The Ledger.. and a new SWIFT Killer?

Money 2020 was a little short on big announcements. My #1? Visa/Chain announcement. Chain will open its entire platform (software core) to developers enabling distributed innovation (ie investment) by hundreds of start-ups and bespoke networks looking to connect.  My #1 bet is that the first focus area for Visa/Chain will be in replacing SWIFT.  For those not familiar with the intricacies of global commercial money transfer via SWIFT see my youtube video.

SWIFT is a global messaging network that enables all member banks to communicate in common language, it handles no funds, nor does it manage settlement. Swift sends standard messages to banks to settle funds. In the SWIFT model the instruction is normally sent by the originator of the payment to a beneficiary. Originating banks can determine which set of correspondent banks to use (think routing control).

Visa and Mastercard are also messaging networks (see Structural Changes in Payment, and Real Time Payments). The short summary of these blogs:

  • Real time gross settlement (RTGS) is only possible if all parties have funds in a common settlement entity.
  • Fedwire, NYSE, ..have real time settlement as all “members” have funded accounts for a net settlement (think daily margin calls)..  but all other US payment networks are messaging only, with settlement handled as a (daily) back end process.


The idea of Blockchain “replacing” SWIFT is not new, Ripple has been working with Santander, Bank of America and others (see Finextra). Ripple is both messaging, and real-time gross settlement system (RTGS in XRPs). Ripple’s messaging is called the Ripple Transaction Protocol (RTXP) or Ripple protocol, it is built upon a distributed open source Internet protocol, consensus ledger and native currency called XRP (ripples). Think of Ripples as a private bitcoin. One of the most common criticisms of Ripple is that Of the 100 billion XRPs created, 20 billion XRP were retained by the creators, who were also the founders of Ripple Labs.

Chain on the other hand is blockchain infrastructure (great WSJ article) open for innovation. Chain powers distributed ledger(s) for multiple uses. Think of Chain as enabling each bank to have a local copy of a indisputable record… an incorruptible and infallible accounting ledger. Fund transfer certainly needs such a record, but for “accounting” to be effective there must be trust and settlement. Note that Ripple handles this settlement problem (XRP ownership ledger) trust, but has issuess in conversion to the “common XRP currency”.

Trust among financial intuitions is historically managed by networks and operating rules. For example there are operating rule for NACHA, Visa, Mastercard, … etc. Operating rules also are governed by laws and regulation (ex WHO can transact, how are transactions reversed, how are participants certified).  I would argue that a payment network’s greatest asset is Trust among parties (and devices, form factors), with each participant governed by complex sets of rules, terms, certifications, operations, standards.

Important to note that Blockchain doesn’t require trust to properly record transaction, but rather rules to take action upon the ledger’s data. In other words, it is technically feasible to give a copy of the transaction ledger to every participant (who owes what to whom every day). However it is very hard for banks to take action on the ledger’s data (Transferring money – ex net settlement) without a trust/settlement network. The common ledger is a must improved messaging approach, that still requires a operating rules (Trust) and a Settlement Approach.

Mastercard’s acquisition of Vocalink (the UK’s Settlement network) enables them to lead in commercial (and debit) transactions for both UK and US. This is a brilliant move, but certainly much more of a traditional technology/architecture approach. The challenge with Vocalink is that innovation is constrained by existing customers and services.

Chain/Visa has the opportunity to disrupt the commercial payment landscape, particularly when viewed in combination with Visa’s existing card network and a new settlement system. For example, most Visa transactions were settled at end of day through JPM Chase (every Visa member had settlement account).  For cross border transactions, Visa’s settlement “hubs” have correspondent relationships.

If Visa created a new Chain settlement infrastructure, or had member Bank support to leverage current infrastructure, it could quickly replace SWIFT with a far superior product which would offer transaction clearing times in 24 hrs (vs the 2-7 days with Swift). The biggest unknown is what part of Visa’s current operating rules could be leveraged to create this new settlement infrastructure. For the economic opportunity see this Fed Study

Browser Tokens – Payments in OS Part 4

My last articles on this topic were
I’ll forgive you if you didn’t see the big news out of Google I/O. There is a MUST READ article in Android Police that is spot on. Summary? Google (Chrome/Android) and Apple (Safari) are ready to integrate payment tokens in the browser.. Buy buttons will be integrated into ads, product listings, or a single “pay” button with no subsequent user information to fill out “quasi one-click”. From Android Police

Continue reading “Browser Tokens – Payments in OS Part 4”

Changing Economics of Payments

2 Dec 2015

Happy ‘After’ Thanksgiving everyone, I’m coming out of my tryptophan coma and thought I would go for a mental stretch. This is a pretty big topic, and I won’t do it justice. Thanks in advance for your comments and perspective. [Note I’m not naming the titles of my reference blogs and used only URLs.] Continue reading “Changing Economics of Payments”

Google+Softcard Levels Field Against Apple

24 Feb 2014

Well done Google. As predicted last month, Google announced last night that it had acquired “some exciting technology and IP from Softcard”. The price? My guess is around $50-60M, plus multi year revenue share (below). This is a FAR cry from the $3-$4 BILLION that these same Mobile Operators wanted for “NFC RIGHTS” in 2011. Google proposed a rev share back then too.. but MNOs were convinced they could go it alone. After dropping almost a billion in ISIS/Softcard with no future revenue of any kind in sight the drivers of the deal were obvious. Not only did carriers need an exit for their investment, they needed a partnership that gives them a role in the future of mCommerce.

What technology will stay? The SE Keys and the vending machine acceptance terminals.. seriously.. 98% of what ISIS/Softcard was is completely dead. My biggest unknown? I would love to see if Amex Serve could pick up the pre-paid card from Mastercard.. as the banks wanted to beat up my good friend Ed McLaughlin for doing what I still think was one of the best most innovative deals ever (Google pre-paid).SONY DSC

What did Google get? MANDATORY GOOGLE WALLET. That’s right, now EVERY ANDROID phone sold by the carriers will have wallet installed. This addresses a key advantage that Apple has in mandating an iTunes account (with credit card) for activating the iPhone. Apple’s brilliant registration process allowed it to know its customers (ID, card on file) where Android/Google did not. Many analysts believe that this ID/Payment deficiency is THE KEY reason why Apple’s environment is 8x-10x more profitable with less than 20% of the handsets. Now Google can compete in all things which require identity+payment. Not JUST in buying apps/music in Google Play, but in orchestrating commerce and brokering identity. I cannot understate the win here for Google. A brilliant move, and I firmly believe that this was the primary driver of the deal. Don’t look at this as a ApplePay competitive thing, it is about enabling Google to identify every Android holder as a default “opt in” during phone activation (iTunes Account Mandatory = Wallet Account Mandatory).

