkers).

As stated previously Payments, in their simplest form, are a brokering business which manages value exchange between two entities engaged in commerce. Logically, a broker must be removed from the transaction to maintain the trust of both parties, and deliver value through managing the financial risk associated with the transaction. My view is that Card issuing banks, have lost the neutrality of their “brokering” role by creating a card rewards system that incents card use (paid by the merchant). However, this ideal “neutral” world is NOT the nirvana that we should seek, as no one would invest and we would be stuck with cash.

Complexity in payments is driven by the quest for control and margin of the various participants, NOT by necessity. This is what makes understanding payments so hard…. most of the changes are not logical, but political. The friction (inefficiencies and illogical design) in payments is what makes them work. As I’ve stated before, no engineer would design a payment system to operate the way we do today (see Push Payments). Thus there is beauty in this chaos! The V/MA model created incentives for 1000s of banks to invest in payments, and I doubt if we will ever see any other companies that could repeat this feat.

Both Visa and Mastercard realize that their future rests in leveraging their neutrality, thus “tilting” away from their prior “bank centric” model into something that is MUCH MORE merchant friendly. Bank issuers certainly WANT to be in this role, for example the largest US Visa issuer JPM has created a unique off VisaNet transaction routing (see blog) and is building a new data business (ChaseNet) to compete here. The bank efforts are completely stunted as there is no path for obtaining critical mass is a closed network that requires both merchant and consumer consent.  American Express is the clear leader here, but their network is also stunted through its focus in T&E, affluent and business travelers.

Visa and Mastercard win when consumers and merchants transact.  Encouraging use by consumers, and acceptance by merchants, is top priorityThe future of the networks is COMMERCE. This may seem like a logical statement, but historically Visa and Mastercard acted as extensions of the large issuers. Look for both networks to create new teams to rebuild relationships with merchants.. they know they have work to do.Visa-AmEx-Are-up-MasterCard-Discover-Are-Down-3 (1)

What is “Tilt”?

  • Phase 1 – Rules and Facilities to Enable Competition
  • Phase 2 – Merchant Friendly Services / Merchant Rules Setting
  • Phase 3 – Competing with Banks (V/MA Opening up to non Banks)

The First Phase of tilting involves creating network rules and facilities that are favorable to the merchant and/or take away control from issuers (to enable issuer competition). 2015 winners include

#1 VDEP (Data protection and $0 wallet fees)

#2 Visa/MA Token Facilities

#3 ApplePay requiring debit card enablement

#4 Mastercard’s new Merchant Insight Service

Payment industry is very heterogeneous and highly tiered. Large merchants like Walmart, Target and Kroger are able to support strategy teams that can negotiate very competitive payment rates with issuers and acquirers. Similarly the large banks can build multi billion dollar fraud and square pricingauthorization infrastructure. My rule of thumb is that the bottom third of any acquirers merchant accounts (SMBs) result is approximately 60% of their earnings (hence the success of Square).  As an example, try to find the cost of payment acceptance at Chase Paymentech, now do the same at Square or Paypal.

Tokenization and EMV have taken away issuer advantages (control points), enabling smaller issuers (competition). They have also enabled competition in eCommerce and POS acquiring (bringing down merchant costs). Take a look at this must read article from paymnts.com 13Nov14. “Tokenization has opened up this whole world for us to be able to use digital devices to be a meaningful part of the payments flow in a way that (those payments) wouldn’t have in the past,” – Scharf at BAML Banking & Financial Services Conferenceglobal digital snap

On this last point, Visa and MA are growing from 1.9B cards to their “network” into mobile, creating services that will be critical to deliver payments and authentication/authorization in the channel that is capturing consumer time like none other.

Phase 2 – Merchant Friendly services. The number one Retailer issue is “who are my customers?” As I outlined 3 years ago in Payment Enabled CRM, payment networks are well placed to solve this (given consumer consent). These articles provide an overview of 2 new services coming out.

  • 4 June 2015 – Loyalty360. Visa Commerce Network. From Michael Lemberger (Visa VP Offers and Loyalty Solutions) “creating strong connections across commerce is an important piece of the payment ecosystem. As such, Visa also is developing and employing innovative loyalty platforms for merchants to engage with their customers in meaningful and compelling ways”
  • Mastercard Market Insights. [Report] analyzes extensive purchasing data to provide insights into restaurant level econometrics and trends, such as changes in sales, average ticket prices, and customer frequency across fast-casual, casual and family dining restaurants

Phase 3 – Competing with Banks. Banks tend to believe that everything V and MA do is “theirs”. The predominant view was best captured by a former head of strategy “we built these companies once, and we can do it again”.  Thus the definition of competition is rather squishy as banks believe that they own everything. Today every Visa “member” must be a bank. We are starting to see consumer direct services and merchant direct services (Mastercard MoneySend/Omney, CYBS/Visa Checkout, Mastercard Local Market Insights, …). This is MORE THAN ANYTHING turns Issuers apoplectic.

From an investor view I believe that Visa is much more cautious in remaining neutral, whereas Mastercard is much more aggressive in delivering new services. For example few know that Mastercard holds money transfer licenses, or may have purchased a processor (Omney). A key objective of MA may be to create a commercial payments business with debit cards as the key “down line” for disbursements. See http://apps.mastercard.com/#!/app_details/omney#top

The real battle will be on DATA. Issuers strongly feel that they have 100% ownership of payment data. Yet Visa/MA data also belongs to the merchants (for the restrictive and squishy purpose of loyalty and redemption). JPM felt so strongly about this rule that is specifically took its data out of VisaNet purview as part of the 2012 deal. Every payment player is chasing after ADS and Amex in their capabilities to become a “super charged marketing scheme”.

Mastercard has a BIG win by becoming the payment network behind the ApplePay private label enablement (as I discussed on twitter). Take a look at the private label graph above (relative to total number of cards). Private label is a super charged loyalty scheme that I’m keeping a very close (investor) eye on. I believe this may be the first REAL driver of Merchant Friendly “tilt”  that delivers substantial revenue. It is also a reason why I believe ADS will be aggressively chased as an acquisition target.

Revenue/EBIT

Visa and Mastercard are trading at roughly 30x earnings. Today they take less than $0.02 per transaction. Incremental revenue on existing volume through tokenization (see MA Digital Enablement Fees),  and new retailer friendly data services should add at least 10%-15% in near term depending on “wallet” success and merchant adoption. The future for V/MA profitability rests in their ability to balance the merchant Tilt with neutrality, and “stepping on Big bank toes”. As if this growth opportunity were not enough…

Global electronic payment growth is still positioned at 25%+ CAGR. The best industry payment report (IMHO) is from Cap Gemini https://www.worldpaymentsreport.com/ a must read for anyone. Globally electronic payments are in their infancy. Roughly 90% of the world’s electronic transactions happen in the top 10 markets (< 10% of the world’s population). What happens when the other 7B people on the planet get a card (with their phone)? The global growth opportunity for V/MA is 35% CAGR in just about any economic environment and independent of local market payment schemes (ie CUP, Rupay, ELO, …). The payments world continues to look for the “next Brazil” (BTW it is NOT RUSSIA), but it is everywhere. Paypal is another network that capitalizes on this global growth trend (in an eCommerce segment that is growing even faster than the “payment market”).  The emerging markets I like best? China, Columbia, Peru, Ghana, Nigeria, Tanzania, Pakistan, Philippines, Indonesia…  The markets I stay away from? Europe (see SEPA Blog).

