I haven’t written much on acceptance over my 9 yr blogging career for one simple reason.. I was never “in” that side of the business. Given how much is going on in here I can’t leave it out any longer. Acceptance at the POS is a big topic, I see the following areas: Continue reading “Acceptance – Part 1”
2 Dec 2015
Happy ‘After’ Thanksgiving everyone, I’m coming out of my tryptophan coma and thought I would go for a mental stretch. This is a pretty big topic, and I won’t do it justice. Thanks in advance for your comments and perspective. [Note I’m not naming the titles of my reference blogs and used only URLs.] Continue reading “Changing Economics of Payments”
30 April 2014
I’m on a roll, so thought I would put this out there as a positive prediction (vs describing how Apple is Throwing GSMA’s NFC under the Bus). My views are as much informed from the “negative” as the positive. For example, my starting hypothesis is Apple will enable a POS payment capability in iPhone 6. It was the reason for the timing of the Oct 2013 “token” announcement from the big 3 payment networks. As most of us asked “where on earth did this come from”…. It came from Apple (or the network response to Apple’s initial plan).
My problem in figuring out what is going on (if anything) is that Banks have no idea what Apple is planning. Current guess below revolves around assumption that the 3 payment networks do understand the plan. Thus the question becomes “what can Apple do in payments that starts with the payment networks, but does not involve the banks”? Constraints? It must involve: tokens, Apple’s security architecture, 600M cards on file, existing card presentment infrastructure, existing rules, recent lessons learned, and be able to expand to iBeacons.
- Apple will have a certified EMV contactless capability from V, MA and Amex in the iPhone 6.
- Apple’s contactless is a proprietary architecture, based upon both tokens, and 3 card emulation applications (4 perhaps with Paypal)
- Each Network will act as a Token Service Provider (TSP), with one token in each card emulation application. The TSP specs give this away, per the Spec, the TSP must be approved by issuer and have ability to translate token to Card. Apple may want to be the TSP… but Banks will say no. This solves a BIG problem with card provisioning, with V/MA/Amex already having the “proxy” card/token provisioned in the iPhone, and each bank working with respective network to turn on their card. This is the Google model, with the networks running the TSP as opposed to Google/TXVIA.
- Apple will not work in iBeacon model at launch, but rather EMV Contactless. You notice I’m not saying NFC.. from a merchants perspective this will look like NFC, and use the NFC protocol, but certainly not from a GSMA NFC perspective. There are no other vendors in this solution beyond Apple and their hardware suppliers (?Broadcom?)
- Cards will be “provisioned” into the wallet through complex process involving Issuing banks, TSPs, and Apple. Apple’s inventory of Cards on file will be registered with the TSPs, and Banks issuers will approve based upon Token Assurance information , MNO information, card usage information … (yesterday’s blog).
- Fingerprint will be key process which unlocks card/wallet and enables EMV Contactless interaction. Customer experience? EMV Contactless, consumer unlocks phone with fingerprint and authorizes purchase on Payment Terminal. iBeacon? Same thing only works on all iPhones via BLE (no proximity/NFC)
- How will Apple make money on this? They won’t… nada. Altough there COULD be a way forward given that the product presented to merchant is in control of Networks AND the Issuers are in control of their cards.. a potential… but given lack of issuer participation, I have no idea of how they would pull this off. I do believe that there are groups in Apple that want to make money on a card present transaction, but join the club.. there is no economic model in any network agreement for a wallet provider.
- I want to emphasize again.. this is just the easy payment part. I strongly believe that looking at payments in isolation is the wrong way to view this (see Blog).
I like this.. IF consumers can choose which payment products to store in phone (debit card). I think the Bank Issuers will flip out when they hear that V/MA have locked themselves into the TSP role.. talk about a reversal from TCH. Issuers could make the case that the networks own the fraud loss since it is a network proxy card wrapping the issuers card…. can’t wait for that one to happen.
I’m 90% confident in the above… lets see if I can keep my perfect track record on Apple, Google, Tokens and NFC.
Banks have not put all of their eggs in the TCH basket. There is another Bank Consortium around payments which I have not discussed: Paydiant has been working with 27 odd banks around a “Push Payments” pilot for last 2 yrs.