The Carriers? A partner that will share revenue. Where Apple takes 15bps for itself, my guess is that Google will give that to the MNOs, plus some revenue share for play services. My TOP 2015 prediction was that this would be the year of partnerships.. This is certainly my top new one for the year. MNOs are losing sleep about Apple’s unmatched “walled garden”, no one plays but Apple here. Google is developing an open model and this deal may be the first template for MNO/Platform revenue sharing.

Banks? Google will likely slowly “roll out” of its Google Wallet Card (also see TXVIA blog) which wrapped all other cards in a Mastercard Debit. Banks will be able to sign up for Google Wallet through network agreements just as they do for ApplePay today (at same rates/rules). This will mean that the networks will provision bank cards as tokens, and that Google will also benefit from forthcoming CNP token rules this summer. The primary difference in GW operation is HCE+Tokens (see blog). The Google Wallet model is not dependent on the SE Keys, or SD storage.. but it CAN operate in a non HCE model (from its GW 1.0 lineage).

Payment Networks. BIG WIN. Cards are the defacto standard for everything in mobile. I’m interested to see if the networks recognize (certify) the HCE card emulation application, as of 3 months ago it was still not certified. My belief is that they certify as part of tokenization scheme acceptance. This is a funny side story in itself. Most would ask how Google Wallet could run a non-certified card emulation app. Remember that the ONLY card being emulated was a Google owned mastercard debit.. just a brilliant work around. Note that in ApplePlay, Apple operates as a tier 1 token requestor in the current ApplePay model, and V/MA/Amex are tier 2 token requestors (see this excellent blog by SimplyTapp). In the Google model Visa and Mastercard will act as both Tier 1 and Tier 2 token requestors.

Big Losers? Samsung. OUCH!! No wonder they had to buy loop. Their new wallet strategy was to have a DUAL NFC/LOOP wallet. Google just got all the SE keys for the Samsung Phones. This means that Samsung’s wallet will only work on new phones.. a rather rough place to start.  Paypal.. with the birth of a new CNP scheme this summer driving ApplePay and Google Wallet beyond Apps to mCom checkout.. Paypal has no future in Mobile…  Except in emerging markets.

More to come.. but wanted to get this out today.

2015 Predictions

3 February 2015

Payments, commerce, data and mobile is this blog’s focus. I’m very very fortunate to have so many great friends, customers and partners in this area. My thoughts are not my own, as I’m greatly influenced by my “environment”.

I’ve made many new friends because of this blog. The funny story that comes to mind was in August of last year when the CEO of a Fortune 50 company comes into the room and says “ahh.. the INFAMOUS Tom Noyes”…  (never a good way to start off a first date.. but we had a good laugh and thrilled he reads my blog.. ). Honest dialog has a way of creating great friendships. Thanks to all of you for providing such a fantastic environment! You make writing this thing fun.

2014 Prediction Eval

Before you bother reading my 2015 predictions you should probably see if it is worth your time. Best way is to evaluate what I projected last year in my 2014 Predictions

  • Consumer Privacy. Grade – C. Not much happened in 2014 on consumer side. I’m holding with my prediction, just not certain of timing and “tipping point”. How will we know when it happens? Imagine a Sony like incident with consumer data.. Regulated businesses like MNOs and Banks are highly attuned, Apple is the best in class here (consumer champion of privacy see Blog). The Ad industry is dependent upon tracking and data sharing in a very, very grey market approach. There is a better way… 2014 is perhaps the year of “awareness” with Snowden, DEA tracking license plates, State department keeping all of our phone records, to new super cookies on mobile. The next logical phase is ACTION.
  • Retail banking. Grade – A. Huge transformations going on. Prepaid and GPR products are segments growing at over 35% CAGR, US branch footprints are shrinking (see Blog)
  • Debit Volume. Grade – D. Not much going on here, after the DC court of appeals struck down Judge Leon’s ruling on debit interchange (March 2014).  Not much consolidation in PIN debit either. I do believe US debit will evolve to look like Canada’s Interact and Australia’s EFTPOS.
  • Mobile BEACONS. Grade – F. Nothing happening in 2014. Looks like more of a 2016 thing. I’m holding to my projection.. but missed timing completely.. thought Apple would launch beacons at their Sept 9th
  • mCommerce Payments. Grade – B. Summer 2015 is where we will see substantial progress. We see that the networks have turned over the new 3DS CNP scheme to EMVco last month (see link). As Payments move into the OS (see blog), Paypal doesn’t have one. Amazon, Google, Apple, will make SIGNIFICANT dents in Paypal as the platformcontrols authentication and authorization. Amex/Visa/MA’s new rules on tokens, combined with consumer privacy concerns, will accelerate the trend.
  • Specialized HardwareGrade Gives way to Commodity Hardware- Grade A.. makes way for commodity hardware and software. Launch of POYNT and CLOVR are best examples.
  • Host Card Emulation. Grade – B (for 2014), Grade A (by August 2015). Google did indeed push HCE into Android. With the death of ISIS and SEs in US phones.. things will be heating up in 2015 with a new Google launch.
  • EMV. Grade – D?. It appears to be happening.. I bet it would have been pushed back… I have the cards, but don’t yet see the retailer infrastructure. The chip and signature (vs Chip and PIN) is still a very strange one. It would take me 3 days to explain the politics behind it. What really baffles me is Samsung’s planned launch of LoopPay this summer (with Visa support).
  • Banks have given up on payment innovation. Grade – A+. I have a copy of the ApplePay issuer agreement (Sept 2014). Just can’t believe the banks have taken it on the chin like this.. not only ceding mobile to Apple, but Tokens to the Network and 15bps. What do they have left?
  • ISIS WILL DIE.. Grade – A+. Money ran out in Dec 2014, sale will be complete by March.
  • Apple will have NFC. Grade A+ … ApplePay 9/9/2014.. I was wrong on 3 things.. I projected October (it was 9/9) and there would be no SE, and Beacons would be part of launch (to wake up payment app). Big news (below) is that ApplePay will be in browser by summer 2015.. Paypal will be crushed with a double whammy on “value”: usability and a new rate tier (20-40bps off credit) for tokens in CNP.
  • Unlocking the cloud and authentication. Grade – B+ . Apple has done an amazing job here. See my blog on brokering identity.

