Call to Action – Submit Response to Fed

1 Dec 2013

As most of you know, the Federal Reserve published a paper entitled Payment System Improvement and opened it for comments http://fedpaymentsimprovement.org/. Responses are due 13 days from Today. My response can be viewed here.

After witnessing the mess that Regulators and Central Banks can create (FFIEC 2 Factor Auth, UK Faster Payments, SEPA, …), you should take time to submit something for your organizations.  We all need a flexible regulatory environment which provides a fertile field for Innovation and technology evolution (of payments and banking).  How should the US payment system evolve? What is Broken? What is working? Who should lead (Government or Industry)? This is the context behind the survey which covers: tokens, real time payments, fraud systems, mobile payments, and approach.

Summary View

  • The Payment System works today for 95% of needs. Let’s NOT force everything to be real time. Just as we have Rail and Ship transport today… some consumers still demand next day air delivery (a business need that consumers will pay extra for).
  • The problem with the payment system is NOT speed, it is control. The American Banker article How Big Banks Killed a Plan to Speed Up Money Transfers speaks to the uneven playing field faced by small banks, MSBs and other service providers.  Why are big banks blocking this real time effort? Because the top 4 are formulating plans to restrict use of bank owned settlement infrastructure and create new semi-open REAL TIME settlement networks (ie ClearxChange) which will only work for the largest institutions (see New ACH Payment System for background on this initiative). The second paragraph of the Fed’s paper

    Industry adoption of new payment services and technology in this country has been driven mostly by market forces rather than government direction

    is incorrect. Industry adoption of CORE payment services is driven COMPLETELY by the top 5 banks. Top 5 Banks created and hold veto power over: Visa, MA, TCH, NACHA, … and most industry infrastructure.

  • There are only 2 regulatory changes I would request: #1 mandate transparency in rule making for both government controlled (FedWire) and private Payment Entities. No more anonymous voting on common infrastructure, the NACHA and TCH voting procedures are a mess.  The WSJ article above demonstrates the obfuscation.. and the subsequent success of this blog. #2 Allow non banks to assume risk and decrease compliance requirements (for banks) surrounding this service. (more on that later)
  • Over 40% of US consumers are no longer well suited for traditional banks and are migrating to new products (pre-paid/GPR cards) that are offered by new intermediaries. Payments are not only critical to the top of the pyramid but to the bottom. Non banks and the unbanked must be able to participate in the payment system. Again the issue is NOT real time payments, but ACCESS (control).
  • The core technical challenges in Payments are #1 Consumer Authentication, and #2 Risk Management. Non banks are best positioned to Authenticate a Consumer, and may also be best suited to manage risk (as Paypal does in Card Not Present). Banks bear the weight of KYC/AML requirements today and therefore look to control the entire process. If we want consumer centered investment, Non Banks must be able to participate, and bear risk. If the central bank commits to technology of yesterday  we will not be able to leverage new capabilities and consumer experiences will be highly fragmented. (ex a new Apple device which would enable real time, irrefutable transaction signing).
  • The core business challenges in payments today are around value. Banks do not want to invest in networks that benefit merchants (ie Debit, DDA) and Merchants don’t want to invest in networks that benefit banks (ie Credit, Contactless). Payments are just the last (easiest) phase of a long Commerce process. No one should force banks to invest in merchant friendly mechanisms, but banks should not be in a position to BLOCK success here.
  • There will be NO INVESTMENT, if there is NO RISK. Payment profitability is driven by risk management (including fraud, authentication, credit risk, …).  We must allow entities that can bear risk to participate and invest.
  • Network efficiencies MUST IMPROVE (see Thomas Phillippon below). The GOAL of payments should be to provide LEAST COST ROUTING to support consumer preferences of where and how they want to pay and authenicate (ex Apple, Google, …). Expanding an existing utility (ie Fed Wire) may provide a faster path to new capability, and develop a higher quality of service, as competition develops among private networks (analogy is Darpanet ).

MCI Interconnect in Financial Services?

The metaphor for change in the payment system may be the 80s MCI interconnect battle (see Wikipedia), combined with a new regulatory regime which would allow non-bank participation in an OPEN settlement network (Connection + Settlement). See my blog How to Deregulate Payments like Telecom. To understand the current state of industry quantitatively,  NYU’s Thomas Philippon published jaw dropping research detailing how Payments and Banking are one of the few network businesses in the HISTORY OF MAN to grow less efficient (rail, telecom, energy, …). Obviously Regulatory Capture is an issue as regulators protect Bank margins and discourage rate competition. The fundemantal flaw to the Fed survey is an underlying assumption that change will be made to existing utilities and existing players. I’d rather take the MCI approach where the government provides for open interconnect and allows other parties to assume risk. This is why Telecom, Airlines, Stock Exchanges, and the Internet work today. There will be no change, or new investment, unless Regulatory Capture and Big bank control over common utilities is broken.

In another example, from my blog Tokens – Merchant Options obviously there is a need to tokenize a direct draft ACH/DDA to hide the consumer’s account number. This is what the TCH upick system (bespoke TCH token system) was developed around. However banks have NO incentive to deliver innovation around DDA tokens as it would decrease risk and increase consumer adoption in a model where they can not charge ANY interchange. Thus innovation is directed toward revenue (a logical imperative), and conversely merchant avoidance is based upon cost/value (hence no adoption of card POS tokens).

The EU’s ELMI model is perhaps the best developed regulatory standard. Perhaps the US pursues something similar which would serve as a federally chartered MSB. Or provide for existing MSBs to operate (and assume risk) on a settlement network (like Fed wire).  This is my core recommendation, rather than taking a 5 year approach, the Fed should create an open settlement service, in which private utilities (ACH, Visa, …) must compete with. Australia (EFTPOS) and Canada (Interac) have both successfully consolidated debit infrastructure as a result of regulatory mandates (and these remain bank owned networks). Today Fedwire competes with TCH in settling payments, but garners much less than 1% of settment (see FedWire Volumes).

The Fed should consider consumer requirements and preferences, after all it is the consumer’s money. Similar to the MCI telecom case, regulators should consider the minimum consumer servicing requirements. If a consumer wants to pay through an intermediary (like PayPal, Amazon, Google, MCX, … ), or have money stored with an intermediary, or want to remain anonymous to the merchant in a transaction, they should be able to do so. As the Visa model evolves, Consumers should be able to INITIATE the payment request with the Bank (as opposed to the Visa/MA model of merchant requesting payment based upon consumer credentials).

Today, ODFIs are responsible for all risk (in ACH and Card Present). The Regulatory burden they face is substantial (Fed, OCC, CPFB, …etc.).  There are very big plans by the banks to gain tighter control over the payment network (see Tokens and Consumer Authentication).  Fundamentally, if we want change, we must improve transparency and allow risk to be assumed by non banks (and consumers).  Consumers should have the choice to take the slow railroad (with guaranteed delivery) or an instant transfer that cannot be reversed.

The FED should be very mindful that their direction does not just impact Innovation at the top end of the consumer pyramid: over 40% of US consumers are unprofitable to US Banks (see Prepaid – Future of Banking?). The Amex/WMT Bluebird product is proving to be an attractive alternative “banking lite” product with ability to direct deposit. The story of MPESA in Kenya may be useful here, as a non-bank was granted an exception which enabled the service to grow from 0 to 10% of the GDP in 3 yrs. Regulators and the Central bank do NOT look favorably on this development, as 10% of the GDP flows out of M1 into a single non-interest bearing settlement account which cannot be leveraged by banks to offset loans (ie liquidity ratio). But consumers love the service…

Key Topics which I believe need to be addressed:

#1 Bank Ownership and Control of the Payment Rails

  • Cost Transparency/Reporting
  • Speed Transparency/Reporting
  • Transparency of Rule Making and Voting in Infrastructure
  • Non Bank Ability to Connect
  • Non Bank Ability to Take Risk
  • Non Bank Participation in Settlement (ex Federally chartered MSB, or non-bank access to FedWire)
  • Consumer Authentication Standards, and Ability for non-banks to assume role (see KYC)
  • Common Reporting/Alert Interface in Transaction Origination and Settlement

#2 Issuance and Value Storage (from How to Deregulate Payments like Telecom)

We need to look no further than BitCoin to see the need for new regulations surrounding issuance. Transfer of funds between entities is covered above, and my view is that non-bank participants should be licensed and agree to abide by current money transfer  regs (ie. Fincen/AML, ..). Issuance of “credentials” and storage of funds is another matter. Long term storage of funds is a banking function, and should be regulated, settlement funds face state escheatment issues (but largely unregulated unless interest is paid), while storage of “Value” is completely unregulated (ie Coupons – a form of legal tender, Pre paid offers, bitcoins)?