PUSH Payments – 27 Bank ‘Consortium’
- Banks have another “consortium” on payments I have not discussed: Paydiant Push Payments
- Trials have been underway for over 2 years
- Competes with TCH tokens
- Led by BAC, FIS, and other top banks
- Objective: minimize changes to POS, through a new payment terminal which displays QR code.
- Flow: Customer takes picture of Payment Terminal QR Code (which contains MID and TID), Code sent from Consumer Phone to FIS service, translated in to card (currently), Processed in normal Auth flow, then Auth PUSHED to POS terminal.
- Elavon in primary processor for TCH tokens, FIS is focused on Paydiant
On a flight to SFO today and I’m looking at 50 odd emails from last week questioning my blog on Host Card Emulation (HCE). It has certainly caused a stir with the NFC community. As most know, companies like SimplyTap have been able to make this work on the Blackberry platform for some time…. I don’t mention vendors by mistake… but can’t tell you much more here other than it would be worth your time to work with them if you want to evaluate HCE.
How does HCE play in a world of Tokens, QR codes, merchant run networks, NFC, and Push payments? Well quite frankly nothing is happening now, and until a critical mass of Banks, retailers and platforms start to deliver value (beyond payment) nothing will. I’ve stated many times that existing networks are ill equipped to drive fundamental change. For example banks look at mobile as a chance to cement use of credit card and maintain control over payments (and consumers).
Those that have read my numerous Token articles know that Banks have been working to disintermediate Visa/Mastercard. The theme is “if there is a number stored on the mobile phone, we want that number to be one we own and control.. not a V/MA number.. but ours”. This number is the Token I referred to in Tokens – Volunteer Needed, Directory Battle, and Tokens and Networks, …etc. Last month Visa, MA and Amex launched their own competing token scheme to ensure Issuers did not end run them. This has put significant dampers on the TCH project, together with the loss of its early bank champions (Paul Gallant now CEO of Verifone). The TCH project is likely to morph into ACH and perhaps debit tokens, as well as coordinator of standards, with the Card Network consortium winning the battle over Card tokenization. The only significant piece of new information on this is that the TCH bank champions were emphatic that Regulators would FORCE TOKENs in pending rules. Lets see if that happens.
Banks have not put all of their eggs in the TCH basket. There is another Bank Consortium around payments which I have not discussed: PAYDIANT (http://www.paydiant.com/). Paydiant has been working with 27 odd banks around a “Push Payments” pilot (see blog for Push discussion).
- Merchant has specialized Payment Terminal that can generate a Paydiant QR Code. No POS change necessary
- Consumer has Paydiant application or Bank white labeled version
- Merchant pushes normal card button on ECR
- ECR sends Payment amount to FIS Card Reader
- FIS Reader Generates Unique QR code based upon Amount, Merchant ID (MID), Terminal ID (TID)
- Consumer launches application and takes a picture of the QR Code
- Application sends QR code to FIS/Processor for transalation and asks consumer to confirm amount/payment instrument selection
- Consumer confirms transaction
- FIS sends transaction through normal payment Auth flow.
- FIS receives Auth
- FIS Sends Auth to pending MID/TID
- Merhant Payment Terminal receives Authorization and communicates to ECR
- Transaction is completed
I think of this as a reverse Starbucks. Consumer reads a QR code instead of the other way around. In a perfect world this is a great example of push payments. Only supporting issuers can participate, and they can set rules for interchange, fraud or anything else they want to with Merchant. Banks can also completely circumvent Visa and Mastercard as actual card number did not have to be used.
This solution, while very attractive, does have a few problems. In my own personal experience
#1 Connectivity. Over half of participating merchants had to install wi-fi hot spots as consumers did not have data connectivity in stores. This makes for a very bad (and slow) consumer experience.
#2 Glare. I couldn’t take picture of the terminal without holding another hand up to block glare. Of course we could solve this with Bluetooth LE, or some other factor.. but today it is a problem.
#3 Learning curve. Taking a picture of a QR code is not something most of us do.. Cashiers are not in a place to help
#4 Why? This entire solution is cool.. but why? It is MUCH EASIER to just pay with my card. Just as in Card Linked Offers, there are very few advertisers or other offer content to make this attractive. FIS seeks to offer LevelUp like loyalty services, but currently in its infancy.