Summary Grade: B+ . Looks like I’m a little aggressive in projecting the new stuff (Beacons, Identity, EMV, HCE). Except for EMV and Debit, I’m still confident in the predictions (philosophically) but my timelines are too aggressive in most cases.

2015 Predictions

These predictions based upon the Structural Changes in Payments which I discussed last month.

Big Picture Predictions

  1. The Year of Partnerships, new Clusters and multi-tenant walled gardens (forced by Apple/Google Dominance).
  2. Mobile moves from Small World organization to Real World Orchestration (my next blog)… starting with merchant friendly value propositions. You must be where customers are, or influence them in the real (offline) world. We have spent the last 10 years enabling a handset that does more than take calls and connecting it to the virtual world. We will spend the next 10 connecting it to the physical world. From POS Payment, Google Shopping Express and Beacons to Door opening and document signing.
  3. Tipping point of Privacy (Apple Defines Best Practice)
  4. Politicization of networks. Government regulation in internet prioritization, payment networks, social networks, advocacy networks and advertising networks. Networks are needed for the efficient life of a firm. Star network resembles dictatorships in social networks, and “channel masters” in business networks. Star networks are optimal for business, however we have grown quite used to the state of `organized criticality’, the scale-free, democratic and highly complex social net. Government involvement in networks usually does not improve efficiency and can lead to significant disruption.  Take a look at what Europe has created in SEPA.. a standard that no one will invest in.
  5. Collapse of “wallets” into Payment in the OSmCom trumps eCom. Tokens take over in eCommerce w/ ApplePay, Visa Checkout and Google Wallet
  6. Marketing… the year of measurement… and beginning of pay for performance
  7. The most trusted consumer brands will remain: Apple, Google and Amazon… with banks suffering most as their products become commodities and mobile rendering physical footprints moot.

Tactical/Deal Predictions

  1. Apple will launch aggressive effort to bring ApplePay into Browser by Summer 2015
  2. We will have a new rate tier from Visa and Mastercard based upon tokens in CNP (see EMVCo 3DS PR)
  3. Google will GO BIG in launch of new wallet in an HCE model akin to ApplePay. It will have dynamic tokenization. Google will excel in getting retailers private label and loyalty cards integrated, and pass Apple in BLE integration (in store).
  4. Alliance Data will be bought by JPM, C, Paypal, Hedgefund+Acquirer or Amex. ADS is my top stock recommendation for 2015, V/MA are my long term.
  5. Samsung will Launch LoopPay with support from Visa by September 2015.
  6. Visa will complete purchase of Visa Europe (hopefully at a 2015 discount) with strong dollar and weak EU growth.
  7. MCX will pivot to a payment instrument within another wallet (think Target Redcard) vs a wallet unto themselves .
  8. Beacon pilots will launch in top 20 retailers. In store navigation, product location, couponing and gamification will be first uses.
  9. Facebook payment will go live and be integrated into a new form of social advertising, where you are paid based upon your ability to influence your network, will see first pilots. Facebook will remain king of CPG advertising
  10. Behind the scenes there is tremendous progress in the collaboration of Banks, Telecos, and Mobile Platforms to Validate Identity. Short term impact is near elimination of mobile payment fraud. 2015 will be year of formalizing an identity verification infrastructure (in the cloud).

2015 the year of Partnerships

Google and Apple against Everyone Else?

I don’t have time to go over all 15 of my projections.. will do so in coming weeks. Over the last 6 months network and system design has consumed my thoughts like nothing else: proprietary networks vs. open networks, integrated vs modular, distributed innovation vs controlled platform, Apple vs. Google, Amex vs Visa, net neutrality vs. prioritization. At what point does OPEN win? My blogs on the subject was Value Creation and Distributed Innovation, Banks non-Banks and Commerce Network and my two favorite books are Platform Leadership and  Weak Links by Peter Csermely (viewable on Google Books here).

Any analysis of this area must focus on Apple. Wow! What a machine! The most loved brand, the most profitable, highest in consumer satisfaction, most sales per square foot, creator of new categories, inventors of new consumer experiences, trusted by the most affluent demographic, champion of privacy… on and on. Is Apple an exception?  Can any company ever aspire to replicate their success in any industry? How can anyone else compete in areas they touch? Do the rest of us just pick up the crumbs? Apple’s latest results show that their model is improving, garnering over 86% of the “mobile” industry’s profits (see Forbes).

network evolution nodes to consortium

Open networks are harder to build, and are certainly less profitable than closed. My prediction on “year of partnerships” is due to necessity, NOT the efficacy of collaboration. Few companies can compete with the data advantage of Google, Amazon and Facebook. Apple’s trust and reputation advantage is perhaps even more insurmountable. For large companies it may take 2-5 partnerships in a focused area. Imagine the data challenges small companies face.  This is not a technical challenge as much as a business one. How many successful partnerships have you seen (elephants dancing).  Remember that are injured elephants facing as structural changes in consumer behavior, mobile, information, distribution, trust … impact products and strategies. CommerceSignals is working to help bridge this gap, but that is for another blog.

Where Google, Apple and Amazon are self sustaining Stars (networks), clusters and multi-tenant walled gardens are forming to compete in a quasi open model.  The challenges here are not technical, but organizational and value creation. History reveals few consortiums renowned for their efficiency.  Value is best created where it can be controlled and monetized in “small worlds”.  Networks in business are functional in 2 areas: around a specific function with broad use (Visa/MA, Credit Bureaus, ?Android?) and where market forces can take operate (NASDAQ,  …). This is my big hypothesis… would greatly appreciate input here.