From above, if we allow non-banks to participate in real time funds transfer, third parties (ie Sofort) would act as agents (on behalf of consumer, merchant or bank) to direct the funds and assume risk on behalf of consumer. If a good/service is purchased immediately (commerce) then there is no regulation, however if the value is “held” for future use it is generally regulated (hence MSB, eGold, bitcoin issues). Thus the rules under which third party senders operate (as agents), are different from the entities at the end of the transactions (banks, merchants, consumers). See ACH Origination Risk.

As in the MPESA example above, there is an obvious CONSUMER need for issuance to more closely resemble cash in its ease of exchange, verification, anonymity and storage.

Our current need is for simplified laws surrounding account under a given value amount (say $2000). Providers of service should be lightly regulated through self reporting, “transparency”, and the need to keep settlement funds with the Fed. In this proposed model, a bitcoin exchange must ensure that no single individual has processed more than the threshold in a given time period. Hence the need for KYC of exchange participants (when converting to cash).

Summary – new HUB vs evolving existing networks

The current ACH system will never go away (related blog). There were $33.91 TRILLION moved over the network in 2011, compared to total debit and credit volume of around $4.5 Trillion. What path should regulators take?

#1 Improve ACH (primarily speed and fraud management). The highest priority will be around third party senders (TPS), the lowest priority will be regular customer directed debits and payments to billers.

Third party senders (TPS) are a subclass of Third Party Service Providers (TPSP) which originate ACH transactions based on a direct consumer relationship.  Alternatively TPSP are also known as “processors” whose customers are banks (primarily) and have no direct consumer relationship. Banks are not happy with the “free riders” on their network (see  blog). Most bankers view companies like PayPal and Xoom as riding on their rails for free. One of their biggest issues is that they do not have visibility into the actual beneficiary as the settlement account hides where the payment is going to. This impacts their ability to perform risk management and authorization. Take these issues together with the increased regulatory focus on AML and we have a fertile environment for change (HSBC’s See Deferred Prosecution Agreement, and business overview of HSBC’s issues from Reuters). Note that AML concerns are much more relevant to International ACH Transactions (IAT). This blog is not focused on IAT.Token

Banks must therefore architect a solution to evolve ACH while the ship is moving. This is a much better approach than that taken by the UK of mandating faster payments… (one bank was losing 30M GBP a WEEK from fraud when launched). The consensus approach seems to be one surrounding tokens and directory (my blog from last year Directory Battle Phase 1).

#2 Build a new competing network (around Fedwire) which would allow for non-banks to assume risk

 

Sorry for abrupt end.. I’m sounding repetitive.. .so I’m stopping

Another Bank Consortium? Paydiant

Banks have not put all of their eggs in the TCH basket. There is another Bank Consortium around payments which I have not discussed: Paydiant has been working with 27 odd banks around a “Push Payments” pilot for last 2 yrs.

PUSH Payments – 27 Bank ‘Consortium’

Summary

  • Banks have another “consortium” on payments I have not discussed: Paydiant Push Payments
  • Trials have been underway for over 2 years
  • Competes with TCH tokens
  • Led by BAC, FIS, and other top banks
  • Objective: minimize changes to POS, through a new payment terminal which displays QR code.
  • Flow: Customer takes picture of Payment Terminal QR Code (which contains MID and TID), Code sent from Consumer Phone to FIS service, translated in to card (currently), Processed in normal Auth flow, then Auth PUSHED to POS terminal.
  • Elavon in primary processor for TCH tokens, FIS is focused on Paydiantpaydient

Background

On a flight to SFO today and I’m looking at 50 odd emails from last week questioning my blog on Host Card Emulation (HCE). It has certainly caused a stir with the NFC community. As most know, companies like SimplyTap have been able to make this work on the Blackberry platform for some time…. I don’t mention vendors by mistake… but can’t tell you much more here other than it would be worth your time to work with them if you want to evaluate HCE.

How does HCE play in a world of Tokens, QR codes, merchant run networks, NFC, and Push payments? Well quite frankly nothing is happening now, and until a critical mass of Banks, retailers and platforms start to deliver value (beyond payment) nothing will.  I’ve stated many times that existing networks are ill equipped to drive fundamental change. For example banks look at mobile as a chance to cement use of credit card and maintain control over payments (and consumers).

Those that have read my numerous Token articles know that Banks have been working to disintermediate Visa/Mastercard. The theme is “if there is a number stored on the mobile phone, we want that number to be one we own and control.. not a V/MA number.. but ours”. This number is the Token I referred to in Tokens – Volunteer Needed, Directory Battle, and Tokens and Networks,  …etc. Last month Visa, MA and Amex launched their own competing token scheme to ensure Issuers did not end run them. This has put significant dampers on the TCH project, together with the loss of its early bank champions (Paul Gallant now CEO of Verifone).  The TCH project is likely to morph into ACH and perhaps debit tokens, as well as coordinator of standards, with the Card Network consortium winning the battle over Card tokenization. The only significant piece of new information on this is that the TCH bank champions were emphatic that Regulators would FORCE TOKENs in pending rules. Lets see if that happens.

PUSH PAYMENTS

Banks have not put all of their eggs in the TCH basket. There is another Bank Consortium around payments which I have not discussed: PAYDIANT (http://www.paydiant.com/). Paydiant has been working with 27 odd banks around a “Push Payments” pilot (see blog for Push discussion).

Paydiant Flow

  • Merchant has specialized Payment Terminal that can generate a Paydiant QR Code. No POS change necessary
  • Consumer has Paydiant application or Bank white labeled version
  1. Merchant pushes normal card button on ECR
  2. ECR sends Payment amount to FIS Card Reader
  3. FIS Reader Generates Unique QR code based upon Amount, Merchant ID (MID), Terminal ID (TID)
  4. Consumer launches application and takes a picture of the QR Code
  5. Application sends QR code to FIS/Processor for transalation and asks consumer to confirm amount/payment instrument selection
  6. Consumer confirms transaction
  7. FIS sends transaction through normal payment Auth flow.
  8. FIS receives Auth
  9. FIS Sends Auth to pending MID/TID
  10. Merhant Payment Terminal receives Authorization and communicates to ECR
  11. Transaction is completed

I think of this as a reverse Starbucks. Consumer reads a QR code instead of the other way around. In a perfect world this is a great example of push payments. Only supporting issuers can participate, and they can set rules for interchange, fraud or anything else they want to with Merchant. Banks can also completely circumvent Visa and Mastercard as actual card number did not have to be used.

This solution, while very attractive, does have a few problems. In my own personal experience

#1 Connectivity. Over half of participating merchants had to install wi-fi hot spots as consumers did not have data connectivity in stores. This makes for a very bad (and slow) consumer experience.

#2 Glare. I couldn’t take picture of the terminal without holding another hand up to block glare. Of course we could solve this with Bluetooth LE, or some other factor.. but today it is a problem.

#3 Learning curve. Taking a picture of a QR code is not something most of us do..  Cashiers are not in a place to help

#4 Why? This entire solution is cool.. but why? It is MUCH EASIER to just pay with my card. Just as in Card Linked Offers, there are very few advertisers or other offer content to make this attractive.  FIS seeks to offer LevelUp like loyalty services, but currently in its infancy.

Bank Chaos

The reason I’m telling this story is  to show you the chaos going around mobile payments. Just because the technology works doesn’t make this a great idea. However, I do like this particular initiative very much, as it is the BEGINNING of a new network and a NEW APPROACH to payments that could reinforce Bank roles in authentication.  The flow makes sense to me.. we just have a few problems with the phone to Payment Terminal interface.  Imagine if I could couple this with a SQUARE voice experience and Apple’s new fingerprint technology.

Paydiant was quite sure they were going to win the MCX business. The solution’s complete dependence on processors and issuers made this quite unattractive, and hence Gemalo’s win (see blog).