Have a great 4th of July…. And go buy V/MA.

Secure Element, NFC, HCE, EMV, Tokens and Cards

7 May 2014

This blog is for my non-techie, non payment friends.. helping to make sense of all these acronyms.. experts may want to pass on this one.

The GSMA/NFC community is quite stirred up at the moment. This is quite understandable…  after all they spent 8 years perfecting their vision of NFC only to have it thrown under the bus by Apple and Google. I’m not knowledgeable enough to go into the depths of the protocol, or EMVco 4.3 Book 3. I’m giving the quasi technical business explanation of what is going on. There is room for disagreement here, as there is substantial interpretation, as well as understanding of what is REALLY happening vs the specifications.  Remember this is not my day job… so your comments/corrections are welcome. By far the most useful reference/summary page I have found online is located here http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/

It’s easiest for me to explain all of this in the context of an example. Credit cards are the easiest example as they are in the market today, with a few different implementations of contactless and touch the areas above.EMV

EMV

EMVco has a contactless specification which I challenge any non-techie to read. For this short blog, the key point I wanted to make is that the Credit card number (PAN) is given to the POS unencrypted, in the clear. That’s right… don’t believe me? See:

Your next question is probably “Where is the security?” the answer is that that along with the card information, the device sends a cryptogram that is uniquely signed. In other words there is a digital payload that rides along with this credit card primary account number (PAN). This digital payload uniquely identifies the device that EMULATED THE CARD. Think about is as someone validating your SIGNATURE on the document with your social security number on it… Your number is there.. but they make sure it is you by validating the signature.

So why is the SIMAlliance extolling the virtues of a Trusted Execution Environment (TEE) and SIM/UICC? After all we seem to live without this capability quite well in the PC world. Mobile operators want the ability to SIGN and AUTHORIZE more than access to mobile towers. That SIM card in your GSM phone signs and authorizes access to the mobile network, much as MNOs envisioned doing for payments. That is how the GSMA’s version of NFC evolved.. “hey we do this for network access.. lets do it for payments”.  To be clear there is nothing technically wrong with the GSMA NFC approach.. it is beautiful… but there are substantial business model issues (see Payments part of the OS).

Apple and Google are both moving aggressively to act as Commerce Orchestrators as handsets become commodities and data moves to cloud, enabling the mobile phone to be the key services platform at the confluence of the virtual and physical world is critical. It is not about payment. Authentication is core to this orchestration role.. authentication is not something that can be given away to MNOs or to Banks.

TOKENS

It makes most sense to jump to TOKENS now.  You can imagine that Banks don’t exactly like having their card numbers sent in the clear. In fairness they were involved in the specification, but the EMVCo contactless model is essentially a card number plus authentication. There is more than one way to achieve this, and improve on it by hiding  the PAN… this is what tokens are (a few examples described in Money 2020: Tokens and Networks, Apple’s Plans and Google/TXVIA).token

Tokens are not new (see Tokens… 10 Approaches). However Tokens are now an official EMVCo specification as of March 2014, with the major issue of Token Assurance outstanding. In this token model, the issuer chooses at Token Service Provider (or does it themselves) and creates a number to replace the PAN. This takes your PAN out of the open… and makes it useless. To be used the Token must be presented by the right party, with the right assurance information. All of this aligns VERY WELL to how banks and networks work today, which is why it is so popular (see blog on HCE).  In the GSMA NFC model, the a cryptogram goes along with a PAN in the clear with the PAN stored in the phone in a secure element.  In the token/HCE model a Token representing the card is stored in a less secure space, and presented with device and network information for translation by the TSP to the actual PAN. There are substantial Business Implications of Payment Tokens (blog) which I won’t go through again here, but clearly it cuts the mobile operator out of the “signing” role and they become dumb pipes.

My Gemalto friends will howl at how unsecure this is, or how it won’t work if the device has no network access. They are wrong. It is working today, and is secure enough. There is no connectivity requirement, that software token in the phone can change every 10 seconds, 10 minutes or 10 days. The TSP and Issuer can decide whether or not to accept an “old” token based upon the transaction. In other words the intelligence sits IN THE NETWORK.. NOT IN THE PHONE. This is why V/MA/AMEX love it so much. It cements their position (See Perfect Authentication… A Nightmare for Banks?)

Host Card Emulation

emvco token

This is an Android construct (see Software Secure Element – HCE Breaks the MNO NFC Lock) that allows any application to access the NFC Radio. Without Tokens, HCE would be useless for payments, as payment information can’t be securely maintained without an SE.  Think of HCE as dependent on tokens, now a card emulation application can be certified to run outside the secure element.  I don’t like to put Apple in the HCE boat, as they have a proprietary secure architecture using tokens. This is a uniquely apple construct where the networks seem to have certified Apple’s card emulation application(s) as well. It is important to note that they use none of the GSMA’s architecture (to my knowledge) and have embedded the TEE in the apple processor (see Apple Insiders note on Secure Enclave and Authentication in Value Nets).

Secure Element

Is it needed? Certainly it is needed for at least 2 functions: Mobile network access (SIM/UICC) and Biometrics. Fingers and Eyes are very hard to reissue.. so the actual information must be highly protected. Apple is handling biometrics in the A7 Secure Enclave (oddly enough has the same “SE” acronym) and Google is a tad bit behind but handling in ARM’s trustzone. Trust zone is largely a hardware construct, and much is made of Gemalto’s marketing announcement here. My view is that there are many more than on software solution for ARM.. and ARM is much more tied to Google and OEMs than Gemalto.

The “big news” here is that both Google and Apple are EMBEDDING SEs in their hardware architecture. Embedded SEs are a threat to Mobile Operators and their preferred Single Wire Protocol architecture. As you can imagine, an embedded SE has all the capabilities of the SE within that micro-SIM card.. and sets up the prospect for a Virtualized SIM (no more of those GSM cards popping into your phone). If the SIM can be virtualized you can switch your network provider anytime you want.. or have them bid for your phone call ( see Carriers as dumb pipes? , Who do you Trust?, Also see Apples patents on Virtualized SIM). To be clear, I believe MNOs can take a leadership position in Emerging markets and payments, but for POS Payments in OECD 20 markets it makes most sense for them to focus on the $5B KYC/Authentication/Fraud opportunity (NOT payments).

OK… now you can shoot me… Open to feedback.

 

 

Token Assurance – Updated

28 April

The most interesting aspect of the new EMVCo Token Specification is section 6 – Token Assurance ID&V Methods.assurance

Technical

Tokens must be combined with a form of identity to be useful. The specification outlines a rather ambiguous set of placeholders

  • Account verification
  • Token Service Provider risk score
  • Token Service Provider risk score with Token Requestor data
  • Card Issuer authentication of the Cardholder (ie PIN)

Real world examples would be Apple’s score on your fingerprint biometrics (ex 95% match), or Payfone’s device ID information on the phone you are using. Actually, just about any entity could provide this data to the issuer (with issuer agreement). Per the specification

ID&V steps may be performed by the Token Service Provider, the Token Requestor, or a third party. In instances where the ID&V steps are performed by an entity other than the Token Service Provider, verifiable evidence SHALL be provided to prove that the steps were performed and the resulting outcomes were provided. Verifiable evidence may consist of any value provided to the Token Service Provider by the ID&V processing entity that the Token Service Provider may validate. The details of what constitutes verifiable evidence are outside the scope of this specification, but examples include a cryptogram or an authorisation code

In the GSMA NFC world, a card is “provisioned” to the phone through the TSM.  In the token world a card is provisioned as a token to a phone by the Token Service Provider (big issuers will do this internally, V/MA will also offer services). If the card (or token) is presented to the merchant via NFC protocol it is operating within the contactless/EMV pricing. If the card (or token) is presented to the merchant via an iBeacon or QR code then it falls into some unknown TBD pricing.