2015 must be the year of merchant friendly value propositions. Logically, the majority of commerce happens in a retailer.. and hence the “solutions” must as well. The inability to partner will give way to platforms that enable partnership… optimally platforms that would allow millions of “lightly structured” interactions to test 1000s of value propositions until something sticks (this is Commerce Signals). Take beacons for example.. we know that Apple can maintain security and confidentiality.. but the retailer must install beacons that work for everyone and have a business case (consumer insight). Consumers want to know how insights will be used. How do you manage the agreement between Manufacturer, Beacon Provider, Apple, Retailer and Consumer?

iPhone 6 – Tipping Point for Platforms

As I outlined in iPhone 6 – Apple’s Strategic Opportunity, I believe the iPhone 6 represents the dawning of a new age of mobile “platform”. What was a music manager with a phone has turned into the most secure, easy to use device ever created. The factors of competition have changed, it is no longer about camera resolution, storage, and screen size. The visible (obvious) attributes of competition have become a commodity; as are the “problems” that your phone solves (telephone, music, calendar, pictures).  Where previous phones helped you manage items in your “small world”, the iPhone 6 has become both the secure key to the cloud with the ability to broker interaction in the physical world (NFC, BLE, identity, tokens). The “convergence device”. See my blogs Brokering Identity and Authentication in Value Nets.

Unfortunately, Apple is so focused on the consumer it has no ability to partner. While there is no company better in creating devices that thrill a consumer, there is perhaps no company worse at building partnerships and business models where value is shared. Given Apple’s cash hoard, my top recommendation.. create a new division focused on network.. helping connect consumers to the physical environment they live in (thermostats, health, retail, cars, advertising, …). This is NOT a handset function.

Abrupt end here.. this blog has been in partial completion mode for 6 weeks. I had to get it out. Will articulate my views on the other “Top 5” predictions this month.

iPhone 6 – Payment Update – Sept 2014

Super short post that summarized my 20 odd tweets this week. Frequent readers should skip to last section “New G2”

Feel 100% comfortable with my March Predictions iPhone 6 – Payment Predictions, only thing I missed was release date (September 9th… not October).

Looks like Apple got squeezed into the bank box. As I related in Apple… Payment via BLE/Beacons will still happen (but when is issue) Apple wanted to launch the payment product with BLE (not NFC) but existing payment networks didn’t want to cause merchant chaos in fragmentation of acceptance infrastructure.. so pushed apple back into the NFC mold.  The payment experience is as I outlined in May Apple iBeacon Payment Experience. I don’t see ereciepts as part of launch.

Also confident in my predictions that Visa and MA are running the TSP (see iPhone 6 – Payment Predictions)


  1. Consumer walks up to cash register, a payment terminal beacon provides information to Apple payment application that it is close proximity to payment terminal ID xxxxx (TID),
  2. Merchant scans goods for purchase. No mobile processing of loyalty, coupon, discount information
  3. Merchant payment terminal cannot send total amount due since it does not have Apple handset information/UUID. So how will Apple do it? My guess is Apple will provide UUID to the Payment Terminal via BLE at application wake up to perform a “lite” checkin with payment terminal. Good news is that there would be no data connectivity requirements, but it requires a new payment terminal… For everyone else.. there is no total amount due (99% at launch).
  4. Legacy NFC. At application wake up,  phone asks “pay merchant with Apple wallet”?
  5. Consumer validates transaction with fingerprint biometric
  6. Consumer taps phone (NFC) and Card token presented Payment Terminal via NFC Merchant processor routes token to payment network which translates and routes to bank for authorization
  7. Payment is authorized (as happens today).


  • Launch customers in payment likely to include Macy’s and Nordstrom
  • Apple will also likely launch with Starwood Hotels for hotel room door key provisioning (as I tweeted last week)
  • Apple was able to get 15-25bps from top 5 issuers (JPM, C, COF, BAC, Amex). These are the only issuers that will work at launch. As part of this fee, Apple will release token assurance information (see Token Assurance – Updated)
  • Apple will also launch an eCommerce/mCommerce buy button in EasyPay. This will NOT receive any card present or preferential rate. This is less a function of in App purchases and more a function of 3rd party ecommerce sites having a EasyPay button for fast IOS checkout. Will in App purchases have this as well? Good question, seems logical
  • The following cards are provisioned into Apple’s secure enclave at time of manufacture/OS loading: Visa Debit, Visa Credit, MA Debit, MA Credit, Amex, China Union Pay.  (NO DISCOVER)


  • What will apple do for all the iTunes cards not from one of the top 5 issuers. That will be a rude experience. How will they enroll 3000+ issuers into this scheme and get each one to cough up 25bps
  • What is pricing on debit. Technically everyone will support debit, but no one is incented to make it work.
  • Don’t know how Paypal will run in this model.. so this is a mystery, particularly with launch of EasyPay.. will Paypal be a whitelabel here? I am confident that Paypal will be part of launch.. what I don’t know is how..
  • How will Apple ensure they get 25bps from the banks, they have no insight into the transaction.. the card is presented and that is the last Apple sees of it. This has been a problem for other wallets as well. It is one reason why google created the proxy card.. to see all the transactions.

Updates Sept 8

  • Enrollment, looks like Banks will be supporting a BarclayCard/Google Wallet like enrollment process from within online banking.. This is very, very smart.
  • Bank of America, Citi and Wells are all rumored to be supporting Debit card inclusion in Apple wallet day one..



Banks/Non-Banks and Commerce Networks

Banks/Non-Banks and Commerce Networks (Why I love V/MA)

27 July 2014

This blog has been in 50% mode for 2 weeks! Obviously summer is not my productive time (I must be German). There will be a noticeable change in my blogs these next few months as I work on a newco launch. Blog will therefore focus more on concept, much less G2.  This will be a transition piece…

What is the benefit of becoming a bank? Would Paypal buy a bank? That is the rumor… I have no idea on this one.. 0% confidence.. my guess is no way. There are some great payment+bank companies (Amex, Wirecard and Alliance Data), and some great payment non-bank companies (Visa, MA, Stripe, Paypal, …etc). What are the business drivers of becoming a bank? What are the Pros/Cons?


For those without time to read below, a bank license brings on enormous compliance cost and restricts: what business you can do, how you manage consumers and their data, and what risks you can take. The upside for being a bank? You get to take risk with other people’s money. Simply put, any company contemplating a bank license must have a business plan MORE dependent on managing risk than on orchestrating commerce value.  Today there are many bank licensed “specialists” which support non-banks (TBBK, Meta, Alliance Data)… so why would you want to become one? Paypal is on the fence here, as historically they won in eCommerce because of their ability to manage risk (CNP Fraud). Do they want to grow in risk management? or in everything else?