I have a number of friends in the payment s industry, and each bank seems to be involved in multiple intitiatives:

  1. Tokens
  2. CLOs
  3. NFC
  4. Paydiant
  5. Apple/Google Wallets
  6. MCX
  7. EMV/Reissuance
  8. Visa/MA/Amex Scheme
  9. …etc

It is a crazy time. Small companies and mobile investors need to be aware of this Chaos, and understand the diffusion of focus.

US Payment Innovation and Regulation

A core “investment assumption” by TCH banks was that “regulators” were going to force the use of tokens in the US. As a primary means for meeting obligations under BSA/AML. The “value proposition” pitched to pilot participants was thus “regs are coming which will drive PayPal out of business.. everyone will be required to tokenize.. pilot participation means you can have a jump on everyone else.” Obviously this has not been the case..

29 Oct 2013

Short Blog.. will update next week. Sorry for Typos

Is anyone else struggling to see the logic of Bank led token initiatives? These folks are smart people.. we obviously see why they want to do it (control)… but they are smart enough to construct some kind of value proposition. It’s not as if they can MAKE every merchant and wallet service convert.

Well… this is NOT necessarily a good assumption (value proposition). I met with a few folks this week, each touched TCH SecureCloud.  A core “investment assumption” by TCH banks was that “regulators” were going to force the use of tokens in the US. As a primary means for meeting obligations under BSA/AML. The “value proposition” pitched to pilot participants was thus “regs are coming which will drive PayPal out of business.. everyone will be required to tokenize.. pilot participation means you can have a jump on everyone else.”  Obviously this has not been the case..

The Banks wanted to start with tokenizing eCommerce Cards on File (COF), as this enabled them to keep the favorable credit card mix (75%+ credit) in a new mobile world. If would have been much easier if they just pushed all of the consumers approved payment products down to Apple, Amazon, Paypal, Google… but Banks don’t really want consumers to have a choice.. they want friction and fear in debit.  This Credit on Mobile Strategy may not be a STATED goal of TCH tokens.. but it is certainly a corollary which Banks don’t care to address.

Visa/MA/Amex did an end run on Bank token plans with a proposed interoperable standard. It thus seems that the 20 odd Bank TCH token participants will give the utility to the networks, with the hope that there will be a continued credit focus. What will TCH do? Probably be a standards body of some sort, and be the token authority for things like ACH.

The ACH LOCKDOWN strategy had 3 prongs: NACHA Rules, Regulation, and an alternative. See related Post around NACHA Rules. With respect to alternative.. this is the driver of Clearxchange, a real time ACH that circumvents NACHA…

One of the Bank leaders quipped “in 5 years we hope to put Paypal out of business in the US”… implying banks could lock out non-banks in riding ACH rails. This would also have significant implications to MCX… My view is that there are ways to get around all of these grand plans IF they ever materialize (ie Bank partnerships).

All of this seems a little too smart, too complex, too dependent on regulations by a regulator that isn’t really doing much to help Banks these days.

Message to Regulators.

PLEASE DON’T FORCE TOKENS.. but rather allow risk to be owned by non-bank entities (ex MSBs) originating transactions. There are so many new ways to mitigate risk and authenticate a customer. Mandating tokens will kill innovation and keep control locked inside intuitions that innovate at the rate of glaciers.

Reminds me of a joke. Did you hear about the Bank mobile SVP that tried to commit suicide? He threw himself in front of a Glacier.

Authentication is key to unlocking billions of dollars in revenue and bringing enormous efficiency to the market… allowing for the REWIRING of Retail, Advertising, Commerce.

Regulators should not focus on payment tokens, but facilities for managing distributed TRUST and AUTHENTICATION. Allowing other entities to assume risk in payments. This may mean creating new quasi bank licenses (regulated trust authority) or a new federally approved MSB that does not hold any deposits. A first start may be to open up Fed Wire to non bank participants. With ability to take risk on settlement funds.

I actually agree with Banks in their token plans.. IF they are ultimately accountable for EVERYTHING.. they must control EVERYTHING.

 

CEO View – Battle of the Cloud Part 5

There is a payment cluster war going on right now and it is the subject in the C Suite in Banks and the Payment industry. The battle is happening at every level. I’ll be leading a panel at Money 2020 which addresses several of these items, with participation from V/MA… should be interesting. Here are a few updates.

22 July 2013

This post is a continuation/update to my post back in March Network War – Battle of the Cloud Part 4. Sorry for typos.

There is a payment war going on right now and it is the subject of C Suite strategy talks. The battle is happening at every level. I’ll be leading a panel at Money 2020 which addresses several of these items, with participation from V/MA… should be interesting. Here are a few updates.

Network Clusters

Network/Routing/Rules

  • $8B Revenue Impact. I apologize to my EU readers for my constant US focus. Let me break the mold now to emphasize the earth shaking changes going on in the EU (See today’s NYT blog, and today’s WSJ). Going from 250bps + cross border fees to 30 bps will be tremendous, and may set a precedent for the US litigation between Visa/MA and top retailers.
  • EU provides a glimpse at what a world of payment “dumb pipes”  and least cost routing looks like (see Blog Payments Innovation in Europe).  Canada and Australia also follow these lines in debit (see Blog). Also see my favorite case study in Europe  Sofort – ECB analysis, and Push Payments.
  • Networks, and their members are reacting to regulation and positioning themselves (individually) to “push” their respective vision of innovation in order to protect their brand and network (see Visa Money Transfer, and Visa Portfolio Manager). I don’t mean to limit this to just Visa and Mastercard (see picture, and blog).
  • New networks are forming (see Blog on Clusters)
  • Large issuers like JPM have successfully forced Visa to break/segment its Visa net, and run under unique JPM/CMS rules with new capabilities. Visa’s CEO comments to investors: “rules must be consistent with Visa”..  My view is that this is a major crack in Visa’s network ownership (see Golden Goose on the Menu).payments pyramid
  • From a wallet perspective the rules on “wrapping” are killing much innovation (see don’t wrap me). Top issuers are actively working to inhibit wrapping of their payment products (ex Mastercard’s staged digital wallet fee of 35bps on PREVIOUS years volume of over $50M..  which only impacts paypal).  Similarly Amex and Visa are working to ensure their cards are not wrapped.
  • Rules are being issued and ignored, from Visa Money Transfer to EMV (see below). Banks tell Visa “do you want me to write the waiver or will you send it over… as we are not going to do this”.. which is one reason JPM just created its own unique rule set. Similarly US merchants face a liability shift (on to them) if they do not accept EMV cards (chip and pin). All are playing a game of chicken as no one wants to re-issue plastic. Visa has created a new type of EMV, chip and SIGNATURE, which makes absolutely no sense at all, but helps them keep customers away from PIN (which Visa despises, but everyone else loves).
  • Cross boarder fees (see blog). As 20%-30% of network revenue moves to these fees, it is becoming a substantail pain point for global banks like Citi, HSBC, Barclays, .. A big topic I can’t fully cover here

Issuance

  • US Banks are spending 90% of their time in innovation around Credit Cards. Exception is Bank of America and to some extent my old team at Wells. In either case the banks have hit a wall, and recognize that innovation can’t happen in a 4 party network. American Express is 5 years ahead of them and they can’t catch up.. they must change.
  • The NATURE of card completion is changing in both credit and debit. Traditional Payment revenue is being REGULATED AWAY as payments become “dumb pipes”. The goal most have recognized is that the real value to be unlocked is in commerce data, particularly Payment Enabled CRM (see blog). Examples of just how focused this effort is: 22 Banks working in Secure Cloud, ~$1B in Google Wallet Investment,  ~$500M in ISIS investment,  JPM just hired Len Laufler (former CEO of Argus Data) to be the new CEO of Data in Chase.
  • Banks thus need to build a network which can accommodate both payments and “other data” which they own and control (like Amex)… hence “tokenization” (see Blog, and TCH Announcement).
  • Tokenization is currently going nowhere.. but it is “impacting” the industry and many start ups as banks and networks position themselves (see JPM/Visa Blog, Start up implications).
  •  Visa and MA also have their own secret token efforts. Merchants have a much better short term win in this approach with a liability shift and reduction in interchange, but they also know from past experience that if the issuers are not on board, there will be a much broader business impact in declines (see VBV post, and Visa’s Token Strategy).
  • Retailers are attacking from below. Bottom 40% of mass market customers are not profitable for banks (Durbin related items ranging from NSF fee changes, to debit interchange) . These customers are profitable for retailers like Walmart, Tesco, Target, .. (see Blog).
  • Telcos have a chance to own a new payments network, as they have both physical distribution, customer relationship, connectivity and device.. but they are focused on controlling a handset in a walled garden strategy. To succeed they must refocus efforts on COMMERCE, which means partnering with all participants to construct a value proposition (see blog).