Business issues

Problem becomes who will pay for great ID&V “Assurance”. For example, Apple could provide biometrics.. but shouldn’t the banks pay for Apple’s score (see Blog Authentication in Value Nets)?

Let me extend the example further. Today Banks are working to extend their mobile applications to add payment capability through HCE (on Android). Who is the TSP? Answer it is the banks themselves…  they generate the tokens and their own Assurance information. Who will deliver “tokens” to Apple? There are only 2 entities that can map tokens to cards: Issuers or Networks (acting as TSP).. wallets can’t do it.

Thus there are 3 ways a payment instrument can be added/stored/provisioned in a phone/cloud/device

  1. Consumer enters card number (Google, Apple, Amazon, Paypal, …). Benefit, consumer chooses any card they want. Downside CNP rates
  2. GSMA/TSM. Provisioned by Card. Only issuers that provision cards.
  3. Tokens. Provision token. Only issuers/TSPs can provision tokens

There are also different mechanisms for card Use/Presentment

  1. eCommerce (buying iTunes/App store, Amazon, …)
  2. EMV/Card Emulation
  3. Token Presentment (iBeacon, QR, eCommerce Token Presentment)

My view is that there are only 2 areas where tokens will move in next 12 months:

  1. Banks are focused on enabling Apple to use tokens later this year (in iBeacon model), so cards will exist in token form both within the Bank mobile application (Android HCE) and
  2. Apple’s wallet (IOS) in Beacons + NFC/Card Emulation

Looks like everyone else will be stuck with the “old” NFC/TSM model for quite some time.

Apple

For Apple to receive Card Present rates in a iBeacon model, they must provide information as a TSP to create a high assurance level.  Here is the REAL ISSUE. WHO DECIDES what degree of assurance equals card present rates. Right now only the ISSUER can make this call. Worst of all… the merchant will have NO IDEA of what the cost is. That’s right, Apple must negotiate with each and every issuer not only on ID&V data exchange, but also on the rate. The token specification outlined how the data must flow, but not how the pricing will work. I sure hope Apple is pushing for pricing MUCH better than listed card present rates. Fantastic authentication should lead to risk based pricing. My recommendation to Apple (beyond call Starpoint), is to price in a way that merchant sees card present rates and you are paid for risk reduction. This aligns everyone to reduce risk.

Banks are focused on Apple because: #1 Apple can move the needle in adoption, #2 Increase use of cards in iBeacon model, #3 Apple is dumb container for card and not as concerned about capturing data. Banks may work to restrict Apple’s ability to use tokens in an NFC contactless transaction only. One of my top questions is HOW will apple present these tokens in an EMV contactless scenario? There is no work being done on card provisioning with issuers… so how are the tokens getting into their phone? Will Apple convert their 600M cards on file to tokens?  Will the networks work to simplify and “on ramp” issuers without their technical involvement? This could be a brilliant move, as nothing is more broken about the NFC/TSM model than working with 10,000 bank issuers individually to provision cards.

I hear nothing on Apple Tokens + Beacons. Which means Apple Payment launch is EMV Contactless only (but in a uniquely Apple Way with fingerprint). If Apple is working in an EMV contactless model ONLY, did they certify an application? Who holds the encryption keys if cards are not provisioned by the issuer? the network? (my guess) If this is the case, what do card issuers think about the networks managing their keys?

 

Google

Today Google wallet (POS) wraps all other payment products in a Bankcorp (TBBK) Mastercard. Google is issuer so they provisioned the card (with a few exceptions in Citi/Barclays, …). It is the ONLY wallet where a consumer can load any payment card they want to. Today Google gets card present rates (for the TBBK Debit Mastercard) as they present cards within EMV contactless/card emulation rules. If they switch to tokens, what merchant pricing applies? If merchant accepts card via EMV contactless, contactless rates apply, but what if token rates are “better”? Can Google arbitrage? What if presentment could be based upon merchant preferences? Present token if you have a lower rate (via via QR code or “Beacon”) otherwise present card via NFC/EMV for card present.

I’m getting a headache!! Can you imagine Google would have to store cards/tokens by issuer/presentment mechanism, with different assurance data and provisioning for each. Some cards are provisioned via TSM, others via token, others entered by consumer, cards used for eCommerce on Google store could be tokens, cards used in Chrome autofill would be PANs, cards presented via NFC would be encrypted PANs, cards presented via BLE would be tokens..

In the token model, what is incentive for Google to deliver Assurance data?  What is merchant incentive to accept? Today Google can allow the consumer to use any card.. in a token world they have no control over which cards can be provisioned/stored, nor the rate the merchant will pay. Someone please draw me a picture of options…

Assurance Business Model

Can you imagine playing football where the opposing team also staffs the referee positions and can change the length of the chain whenever they want?  The token specification is a very, very solid document. But the business model is a little crazy. The only place where it will see short term traction:

  • Issuer’s own mobile application
  • eCommerce (where Apple/Google/Amazon/Paypal directly benefit from CP rates)
  • Apple (if they negotiate agreements well)

End result – No POS Merchant Adoption

Obviously, if merchants have no idea of the cost of a payment product.. they will not accept it. I couldn’t imagine anything worse than the ISIS NFC wallet… but a token at a card not present rate could fit the bill. Now you see the reason behind MCX…

eCommerce Merchants DO have a reason to jump on tokenization. As they will benefit from risk based pricing.

Thoughts appreciated.

Token Acceleration

20 Feb 2014

Let me state up front this blog is far too short, and I’m leaving far too much out. Token strategies are moving at light speed… never in the history of man has a new card present scheme developed so quickly (4-6 MONTHS, see announcement yesterday). As I tweeted yesterday, the payment industry is seldomly driven by logic, and much more by politics. Given many of my friends (you) make investments in this industry, and EVERY BUSINESS conducts commerce and payments, movements here have very broad implications. The objective of this blog is to give insight into these moves so we can all make best use of our time (and money). I was flattered at Money 2020 when a number of you came up and told me that this blog was the best “inside baseball” view on payments. Perhaps the only thing that makes our Starpoint Team unique is that we have a view on payments from multiple perspectives: Bank, Network, Merchant, Online, Wallet, MSB, Processor, … etc.

It’s hard to believe I’ve already written 12 blogs on tokens… more than one per month in last year. As I outlined in December there are (at least) 10 different token initiatives (see blog).  Why all the energy around tokens? Perhaps my first blog on Tokens answered this best… a battle for the Consumer Directory. It is the battle to place a number in the phone/cloud that ties a customer to content and services (and Cards). The DIRECTORY is the Key service of ANY network strategy (see Network Strategy and Openness). For example, with TCH Tokens Banks were hoping to circumvent V/MA… (see blog). The problem with this Bank led scheme (see blog): NO VALUE to consumer, wallet provider or merchant. It was all about bank control.  The optimal TCH test dummy was almost certainly Google, and the “benefit pitched” was that Regulators were going to MANDATE tokens, so come on board now and you can be the first.Token schemes

Obviously this did NOT happen (perhaps because of my token blog – LOL), but the prospect of a regulatory push was the reason for my energy in responding to the Feds call for comments on payments. In addition to the failure of a regulatory push, the networks all got together to say no Tokens on my Rails (see blog). Obviously without network rail allowance, a new token scheme would have to tackle acquiring, at least for every bank but JPM/CPT (see blog).   Paul Gallant spent 3 yrs pushing this scheme uphill and had no choice but to look for greener pastures as the CEO of Verifone (Congrats Paul).