When looking for the right regulatory structure of any company, we must assess their current network plans in the context of commerce AND banking. Not just how your network delivers value today… but rather how you deliver value in the future? Banks tend to make most of their money within their own node, whereas others in commerce are highly dependent upon other partners (manufacturers, distributors, agencies, sales, …). Electronic payment growth and network services are set to grow geometrically, yet payments are very very sticky and hard to change. This is the start up investor conundrum:  How do you make intelligent investments in payments/new networks? There are 3 basic options

1) Help others expand their networks

2) Build new networks

3) Build communities with minimal need to network outside of your environment (Facebook, Amazon, Alibaba, BANKS?…)

92% of all electronic transactions are done in the top 10 markets. (Cap Gemini’s World Payments Report is a must read). 90% of the worlds population is not connected to financial services. There is a n-squared dynamic when this takes place.

Many entrepreneurs, journalists and technologists miss THE CORE facet of Visa and Mastercard: a business platform where thousands companies invest billions of dollars. There is no way to compete technically with this business model, rather the ONLY way to “compete” is on value and services. Where Amex has the ability to deliver much broader and richer services (as they own both merchant and consumer accounts), they have a downside: no one else investing in their network (scale/adoption).

My firm belief is that both V and MA have the opportunity to grow Revenue 4-10x in the next 5-10 years. Their principal challenge is to “tilt” their models away from Banks and toward the 2 parties that matter most in commerce: Merchants and Consumers. Payments work well, but so did the Sony Walkman. The bets that Google, Apple, Amazon, Facebook and others are making is on value orchestration (in a new network). Does this involve payment? Not really.. at least not as a primary focus.. Payment is there.. but orchestration is about commerce; payment is just one of many important processes (See blog Payment in the OS).  Don’t look at payments as something in isolation, payments are the “connections” made in commerce; they are made for a purpose. These payment connections are rapidly changing from many environmental forces:

  • Internet flow of information,
  • Google enabled discovery
  • MNOs have enabled constant connectivity
  • Social has enabled reputation across activities
  • Online retail has enabled price transparency, comparison and product reputation
  • Changing of Bank roles, products and services
  • New Consumer behaviors

Payments = Network

Payments are the connections of the GDP. If we were to map payment flows, we would unlock a map of the global GDP at the micro level, from employment to shopping, behavior and preferences, to demand and supply. Perhaps this is why our government loves payment information. Oh.. the stories here.. (for another time). Free information flow on the internet is enabled through openness and a single primary protocol, whereas payments operates within 100s of proprietary networks with a complex series of clusters and “switches” (there is effort in connecting, authenticating and managing risk). Just as it would be nearly impossible to change the protocol for the internet, it would be difficult to bring abopayments pyramidut fundamental change in payments (see Rewiring commerce).  Connecting business is much different than connecting information (the core of my NewCo.. but I digress).

From a network strategy perspective, the business opportunity of changing “payments” pales in comparison to the opportunity to influence connections in commerce, banking and manufacturing. Payments support business and consumer needs; they do not alter their path. This insight is the downfall of bank payment strategies around “control”, and their inability to “tilt” toward merchant friendly value propositions.

A top 5 retailer provided my favorite commerce quote “I think of Commerce as a highway, the payment networks are like a toll bridge. I don’t mind paying them $0.25 to cross the bridge, but they want to see what is in my truck and takeUS Marketing Spend 2-3% of what is inside. Hence I’m looking for another bridge… “ (See Rewiring Commerce).  Google, Amazon, Facebook, Alibaba, Rakutan, V, MA, Amex, eBay all understand this. Rather than charging toll for crossing their bridge, these networks are beginning to execute against plans to grow the size of the goods in the merchant’s truck.

Intelligent use of data increases the effectiveness of the merchants, and in a way that also benefits consumers. Tilting more toward merchants and consumers.. means tilting away from banks. This is VERY hard for a bank to do. It is a change worth making however, as assisting merchants could meant 4x-10x of their current value creation (payments is roughly a $200B US business, marketing is $750B).


My favorite book on networks is Weak Links by Peter Csermely (viewable on Google Books here). If I had one book for you to read this is it. This book is tremendously arcane, detailed, technical, deep.. but I guarantee you that you will have a new view of commerce, banking, advertising, biology, social networks, payments, and society after reading it. In connecting to networks, each of us have limited resources. Therefore optimize our connections through finite set of “hubs” (unless there is some larger orchestrator).

Think about the battle in connecting networks, as each of us have limited resources we can connect only to a finite set of “hubs” (unless there is some larger orchestrator). Examples are Wikipedia and Google… these serve as the directories of information. It is almost IMPOSSIBLE to displace an efficient hub. This is why I love Visa, MA and Amex. If they can shake the issuer legacy.. and add a few merchant friendly services, they could drive 4x of their current value. Specifically, payments is roughly a $200B business, whereas marketing is $750B (in US).

Against this network strategy and services backdrop, there is an enormous transformation taking place in Commerce and Banking. In other words existing networks are evolving their services, as the “hubs” that they connect to (banks, retailers, manufacturers, aggregators, ..etc) undergo change within their “core”. See Remaking Retail, Future of Retail Banking: Prepaid?.

The regulatory/compliance “headache” for payment “innovators” revolve around connecting networks and engaging in non-commerce transactions. I’m not just talking about just small guys.. but BIG ones too (think Google, Apple, Amazon, Walmart, MCX, …etc).  Existing networks have an existing value proposition, and many don’t like to have their services leveraged by competitors (see Banking and Commerce: What is the Difference?, Don’t Wrap Me).

Banking Services

This leads us to Banking Services… expanding beyond commerce. This is area is very nebulous because of the complexity of regulatory authorities covering “banking” and money services. Here are just a few of the US regulators


What are Banking Services? Anything the regulators say are banking services. I’m not joking.. this is why I put the Paypal 2002 prospectus at the top. Banks are highly regulated, and the compliance costs are extraordinary. Regulators are attacking all things payments and banking with renewed vigor. Along with compliance constraints, there are constraints on how you can use data. As an example, my online banking team in Germany had to purge the server logs of IP addresses every 30 minutes (regardless of use for fraud).   (see Banking and Commerce: What is the Difference).