The reason I’m telling this story is to show you the chaos going around mobile payments. Just because the technology works doesn’t make this a great idea. However, I do like this particular initiative very much, as it is the BEGINNING of a new network and a NEW APPROACH to payments that could reinforce Bank roles in authentication. The flow makes sense to me.. we just have a few problems with the phone to Payment Terminal interface. Imagine if I could couple this with a SQUARE voice experience and Apple’s new fingerprint technology.
Paydiant was quite sure they were going to win the MCX business. The solution’s complete dependence on processors and issuers made this quite unattractive, and hence Gemalo’s win (see blog).
I have a number of friends in the payment s industry, and each bank seems to be involved in multiple intitiatives:
- Apple/Google Wallets
- Visa/MA/Amex Scheme
It is a crazy time. Small companies and mobile investors need to be aware of this Chaos, and understand the diffusion of focus.
Most retailers I’ve spoken with take the view “we just won Durbin and are in the midst of steering customers to debit.. why on earth would I want to support a new product type that is more expensive AND gives banks more control? AND further enhances merchant funded rewards? Will this improve my sales”?
26 June 2013
My last blogs on TCH tokens were rather controversial.. several of my bank friends will no longer take my calls.. while others are grateful that I’ve shown the light on a program they are scratching their heads on. I’m a reformed banker.. only partially cured of my myopia. Banks can choose to put me on the hit list or leverage this information to refocus their efforts toward delivering value (based upon feedback I’m getting on the other sides of the conversation). I can’t imagine trying to justify $200M cash burn on this business plan. Bank CEOs.. if you can’t understand the objective in 30 minutes it is not there.
- Banks are working to build a network that circumvents V/MA
- Focus is replacing cards on file w/ token
- Value proposition ill formed and poorly thought through (perhaps liability shift)
- V/MA have their own token projects
- V is contemplating using tokens to replace VBV, this would step on bank initiative (as is Masterpass)
This is the CEO level strategy war going on right now. So thought it would be good to give a summary to the retail/merchant audience.
FSIs aren’t big fans of Durbin, or of not having control over their payment rails and data. If you talk about V.me or Masterpass to a card head their face will turn red. They are very frustrated that they can’t innovate in a 4 party network and that Amex is 5+ years ahead of them. Thus they are looking to build a new retail network that they can control.. not that there was much research on what the market needs.. it really didn’t matter. They knew what they wanted: Control and an “interchange” that is better than Durbin.
A very, very big bank “secret” is that fewer than 20 percent of any major issuer’s Credit Card portfolio has consumer cards that are transaction “thick” (more than 5 per month). Most credit cards are thus used for MAJOR purchases only. Banks want to increase credit card usage, lock customers into rich merchant funded reward schemes, AND increase the revenue of debit (when used). None of these objectives aligns to merchant needs.
How are the banks going to achieve their change? They have gotten together to create a new system. Of course anytime a group of competitors get together there are potential antitrust issues, hence they chose an existing entity in which to congregate. They also selected real issues like security, integrity, fraud, interbank clearing to focus their plans, and avoid regulatory scrutiny. These issues are bank issues, as well as the pricing/control issues above. Given these design constraints you can imagine what they developed.. a bank friendly solution that has no market context.
A core requirement for any token pilot is that it is transparent to consumer. The perfect model for token issuance is OTA card provisioning in the NFC world. From an economic perspective, Banks want to focus tokens at the POS as this is where the transaction volume is.. but NFC has not taken off, and there is no way for them to get POS adoption in light of MCX and general merchant resistance (although they continue to try). Thus token pilots are likely to be eCommerce focused (the have no choice.. ) and this puts them squarely in conflict with a very, very capable field of competitors with established solutions.
Per my blog Clusters Form, there are some VERY VERY high stakes battles being fought in the C suite. For example, Visa is clearly positioned to deliver eCommerce tokens (as a replacement for VBV). In this model Visa would simply redefine VBV which already has bank “acceptance”, and would subsequently reduce CNP interchange and shift liability to issuer. If they did this, it would step on the TCH token project completely. Thus the large issers are threatening mutiny (with exception of BAC?). My guess is that Visa explicitly agreed NOT to do this with JPM in context of their new agreement (analysts/institutional investors please ask question). With issuers threatening Visa mutiny… MA is not likely to be first to market on a similar solution w/ MasterPass.
What options does Visa/MA have to their own token project? Once one of them redefines tokens the other will follow.. if they don’t then COFs will not be theirs any longer.. they will have lost their acceptance brand. My guess is that the banks will give up on trying to do this themselves and will attempt to accomplish within the scope of V or MA’s rules.. But this defeats their primary control objective.