In the background of this token effort is EMV. I’m fortunate to work at the CEO level in many of the top banks and can tell you with certainty that US Banks were not in support of Visa’s EMV announcement last year. One CEO told me “Tom I found out about EMV the way you did, in a PRESS RELEASE, and I’m their [Top 5] largest issuer in the world”. Banks were, and still are, FUMING. US Banks had planned to “skip” EMV (see blog EMV impacts Mobile Payments). The networks are public companies now, and large issuers are not in control of rules (at least in ways they were before). Another point… in the US EMV IS NOT A REQUIREMENT A MANDATE OR A REGULATORY INITIATIVE. It is a change in terms between: Networks and Issuers, and Networks and Acquirers, and Acquirers and Merchants (with carrots and sticks).

In addition to all of this, there were also tracks on NFC/ISIS (which all banks have walked away from in the US), Google Wallet (See Don’t wrap me),  MCX, Durbin, and the implosion of US Retail Banking.

You can see why payment strategy is so dynamic and this area is sooooo hard to keep track of. Seemingly Obvious ideas like the COIN card, are brilliant in their simplicity and ability to deliver value in a network/regulatory muck. This MUCK is precisely why retailers are working

Payment Value

to form their own payment network (MCX), retailers and MNOs are taking roles in Retail banking, and why Amex has so much more flexibility (and potential growth).

Key Message for Today.

With respect to Tokens, HCE moves are not the end. While Networks have jumped on this wagon because of HCE’s amazing potential to increase their network CONTROL, Banks now have the opportunity to work DIRECTLY with holders of CARDS on File to tokenize INDEPENDENT of the Networks.

Example, if JPM told PayPal or Apple we will give you:

  • an x% interchange reduction
  • Treat as Card Present, and own fraud (can not certify unless acquirer)
  • Access to DATA as permissioned by consumer
  • Share fraudulent account/closed account activity with you to sync

If you:

  • Tokenize (dynamically) every one of our JPM cards on file
  • Pass authentication information
  • Collaborate on Fraud

This is MUCH stronger business case for participation than V/MA can create (Visa can not discount interchange, or give access to data).

This means that smaller banks will go into the V/MA HCE schemes and larger banks, private label cards, … will DIY Tokens, or work with SimplyTapp in direct relationship with key COF holders.

Sorry for the short blog. Hope it was useful

HCE – Now the PREFERRED contactless approach

Feb 19

HCE Gains Official Support from V/MA today

So much for 2 NFC/TSM CEOs telling me that HCE was “not viable”.  I told you Feb was going to be a great month.. and this is not even the tip of the iceberg. As I look at the number of reference links below.. I realize that I’ve been talking about this stuff for far too long. For detail on what HCE is see my November Post HCE Breaks the MNO Lock.

Today’s announcement primarily impacts BANKs. Message to Banks, if you want to test HCE TODAY there are 3 options: Mastercard, SimplyTapp, or Android 4.4 DIY.  Before everyone gets too excited.. the same mobile payment hurdle remains: merchant adoption. Technically HCE looks exactly the same to a payment terminal as NFC and unfortunately it also has same (terrible) business model (everything is a Credit Card .. by Bank design). Credit cards cost 200-500bps (% of sales) vs a flat fee of $0.07-$0.21 for most debit cards.

What does this announcement mean?

  • HCE Token Presentment = Card Present Paypass/Paywave
  • No more TSM, Payment is in the OS, No more dedicated NFC chipsets, and the MNO lock is gone. (Sell Gemalto … loosing MCX and NFC in the same week?)
  • Visa/MA prefer HCE to NFC hands down. It allows them to own the tokenization of cards in mobile. HCE actually ALIGNS to bank and network (V/MA) objectives: keep intelligence in network and control with issuers. The Networks ARE the TSMs. Mastercard is 3-5 years ahead of Visa here (with actual pilots). Visa’s is attempting to make up lost time by creating a more flexible program to support HCE within Visa Ready (Issuer Support). Note “Visa is Developing”.. vs.. call up MA and start the pilot. Visa’s token focus had been on the eCommerce side (V.me), and will have to run hard to play catch up.

Visa Ready

  • Android Rules! Cards, Tokens and Door Keys in Apps. Your Citibank mobile app can pay at a contactless terminal, your Starwood App can open hotel room doors. Apps have access to ISO 14443/18092 compliant exchange.. with the support of Android. This is where it will get VERY interesting. Google created HCE based upon the contribution of SimplyTapp’s Software (via GPL). I believe it is a tremendous competitive edge for Android, and I would bet they work to “manage” the deployment of KitKat and approve applications that can leverage it, as they MUST be part of Google’s Authentication/Biometric plans. Why is this better than Apple’s Beacon/BLE approach? Google is a Platform that will allow hundreds of apps to access the radio where they will own security and authentication (open innovation). Apple is a hyper controlled structure where beacons will talk to your phone in defined ways through approved apps (managed innovation). OK this is a bit of simplification, but until Apple actually releases a product don’t complain about it.
  • Tokens, Tokens, Tokens.  I could write a book on the interplay here. Much of the V/MA stance evolved from the previous TCH Token Project (see Money 2020 Blog and Business Implications of Tokens). The banks were working to end run Visa and MA on mobile tokenization. Theme is “if there is a number in the phone, why would we [Bank] want it to be a Visa or MA number.. lets make it OUR OWN number (ie a Token). After 3+ years the effort floundered and now TCH is left to be the standards body. Visa and MA reacted, most likely because of all my excellent token blogging (not), and together with Amex announced a new shared token approach.

Important. In the mobile context think of tokens are constantly changing card numbers. In the early stage HCE tokens will be 16 digits to support current payment infrastructure, but will evolve in next 2 years to be complex token identifiers much longer than 16 digits. Visa and MA have both developed controls for how this will work, for example having a “token” that refreshes at a given rate based upon where the phone moves and how the phone transacts. A Token could refresh at different rates (10 seconds to 10 weeks) based upon how the user transacts or what part of the world they are in. In this model Token generation is a NETWORK responsibility, which is why V/MA love this model.  In the new token schemes, there is opportunity for the “mobile handset” to provide biometric and security information. As I stated before, NFC zealots will HOWL that there is no TSM, or security that a number will be stored in software. But SECURITY has DEGREES.. there is no such thing as 100% non-repudiation.  I will leave it a subject to a future blog how ID providers are paid for this service.

History

There maybe a few new readers on this blog, so let me recap a brief history of how this came to pass.

NFC is a great technology, with a terrible business model. Developed by carriers in a walled garden strategy, they planned to charge $0.05 every time someone wanted to access a credential (like a credit card) in the “secure vault” within the mobile phone. The secure vault was the Secure Element (SE), with companies like NXP making dedicated chipsets for the function. See Carriers as Dumb Pipes.