So what is the upside of being a bank? It’s certainly not the regulation or the mandatory compliance courses forced on every employee. The “benefit” of being a bank is the ability to take risk with other people’s money. Unfortunately, the BIG downside to being a bank, is that data can no longer flow outside of your organization. I cannot understate this limitation.

Banks have much clearer and hence stricter obligations as regards the sharing and protection of sensitive information, commonly known as ‘bank secrecy’. This matches the generally more extensive regulation of a bank, as opposed to the regulation of an ELMI or MSB.

Acquiring a new consumer financial account is hard, even if you get the consumer to create an account with you, you must get them to fund it, or take credit risk on them. These are the problems that banks have dealt with for 100s of years.
take rate

Banks have much clearer and hence stricter obligations as regards the sharing and protection of sensitive information, commonly known as ‘bank secrecy’. This matches the generally more extensive regulation of a bank, as opposed to the regulation of an ELMI or PI. Based on the same reasoning why non-banks require less strict regulation for their business and prudential risk involved, it follows that also their activities and also access and handling of certain information and data is restricted accordingly.

Would Paypal Buy a Bank?

Again, I have no idea here, but it doesn’t seem to make much sense. Considering a bank license is like watching flies in your kitchen window: the ones on the outside want in, and the ones on the inside want out.

For long time readers, I put together a blog about 4 years ago covering this topic Payment Startup: MSB or Bank? and US Payment Regulations.  As I outlined, there are very few payment regulations covering purchase of tangible commercial goods (this is true globally). We can see the evolution from PayPal’s 2002 prospectus.

We believe the licensing requirements of the Office of the Comptroller of the Currency, the Federal Reserve Board or other federal or state agencies that regulate or monitor banks or other types of providers of electronic commerce services do not apply to us. One or more states may conclude that, under its or their statutes, we are engaged in an unauthorized banking business. In that event, we might be subject to monetary penalties and adverse publicity and might be required to cease doing business with residents of those states. A number of states have enacted legislation regulating check sellers, money transmitters or service providers to banks, and we have applied for, or are in the process of applying for, licenses under this legislation in particular jurisdictions. To date, we have obtained licenses in two states.

How does Paypal operate today?


  • Licensed money services business in 47 states (all states which require one)
  • Bill Me Later, and paypal working capital are structured so that loans are originated by WebBank (Utah ILC). See this 2013 note on structure/issues
  • PayPal had been a market leader in “deposit” rates, through the Paypal Money Market fund (see Link). This fund was shut down in 2011 due to treasury rates/market conditions (see link).
  • A Discover partnership has yielded little fruit at the POS. Paypal had been claiming that there was an “exclusive” nature to the network agreement, whereas DFS was clear they could work around it by providing other services. (My blog on topic)
  • Paypal has been telling investors it plans to move to the POS, both with mobile, and an experimental paypal plastic card (running on Discover). Nothing is moving here, my guess is that JambaJuice is their #1 in volume and would be surprised if that had more than $50-$100M TPV ($1.5M-$5M in Revenue).
  • MasterCard pre-paid card for PayPal “balance” spend. I love this product, it is how I get cash out of my paypal account at the ATM.
  • Wells Fargo Clears Paypal ACH volume in US.
  • Paypal as strong acquiring relationship with Chase.
  • ADS partnership (see WSJ). In 2013 Paypal and ADS created a partnership with 3 primary components: ADS credit risk management (BML), Paypal merchant acceptance, Data/analytics/marketing at POS.



  • In Australia, PayPal serves its customers through PayPal Australia Pty. Ltd., which is licensed by the Australian Securities Investment Commission as a financial product
  • Per eBay’s 10k “In markets other than the U.S., the EU, Australia, Canada, Brazil, and Russia, PayPal serves its customers through PayPal Pte. Ltd., a wholly-owned subsidiary of PayPal that is based in Singapore. PayPal Pte. Ltd. is supervised in Singapore as a holder of a stored value facility.”

I see little upside for Paypal expanding it’s EU bank model to the US, as its current network assets and future opportunity revolve more around supporting commerce than managing risk.  Paypal’s current structure and partnerships (with ADS, Discover, MA, GE, …) provide the flexibility to deliver banking/lending services. For Paypal, Bank ownership would only hinder their broader efforts to deliver value to consumer (through data). Alternatively, a bank structure does work for other companies like Wirecard. The Wirecard bank model is a tremendous fit within a network where mobile operators serve distribution channels for financial services.

With respect to the Paypal/Bank rumors, my guess is that there is an “opportunistic” assessment going on .. and that this rumor is just one of the paths they have looked at. I also have a strong feeling that Discover is looking for a “partner/acquirer” that can make use of its network while it is still somewhat relevant.  Particularly since its M&A discussions with a top 5 bank 2 years ago did not happen.



Secure Element, NFC, HCE, EMV, Tokens and Cards

7 May 2014

This blog is for my non-techie, non payment friends.. helping to make sense of all these acronyms.. experts may want to pass on this one.

The GSMA/NFC community is quite stirred up at the moment. This is quite understandable…  after all they spent 8 years perfecting their vision of NFC only to have it thrown under the bus by Apple and Google. I’m not knowledgeable enough to go into the depths of the protocol, or EMVco 4.3 Book 3. I’m giving the quasi technical business explanation of what is going on. There is room for disagreement here, as there is substantial interpretation, as well as understanding of what is REALLY happening vs the specifications.  Remember this is not my day job… so your comments/corrections are welcome. By far the most useful reference/summary page I have found online is located here

It’s easiest for me to explain all of this in the context of an example. Credit cards are the easiest example as they are in the market today, with a few different implementations of contactless and touch the areas above.EMV


EMVco has a contactless specification which I challenge any non-techie to read. For this short blog, the key point I wanted to make is that the Credit card number (PAN) is given to the POS unencrypted, in the clear. That’s right… don’t believe me? See:

Your next question is probably “Where is the security?” the answer is that that along with the card information, the device sends a cryptogram that is uniquely signed. In other words there is a digital payload that rides along with this credit card primary account number (PAN). This digital payload uniquely identifies the device that EMULATED THE CARD. Think about is as someone validating your SIGNATURE on the document with your social security number on it… Your number is there.. but they make sure it is you by validating the signature.