Acquiring

  • The first hurdle of any “New” network is to get the merchants and acquirers on board.
    1. This is NOT going well for companies like Paypal … hence the complete failure of their DFS partnership (see blog). Specifically, there is at least one major acquirer which is refusing to route traffic on any of these new Discover/Paypal BINs, as well as at least 2 major retailers. Although Discover is a 3 party network, they only acquire directly for their top 100 merchants. Therefore Paypal must “incent” and negotiate with every single other acquirer AND merchant.
    2. Chase is working to build a new CMS acceptance brand, which will be different from Visa.
    3. Retailers are building their own network (MCX), and have hired Dekkers Davidson, a tremendous executive, to lead it.
  • Roughly 60% of acquiring profits come from bottom 30% of merchants. There are small independent merchants that are paying over 5% in acceptance fees thanks to the poor transparency within the ISO sales process. Companies like Levelup and Square are changing this (2.75% flat, or free if you commit to marketing). I’ve eaten my shoe on Square, as I never fully understood how badly the ISOs were treating small independent retailers. Their solution solves a short term pain point and also improves customer experience.
  • Acquirers are making POSITIVE headway in merchant friendly services (see blog), particularly helping merchants “merge” consumer data to gain new insights for loyalty and incentives. They are challenged to quickly ramp up this services revenue, in order to overcome the new aggregators acting on the side of small independents (ie Square).

POS Acceptance

  • Has anyone seen the graph of Verifone’s stock? Market cap of under $2B. A hardware company that could not adapt to a software world. At the bottom end they are being eaten by free Roam/Square dongles at the top end are facing integrated POS Terminals from IBM/Toshiba and Micros. Dedicated payment terminal are commodities, and thus suffer from commodity like competition. Grand hopes for re-terminalization with EMV and NFC are not happening (see blog). New dongles and mobile acceptance infrastructure is developing even in the complex EMV space (see Tedipay.com )stand
  • POS strategy centers around data as well. Google’s Zave purchase has given them opportunity to help retailers focus advertising and eliminate paper coupons independent of payment network. Other leaders like Fishbowl and Open Table in Restaurants have integrated into the POS. The BIG idea here is to integrate the POS to the cloud and Google is now 5-7 yrs ahead of everyone (2 yrs engineering, 2 yrs IBM Certification, 3 yrs to sell and test w/ retailers, +++ yrs in content/ads/targeting).
  • Square’s new Stand is an integrated payment, POS, inventory management, CRM, marketing and loyalty system.. all on an iPad.
  • Payment Terminal “software”. Verifone’s Verix architecture and equivalent schemes have failed. Idea was to allow 3rd party developers to create “apps” for a non-secure space in the payment terminal. For example, 2 years ago, Google’s first version of wallet leveraged NFC to communicate “coupons” to the payment terminal, which then relayed to the POS.  Problems are obvious..  A grocer like Safeway has 2,000 person development team around their IBM 4690 POS, guess how many engineers support the payment terminal? NONE. They don’t want apps on a PCI compliant payment terminal.. it goes beyond question of who will manage them. Also note that payment terminal interaction with the POS is simple today (payment request and authorization).  There is also significant development work to RECEIVE coupons from a PAYMENT Terminal.

Services

  • This section could fill a book, so I will make this brief. All network participants are working to deliver services. The 4 party networks cannot innovate. For example, take a look at my very first blog, topic was Googlization of FS. Visa built an offers services with Monitise and Clairmail 3-4 yrs ago, but the large issuers refused to use it, preferring to innovate themselves. Another example is V.me, a topic which makes Card CEOs red faced. These points exemplify the dynamic w/ V/MA and the large issuers.. Issuers want to dumb down the pipes and limit services, V/MA want to grow them and relationships with consumers.
  • Current state is myopia.. everyone is working as if they uniquely own the customer. Banks and Card Linked offers are top example. When you go into a bank branch, do you want to buy socks? dog food? Of course not! Banks have great data but they are in no position to run an advertising campaign. I’ve run 2 of the largest online banks in the world (Citi and Wachovia) and can tell you retail customers spend about 90 seconds with me, they log on check their balance make a payment and leave. They don’t stay around to click on coupons. Commerce, and retail, is in the midst of a fundamental restructuring as online and off line worlds converge in new ways (beyond show rooming).
  • Payments are just a small part of the overall commerce value chain, yet they have by far the highest cost. The proposed 30bps EU fee cap may occur in other markets, thus banks are working feverously to build services to replace this revenue (primarily around credit cards), with CLOs largely failing to deliver value (see blog). Yesterday we say Ally Bank discontinue Card offers, following Amex last week.

Tokens: Merchant Options

Most retailers I’ve spoken with take the view “we just won Durbin and are in the midst of steering customers to debit.. why on earth would I want to support a new product type that is more expensive AND gives banks more control? AND further enhances merchant funded rewards? Will this improve my sales”?

26 June 2013

My last blogs on TCH tokens were rather controversial..  several of my bank friends will no longer take my calls.. while others are grateful that I’ve shown the light on a program they are scratching their heads on. I’m a reformed banker..  only partially cured of my myopia. Banks can choose to put me on the hit list or leverage this information to refocus their efforts toward delivering value (based upon feedback I’m getting on the other sides of the conversation). I can’t imagine trying to justify $200M cash burn on this business plan. Bank CEOs.. if you can’t understand the objective in 30 minutes it is not there.

Controversial points:

  • Banks are working to build a network that circumvents V/MA
  • Focus is replacing cards on file w/ token
  • Value proposition ill formed and poorly thought through (perhaps liability shift)
  • V/MA have their own token projects
  • V is contemplating using tokens to replace VBV, this would step on bank initiative (as is Masterpass)

This is the CEO level strategy war going on right now. So thought it would be good to give a summary to the retail/merchant audience.

Banks

FSIs aren’t big fans of Durbin, or of not having control over their payment rails and data. If you talk about V.me or Masterpass to a card head their face will turn red. They are very frustrated that they can’t innovate in a 4 party network and that Amex is 5+ years ahead of them. Thus they are looking to build a new retail network that they can control.. not that there was much research on what the market needs.. it really didn’t matter. They knew what they wanted: Control and an “interchange” that is better than Durbin.

A very, very big bank “secret” is that fewer than 20 percent of any major issuer’s Credit Card portfolio has consumer cards that are transaction “thick” (more than 5 per month). Most credit cards are thus used for MAJOR purchases only. Banks want to increase credit card usage, lock customers into rich merchant funded reward schemes, AND increase the revenue of debit (when used). None of these objectives aligns to merchant needs.

How are the banks going to achieve their change? They have gotten together to create a new system. Of course anytime a group of competitors get together there are potential antitrust issues, hence they chose an existing entity in which to congregate. They also selected real issues like security, integrity, fraud, interbank clearing to focus their plans, and avoid regulatory scrutiny.  These issues are bank issues, as well as the pricing/control issues above. Given these design constraints you can imagine what they developed..  a bank friendly solution that has no market context.

A core requirement for any token pilot is that it is transparent to consumer. The perfect model for token issuance is OTA card provisioning in the NFC world.  From an economic perspective, Banks want to focus tokens at the POS as this is where the transaction volume is.. but NFC has not taken off, and there is no way for them to get POS adoption in light of MCX and general merchant resistance (although they continue to try). Thus token pilots are likely to be eCommerce focused (the have no choice.. ) and this puts them squarely in conflict with a very, very capable field of competitors with established solutions.