TCH Tokens – Value Proposition
As I stated last week in TCH Tokens: Any Volunteers, there are few merchants or wallet providers jumping at the chance to participate in this pilot (POS or eCommerce). They want desperately to start a POS pilot, and may be forced to partner with a QR code solution provider with little to no merchant penetration. Why the merchant resistance?
Banks are not looking to solve a merchant problem, but rather their own. How on earth can a merchant agree to participate in a pilot where rules are not defined, banks have more control, and the cost is higher than debit. The value proposition currently goes like this:
- Give me your PANs and Cards on File.. and I will give you a token. (see Battle of the Cloud Part 4 and Business Implications of Tokens)
- I may be able to take liability (not firmed up)
- Since its really hard for us to do anything new at the POS, we will probably start with mCommerce and eCommerce and we will greatly improve your conversion rate by “auto filling” our customer’s name and address with the token. Since you have that already (given you had the card in the first place), perhaps we won’t really do anything new.. but hey we think we can.
- You will have to change your processor to CMS or Elevon to process them
- You will also have to retrain your fraud/customer support to handle all the special rules, and your customers will have no idea that they had a token to begin with
- We want to price this higher than debit, but will give you a break on any debit cards.. but we won’t tell you which one is which.. because the customer may decide to switch (so we can lock them into rewards)
- We will be able to give you a great new rewards/service using your data in the future. Not quite there yet.. but understand we will be the gateway between you and your customer forever…. So we want to justify the increased fees we plan to charge you once you have a number that only we understand.
- We really love “partnerships” where we can control data.. so if you can please also give us any other data you have we may be able to use it as well.
- Rules/Chargebacks.. hmmm.. haven’t gotten there yet. But we want to.. can’t we wait?
Ok, I’m rather harsh here.. partly for humor, but also to show how far they have to go for anyone to take this. As I mentioned in V.me – Issuers Please Give me your Customers, there is enormous concentration in eCommerce: Cybersource, Amazon, eBay/PP/GSI and Walmart.com account for over 60%+ of eCommerce retail purchases. Would anyone use a wallet that they only used 1-2 times PER YEAR?
Think about how you buy today.. Amazon, Walmart.com, Staples, Apple itunes, Google Marketplace. How many other sites do you buy from? Where else do you key in your name address, card number? Airlines and hotels lead the list for me. Am I going to put all of my cards in V.me, Masterpass, or something else to help me (consumer)?
Let’s look at competing initiatives, do the banks really believe they can improve sales/conversions against these?
- #1 eCommerce Amazon – One Click, #2 eCommerce PayPal, #3 eCommerce Google Chrome (and now with Instant Buy on phone as well)
- #1 mCommerce Experience Apple iTunes, #2 Payfone – Leverages my phone/device to autofill everything, and phone/device/location information to manage fraud
- V.me – Autofills everything for eCom/mCom… can load any card
- Apple (Future)? See blog
- Existing services from CYBS/GSI
Assuming tokens are issued without customer action, Tokens still face a fundamental problem of acceptance. eCommerce acceptance is just as difficult as physical commerce acceptance (given the concentration of both), eCommerce/mCommerce just solves the problem of keeping tokens consumers transparency. Having a 16 digit number resolves most of the technical hurdles, however merchants must know (and agree to) the rules that surround accepting something that is not within their current processor agreement. What is the cost, who bears loss on fraud, return policy, refunds, rebates, compliance, support, …etc. Taking a new product with new rules is not something done in the dark of night. The idea of a bank POS token pilot based upon QR code is completely laughable.. as this is yet another “token”.. and it now requires the consumer to do “something”. Once I require consumer participation, I now compete (conceptually) with NFC, Starbucks, Level up, Apple passbook and thousands of other apps.
Most retailers I’ve spoken with take the view “we just won Durbin and are in the midst of steering customers to debit.. why on earth would I want to support a new product type that is more expensive AND gives banks more control? AND further enhances merchant funded rewards? Will this improve my sales”?
Message to Merchants:
Tell them what your real problems are.. and see what they do to propose to help. Tell them you do want to create better customer experiences both online and off line.. but when customers walk in your door they are not “Bank customers” … but yours. 200 years ago merchant banks were focused on helping merchants grow through industry insight and access to capital. How has your bank helped you grow lately?