So why is the SIMAlliance extolling the virtues of a Trusted Execution Environment (TEE) and SIM/UICC? After all we seem to live without this capability quite well in the PC world. Mobile operators want the ability to SIGN and AUTHORIZE more than access to mobile towers. That SIM card in your GSM phone signs and authorizes access to the mobile network, much as MNOs envisioned doing for payments. That is how the GSMA’s version of NFC evolved.. “hey we do this for network access.. lets do it for payments”.  To be clear there is nothing technically wrong with the GSMA NFC approach.. it is beautiful… but there are substantial business model issues (see Payments part of the OS).

Apple and Google are both moving aggressively to act as Commerce Orchestrators as handsets become commodities and data moves to cloud, enabling the mobile phone to be the key services platform at the confluence of the virtual and physical world is critical. It is not about payment. Authentication is core to this orchestration role.. authentication is not something that can be given away to MNOs or to Banks.


It makes most sense to jump to TOKENS now.  You can imagine that Banks don’t exactly like having their card numbers sent in the clear. In fairness they were involved in the specification, but the EMVCo contactless model is essentially a card number plus authentication. There is more than one way to achieve this, and improve on it by hiding  the PAN… this is what tokens are (a few examples described in Money 2020: Tokens and Networks, Apple’s Plans and Google/TXVIA).token

Tokens are not new (see Tokens… 10 Approaches). However Tokens are now an official EMVCo specification as of March 2014, with the major issue of Token Assurance outstanding. In this token model, the issuer chooses at Token Service Provider (or does it themselves) and creates a number to replace the PAN. This takes your PAN out of the open… and makes it useless. To be used the Token must be presented by the right party, with the right assurance information. All of this aligns VERY WELL to how banks and networks work today, which is why it is so popular (see blog on HCE).  In the GSMA NFC model, the a cryptogram goes along with a PAN in the clear with the PAN stored in the phone in a secure element.  In the token/HCE model a Token representing the card is stored in a less secure space, and presented with device and network information for translation by the TSP to the actual PAN. There are substantial Business Implications of Payment Tokens (blog) which I won’t go through again here, but clearly it cuts the mobile operator out of the “signing” role and they become dumb pipes.

My Gemalto friends will howl at how unsecure this is, or how it won’t work if the device has no network access. They are wrong. It is working today, and is secure enough. There is no connectivity requirement, that software token in the phone can change every 10 seconds, 10 minutes or 10 days. The TSP and Issuer can decide whether or not to accept an “old” token based upon the transaction. In other words the intelligence sits IN THE NETWORK.. NOT IN THE PHONE. This is why V/MA/AMEX love it so much. It cements their position (See Perfect Authentication… A Nightmare for Banks?)

Host Card Emulation

emvco token

This is an Android construct (see Software Secure Element – HCE Breaks the MNO NFC Lock) that allows any application to access the NFC Radio. Without Tokens, HCE would be useless for payments, as payment information can’t be securely maintained without an SE.  Think of HCE as dependent on tokens, now a card emulation application can be certified to run outside the secure element.  I don’t like to put Apple in the HCE boat, as they have a proprietary secure architecture using tokens. This is a uniquely apple construct where the networks seem to have certified Apple’s card emulation application(s) as well. It is important to note that they use none of the GSMA’s architecture (to my knowledge) and have embedded the TEE in the apple processor (see Apple Insiders note on Secure Enclave and Authentication in Value Nets).

Secure Element

Is it needed? Certainly it is needed for at least 2 functions: Mobile network access (SIM/UICC) and Biometrics. Fingers and Eyes are very hard to reissue.. so the actual information must be highly protected. Apple is handling biometrics in the A7 Secure Enclave (oddly enough has the same “SE” acronym) and Google is a tad bit behind but handling in ARM’s trustzone. Trust zone is largely a hardware construct, and much is made of Gemalto’s marketing announcement here. My view is that there are many more than on software solution for ARM.. and ARM is much more tied to Google and OEMs than Gemalto.

The “big news” here is that both Google and Apple are EMBEDDING SEs in their hardware architecture. Embedded SEs are a threat to Mobile Operators and their preferred Single Wire Protocol architecture. As you can imagine, an embedded SE has all the capabilities of the SE within that micro-SIM card.. and sets up the prospect for a Virtualized SIM (no more of those GSM cards popping into your phone). If the SIM can be virtualized you can switch your network provider anytime you want.. or have them bid for your phone call ( see Carriers as dumb pipes? , Who do you Trust?, Also see Apples patents on Virtualized SIM). To be clear, I believe MNOs can take a leadership position in Emerging markets and payments, but for POS Payments in OECD 20 markets it makes most sense for them to focus on the $5B KYC/Authentication/Fraud opportunity (NOT payments).

OK… now you can shoot me… Open to feedback.



Apple… Payment via BLE/Beacons will still happen (but when is issue)

2 May 2014

Many great blog comments. Let me go through some generic questions/answers.

Apple wants BLE/Beacons/Tokens… but will not release wallet with this capability for following reasons (my best guess):

  • Issuers must approve Token/Beacon model: creation/provisioning of token (TSP), use of tokens (not eCommerce), and assurance information.  This was the reason behind my Assurance Blog this week.
  • Apple is keeping the Banks in the dark to protect information on the launch (probably a good idea).
  • Similarly merchants are being kept in the dark, no coordinated acceptance infrastructure. Thus iBeacons will likely be a phase 2 (or limited phase 1).
  • Politics/negotiations/existing agreements. My guess is that Apple does want revenue from this new product, but will be disappointed. There is no economic model for a wallet provider in a card present transaction. This has been one of the reasons why NFC/Provisioning has failed, and the credit card only model.
  • Payment is NOT the focus of Apple’s new services and Hardware..  (see blog Apple Greatest Asset – Ability to Change Consumer Behavior)

What makes most obvious sense for Apple in Payments?

In a perfect world Apple would convert all 600M cards to tokens and leverage this both for iBeacon/POS presentment AND for eCommerce. I believe this was their initial plan.. and still their plan. My view is that all eCommerce merchants and wallet providers would be glad to let the networks exchange COF for tokens.. a few of the big ones are my clients. Lets just say the network’s message “you have to work with EACH issuer on card present pricing, value proposition and data”.  Yep it is that bad.