Also seeNFC Handset

ISIS Platform: Ecosystem or Desert

Apple and Physical Commerce

Network War – Battle of the Cloud Part 4

Controlling Wallets – Battle of the Cloud Part 3

Apple and NFC

Gemalto

 

 

 

 

 

US Payment Innovation and Regulation

A core “investment assumption” by TCH banks was that “regulators” were going to force the use of tokens in the US. As a primary means for meeting obligations under BSA/AML. The “value proposition” pitched to pilot participants was thus “regs are coming which will drive PayPal out of business.. everyone will be required to tokenize.. pilot participation means you can have a jump on everyone else.” Obviously this has not been the case..

29 Oct 2013

Short Blog.. will update next week. Sorry for Typos

Is anyone else struggling to see the logic of Bank led token initiatives? These folks are smart people.. we obviously see why they want to do it (control)… but they are smart enough to construct some kind of value proposition. It’s not as if they can MAKE every merchant and wallet service convert.

Well… this is NOT necessarily a good assumption (value proposition). I met with a few folks this week, each touched TCH SecureCloud.  A core “investment assumption” by TCH banks was that “regulators” were going to force the use of tokens in the US. As a primary means for meeting obligations under BSA/AML. The “value proposition” pitched to pilot participants was thus “regs are coming which will drive PayPal out of business.. everyone will be required to tokenize.. pilot participation means you can have a jump on everyone else.”  Obviously this has not been the case..

The Banks wanted to start with tokenizing eCommerce Cards on File (COF), as this enabled them to keep the favorable credit card mix (75%+ credit) in a new mobile world. If would have been much easier if they just pushed all of the consumers approved payment products down to Apple, Amazon, Paypal, Google… but Banks don’t really want consumers to have a choice.. they want friction and fear in debit.  This Credit on Mobile Strategy may not be a STATED goal of TCH tokens.. but it is certainly a corollary which Banks don’t care to address.

Visa/MA/Amex did an end run on Bank token plans with a proposed interoperable standard. It thus seems that the 20 odd Bank TCH token participants will give the utility to the networks, with the hope that there will be a continued credit focus. What will TCH do? Probably be a standards body of some sort, and be the token authority for things like ACH.

The ACH LOCKDOWN strategy had 3 prongs: NACHA Rules, Regulation, and an alternative. See related Post around NACHA Rules. With respect to alternative.. this is the driver of Clearxchange, a real time ACH that circumvents NACHA…

One of the Bank leaders quipped “in 5 years we hope to put Paypal out of business in the US”… implying banks could lock out non-banks in riding ACH rails. This would also have significant implications to MCX… My view is that there are ways to get around all of these grand plans IF they ever materialize (ie Bank partnerships).

All of this seems a little too smart, too complex, too dependent on regulations by a regulator that isn’t really doing much to help Banks these days.

Message to Regulators.

PLEASE DON’T FORCE TOKENS.. but rather allow risk to be owned by non-bank entities (ex MSBs) originating transactions. There are so many new ways to mitigate risk and authenticate a customer. Mandating tokens will kill innovation and keep control locked inside intuitions that innovate at the rate of glaciers.

Reminds me of a joke. Did you hear about the Bank mobile SVP that tried to commit suicide? He threw himself in front of a Glacier.

Authentication is key to unlocking billions of dollars in revenue and bringing enormous efficiency to the market… allowing for the REWIRING of Retail, Advertising, Commerce.

Regulators should not focus on payment tokens, but facilities for managing distributed TRUST and AUTHENTICATION. Allowing other entities to assume risk in payments. This may mean creating new quasi bank licenses (regulated trust authority) or a new federally approved MSB that does not hold any deposits. A first start may be to open up Fed Wire to non bank participants. With ability to take risk on settlement funds.

I actually agree with Banks in their token plans.. IF they are ultimately accountable for EVERYTHING.. they must control EVERYTHING.

 

Divide and Conquer: Commerce Battlefield

What “standards” are there in commerce?

Do we advertise in the same way? Locate in the same geographies? Price products the same way? Have the same eCommerce or mobile “store” and services?

What about Payment?

Payment is perhaps one of the few “standards” that retailers have in commerce. I had an “ah hah” moment at Money 2020. It was from a presentation by Jim McCarthy of Visa.. the theme: Visa is a model where everyone wins, and participants can monetize their respective roles. Of course I should know this.. but it really just struck me on WHY the Banks want to work within the Visa model.. if they break it.. they will no longer be able to monetize payments.

Mobile is a platform which enables a radically improved customer experience. With respect to payments it also offers a unique ability to authenticate a consumer (fingerprint, GPS, cell tower location, voice, camera, …). Yet, no banks are looking to leverage these “new” capabilities in a “new” payment system. After all, given a clean sheet of paper, no one in their right mind would design a payment system like we have in Visa/MA: present a credential to a merchant, who passes to a processor, who passes to network and routes to issuer to approve a customer transaction… giving the auth to everyone in the chain again.. and getting back another message. If everything is connected why not just ask the consumer to send the money from their bank (ex Sofort,  Push Payments also read Banks will Win in Payment ).

Why? Well because Banks can’t make money in a Sofort model.. (would need to create all new merchant agreements). This is why Banks are going through contortions to stay within Visa/MA, yet attempting to alter it fundamentally (ie Tokens). A top 3 Retailer provided me a great example “if tokens are not created by Visa/MA do I have to accept all tokens like I have to accept all cards”?

Defining the Battlefield

My real “ah-hah” came when thinking about how the Card “standard” has been managed for the last 50 yrs. Quite frankly the Banks have been playing Chess while everyone else has been playing checkers (quote from a Retail Client).

This reminds me of Sun Tzu

Whoever is first in the field and awaits the coming of the enemy, will be fresh for the fight; whoever is second in the field and has to hasten to battle will arrive exhausted

Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.

Sun Tzu – Book 6

Retailers have been playing on someone else’s field.. they have been so distracted in competing with each other.. that they did not even identify a common enemy. This has shifted significantly in the last 5 years. The payment burden has become so substantial that Retailers realize they must define their own rules and create a new network (aka field).. thus we now have MCX in the US, SEPA in EU, EFTPOS Australia, CUP/China, Interac/Canada…  This is not just the US, take a look at what is happening in the UK last week, or with Card EU regulation cross border.

Implications of Tokens

I cannot understate the business implications of tokens to Retailers, Processors, Wallet Providers, eCommerce/mCommerce companies, and Start Ups(also see Money2020 and Tokens). It will impact every company that keeps cards on file (COF), or processes transactions electronically.  What is most concerning? These entities have few existing mechanisms to coordinate/collaborate … a coordinated Bank/Network consortium is battling a bunch of unorganized tribes… and setting them against one another. The hectic activity in payments has caused a fog of war which serves to obfuscate the primary advances of the opposition. While everyone is focused on litigation, debit, mobile, MCX…  banks are moving 3 steps ahead.

Banks have wrapped tokens in secrecy (per Sun Tzu) with motherhood and apple pie stories pertaining to protection.  I can assure you that Banks are not dropping over $1B+ to protect consumers.. they are spending this to protect themselves from competition. As I said previously, Banks know they cannot innovate at the pace of Google, Square, Cardspring, Braintree, … thus they must control the battlefield. Tokens enable them to recast the battle.