Message to Banks
Listen, focus, find a real problem to solve for your merchant customers and consumers. Why do most product searches start on Amazon? What community have you enabled? What services do you perform for that 2% of transactions
Message to Acquirers
You have the merchant relationship and are best positioned for new data services.. you just need a consumer facing partner (Apple, Google, Amazon, …). I see great new things in your future.. particularly if you can deliver Least Cost Routing to Merchants. Perhaps the token platform should start with YOU.
Food for thought…
If you were going to redesign payments.. as an engineer… how should it work? Your money is with one institution that can communicate to any company.
- Bank issues token to consumer
- Consumer Presents token to a merchant
- Merchant passes token to 3rd party that can route token to payment network
- Payment network routes token to bank
- Bank authorizes transaction
- Payment network sends authorization to merchant service provider
- Merchant receives authorization
- Consumer instructs bank to send funds to merchant
- Merchant confirms funds are received
if Google had challenges pulling off POS innovation (after ~$1B in investment), rest assured you will too. Banks are well positioned to throw sand in your gears … focus on delivering value within merchant –consumer relationship.
18 June 2013 (sorry for typos)
Thought it was time for blog this week. Primary objective is to inform the venture community of changes which may impact payment related start ups. Sorry that the title isn’t a little more polished (you can tell I’m rather left brained). The exec summary of this blog: don’t ever bet your business on someone else’s rules… particularly if they themselves don’t own them.
All Networks are working on unique token schemes (as I outlined in: Payment Tokenization, “New” ACH System, Visa’s Token Plans and Business Impact of Tokenization). The business drivers here are: #1 Control, #2 Mobile Payments. The US Banks have gotten together in The Clearing House (TCH Tokens) and are in the midst of piloting with 2 providers. In this TCH token initiative, the banks have logically determined that if a customer doesn’t need to see their Primary Account Number (PAN), then they will provide a number which they can uniquely resolve. For example, in mobile payments Citi could put in a unique Citi 16 digit number that is not a MasterCard, not a Visa card, not an ACH account number.. its just a Citi “token”. Citi can decide how to resolve this number adaptively.. based upon what the customer wants, or what products they have with them. There are MANY benefits to this approach:
- Banks control account
- Banks control DATA (transactional and account information)
- Banks own network rules
- No fees to other networks
- Set unique (NON DURBIN) pricing for a NEW payment product.
- No restrictions on “Routing”
- Enables banks to “switch” providers of any payment service or network clearing
- more detail here…etc
TCH Tokens are not the only game. Visa, Mastercard and Amex (through Serve) are also in this token game, and others like Payfone (through phone number as token at VZ/ATT), Google (through TXVIA) are also on the periphery. My view is that the BEST tokens are ones you don’t have to issue (ie Square/Voice, Apple/Biometric, Google/Facial Geometry, Payfone/Phone #…). I outlined dynamics of the strategies in my blog last year “Directory Battle Part 1 – Battle of the Cloud”. Its amazing that this topic is not covered more broadly in the mainstream… of course most of these efforts above are not discussed at all, and sometimes denied.
Of all the token initiatives, I believe Visa is most likely to succeed. This is not a typo… I’ve been very negative on Visa in the past.. as they have alienated everyone. But Charlie has started to change the culture, he has pulled the JPM relationship out of the toilet and has made a tremendous hire with Ryan. Why do I like Visa’s token prospects? They failed in their first initiative (non 16 digit PAN required big changes by everyone), and learned their lessons. However, most importantly, they can change the rates through rules on CNP and risk “ownership” creating a “new” version of VBV, with the best payment brand.
The threat to banks from “plastic aggregation” at POS from solutions like Amex/Serve, PayPal/Discover, Square/Visa, MCX, Google is real. Make no mistake, Banks have legitimate concerns surrounding ability support consumers and adjust their risk models. But the real business driver here is to “influence” mobile payment solutions that do not align to their business objectives. Key areas for bank concerns:
- #1 CUSTOMER DATA
- Top of wallet card (how does card become default payment instrument)
- Credit card ability to deliver other services (like offers, alerts, …)
- Ability for issuer to strike unique pricing agreements w/ key merchants
Visa, MA, Amex, DFS are in a great position to “stop” wrapping. What does this mean? They have initiated new rules, fees, cease and desists, threats of litigation …etc. Banks are thus looking to circumvent these restrictions by placing their “token” with the customer. This token is thus a new quasi acceptance “brand”.