Network War

Per my blog Clusters Form, there are some VERY VERY high stakes battles being fought in the C suite.  For example, Visa is clearly positioned to deliver eCommerce tokens (as a replacement for VBV). In this model Visa would simply redefine VBV which already has bank “acceptance”, and would subsequently reduce CNP interchange and shift liability to issuer. If they did this, it would step on the TCH token project completely. Thus the large issers are threatening mutiny (with exception of BAC?). My guess is that Visa explicitly agreed NOT to do this with JPM in context of their new agreement (analysts/institutional investors please ask question).  With issuers threatening Visa mutiny… MA is not likely to be first to market on a similar solution w/ MasterPass.Network Clusters

What options does Visa/MA have to their own token project? Once one of them redefines tokens the other will follow.. if they don’t then COFs will not be theirs any longer.. they will have lost their acceptance brand. My guess is that the banks will give up on trying to do this themselves and will attempt to accomplish within the scope of V or MA’s rules.. But this defeats their primary control objective.

TCH Tokens – Value Proposition

As I stated last week in TCH Tokens: Any Volunteers, there are few merchants  or wallet providers jumping at the chance to participate in this pilot (POS or eCommerce). They want desperately to start a POS pilot, and may be forced to partner with a QR code solution provider with little to no merchant penetration. Why the merchant resistance?

Banks are not looking to solve a merchant problem, but rather their own.  How on earth can a merchant agree to participate in a pilot where rules are not defined, banks have more control, and the cost is higher than debit. The value proposition currently goes like this:

  • Give me your PANs and Cards on File.. and I will give you a token. (see Battle of the Cloud Part 4 and Business Implications of Tokens)
  • I may be able to take liability (not firmed up)
  • Since its really hard for us to do anything new at the POS, we will probably start with mCommerce and eCommerce and we will greatly improve your conversion rate by “auto filling” our customer’s name and address with the token. Since you have that already (given you had the card in the first place), perhaps we won’t really do anything new.. but hey we think we can.
  • You will have to change your processor to CMS or Elevon to process them
  • You will also have to retrain your fraud/customer support to handle all the special rules, and your customers will have no idea that they had a token to begin with
  • We want to price this higher than debit, but will give you a break on any debit cards.. but we won’t tell you which one is which.. because the customer may decide to switch (so we can lock them into rewards)
  • We will be able to give you a great new rewards/service using your data in the future. Not quite there yet.. but understand we will be the gateway between you and your customer forever…. So we want to justify the increased fees we plan to charge you once you have a number that only we understand.
  • We really love “partnerships” where we can control data.. so if you can please also give us any other data you have we may be able to use it as well.
  • Rules/Chargebacks.. hmmm.. haven’t gotten there yet. But we want to.. can’t we wait?

Ok, I’m rather harsh here.. partly for humor, but also to show how far they have to go for anyone to take this. As I mentioned in V.me – Issuers Please Give me your Customers, there is enormous concentration in eCommerce: Cybersource, Amazon, eBay/PP/GSI and Walmart.com account for over 60%+ of eCommerce retail purchases. Would anyone use a wallet that they only used 1-2 times PER YEAR?

Think about how you buy today.. Amazon, Walmart.com, Staples, Apple itunes, Google Marketplace. How many other sites do you buy from?  Where else do you key in your name address, card number? Airlines and hotels lead the list for me. Am I going to put all of my cards in V.me, Masterpass, or something else to help me (consumer)?

Let’s look at competing initiatives, do the banks really believe they can improve sales/conversions against these?

  • #1 eCommerce Amazon – One Click, #2 eCommerce PayPal, #3 eCommerce Google Chrome (and now with Instant Buy on phone as well)
  • #1 mCommerce Experience Apple iTunes, #2 Payfone – Leverages my phone/device to autofill everything, and phone/device/location information to manage fraud
  • V.me – Autofills everything for eCom/mCom… can load any card
  • Apple (Future)? See blog
  • Existing services from CYBS/GSI

Acquisition

Assuming tokens are issued without customer action, Tokens still face a fundamental problem of acceptance. eCommerce acceptance is just as difficult as physical commerce acceptance (given the concentration of both), eCommerce/mCommerce just solves the problem of keeping tokens consumers transparency. Having a 16 digit number resolves most of the technical hurdles, however merchants must know (and agree to) the rules that surround accepting something that is not within their current processor agreement. What is the cost, who bears loss on fraud, return policy, refunds, rebates, compliance, support, …etc.   Taking a new product with new rules is not something done in the dark of night. The idea of a bank POS token pilot based upon QR code is completely laughable.. as this is yet another “token”.. and it now requires the consumer to do “something”. Once I require consumer participation, I now compete (conceptually) with NFC, Starbucks, Level up, Apple passbook and thousands of other apps.

Most retailers I’ve spoken with take the view “we just won Durbin and are in the midst of steering customers to debit.. why on earth would I want to support a new product type that is more expensive AND gives banks more control? AND further enhances merchant funded rewards? Will this improve my sales”?

Message to Merchants:

Tell them what your real problems are.. and see what they do to propose to help.   Tell them you do want to create better customer experiences both online and off line.. but when customers walk in your door they are not “Bank customers” … but yours.  200 years ago merchant banks were focused on helping merchants grow through industry insight and access to capital. How has your bank helped you grow lately?

Message to Banks

Listen, focus, find a real problem to solve for your merchant customers and consumers. Why do most product searches start on Amazon? What community have you enabled? What services do you perform for that 2% of transactions

Message to Acquirers

You have the merchant relationship and are best positioned for new data services.. you just need a consumer facing partner (Apple, Google, Amazon, …). I see great new things in your future.. particularly if you can deliver Least Cost Routing to Merchants. Perhaps the token platform should start with YOU.

Food for thought…

If you were going to redesign payments.. as an engineer… how should it work? Your money is with one institution that can communicate to any company.

Option 1

  1. Bank issues token to consumer
  2. Consumer Presents token to a merchant
  3. Merchant passes token to 3rd party that can route token to payment network
  4. Payment network routes token to bank
  5. Bank authorizes transaction
  6. Payment network sends authorization to merchant service provider
  7. Merchant receives authorization

Option 2 (Sofort, push payments, Debit Consolidation)

  1. Consumer instructs bank to send funds to merchant
  2. Merchant confirms funds are received

Tokens: Any Volunteers?

19 June 2013

I’ll be leading a panel on Tokens at Money 2020 so thought I would spend a little prep time this week.

V, MA, TCH token initiatives all share one very big problem: no volunteers. Visa is the furthest along organizationally.. they tried tokens before (2010 Token best practices), technically there was nothing wrong with Visa’s previous efforts. The primary problem was that network participants (POS, Card Reader, Gateway, Processor, Acquirer, .. ) were ill suited to transmit anything but a 16 digit PAN.  Now that we have 16 digit tokens (likely based upon ISO/IEC 7812 BIN ranges owned by individual banks), the network CAN forward them for resolution..  these tokens are not Visa, MA, or ACH numbers.. they are an identifying “key” to information (other cards).. which only the holder can determine. This is the heart of what I referred to in Directory Battle Part 1.

If you were a merchant and a vendor came to you with this proposition “give me all of your customer information, I will lock it up.. and give you one of my keys for you to access it”… would you do it? There are some possible business cases around fraud/data leakage liability…. but customer information is somewhat important to most businesses. Token value propositions are not much different.. give me all your stored cards and I’ll give you a token.  At least Visa and Mastercard have rules around PAN.. but what are the business rules around tokens? Think of the Amazon world where I select from a list of stored cards… does the customer have to consent to exchange of PAN for token? In instances where I have multiple bank accounts/cards. Will there be a token for each bank? for each card?  (Networks are prohibiting “non compliant” schemes today). How does customer select instrument (debit/credit) if multiple products are behind token.

I believe that if the consumer has given a merchant payment information, it is an asset that they should only part with if there is a significant value exchange (data, rates, …).  The idea that a merchant would willingly part with card data is just plain silly.. and hence the lack of pilot participants.

The only way I see this working is if banks “push” tokens into every wallet/retailer. Automatically enrolling them into Google, Amazon, V.me, Apple, PAYPAL, … In this model consumers are permission banks to assist with “fast checkout”. In the NFC world this is akin to “provisioning” a card.