The new battle surrounds data. As my friend Osama told Tim Geithner, the value of data exchange may quickly outweigh the value of risk management and clearing in payments. JPMC has even created a new DIVISION run by Len Laufer to focus on data, as Jamie would say “we have better data than Google”.  Bank Card CEOs are furious at the thought of anyone delivering value on their cards, particularly efforts by the networks themselves (V.me, Visa Offers, …). Other token drivers:

  • Control who can be a wallet provider
  • Control who can add value to a card number
  • Control how a merchant can identify a customer via a card number (See payment CRM)
  • Control how payments are cleared (ex. What they did to Google Wallet).
  • Control how and WHEN mobile payments succeed
  • Control what payment instrument is used in mobile POS payments (ie Credit)
  • …etc

Banks are so far ahead on strategy….. I’m concerned Retailers will have no idea of what hit them.

How to respond?

  • Coordinate on a plan of action (glad to assist)
  • Create a new Battlefield.. create a new set of rules that Retailers control (thus the brilliance of MCX)
  • Join MCX.. just to ensure Banks know they must take this seriously
  • Frustrate the Banks on their Battlefield… Visa/MA and the issuers are not on the same page.. help to further the rift.. ensure new rules work to the Retailer’s benefit. For example, push V/MA to create a “certified wallet provider” that can translate cards to tokens WITHOUT THE ISSUER.
  • Regulatory… push payments into DUMB PIPES. Let innovators own the risk.. give banks a pass on payment compliance, open non bank owned pipes (Fed wire)…
  • Find Banks that will partner with Merchants to deliver value. On my short list are: Barclays, AMEX, Discover and Bank of America..
  • Help Banks solve their problems through you.. help Banks leverage their data for your benefit….instead of the other way around. Amex is FAR ahead in this.. 5 yrs ahead (see blog)
  • Break the Card revenue model…. Beyond what Chase did to VisaNet
  • Ensure you are viewed as fighting for the consumer.. NOT for yourself. Banks don’t exactly have a stellar reputation these days.
  • Banks also rightly fear that Debit will move from $0.21 to $0.05 or even $0.03.. making debit the equivalent of a quasi real time ACH system. How can you incent increased use of debit today?

I have a few others that I’m not going to share.. but we have got to stop falling on the same sword over and over again.  Banks are NOT the center of commerce, just as my ISP or MNO is not the reason I shop at Amazon.

Investors.. I’m not saying to short V/MA.. I see nothing to dent their global growth.. but in US/EU.. we will see their revenue drop substantially in 5 yrs.

My predictions

  • Visa/MA will create a rule that no one can wrap their card in a token but them… after all a card is really a token for an account number in the first place. Bank token efforts will die in next 12 months.. unless they can force a strategic change… or they make a move toward a 3 party network like discover.
  • Visa/MA will start off getting feedback from all participants.. but banks will win on their rules like they always do.  Merchants will resist efforts unless carrots are substantial (card present and fraud liability shift). If issuers are NOT on board merchants know (from VBV/MSC experience) that issuers will just tweak the decline rates to make for a terrible customer experience. In the end issuers have control over how any new scheme works for its consumers.. they have an unlimited ability to frustrate Visa’s rules… or leverage networks against each other.
  • Take a look at how long EMV, NFC, … have taken. I would make the case that EMV only succeeded because of regulatory pressure.  I see no impetus for change… no business case for either merchant or consumer.  PCI costs and Fraud are already managed…
  • Mobile successes will work around today’s plastic.. This is the beauty of Square..
  • Merchants have reached beyond the tipping point of collaboration on common payment services. It will happen… and there will be implications to V/MA volume (in 5 years)
  • There is only one entity that has the POWER to change consumer behavior on mobile: Apple. It took them over 20 years to earn consumer trust through their maniacal focus on quality and consumer experience. If Apple makes a move in mobile payments.. we should all “think different”
  • Merchant friendly solutions and big data.. are red hot areas. My favorite case study here is a little restaurant marketing company (Fishbowl).. will write a blog on them this month.

Payments Winners/Losers?

If you are a BANK… you can do anything you want to on a PIN DEBIT network (you control).. For example, First Data owns STAR.. they are leveraging the Star network with Cardspring to transfer non payment information (offers/incentives). This is a great example of how to construct a solution within the constraints of existing networks

21 Aug 2013

Of course I can’t answer this question.. but it is THE question most frequently asked by investors. I certainly don’t see anything US Debit WSJthat would significantly dent Visa, MA or Amex’s growth internationally. The concentration of electronic payments is tremendous, fully 92% of all electronic transactions occurred in the top 10 OECD 20 markets. Internationally, as markets mature, banked consumers increase, market facilities like credit bureaus improve coverage, credit starts to flow…  I went to work for Ajay Banga at Citi after listening to his fantastic interview w/ Mike Mayo (then of prudential), Ajay talked about 600-800M new people gaining access to financial services globally. V and MA will be prime benefactors of this global growth.

Domestically? Well that is another story. OECD 20 countries have begun to price debit transactions at cost of ACH. EU (SEPA CF), Canada (Interac), Australia (EFTPOS)… now the US is following with a Durbin rate likely to be $0.07-$0.12/transaction (12c is the fee in Australia).  This rate change impacts $5-7B of bank fee revenue (see Reuters). Of course banks are not in the business of loosing money, and must find a way to make that up.. capgem1 noncash pmt

This brings me to the obvious loser in next 5 yrs: Retail banking in the US. Prior to this latest Durbin change, fully 40% of mass market retail bank customers were unprofitable.  This latest change to debit fees will accelerate bank moves to reduce cost to serve (Branch Infrastructure to Online channels).. Retail banks must either find something new to sell consumers (ex Amex/WFC), or charge them more. (see Blog Future of Retail Banking: Prepaid?), many are seriously considering what BAC did 2 yrs ago .. adding a fee.. (see CNN/Money Article).. remember the reaction back then?

This retail bank pricing pressure comes at a time when retailers are offering banking lite products (WMT/Bluebird) AND new bank aggregators are forming which would allow ANY company to deliver banking services. Best example here is Wirecard in Germany.. as a payments specialist and bank which enables MNOs to offer banking services.In the US we see early stage examples of this same model, OTC: IEBS Independence Bancshares (nD Bancshares) has been recapitalized w/ Bob Willumstad (former AIG CEO) as Chairman.

What is Credit? Debit? Charge? Pre-paid? How are they different? With debit costs moving toward $0.. consumers (and start-ups) have access to “real time” settlement at ACH “like” pricing..  This is the heart of Bank’s concern.. and their subsequent efforts to establish rule changes on “wrapping”.  Banks don’t want Paypal, Google, or anyone else using debit this way.

top reasons for selecting

As I stated in Controlling Wallets: efforts to “control” have unintended consequences.. like holding onto your Jello by squeezing it..  PIN Debit may be the first “break” where you can have your cake (Visa Bug) and eat it too (enhanced data w/ merchant).

PIN DEBIT.. the Dumb Pipe Switch

If you are a BANK… you can do anything you want to on a PIN DEBIT network (you control)..  For example, First Data owns STAR.. they are leveraging the Star network with Cardspring to transfer non payment information (offers/incentives). This is a great example of how to construct a solution within the constraints of existing networks and rules…. And KEEP your Visa logo.PIN Volume2

Unfortunately there are few PIN debit cards that are not also signature debit cards.. When the Visa logo is on the card.. it is the customer that decides. Merchants LOVE PIN.. as pricing was different. Now (in the US) PIN and Signature debit pricing is is the same (for banks over $50B in assets).. Offsetting this confusing PIN/Signature furball is the requirement that both signature and PIN debit must have at least 2 options (each) for routing AND several PIN networks are not owned by issuers (Pulse, NYCE, Star, …). This gives FIRST DATA, FIS, Discover opportunity to deliver services that SWITCH debit for the benefit of the MERCHANT (ex Cardspring).

