Commerce Network Puzzle

What are the puzzle pieces that will make “rewiring commerce” work? Small companies are very challenged in delivering value within networked business. They certainly do not have the heft to create their own, so they must choose sides. Within the card linked offers space, they align to the big card networks. This alignment has implications for attracting retailers and the targeting which can be done from bank data (store preference) vs the targeting which retailers can deliver (brand and price).

This is brief.. just something top of mind. This is an extension of my previous blog this month on Remaking of Commerce and Retail. I wrote today on linked in

POS and Payment Terminal mfgs have 30+ groups trying to add coupon and payment functionality. Their message.. FIRST get a retailer that wants it. Verifone’s Verix architecture provides retailers with capability to run 100s of POS apps… but retailers are skeptical.. will “apps” drive revenue? will it confuse customers? What will drive loyalty to MY BRAND vs. some start up? who is going to manage the mess when something doesn’t work?

All of the Card Linked Offer companies (see my blog), PayPal, ISIS, Google, Groupon, Living Social, Fishbowl, Inxent …are trying to integrate into the physical POS.  There are 2 primary options to integrate marketing into the checkout process: the Electronic Cash Register and the Payment Terminal.

I speak quite a bit with Verifone’s investors about their POS vision.. Will NFC drive reterminalization? Will payment terminals morph into a rich customer interaction environment? Big retailers like Safeway and WalMart have teams of 500-2000 developers around their core IBM 4690 ECR (ACE, GSA, SurePOS,…) and heavily customize it.  Take a guess how many people retailers have in managing their payment terminal? The answer is usually zero..  The reason the payment terminal (where you swipe your card) came into being was that retailers did not want to deal with PCI compliance, so their processors (like FirstData) came in with the terminals. The Cards get encrypted at the swipe and no one but the processor has the key to unlock the numbers. The ECR sends total amount and the payment terminal tells them it is paid with an auth number.  I thus find Verifone’s Verix architecture somewhat amusing…  I certainly see how retailers would benefit by taking electronic coupons from this terminal (and sending to ECR), but the terminal does not give receipts and certainly doesn’t allow for matching of UPC information.  Even if it did… the retailers don’t want to create a new IT team to manage this mess on a piece of hardware they don’t own.

Will Verifone sell new terminals because of NFC? YES. Perhaps even as much as a 20% reterminalization (over baseline) in next year… BUT my bet is that the POS  manufactures will win the battle long term both due to retailer IT competency and the tremendous capability for POS manufactures to deliver complex business solutions (IBM is 80% of top 20 global retailers).. Things like coupons are not some abstraction… they relate to pricing and loyalty and must be integrated into a retailers price promotion strategy. Currently we are in experimentation mode… with leaders like Google, Catalina and Coupons.com.

What are the puzzle pieces that will make “rewiring commerce” work? Small companies are very challenged in delivering value within networked business. They certainly do not have the heft to create their own, so they must choose sides. Within the card linked offers space, they align to the big card networks. This alignment has implications for attracting retailers and the targeting which can be done from bank data (store preference) vs the targeting which retailers can deliver (brand and price).

In general, the Marketing and Shopping phase of a NEW commerce process requires the following

1) know the customer,

2) deliver an incentive that is relevant and prompts action,

3) in a way that is integrated to the retailers brand and price promotion strategy,

4) with a great redemption experience

5) and prove to the advertiser that the campaign was effective

The Business platform necessary to deliver on this?

1) Campaign Management

2) Customer Data

3) Advertising distribution (virtual, physical, … how do you get eye balls)

4) POS Redemption/Retailer Integration

5) Massive Customer value to change behavior (relevancy, value, usability, convenience, entertainment, social, …)

6) Global sales force that can sell to retailers

Notice that Payment is not listed.. Payment is not a problem in physical commerce. Now that Durbin allows for STEERING.. you can imagine what Retailers want to incent…

Verifone Builds Square Fraud App in 1 hour

Verifone’s CEO (Doug Bergeron) published an open letter to the industry on Square’s flaw. The Square doggle is not PCI compliant (see my blog from last year). Verifone is spot on… they built this skimming application in ONE HOUR.

I took a look at my blog stats today… and they went through the roof.

Verifone’s CEO (Doug Bergeron) published an open letter to the industry on Square’s flaw. The Square doggle is not PCI compliant (see my blog from last year). Verifone is spot on… they built this skimming application in ONE HOUR.