Acceptance is therefore the new battle arena (who can convince merchants to accept their tokens, rules, rates, …). eCommerce may have slipped away from the banks and networks (PayPal), but they are determined not to let this happen in mCommerce, or at the POS. JPM has structured its new agreement with Visa to give them the flexibility on rules in acquiring and network routing for a new acceptance brand (Chase Merchant Services – CMS).
Retailers are not the dumb mutts that banks assume. The MCX consortium realizes that greater bank control does NOT benefit them unless the service is ubiquitous and standard so that banks can compete against each other, with no switching costs. Analogy here is internet traffic routing…They just want the payment cleared, with transparency/control in price, speed, risk. Retailers also want the death of bank card rewards schemes, and if they can’t kill them instantly, want the ability to deny “preferred” cards. I told a major retailer yesterday that they should offer an “X Prize” to anyone that can make sense of Visa’s rate structure in a youtube video.
Many Retailer’s also have a “token” in form of a loyalty card.. with Target’s Redcard, and Starbucks demonstrating the model in which a retailer led payment scheme could work. For retailers, their loyalty program is fundamentally about selling data, and trade spend.
As a side note, the “big” secret in acquisition is that most (~60%) of profits come from the bottom third of retailers.. specifically the small independents that don’t know enough to negotiate (hence the ISO business). Companies like Walmart negotiate heavily with the top issuers to reduce rates from “standard”.. and still end up paying over $1B a year.
I see a substantial opportunity for acquirers to participate in what I would discussed within Payment Enabled CRM. This would change their profitability from one driven by small merchants to data/analytics. This is undoubtedly what JPM sees within CMS. Retailers know that they can’t further empower the big bank with their data, but rather need an independent party to run the CRM platform for them.
I’ve already spent a little more time than I was anticipating here. For start ups my message is quite simple, if Google had challenges pulling off POS innovation (after ~$1B in investment), rest assured you will too. Banks are well positioned to throw sand in your gears … focus on delivering value within merchant –consumer relationship. The Mobile-retail interaction is greenfield, and there are 1000s of different flavors.. no one company will be the centerpiece here. Avoid POS payments.. or be the “arms provider” to the big institutions as they duke it out. My view is that the key for MNOs, Apple, Amazon, Google and Samsung’s future value is
#1 Authentication (Linking the Physical and Virtual World)
#2 Orchestration (Coordinating Virtual and Physical World Processes, Data and Value Chain)
I did a google search on least cost routing and found very little written about payments (much telecommunications). LCR seems like a rich blog area.. however today is just a tickler for a future part 2 (I’m slammed). LCR in payments is similar to telecommunications.. how do I route information through an optimized route that considers speed, cost and risk (a pmts only consideration)…
My jaw dropped as a start up CEO sent me this link below. This is a brilliant business patent… It also provides a very interesting “future view” on Bank’s plans with respect to Tokens and Routing http://www.google.com/patents/US20120265680 . Author of Patent is a good friend Dickson Chu, and former product manager of PayPal. Tokenized least cost routing.. Dickson seems to have designed LCR for the bank side… from his PayPal experience…
… eligible payment transactions are routed, using the payments interface processor, to an internal payment transaction processing path of the first party. In such cases eligible transactions are settled without routing the transaction to external card processing networks. Alternative payment processing paths are identified for non-eligible payment transactions. In addition, transaction costs of such alternative payment processing paths are determined. Non-eligible payment transactions are routed, using the payments interface processor, to a payment processing path other than the internal payment transaction processing path.
From a bank perspective this is brilliant… enabling cross border, cross network clearing and settlement. My top question: how can banks get tokens adopted by consumers, merchants and processors in the first place? My guess: Banks will work to influence consumers directly through a new brand and capability. Similar to the V.me, and google wallet API, banks will work to push consumer tokens into mobile wallets. In other words there will be a button in online banking where you push your payment account into selective wallets.. as opposed to consumers entering the card information directly into the merchant’s platform. Remember this model is 100% analagous to how cards were “provisioned” into NFC wallets.. but we are replacing encrypted card emulation with a unique token and a common interbank token directory. This model continues current card “merchant anonymity by abstracting from merchant consumer identity.