Is “PIN debit” the baseline product for retail network consortium? It is how I would construct it.   Target’s Redcard is the model, but it is closed loop. Expanding a Target Redcard through a PIN debit network would provide for Open loop (multiple merchants participating). Operating in a PIN debit network also gives the PIN network control over rules on acceptance. Although there would be no real interchange cost savings here.. there would be a real advantage to retaining customer data.

The other advantage of processors which also own a PIN network.. is that they “see” all transactions for their merchants.  If McDonald’s processes a debit card transaction.. their processor (ex FirstData, FIS, CMS, …) has flexibility in choosing whether to process as PIN or signature.  PIN is not routed through Visa, Signature is..  First data could see if card is registered for any loyalty/incentive programs.  This is what what JPMC has done (partially) w/ the Visa deal.. without acquiring a PIN network. Allowing them to use signature debit and credit as rails for non-financial data and routing which will not go through Visa.

Credit Cards

Beyond Retail banking, the traditional Credit Card Product seems ripe for change. Why would consumers with good credit accept 18% rate on a credit card when the bank is paying them 0.1% interest? The top issuers know they must improve the merchant and consumer value propositions.. but are largely failing. Its hard to turn around large portfolios and create new value propositions that don’t cannibalize your core business.redcard

This brings me to Winners.

  1. Companies that can help retailers become better publishers and marketers (see blog)
  2. Company that can construct a better customer experience (Square, Apple, Payfone)
  3. Companies that and orchestrate COMMERCE, not manage payments (Google, Amazon, Facebook)
  4. Companies that can enable anyone to ADD ON banking services (Wirecard, GDOT, IEBS, )
  5. Companies that can CONTROL the mobile phone (Google, Apple, Samsung, ??MNOs)

Sorry for typos.. I publish these things before I proof them.. any corrections appreciated

See my disclaimer above. I have equity in GDOT, Wirecard, Goog, AAPL, AMZN

Wells gets A+: New Amex Partnership

WFC is brilliant here. By leveraging their primary asset (customer relationships) they have jumped to the top of the line in a new ability to deliver services, and capture unregulated payment revenue. Think they need to work quickly to ensure retailers see an upside to expanded Amex transaction volume (see payment enabled CRM).

7 August

Press today on WFC/Amex plans for WFC to Issue Amex Cards (also see WSJ Blog, CNBC Clip with WFC Exec on deal overview). Key items:

  1.  WFC to issue credit cards accepted on Amex Network
  2. New and existing WFC customers
  3. New loyalty platform

Why is this big new for INVESTORS? 2015 will see reissue of EMV compliant cards (blog). Issuers are therefore assessing what brand/plastic to reissue. Top analyst question for Amex/WFC is will WFC reissue on Amex plastic/brand? If WFC moves this direction, will other banks as well? Is Visa’s golden goose on the menu? Will EU regulatory developments (suggested 30bp rate for credit supported last week in US by Dick Durbin) prompt additional banks to move to 3 party network?

Deal History/Drivers

There is tremendous history around this transaction, as well as the business drivers for it. Amex has been seeking mass market opportunity for almost 15 yrs. For example, within Amex, few know that back in 2002, American Express was contemplating an acquisition of Wachovia, then the #3 US retail bank, now part of WFC.

transaction-volume-2006-2010

Within the large retail banks, there is broad recognition that:

  • #1 three party networks have substantial advantages (blog),
  • Durbin has killed the profitability of a vast segment of mass market retail (40%). Durbin’s impact was on Debit, and the PR on the WFC/Amex deal focuses on credit… so view this as attempt to generate fee revenue from mass market (only 30% of WFC retail consumers have credit card). See Barron’s article on latest Durbin bank EPS Impact
  • Pre-paid cards are proving to be real option, and banks face prospect of loosing core relationships (Blog, and Future of Banking)
  • Three Party networks (Amex/DFS) have no Durbin or EU constraints
  • Future of “payments” is about data, and enabling value added orchestration, Amex is the clear innovation, and business model, leader,
  • Chase has constructed unique Visa deal in attempt to create 3 party,
  • Visa and Mastercard are ineffective at “change” and have alienated both Retailers AND Banks.  I asked one CEO about EMV and he said he found out about it same way I did, in a press release (and he was top 3 issuer)…  Gives you idea of partnership “health”.
  • Retailers are working to establish their own payment network (see Battle of Cloud, MCX Blog)
  • Apple, Google and others are investing billions in this space

Top banks are working on a new token scheme to build a new “Visa” from within (see Tokenization). It now seems, BAC, WFC and JPM have separate plans from this centrally led TCH initiative… but all are consistent with disintermediating V/MA

WFC is brilliant here. By leveraging their primary asset (customer relationships) they have jumped to the top of the line in a new ability to deliver services, and capture unregulated payment revenue. Think they need to work quickly to ensure retailers see an upside to expanded Amex transaction volume (see payment enabled CRM).

I also believe this is a tremendous win for Amex, not only in their efforts to grow transactions riding on their rails, gain broader acceptance, grow in mass market but primarily as a way to unlock new value in mass consumer payment “data”. This is yet another “Cluster”…

Network Clusters

The street should watch for M&A activity around DFS…. The only subscale 3 party network left standing.

Take a look at new Amex service, working as a back door to get line item detail from retailers.

https://www.americanexpress.com/us/small-business/openhome/receiptmatch

CEO View – Battle of the Cloud Part 5

There is a payment cluster war going on right now and it is the subject in the C Suite in Banks and the Payment industry. The battle is happening at every level. I’ll be leading a panel at Money 2020 which addresses several of these items, with participation from V/MA… should be interesting. Here are a few updates.

22 July 2013

This post is a continuation/update to my post back in March Network War – Battle of the Cloud Part 4. Sorry for typos.

There is a payment war going on right now and it is the subject of C Suite strategy talks. The battle is happening at every level. I’ll be leading a panel at Money 2020 which addresses several of these items, with participation from V/MA… should be interesting. Here are a few updates.

Network Clusters

Network/Routing/Rules

  • $8B Revenue Impact. I apologize to my EU readers for my constant US focus. Let me break the mold now to emphasize the earth shaking changes going on in the EU (See today’s NYT blog, and today’s WSJ). Going from 250bps + cross border fees to 30 bps will be tremendous, and may set a precedent for the US litigation between Visa/MA and top retailers.
  • EU provides a glimpse at what a world of payment “dumb pipes”  and least cost routing looks like (see Blog Payments Innovation in Europe).  Canada and Australia also follow these lines in debit (see Blog). Also see my favorite case study in Europe  Sofort – ECB analysis, and Push Payments.
  • Networks, and their members are reacting to regulation and positioning themselves (individually) to “push” their respective vision of innovation in order to protect their brand and network (see Visa Money Transfer, and Visa Portfolio Manager). I don’t mean to limit this to just Visa and Mastercard (see picture, and blog).
  • New networks are forming (see Blog on Clusters)
  • Large issuers like JPM have successfully forced Visa to break/segment its Visa net, and run under unique JPM/CMS rules with new capabilities. Visa’s CEO comments to investors: “rules must be consistent with Visa”..  My view is that this is a major crack in Visa’s network ownership (see Golden Goose on the Menu).payments pyramid
  • From a wallet perspective the rules on “wrapping” are killing much innovation (see don’t wrap me). Top issuers are actively working to inhibit wrapping of their payment products (ex Mastercard’s staged digital wallet fee of 35bps on PREVIOUS years volume of over $50M..  which only impacts paypal).  Similarly Amex and Visa are working to ensure their cards are not wrapped.
  • Rules are being issued and ignored, from Visa Money Transfer to EMV (see below). Banks tell Visa “do you want me to write the waiver or will you send it over… as we are not going to do this”.. which is one reason JPM just created its own unique rule set. Similarly US merchants face a liability shift (on to them) if they do not accept EMV cards (chip and pin). All are playing a game of chicken as no one wants to re-issue plastic. Visa has created a new type of EMV, chip and SIGNATURE, which makes absolutely no sense at all, but helps them keep customers away from PIN (which Visa despises, but everyone else loves).
  • Cross boarder fees (see blog). As 20%-30% of network revenue moves to these fees, it is becoming a substantail pain point for global banks like Citi, HSBC, Barclays, .. A big topic I can’t fully cover here