We are very far away from seeing tokens at the POS “work” in any business sense, as there are no clear business drivers (beyond giving banks greater control of payments). Banks are not solving a consumer problem, nor are they solving a merchant problem. It is a strategy to maintain control (rules, rates, liability, speed, clearing, network, …). There is also friction within competing networks as MasterCard and Visa do not want to be wrapped by a TCH token, nor vise-versa… As stated previously, in the eCommerce world V/MA could see substantial success if they replace VBV/MSC with this token approach, shift liability to banks and give discount CNP rates. Banks would have great trouble replicating this eCommerce approach because they are in a very poor position to influence eCommerce gateway/processors.

From my view the future of any Token must be driven by customer first. This is where the best opportunities exist for MNOs, and the Banks (physical distribution). I call this federated identity management. Enabling a way for your real world ID to be associated with your virtual accounts and IDs (see my blog on Apple – http://tomnoyes.wordpress.com/2013/04/03/apple-and-nfc-part-2/).  Currently Apple, Google, Amazon and Square are leaders here… although there is a$5B opportunity for MNOs if they could put a team together with some focus.

My updated view on TCH token framework – Usage (“Wallet” transaction for JPM Visa Credit Example)

  1. Consumer presents Token (virtually or physically) held by consumer (or 3rd party)
  2. 16 digit “token” treated same as card (although not a V or MA PAN)
  3. Processor routes token to Bank Token Authority (TCH) in an ISO 8583 transaction
  4. TCH can resolve token directly (switch to network), or forward to participating bank for resolution (switch to network)
  5. JPM resolves token to Visa Credit, if on Merchant is CMS customer.. then on-us (No Visa Interchange). If non CMS, route through Visa.
  6. Authorization sent to Acquiring bank/Processor
  7. Authorization sent to both merchant payment terminal and to 3rd party wallet provider (?). Pilot prospects.. negotiate this one HARD
  8. POS settlement

Business Implications of Payment Tokens

US mobile payments will have a new “network”, a system to use tokens which are neither V or MA card numbers. Thus Banks need not route these transactions through either V or MA, but will be able to leverage same acceptance infrastructure. Virtual card numbers will be bank numbers that banks resolve. JPM’s is first to align w/ plastic, leveraging common authorization authentication and other services

21 Feb 2013 (pardon the typos as always)

US mobile payments will have a new “network”, a system to use tokens which are neither V or MA card numbers. Banks’ position is that the need not route these transactions through either V or MA (in order to leverage same acceptance infrastructure), whereas V/MA clearly say that an account can’t be both a network account and a XPAY account (see no wrapping).

The banks desire in 2011 is that Tokens will be bank numbers that banks resolve.  JPM’s is first to align w/ ChaseNet and ChasePay.  Banks are putting in place “controls” around ACH debit and card rules which will “encourage” token adoption.  Watch out payment start ups.. rough seas ahead. As I stated: Banks will WIN in payments.

In the US, merchants own liability for Card Not Present (CNP) fraud which aligns online merchants to the risk of using a payment instrument for a consumer they cannot physically verify (see VBV exception). However well an individual online merchant manages their own payment risk, their remains extraneous indirect risk to banks, as card data loss could result in: counterfeit plastic, identity theft, other first party fraud, …etc. Thus the fallibility of the current card “token” which relates Bank to Consumer relationship. Through this NEW token initiative, Banks are seeking to expand the account identifier by making it unique to: consumer, bank AND merchant.token

Today merchants receive an authorization for use of the card and behind the scenes Banks use very large sophisticated risk models (ex software HNC’s Falcon) to make authorization decisions. As eCommerce merchants are responsible for fraud, they perform their own risk management either directly or through payment specialists (Cybersource, PayPal, Amazon, Digital River, …etc). Banks have few problems approving online transactions.. as they bear none of the loss… and hence a game is played. Banks have little incentive to share their fraud data and merchants have little incentive to share theirs. Remember that within banking, margins are driven by the ability to manage risk and banks therefore incented to differentiate capability (not harmonize it). Which leads to other interesting dynamics (perhaps a topic for a later time).

At the Physical POS, the situation is different. Merchants bear little fraud and with EMV (Chip and PIN) the US will further reduce fraud where plastic is presented (if EMV in the US does happen). As I described in EMV Battle Impacts Mobile Payments, Retailers love EMV and are biased toward PIN and Debit. Retailers are continually looking for a way to reduce payment costs and influence consumers AWAY from Bank reward schemes.Payment-Gateways-growth

Mobile payments remain “green field”  and may be significantly disruptive at the POS. One of my favorite quotes around payments ” if you solve authentication.. everything else is just accounting”  (Ross Anderson @ KC Fed). The mobile device can provide a much richer set of information which to authenticate (vs a piece of plastic). Banks have invested billions in their card risk and authentication infrastructure. Mobile could render most of this investment moot, thus Banks are working to control and influence mobile payments at POS, particularly given NFC’s complete failure. Additionally, new payment providers like LevelUp, Google Wallet, MCX, Passbook, …etc all present large challenges to banks efforts to own the consumer relationship and payment choice at the POS (See MCX Blog).  Banks have some latitude to create incentives around mobile. For example is an MCX QR code backed by a Visa Debit card a CNP Visa transaction? Card Present? Or will MCX try to encourage consumers to back with DDA like the Target RedCard model?  Mobile payments are a key battle ground for many parties.. it is imperative to recognize that mobile payments are not just about payments.. but also about loyalty, relationship, data, influence, banking… etc.

In architecting incentives, banks have diminished ability to force V/MA to change acceptance rules. The same is true for retailers. Thus both are looking to create networks based on direct consumer accounts with account numbers (tokens) they can control. This is a very big statement.. if the banks can create a “token” which represents a credit account or a debit account.. they have “wrapped” Visa and MA (see blog Don’t Wrap Me). If successful, they could subsequently change networks anytime they wanted… or create their own. Why on earth would they want to route any debit transaction through V or MA if the token represented a debit card that represented a DDA? Or similarly doubtful: a token that represents a credit card which represents a credit account? (see  PayPal at the POS). Taking card number out of merchant (and consumer) possession, and replacing it with a token, enables banks enormous flexibility.

Yes my head is spinning too. I am implying that banks could leverage their entire acceptance and authorization infrastructure without routing anything through V or MA. No direct consumer involvement would be necessary in this token scheme since something like an MCX QR code could be mapped to multiple tokens in a single back end process. Banks are looking to make ACH changes as a defensive play to ensure that ACH rails are protected against funding a Retailer/3rd Party wallet directly (as PayPal, Target RedCard, Safeway Fastforward do today). This was my point in yesterday’s blog on ACH Debit.

Business Drivers

As I outlined this week in New ACH System in US, my view of Bank business drivers for Tokenization are:

  1. Stop the dissemination and storage of Card numbers, DDA RTN and Account Numbers
  2. Control the bank clearing network. Particularly third party senders and stopping the next paypal where consumer funds are directed to unknown destinations through aggregators.
  3. Own New Mobile POS Schemes to protect their risk investment
  4. Improve ACH clearing speed (new rules, new capabilities to manage risk). In a token model the differences between an ACH debit and a debit card will blend as banks leverage common infrastructure.
  5. Create new ACH based pricing scheme somewhere between debit ($0.21) and credit cards
  6. Regulatory, Financial Pandemic, AML controls (per  blog on HSBC)
  7. Take Visa and MA out of the debit game (yes this is a major story)
  8. Maintain risk models (see both sides of transaction)
  9. Control Retailer’s efforts to form a new payment network

What banks seem to be missing is that mobile payment is not just about payment (see Directory Battle Part 1). Payments SUPPORT commerce, Banks therefore do not operate from a position of control but rather of enablement. Most retailers recognize that Consumer access to credit has resulted in improved retail spending, however most would also say consumer addition to bank rewards has been detrimental to their margin.

Tokens for Mobile POS?

Why would any merchant or wallet provider choose to exchange consumer payment instrument(s) for token(s)?  Reduction in CNP rates, liability shift are significant. But the mobile device has many additional “identifiers” that far exceed what is available on a piece of plastic (IMEI, location, history, password, interaction for challenge). IMHO the bank business case for tokens must be built on CNP rates and Customer Choice. If Banks directly assist consumers provision their account into a mobile wallet, every wallet provider should support it. In other words the bank has done the work to integrate and “push” the customer’s choice into a given wallet from their online banking site (ex yesterday V.me and SavetoAPI).

