Money 2020: Tokens and Networks

Short post that I’ll update later in the week. I’ll be leading a panel at Money2020 on Tokenization, Wed Oct 9th 1:20 PST in Vegas. Joining the panel are James Anderson, Matt Dill, Dickson Chu, and Dave Fortney. Would love to have a retailer on.. and working on that still.


Did anyone else have their mother say: “Just because you CAN doesn’t mean you Should“.  My Mom’s advice may be the most appropriate way to sum up the token “mess”.  As I related in Payment Tokenzation and Business Implications of Tokens why on earth would any merchant or wallet provider want to give up Cards on File (COF) for Tokens?  The ONLY token success stories are Plastic at POS w/  a merchant friendly value proposition: Reduce PCI Compliance. For more info, see the 2011 Javelin report on key POS Token players, also see MerchantLink’s  great perspective here in their blog.

Almost every entity below has some sort of token scheme planned. Their primary focus is on “CONTROL” not value. Can you imagine if the internet worked this way? Each site had a different token scheme, requiring you to log on to your Computer, ISP, Search Engine, Site you were visiting, Secure Application, … etc.    Who is trusted by whom? who sets security standards for what? (See blog Who do you Trust?)

Perhaps the best question to ask of parties is: WHO OWNS THE CUSTOMER? Retailer? Apple? Visa? Chase? Consumer is not owned?

token mess

I’m fortunate to work with both banks, merchants and wallets… my views are not necessarily accurate, but they are informed and can be best summarized: no one is listening to anyone else. HUNDREDS of MILLIONS have been spent here.. please stop the madness.. CEOs please have your teams solve a REAL problem first.

Almost universally, new token schemes are designed to benefit only one party. Let me take The Clearing House Secure Cloud token scheme as an example (see my Blog here).

TCH Tokens


  • Physical POS Payments


  • An early form of this is in patent app here
  • Wallet provider exchanges cards on file for TCH token
  • Form A (TCH Pilot)
    • Token is presented to Merchant at POS.
    • POS forwards token to Merchant processor (like Elevon)
    • Elevon translates token into card through TCH
    • Elevon then routes transaction as normal card

Other forms

  • Form B – Wallet Translation
    • Token is presented to Trust Authority by wallet service (note phone data connectivity required at POS… a MAJOR hurdle as companies like Padient discovered)
    • Wallet obtains new temporary card number
    • Temporary card number presented to merchant
    • Processed as normal
  • Form C (C for Chase with their unique VisaNet deal)
    • Token is card number
    • If Merchant is a CMS merchant, Card routes through JPM’s version of Visa net
    • Unique capabilities
  • Form G (G for Google)
    • Token is a card number – Issuer is google
    • Merchant runs transaction as normal
    • Google acts as issuer receives authorization request and routes to selected card
    • After receiving authorization from funding card, google authorizes transaction
    • All works beautifully today.. but my friends at Mastercard pulled the rug out from under them after issuer complaints. Issuers make all of the interchange they did before, but don’t like being wrapped. They also don’t like the data leakage and the fact that this impairs their ability to offer unique services (10% off at Kinkos).
    • Note: this scheme has a value proposition for everyone.. and banks still don’t like it… Google looses money on every transaction.

Now imagine you are a wallet provider… Google is a good example since they are now on all Android and IOS phones…. TCH tells Wallet Service: give me your cards on file and I’ll give you a token…. Wallet Service asks for business case:

  • Fraud? Well given the poor adoption of mobile POS payments there is no fraud problem right now
  • PCI compliance? Already made that investment.. not a problem
  • Cards on File? I still need those because of Google Play and digital goods, Tokens are useless here
  • Banks auto enrolling all of their customers to use my wallet? Well that would be nice, but banks can’t commit to that.
  • Card present rate discounts (maybe in the future with no commitment)
  • Liability shift? yes, we think we can do that.
  • Complete dependence on a bank service with poorly defined rules for every transaction… yep
  • Ability for banks to choose customer’s payment product whenever they want (ex Debit to Credit)? Yep..
  • Broken customer experience… yep
  • Single channel solution only (POS) with a remaining need to keep COF for eCommerce/Google Play? Yep
  • Get to see transaction data…? No way.. you don’t get to see this anymore