As you can imagine Issuers want revenue, credit card usage is incremental revenue.. Everything else in the iBeacon/token model above is a LOSS, thus Issuers are not exactly running to support. Thus token business issues abound for: debit, eCommerce, wallets, data, control, acceptance, …etc.

For example, Banks hate the idea of losing card not present (CNP) rates for eCommerce and having the networks locked into the TSP role. So Apple must keep a token in the phone, and also keep the 600M cards on file until the payment networks can get the cojones to define standards around assurance, tokens in eCommerce, and force issuer acceptance of risk and card present rates. Issuers have a strong case for caution, as Networks did this before (eCommerce/CNP liability shift) and failed miserably (see my blog vbv/msc Failure, and Bruce Schnieier’s similar post).

Data, data, data. My belief is that Apple is taking on the role of consumer champion (see blog Apple’s Platform Strategy: Consumer Champion). Apple may not realize that the this new architecture meaningfully impacts both bank and merchant data services.  Merchants and processors will no longer have insight into the consumer card number, which in many cases is used for analytics and loyalty.


  • Durbin/Hybrid Card. Per rule you can NOT wrap a debit card with a credit card. The card type must also be know to the merchant. If the Apple wallet has only one card per network, and consumer can store a debit card.. then that card must be a debit card.  Perhaps Apple doesn’t know this, or the implications. Someone is pulling a fast one.. the networks certainly know this rule, and undoubtedly will feign ignorance when consumers try to register their debit cards… only to find out later that they can’t be used.
  • Acceptance. If Apple launches with credit card only they will have failed to deliver any merchant benefit, or act as consumer champion. Similarly merchants (ex MCX consortium)  will have little case for adding contactless acceptance if they don’t know the card/cost or everything is a credit.
  • Process for taking the 600M cards on file and auto registering them with the networks. This could be going on now, with the networks building an issuer interface for approval.
  • Tokens. Apple really wants to make this happen, but only Amex and Paypal are in a position to support. My recommendation to Apple would be to get moving with tokens and Amex… as a lever to make V/MA networks get moving.
  • Pilot Merchants. Beyond the Apple store, I would pick Macy’s, Nordstrom, American Eagle, Gap, and a few others out as the most innovative in payments.. and the most likely pilot customers for a iBeacon shopping and checkout experience. Keep your eyes peeled.
  • Will Apple move forward with an iBeacon breakout without network/issuer support? This would make sense in the US, where contactless adoption is terrible. Apple certainly has the expertise (and cash) to go strong on iBeacons, go around the networks and treat as CNP transaction (owning the fraud/risk) and manage the fraud internally. The could do this in select retailers (in US), and focus EMV Contactless capability outside the US.

I believe Apple didn’t put NFC in the 5s because they thought that they could launch Beacons without the Network’s support.  When launched all iPhones will be able to take advantage (only BLE H/W dependency).

iPhone 6 – Payment Predictions

30 April 2014

I’m on a roll, so thought I would put this out there as a positive prediction (vs describing how Apple is Throwing GSMA’s NFC under the Bus). My views are as much informed from the “negative” as the positive. For example, my starting hypothesis is Apple will enable a POS payment capability in iPhone 6. It was the reason for the timing of the Oct 2013 “token” announcement from the big 3 payment networks. As most of us asked “where on earth did this come from”…. It came from Apple (or the network response to Apple’s initial plan).

My problem in figuring out what is going on (if anything) is that Banks have no idea what Apple is planning. Current guess below revolves around assumption that the 3 payment networks do understand the plan. Thus the question becomes “what can Apple do in payments that starts with the payment networks, but does not involve the banks”? Constraints? It must involve: tokens, Apple’s security architecture, 600M cards on file, existing card presentment infrastructure, existing rules, recent lessons learned, and be able to expand to iBeacons.

My predictions

  • Apple will have a certified EMV contactless capability from V, MA and Amex in the iPhone 6.
  • Apple’s contactless is a proprietary architecture, based upon both tokens, and 3 card emulation applications (4 perhaps with Paypal)
  • Each Network will act as a Token Service Provider (TSP), with one token in each card emulation application. The TSP specs give this away, per the Spec, the TSP must be approved by issuer and have ability to translate token to Card. Apple may want to be the TSP… but Banks will say no. This solves a BIG problem with card provisioning, with V/MA/Amex already having the “proxy” card/token provisioned in the iPhone, and each bank working with respective network to turn on their card.  This is the Google model, with the networks running the TSP as opposed to Google/TXVIA.
  • Apple will not work in iBeacon model at launch, but rather EMV Contactless. You notice I’m not saying NFC.. from a merchants perspective this will look like NFC, and use the NFC protocol, but certainly not from a GSMA NFC perspective. There are no other vendors in this solution beyond Apple and their hardware suppliers (?Broadcom?)
  • Cards will be “provisioned” into the wallet through complex process involving Issuing banks, TSPs, and Apple. Apple’s inventory of Cards on file will be registered with the TSPs, and Banks issuers will approve based upon Token Assurance information , MNO information, card usage information … (yesterday’s blog).
  • Fingerprint will be key process which unlocks card/wallet and enables EMV Contactless interaction. Customer experience? EMV Contactless, consumer unlocks phone with fingerprint and authorizes purchase on Payment Terminal. iBeacon? Same thing only works on all iPhones via BLE (no proximity/NFC)
  • How will Apple make money on this? They won’t… nada. Altough there COULD be a way forward given that the product presented to merchant is in control of Networks AND the Issuers are in control of their cards.. a potential… but given lack of issuer participation, I have no idea of how they would pull this off. I do believe that there are groups in Apple that want to make money on a card present transaction, but join the club.. there is no economic model in any network agreement for a wallet provider.
  • I want to emphasize again.. this is just the easy payment part. I strongly believe that looking at payments in isolation is the wrong way to view this (see Blog).

I like this.. IF consumers can choose which payment products to store in phone (debit card). I think the Bank Issuers will flip out when they hear that V/MA have locked themselves into the TSP role.. talk about a reversal from TCH. Issuers could make the case that the networks own the fraud loss since it is a network proxy card wrapping the issuers card…. can’t wait for that one to happen.

I’m 90% confident in the above… lets see if I can keep my perfect track record on Apple, Google, Tokens and NFC.