But this bank led provisioning does nothing for the millions of accounts that consumers have already provisioned themselves in: PayPal, Apple, Amazon, Google, Target, Safeway… All of these companies have worked to deliver consumer value and obtained a direct consumer relationship, which subsequently resulted in the consumer choosing to store payment information directly. I can’t imagine a scenario (or business case) for them to part with that asset, particularly prior to 100% acceptance of tokens by all merchants (online and offline).

Token Acceptance

The value of a bank issued token is completely dependent on: ACCEPTANCE, cost and Risk Mitigation. At the physical POS Retailers are firmly in control of acceptance, unless the tokens perfectly mimic existing card schemes. Banks will likely work to ensure that any non-tokenized payment (QR Code) will be treated as a CNP transaction with merchants bearing fraud responsibility. If tokens are in the format of a 16 digit account number than there will be very little change necessary to the payment terminal. However, the downside of using 16 digit account numbers is that it would not enable banks to firmly separate from V/MA bin routing (and network fees). It will certainly be interesting to see the plan here.

Retailers, Banks, Networks, Consortiums… are all at odds… all trying to own the consumer relationship and control a directory which they can resolve.Payment Value

In general I see the token initiative as a distraction for banks. They are far too focused on control and throwing sand in the gears of commerce. Commerce will find the path of least resistance in an open market.

Summary

My guess is that many Card CEOs are skeptical of all this network tokenization strategy. Banks card teams have tremendous assets in their consumer relationship, established consumer behavior, brand, network of acceptance, merchant white label relationships. Why not work to partner and extend today’s model in a way that benefits consumer and merchant? Example Payment enabled CRM.

This tokenization project’s ability to positively impact mobile payments and retailers may be like squeezing Jello… American Express can only be laughing to themselves. As US Card issuers are 5 years behind them in innovation  Amex is extending their lead as they endeavor to “pull their weight” by while helping retailers obtain new insights on their customers. This sounds like a much better idea than tokens.. probably one that investors will understand better as well.

My message to Bank CEOs: stop trying to lock in your market position and start trying to justify it through value.  Tokens will provide you more control, but it is significantly detrimental to your acceptance network (V/MA). You have brilliant payment executives.. there is true genius in the token design here, but it is completely myopic. If you had a cross functional team with experience in retail, advertising, data, processing, CRM you would realize that mobile will change the way consumers interact with their environment. Banks will NOT be the intermediary in every interaction. The barriers you are constructing will only further inhibit your ability to partner and take part in processes which add value.  Remember your customer is not yours exclusively, we also are customers of Google and WalMart and Verizon…. Banks have an OPPORTUNITY to orchestrate commerce IF they deliver VALUE.  Payment people design payment solutions to payment problems. Banks must redefine the problem and the opportunity.

The questions banks must answer (for a retailer): when was the last time you brought me a customer and helped me build my brand, and consumer relationship?

Another scenario Card CEOs should consider: if Payments become “dumb pipes” …. where retailers and non bank intermediaries can perform Least Cost Routing (LCR)… how do we compete? How strong is your customer relationship?  Why did the consumer choose you as the bank in the first place?

“New” ACH System in US

The current ACH system will never go away (related blog). There were $33.91 TRILLION moved over the network in 2011, compared to total debit and credit volume of around $4.5 Trillion. However, there are several “improvements” to ACH where all could benefit, primarily speed and fraud management.

19 Feb 2013

(sorry for typos in advance)

Thought I would add a little meat to my 2013 prediction on a new token based payment scheme in the US. 60% of the thoughts below are contrived… as participants and pilot results are not in.. and things are still evolving.

Prior to describing a “new” ACH system, it may be useful to understand what banks are looking to achieve.

  • Stop the dissemination  and storage of DDA RTN and Account Numbers
  • Control the bank clearing network. Particularly third party senders and stopping the next paypal
  • Improve clearing speed (new rules, new capabilities to manage risk)
  • New pricing scheme somewhere between debit ($0.21) and credit cards
  • AML controls (per yesterday’s blog on HSBC)
  • Taking Visa and MA out of the debit game (yes this is a major story)
  • Maintain risk models (see both sides of transaction)
  • Control Retailer’s efforts to form a new payment networkTPS Definition

Overview

The current ACH system will never go away (related blog). There were $33.91 TRILLION moved over the network in 2011, compared to total debit and credit volume of around $4.5 Trillion.  However, there are several “improvements” to ACH where all could benefit, primarily speed and fraud management. Thus I believe there will be a carrot and stick approach to creating the right incentives for ACH users to move. The highest priority will be around third party senders (TPS), the lowest priority will be regular customer directed debits and payments to billers.

Third party senders (TPS) are a subclass of Third Party Service Providers (TPSP) which originate ACH transactions based on a direct consumer relationship.  Alternatively TPSP are also known as “processors” whose customers are banks (primarily) and have no direct consumer relationship. Banks are not happy with the “free riders” on their network (see yesterday’s blog). Most bankers view companies like PayPal and Xoom as riding on their rails for free. One of their biggest issues is that they do not have visibility into the actual beneficiary as the settlement account hides where the payment is going to. This impacts their ability to perform risk management and authorization. Take these issues together with the increased regulatory focus on AML and we have a fertile environment for change (HSBC’s See Deferred Prosecution Agreement, and business overview of HSBC’s issues from Reuters). Note that AML concerns are much more relevant to International ACH Transactions (IAT). This blog is not focused on IAT.Token

Banks must therefore architect a solution to evolve ACH while the ship is moving. This is a much better approach than that taken by the UK of mandating faster payments… (one bank was losing 30M GBP a WEEK from fraud when launched). The consensus approach seems to be one surrounding tokens and directory (my blog from last year Directory Battle Phase 1).

Scheme (updated 2/20)

  • Token will replace DDA RTN/AN. Starting with ACH Debit, Third Party Senders will be required to use token for access to top 5 banks. Consumers will not know their “token” as it is unique to the requester.
  • Third party sender (TPS/TPPA) must request token for originating consumer account from consumers bank (more on business incentives below). This establishes a “directory” role for the consumer’s bank and positions them to “approve” ACH Debits, where today the responsibility is only on the ODFI.
  • The bank owning the consumer account will be the owner of the token. Individual banks may choose to issue tokens, tokens will be synchronized with a central director, banks not wishing to issue their own tokens may depend on the central directory for issuance.
  • Once a token is issued, a third party sender will use the token to debit consumer account just as the account number is today. However tokens may be unique to each TPS/TPPA
  • Individual banks may clear payments by using their own local directory, or leveraging the central ACH service. There are no forced routing rules (learning from VisaNet).  Banks also agree to collaborate on fraud and risk (keep information fresh).
  • A token will be unique and represent a combination of both sender and beneficiary information. Focus is initially on ACH Debit. Unclear if multiple tokens will be required in MSB scenario. Banks want visibility beyond settlement account. Multiple ways to achieve.
  • Members of scheme agree not to store consumer DDA/account information after token is received (think PCI for ACH).
  • Token issuance (by the originating bank) will take into account, KYC, fraud and other factors
  • Tokens may be revoked and tokens may correlate to risk/fraud information
  • TPS may be required to include beneficiary information for ACH Debit (my guess here). This may take the form of a unique token for every originator-beneficiary combination.
  • Authorization and intra bank settlement begins to look exactly like debit card/ATM. Only piece missing are agreements which would support usage outside of V/MATPS Noyes

———- Update 20 Feb—————————————-

It seems the Directory service has credit and debit cards in scope… I haven’t fully processed this one. Why would Visa and MA want banks wrapping the card number? Talk about a scheme to cut them out of the loop. Once proxy numbers are issued they could just dump other networks immediately..  Merchant acceptance becomes the big question mark if this is the case. My guess is that banks will focus on mobile, and eCommerce.. defeating V.me, I’m sure CYBS, AMZN and eBay will all jump at the chance to help banks with their tokens

Token provider rumored to be start up Venmo

—————————————————————-

Carrots/Sticks

In the ACH world, the big banks rule.. and make the rules. My guess is that the top 5 banks will inform (and subsequently enforce) a rule on all TPS ACH debits requiring use of Tokens to access consumer accounts. Given that the big 5 have over 50% of the accounts… if they act in concert it will certainly impact the network. The focus of their action is on Third Party Senders, with mobile payments and remittance services as primary examples.