YouTube Video just pulled.. . you can still view at http://www.sq-skim.com/

Chase Paymenttech is Square’s acquirer, and I spoke to them specifically about the Square risks last year. This is an industry issue.. as stolen cards and fraud generate both issuer losses (card present transaction) and a tremendous hassle for customers. I don’t understand why Chase supported this thing… Was told last week that Square’s fraud is off the charts. As I said back in 16 month ago in January 2010

The acquirer that takes this on will likely have a few headaches when the first major craigslist merchant starts using the device to skim and resell card information (among other things). There is a reason for PCI compliance and for my “securing” my physical card and CVV. I can’t wait to see Square’s Payment Services Agreement (PSA). Operationally, the issuer’s have control over card authorization through systems like HNC’s Falcon or SAS Raptor. This means that if SquareUp is found to have contributed to a data loss, or has a high number of fraudulent transactions (see link) customer would see their card transaction declined, or the network (Visa/MC) would shut SquareUp down.

The great thing about the PayPal model is that the customer funded the account after agreeing to terms. In Square’s model, consumers are unregistered, Square is acting as an agent of the merchant. For Square’s investors, there is atypical risk which they will see through “unique” bonding/insurance requirements from the acquirer.  Just as with any company, Square will face unlimited liability associated with loss of consumer information (think TJX). To get an idea for potential mis-use see you tube video below.. crooks invest quite a bit in technology here… will SquareUp make it easier for every iPhone owner to become a skimmer?

Update Thurs Mar 10

Networks are dependent upon everyone following the same rules. Rules are what make networks work, and are essential in “trusting” the transactions coming in. PCI rules were agreed to by all.. Square’s reader does not comply, nor does its iPhone app.  That said we have a very mixed bag of incentives within the current card networks. Banks and the networks want Square to succeed, as it will drive more transaction volume AND drive card use further down market with small merchants… see Visa’s blog

http://blog.visa.com/2011/02/14/emerging-payment-types-new-opportunities/

Bank margin is driven by the ability to manage risk. This is the nature of banking. Within credit card, Big banks like Chase have tremendous experience in fraud and risk.. they the seek both higher margin and volume.  Chase is comfortable with the risk it is enabling with square as both issuer and acquirer. However, their acquisition relationship with Square (through PaymentTech) enables fraud to enter the network, and other banks may have not updated their authorization rules to accomodate. For Example, Bank of America certainly wants increase transaction volume .. but is it willing to pay the price of  BOTH fraud loss AND of encouraging a change in customer behavior (give their cards to anyone with an iPhone and card reader)?

From my background at 41st Parameter, I was fortunate to develop relationships with the fraud heads of every major US and UK bank and card network. This will be an active discussion for them today. Bank decisions are caught up in the business dilemea of how to respond to Durbin, as well as their own mobile strategies and EMV perspective. Fraud usually develops once critical mass is reached, as fraudsters don’t want to waste their own resources developing a compromise unless there is volume.  My view is that Square’s reader and iPhone application are clearly not compliant with PCI rules and that Visa and Mastercard must shut them down. They have no choice.

Perhaps a story is in order to talk about potential impact. Groups of brilliant fraudsters created small mini kiosks called “card cleaners” and placed them in ATM booths, grocery stores, vending machines.. “Clean your credit cards for free”..  I’m not making this up.. people really used them. The crooks just took the numbers and sent them to Algeria (a favorite destination) to create new cards, or to sell to other organized rings. The rest of world hates US use of magstripe.. we are the only country in the world that has not adopted the EMV standard (aka chip and PIN). EU readers still take mag stripe because of the US tourist dollars.. and claim that we are responsible for their fraud (they have a decent case).  Verifone’s 1 hour fraud app (www.sq-skim.com) is not a technology issue as much as a behavior one. A good crook would probably spend a few days developing an iPhone app that asked for your PIN…. and took a picture of the back of your card w/ CVV, I noticed in Square’s response that they also ask customers for phone number and e-mail address (normally). This data is beyond the wildest dreams of fraud organizations.  I can just imagine a fraud ring setting up hot dog or ice cream stands that only take cards.. .and sell the ice cream for $.50… they would never even use square’s software.. or even try to submit a transactions. They would give the food away for free just to get the data.

As a side note Square is not winning against Verifone. Square has only 5k-10k active merchants (see blog) and $200k in revenue per MONTH… so lets stop this thing before it gets viral.