Issuance

  • US Banks are spending 90% of their time in innovation around Credit Cards. Exception is Bank of America and to some extent my old team at Wells. In either case the banks have hit a wall, and recognize that innovation can’t happen in a 4 party network. American Express is 5 years ahead of them and they can’t catch up.. they must change.
  • The NATURE of card completion is changing in both credit and debit. Traditional Payment revenue is being REGULATED AWAY as payments become “dumb pipes”. The goal most have recognized is that the real value to be unlocked is in commerce data, particularly Payment Enabled CRM (see blog). Examples of just how focused this effort is: 22 Banks working in Secure Cloud, ~$1B in Google Wallet Investment,  ~$500M in ISIS investment,  JPM just hired Len Laufler (former CEO of Argus Data) to be the new CEO of Data in Chase.
  • Banks thus need to build a network which can accommodate both payments and “other data” which they own and control (like Amex)… hence “tokenization” (see Blog, and TCH Announcement).
  • Tokenization is currently going nowhere.. but it is “impacting” the industry and many start ups as banks and networks position themselves (see JPM/Visa Blog, Start up implications).
  •  Visa and MA also have their own secret token efforts. Merchants have a much better short term win in this approach with a liability shift and reduction in interchange, but they also know from past experience that if the issuers are not on board, there will be a much broader business impact in declines (see VBV post, and Visa’s Token Strategy).
  • Retailers are attacking from below. Bottom 40% of mass market customers are not profitable for banks (Durbin related items ranging from NSF fee changes, to debit interchange) . These customers are profitable for retailers like Walmart, Tesco, Target, .. (see Blog).
  • Telcos have a chance to own a new payments network, as they have both physical distribution, customer relationship, connectivity and device.. but they are focused on controlling a handset in a walled garden strategy. To succeed they must refocus efforts on COMMERCE, which means partnering with all participants to construct a value proposition (see blog).

Acquiring

  • The first hurdle of any “New” network is to get the merchants and acquirers on board.
    1. This is NOT going well for companies like Paypal … hence the complete failure of their DFS partnership (see blog). Specifically, there is at least one major acquirer which is refusing to route traffic on any of these new Discover/Paypal BINs, as well as at least 2 major retailers. Although Discover is a 3 party network, they only acquire directly for their top 100 merchants. Therefore Paypal must “incent” and negotiate with every single other acquirer AND merchant.
    2. Chase is working to build a new CMS acceptance brand, which will be different from Visa.
    3. Retailers are building their own network (MCX), and have hired Dekkers Davidson, a tremendous executive, to lead it.
  • Roughly 60% of acquiring profits come from bottom 30% of merchants. There are small independent merchants that are paying over 5% in acceptance fees thanks to the poor transparency within the ISO sales process. Companies like Levelup and Square are changing this (2.75% flat, or free if you commit to marketing). I’ve eaten my shoe on Square, as I never fully understood how badly the ISOs were treating small independent retailers. Their solution solves a short term pain point and also improves customer experience.
  • Acquirers are making POSITIVE headway in merchant friendly services (see blog), particularly helping merchants “merge” consumer data to gain new insights for loyalty and incentives. They are challenged to quickly ramp up this services revenue, in order to overcome the new aggregators acting on the side of small independents (ie Square).

POS Acceptance

  • Has anyone seen the graph of Verifone’s stock? Market cap of under $2B. A hardware company that could not adapt to a software world. At the bottom end they are being eaten by free Roam/Square dongles at the top end are facing integrated POS Terminals from IBM/Toshiba and Micros. Dedicated payment terminal are commodities, and thus suffer from commodity like competition. Grand hopes for re-terminalization with EMV and NFC are not happening (see blog). New dongles and mobile acceptance infrastructure is developing even in the complex EMV space (see Tedipay.com )stand
  • POS strategy centers around data as well. Google’s Zave purchase has given them opportunity to help retailers focus advertising and eliminate paper coupons independent of payment network. Other leaders like Fishbowl and Open Table in Restaurants have integrated into the POS. The BIG idea here is to integrate the POS to the cloud and Google is now 5-7 yrs ahead of everyone (2 yrs engineering, 2 yrs IBM Certification, 3 yrs to sell and test w/ retailers, +++ yrs in content/ads/targeting).
  • Square’s new Stand is an integrated payment, POS, inventory management, CRM, marketing and loyalty system.. all on an iPad.
  • Payment Terminal “software”. Verifone’s Verix architecture and equivalent schemes have failed. Idea was to allow 3rd party developers to create “apps” for a non-secure space in the payment terminal. For example, 2 years ago, Google’s first version of wallet leveraged NFC to communicate “coupons” to the payment terminal, which then relayed to the POS.  Problems are obvious..  A grocer like Safeway has 2,000 person development team around their IBM 4690 POS, guess how many engineers support the payment terminal? NONE. They don’t want apps on a PCI compliant payment terminal.. it goes beyond question of who will manage them. Also note that payment terminal interaction with the POS is simple today (payment request and authorization).  There is also significant development work to RECEIVE coupons from a PAYMENT Terminal.

Services

  • This section could fill a book, so I will make this brief. All network participants are working to deliver services. The 4 party networks cannot innovate. For example, take a look at my very first blog, topic was Googlization of FS. Visa built an offers services with Monitise and Clairmail 3-4 yrs ago, but the large issuers refused to use it, preferring to innovate themselves. Another example is V.me, a topic which makes Card CEOs red faced. These points exemplify the dynamic w/ V/MA and the large issuers.. Issuers want to dumb down the pipes and limit services, V/MA want to grow them and relationships with consumers.
  • Current state is myopia.. everyone is working as if they uniquely own the customer. Banks and Card Linked offers are top example. When you go into a bank branch, do you want to buy socks? dog food? Of course not! Banks have great data but they are in no position to run an advertising campaign. I’ve run 2 of the largest online banks in the world (Citi and Wachovia) and can tell you retail customers spend about 90 seconds with me, they log on check their balance make a payment and leave. They don’t stay around to click on coupons. Commerce, and retail, is in the midst of a fundamental restructuring as online and off line worlds converge in new ways (beyond show rooming).
  • Payments are just a small part of the overall commerce value chain, yet they have by far the highest cost. The proposed 30bps EU fee cap may occur in other markets, thus banks are working feverously to build services to replace this revenue (primarily around credit cards), with CLOs largely failing to deliver value (see blog). Yesterday we say Ally Bank discontinue Card offers, following Amex last week.