  • NACHA may issue new rules which will change existing ACH. My guess is that we will have a new transaction type (associated with TPS, and token). Note that new NACHA rules become law uniform commercial code.
  • NACHA has already begun tightening requirements on TPS/ODFI relationships (Section II, Chapter II (ODFIs), subsection B-3)
  • Banks which serve as correspondent aggregators of ACH (for MSBs/TPS) may be pressured to make immediate changes (beneficiary data, tokens). These payment aggregation banks (which frequently serve as ODFI) will likely not be part of the system design
  • To “enforce” the rule changes, the large banks will set a date where they will not accept transactions that do not conform
  • There will likely be “options” for fraud checking, and accelerated clearing cycle (Carrot?)
  • Processing Token transactions will have a different baseline fee

Implications

  • If your clearing bank is not one of the top 5, they may not even know this is going on
  • PayPal, MCX, Google Wallet, Target RedCard are all likely dependent on some form of ACH. They will likely have incremental costs associated with ACH origination as a third party sender. My guess is that it will be at least $0.21.
  • The big 5 banks will be best positioned to help any start up navigate this changing environment.
  •  It may be better for start ups to focus on obtaining consumer debit card information vs. DDA
  • Small banks that specialize as ODFIs will be squeezed
  • The cost of ACH is going up..

Building Networks and “Openness”

8 Dec 2011

I’ve been reading some off beat stuff lately. One book “Weak Links: Stabilizers of Complex Systems from Proteins to Social Networks” was very thought provoking. As Mark Stefik (PARC Fellow) said ‘Something magical happens when you bring together a group of people from different disciplines with a common purpose.’ The combination of people, experience and approaches often leads to unexpected consequences.

As an engineer I like to solve problems.. I usually learn more from mistakes than I do from successes… but it is the learning that is fun. As an investor and entrepreneur I don’t like making mistakes… my preference in the start up environment is to have the learning cycle counted in minutes and days (vs customers and capital). I was speaking with a US Central Banker last month and the concept of “openness” was discussed. A hypothesis was laid out by the Fed “Mobile payments are not taking off because of a lack of common standards”.  The Fed team is very good, the best way to encourage a good dialog is to lay out something radical; as for this hypothesis I disagreed completely. As stated in my numerous blogs: history has clearly showed that closed systems must form before open ones.  I also told the Fed that the problem in US mobile payment IS NOT lack of standards but lack of a value proposition to consumers and retailers. In other words existing payment instruments solve all of my problems.. mobile payment simply does not add additional value (in isolation) compared with existing products (See Mobile Advertising Battle). In order to stimulate a change in behavior (merchant and consumer) there must be a strong value proposition. Two years ago I discussed the implications for broad payment standards in SEPA: Chicken or the Egg and in March of this year I outlined how SEPA has depressed payment innovation in the EU.

Given all of the chaos in NFC at the moment, I woke up this morning asking myself what is the “right amount” of openness and standards? How do successful networks form and mature? What are successful “open” networks? What is the first “open” standard you think of ? TCP/IP? Linux? Java? RosettaNet? EDI? Open Network? Internet? GSM? US Interstate system? SEPA? The Weak Links book opened my eyes to many new concepts, one was on how affinity influences network creation, and another on how few open networks exist in Nature. Networks form around a function and open networks are not necessarily the most efficient.

Scale-free distribution (completely open networks) is not always the optimal solution to the requirement of cost efficiency. .. in small world networks, building and maintaining links between network elements requires energy…. [in a world with limited resources] a transition will occur toward a star network [pg 75] where one of a very few mega hubs will dominate the whole system. The star network resembles dictatorships in social networks.

The network forms around a function and other entities are attracted to this network (affinity) because of the function of both the central orchestrator and the other participants. Of course we all know this as the definition of Network Effects. Obviously every network must deliver value to at least 2 participants. Networks resist change because of this value exchange within the current network structure, in proportion to their size and activity. Within the EU, SEPA undertook a rewrite of network rules and hoped that existing networks would go away or that a new (stronger) SEPA network would form around its core focus areas (SCT, SDD, SCF, ..). It was a “hope” because the ECB has no enforcement arm. In other words there was a political challenge associated with ECB’s (and EPC specifically) ability to force an EU level change on domestically regulated banking industry.. given that SEPA rules destroyed much value in existing bank networks, the political task was no small effort. We have seen similar attempts (and results) when governments attempt to institute major change in networks (Internet NetNeutrality v. Priority Routing, US Debit Card Interchange, …)

Mobile Payments Standard?

If we take a look at today’s payment networks what are the biggest problems to be solved? I have a perspective, but its certainly biased. How about payment routing and speed? These seem to be common merchant and consumer concerns. Keeping with an internet analogy, can you imagine if there were no DNS servers to route IP traffic? Every router would have to keep the directory for the entire internet not only of the final destination, but also the most effective route to forward traffic. What if the internet were not indexed? No ability to find information (thanks Google for fixing this).  In the payments environment, the central assets of Visa and MA is 1) A Directory and 2) the rule that EVERY participant must route traffic through them (with a new PIN debit exception in US).

Outside of card transaction’s banks maintain their own directory for routing retail and commercial payments; this is called “least cost routing”.  A key bank service I would propose (note: I’m not the originator of this idea) is a universal directory service mapping e-mail, phone and account numbers.  In Australia, the banks have this today run by my friends at Cardlink and completed under project Mambo. In the US, The Clearing House (TCH) has had the UPick service completed for a number of years.. without much interest.

My thought here, is that rather than facilitate a EU mistake in mandating a change in all rules.. decrease the switching costs between networks so that market forces can take hold. I’m not proposing to take the directory public.. but at least give regulated entities equal access. In Australia the driver was to decrease bank switching costs, also note that Australia has no Signature debit.. just as in Canada.  A common directory could also follow rule that non-regulated institutions could not hold account data (or card number).. Just as I don’t have to know my Bank’s IP address.. I could use another identifier (email, mobile, …) for online transactions. The danger for banks is that this would certainly open up the world of least cost routing to non-banks. Payments would become “dumb pipes”.. which is perhaps what it should be.

Mobile payments is certainly not critical government infrastructure. So what is Government’s proper role? Consumer data protection, transparency, regulatory requirements, equal participation/access..  ? I don’t know the answer. I like the idea of the Government creating a model service for R&D purposes.. perhaps based on Fedwire and letting non-banks have access to it… I also like the idea of a common directory.

ISIS

For 2.5 years I’ve been writing about ISIS.. I’ve always have been a huge advocate.. until lately. What has changed? My position, and that of retailers, is that today’s payment networks are heavily tilted in favor of the banks. The opportunity I originally saw for ISIS was constructing a new merchant friendly network that was an “extension” of the current mobile network which the carriers run (The original business case for ISIS is outlined in ISIS: Moving Payments from Rail to Air).

Keeping with my theme of openness and standards how is ISIS creating a platform for other to invest in? What value is an ISIS mobile payment to a retailer? Yesterday’s blog talked about the complex supply chain necessary to deliver on NFC. Don’t get me wrong, there is nothing wrong about NFC technology.. it is a very well defined specification. But it is complex.. if it was a NEW WAY of doing payments (or better yet commerce) perhaps it should have started a little less ambitiously. The team seems as if it prudently sought to reduce risk, but it also gave up on a central element to its value proposition. My analogy for today is that ISIS project is like Vanderbilt’s skipping steam and going straight for high speed mag lev in 1880…. While the entire country was growing at a 10x pace and he had no right of way..

Big projects are tough in normal times.. but mobile is changing at an unbelievably fast pace. Small focused projects are certainly lower risk when innovating at the cutting edge. Everything is changing.. how could anyone architect an open system in such a fast changing environment? It would seem that technical standards like TCP/IP or GSM were successful because of their ubiquity and distributed control. They could be used by all to create different networks with different value propositions.. which incented millions of companies and consumers to invest.  I just don’t see how MNOs can create a business platform based on NFC. Their best shot may be to work with someone like Sequent Software to create an architecture for 1000s of applications to access secure element data.. instead of the one single CSAM wallet coming out in Pilot Dec 2012.

Your thoughts are appreciated

Previous Blogs (Nokia NFC Ecosystem, ISIS Ecosystem or Desert, Banks will win in Payments.. but WHICH ones?)