There would seem to be significant implications to the Visa/MA relationships if this one works out…
Banks don’t really want consumers to choose… not really… they will make their favored option seamless and ensure friction with everything else. This is normal business behavior, but payments are a networked business. Banks SHOULD be neutral here.. they DO NOT direct commerce but support it.
From blog yesterday I had several friends ring me. Turns out the card networks and individual banks are SEPARATELY pushing Token ideaS.. unfortunately none of the token schemes has individual adoption, no less interoperability.
Per my blog yesterday, ACH debit tokens can work, particularly if the consumer doesn’t have to enter them. Also in ACH, banks are in a position to influence acceptance. Consumers could even go to the online bank to permission the payment instrument in the first place. This is the model of V.me and Google wallet (w/ the new Saveto API). In this model the consumer never enters anything.. the BANK enters the customer information in the wallet. Of course banks DO NOT want consumers to use ACH.. there is no revenue here.
Therefore Banks don’t really want consumers to choose… not really… they will make their favored option seamless and ensure friction with everything else. This is normal business behavior, but payments are a networked business which supports Commerce. Banks SHOULD be neutral here.. they DO NOT direct commerce but support it. Their partnering approach is thus completely broken…
Thus the conundrum. The network where banks have the most influence is ACH, yet they don’t want to encourage ACH use as there is no revenue. We have a world where consumers can enter information directly, or ask their bank to enter it for them (V.me and Google).
One bank even seems to be creating a scheme that blends both ACH tokens AND Credit card tokens… in the hopes of being the “master directory” of payment information in a consumer’s wallet. Their dependency: consumer, merchant and wallet participation (ie. when pigs fly).
Why would any merchant want to give up card information and exchange it for tokens? Well there could be some incentive with reduced CNP rates.. and fraud liability shift… but isn’t that 16 digit card number already a token? Any approach must start out by being invisible to consumers (like V.me.. yes I am saying something nice about Visa).
I was talking to the KC Fed a few months ago.. brainstorming a little.. like what if you opened up Fed Wire to non-banks (ie regulated MSBs). That would really throw a wrench in all these future token plans… well I guess there would be one little problem… fraud.. but if an entity could crack the authentication/authorization nut this would be a great approach.
The current ACH system will never go away (related blog). There were $33.91 TRILLION moved over the network in 2011, compared to total debit and credit volume of around $4.5 Trillion. However, there are several “improvements” to ACH where all could benefit, primarily speed and fraud management.
19 Feb 2013
(sorry for typos in advance)
Thought I would add a little meat to my 2013 prediction on a new token based payment scheme in the US. 60% of the thoughts below are contrived… as participants and pilot results are not in.. and things are still evolving.
Prior to describing a “new” ACH system, it may be useful to understand what banks are looking to achieve.
- Stop the dissemination and storage of DDA RTN and Account Numbers
- Control the bank clearing network. Particularly third party senders and stopping the next paypal
- Improve clearing speed (new rules, new capabilities to manage risk)
- New pricing scheme somewhere between debit ($0.21) and credit cards
- AML controls (per yesterday’s blog on HSBC)
- Taking Visa and MA out of the debit game (yes this is a major story)
- Maintain risk models (see both sides of transaction)
- Control Retailer’s efforts to form a new payment network
The current ACH system will never go away (related blog). There were $33.91 TRILLION moved over the network in 2011, compared to total debit and credit volume of around $4.5 Trillion. However, there are several “improvements” to ACH where all could benefit, primarily speed and fraud management. Thus I believe there will be a carrot and stick approach to creating the right incentives for ACH users to move. The highest priority will be around third party senders (TPS), the lowest priority will be regular customer directed debits and payments to billers.
Third party senders (TPS) are a subclass of Third Party Service Providers (TPSP) which originate ACH transactions based on a direct consumer relationship. Alternatively TPSP are also known as “processors” whose customers are banks (primarily) and have no direct consumer relationship. Banks are not happy with the “free riders” on their network (see yesterday’s blog). Most bankers view companies like PayPal and Xoom as riding on their rails for free. One of their biggest issues is that they do not have visibility into the actual beneficiary as the settlement account hides where the payment is going to. This impacts their ability to perform risk management and authorization. Take these issues together with the increased regulatory focus on AML and we have a fertile environment for change (HSBC’s See Deferred Prosecution Agreement, and business overview of HSBC’s issues from Reuters). Note that AML concerns are much more relevant to International ACH Transactions (IAT). This blog is not focused on IAT.