Token Success in Mobile

As described above, Plastic Token providers like MerchantLink are successful because they deliver value to the merchant. There are mobile token successes, most notably Starbucks … soon to be Square (see Interpreting the Square-Starbucks Deal). Most of us use the starbucks mobile app to pay for our coffee.. it is a token for the payment instrument behind it. Why is Starbucks successful? Value to Starbucks: Loyalty, customer insight, … Value to consumer: improved commerce experience. Notice that I did not talk about banks or mobile operators.. all other intermediaries need to be in the background (ie white label).. they have no business injecting themselves in Starbucks customer experience. People don’t go to Starbucks because of their debit card brands.. they go there for coffee.  Wallet providers want to enable a generic platform for 1000s of Starbucks like experiences.. card companies want to stop them.

Something has to Change

Visa rates

Banks don’t orchestrate commerce… they are a dumb pipe payment service that cost far more than the value they provide. The greater they work to control the existing pipes, the greater the business case is for going around them, or regulating them into submission.  Retailers are fine with allowing them to offer open loop credit, but not forcing them to accept fees for credit acceptance. If Credit cards add value then drop the accept all cards rule.

From a network perspective the proprietary linkages are obvious indicators that a massive change will occur toward standardization, least cost routing and dumb pipes. My bet is that a new AUTHENTICATION provider (like ?Apple?) will be the tipping point where we begin to see substantial change. Payments work today.. but the costs of payments are primarily borne by merchants (particularly small ones). The bank that can construct a merchant friendly value proposition will win and have a significant lead on peers. My bet is that Amex is best suited to execute here.

G2 This Week

  • Paypal set to by Braintree/Venmo
  • Paul Gallant takes role as CEO of Verifone, was head of Bank/TCH token consortium and head of new “Emerging Payments”  at Citi. Talk about a projects.. good luck Paul.
  • Facebook enables autofill with a portfolio of providers (Braintree/Venmo, Stripe, Paypal). Paypal seems to be a partnership afterthought. General theme: if consumer has cards in your wallet, we will ask you for them to autofill the merchant. I love this approach, but don’t quite see how wallets will make any money here… merchants are not changing their processors. Winner is consumers and Facebook.
  • Google wallet off NFC only and on IOS. See google blog.
  • Square is in the midst of a capital raise. Rumor among institutional investors is that it is a net down round … and includes restructuring of existing investors.
  • Apple’s new phone and OS.. See Bluetooth Low Energy/Beacons What does this Mean?


8 thoughts on “Money 2020: Tokens and Networks”

  1. Great overview of the battle field, Tom! A few questions immediately spring to mind:

    – For TCH model to work, they’d need to sign up every (major) processor? What’s in in it for the processor?.. (And for the merchant too – as tokens do not resolve the PCI compliance issue, as far as I understand…)

    – Any POS “revolution” needs a new interface. I.e. it will be hard to base tokens on the “petrochemical derivatives” form factor (aka “plastic cards”). If we are talking mobile here, how will phones talk to POS?

    – Static tokens are of no use. Dynamic tokens require either cloud access (and there are still “off the grid” locations out there), or on-device token generation. Smartphones are (sort of) suited for both, but again – if we leave security issues aside – how will smartphones talk to POS?..

    Also, tokens at POS are only part of the solution, mainly PCI-related (and, as you pointed out, CONTROL-related). Tokens per se offer little help as far as fraud (and CNP) is concerned, because it’s not about WHAT is being presented at POS, but WHO the presenting party is:

Leave a Reply

Your email address will not be published.