Banks must therefore architect a solution to evolve ACH while the ship is moving. This is a much better approach than that taken by the UK of mandating faster payments… (one bank was losing 30M GBP a WEEK from fraud when launched). The consensus approach seems to be one surrounding tokens and directory (my blog from last year Directory Battle Phase 1).
Scheme (updated 2/20)
- Token will replace DDA RTN/AN. Starting with ACH Debit, Third Party Senders will be required to use token for access to top 5 banks. Consumers will not know their “token” as it is unique to the requester.
- Third party sender (TPS/TPPA) must request token for originating consumer account from consumers bank (more on business incentives below). This establishes a “directory” role for the consumer’s bank and positions them to “approve” ACH Debits, where today the responsibility is only on the ODFI.
- The bank owning the consumer account will be the owner of the token. Individual banks may choose to issue tokens, tokens will be synchronized with a central director, banks not wishing to issue their own tokens may depend on the central directory for issuance.
- Once a token is issued, a third party sender will use the token to debit consumer account just as the account number is today. However tokens may be unique to each TPS/TPPA
- Individual banks may clear payments by using their own local directory, or leveraging the central ACH service. There are no forced routing rules (learning from VisaNet). Banks also agree to collaborate on fraud and risk (keep information fresh).
- A token will be unique and represent a combination of both sender and beneficiary information. Focus is initially on ACH Debit. Unclear if multiple tokens will be required in MSB scenario. Banks want visibility beyond settlement account. Multiple ways to achieve.
- Members of scheme agree not to store consumer DDA/account information after token is received (think PCI for ACH).
- Token issuance (by the originating bank) will take into account, KYC, fraud and other factors
- Tokens may be revoked and tokens may correlate to risk/fraud information
- TPS may be required to include beneficiary information for ACH Debit (my guess here). This may take the form of a unique token for every originator-beneficiary combination.
- Authorization and intra bank settlement begins to look exactly like debit card/ATM. Only piece missing are agreements which would support usage outside of V/MA
———- Update 20 Feb—————————————-
It seems the Directory service has credit and debit cards in scope… I haven’t fully processed this one. Why would Visa and MA want banks wrapping the card number? Talk about a scheme to cut them out of the loop. Once proxy numbers are issued they could just dump other networks immediately.. Merchant acceptance becomes the big question mark if this is the case. My guess is that banks will focus on mobile, and eCommerce.. defeating V.me, I’m sure CYBS, AMZN and eBay will all jump at the chance to help banks with their tokens
Token provider rumored to be start up Venmo
In the ACH world, the big banks rule.. and make the rules. My guess is that the top 5 banks will inform (and subsequently enforce) a rule on all TPS ACH debits requiring use of Tokens to access consumer accounts. Given that the big 5 have over 50% of the accounts… if they act in concert it will certainly impact the network. The focus of their action is on Third Party Senders, with mobile payments and remittance services as primary examples.
- NACHA may issue new rules which will change existing ACH. My guess is that we will have a new transaction type (associated with TPS, and token). Note that new NACHA rules become law uniform commercial code.
- NACHA has already begun tightening requirements on TPS/ODFI relationships (Section II, Chapter II (ODFIs), subsection B-3)
- Banks which serve as correspondent aggregators of ACH (for MSBs/TPS) may be pressured to make immediate changes (beneficiary data, tokens). These payment aggregation banks (which frequently serve as ODFI) will likely not be part of the system design
- To “enforce” the rule changes, the large banks will set a date where they will not accept transactions that do not conform
- There will likely be “options” for fraud checking, and accelerated clearing cycle (Carrot?)
- Processing Token transactions will have a different baseline fee
- If your clearing bank is not one of the top 5, they may not even know this is going on
- PayPal, MCX, Google Wallet, Target RedCard are all likely dependent on some form of ACH. They will likely have incremental costs associated with ACH origination as a third party sender. My guess is that it will be at least $0.21.
- The big 5 banks will be best positioned to help any start up navigate this changing environment.
- It may be better for start ups to focus on obtaining consumer debit card information vs. DDA
- Small banks that specialize as ODFIs will be squeezed
- The cost of ACH is going up..