Payments – Civil War?

Regulated companies like banks and MNOs must not only know who is using their data, but also HOW it is being used.. and when it is transferred, it must be destroyed. We help 1st party data owners create data products within their environment.. your data, your rules, your environment

As always sorry for the typos. This is an 8 page blog… a little long.. and not always linear…. corrections/comments are appreciated…


While my Civil War metaphor could be anxiety from the thought of Captain America fighting Iron Man in the new Avengers movie… I don’t think so. Banking and Commerce are interdependent and traditional players are struggling to cope with new forces destroying both competitive walls and economies of scale. Banks logically want to fight this trend.. but should that energy be spent trying to recapture control.. or in creating value within someone else’s platform? Mobile plays a conflicting role (primary banking channel, and disruptive infrastructure service). Do you run toward it… or try to stop it?

Tokens and a new routing scheme are the drivers of today’s blog. After writing 20 blogs on Tokens, I thought I was done..  I last discussed this topic 3 years ago in Battle of the Cloud: Network War and Token Accleration. As a refresher 2010, 27 banks joined together under The Clearing House (TCH) to create a “new network” with Paul Gallant (Citibank) as the leader. For those that don’t know the CEOs of the top 5 banks sit on the TCH BOD, so it is the single forum where CEOs can interact (w/ no fear of collusion).

The bank strategy goes like this: if there is a number in the mobile phone, it should not be a Visa/Mastercard PAN… but a bank token that could represent any account. In 2011, V/MA squashed this effort with rules on wrapping and created a surprise LEAP in front of the bank effort with the lightning fast rollout of ApplePay and tokens in 2014 (also see Not on my Rails).  In a perfect world, Banks would like for Visa to be a standards body after all it is not clearing payments, or managing risk.. it is just creating rules, rates and routing messages.

V/MA’s token strategies have enabled them to take on a GREATLY expanded role and change the competitive dynamics of the industry. The most beautiful element in the V/MA token strategy was transparency. V/MA embraced openness by making the token standard part of EMVCo specifications. For you non-payment guys.. think of tokens as a directory where every merchant and phone has a one time use number.. not your actual card PAN… and it is presented along with the merchant ID and token assurance information to be translated into the actual PAN.

Did anyone else notice that the DAY that ApplePay in browser news broke, was the same day that the NEW EMVCo specs were published for 3D Secure 2.0!!?  This means that the “new” CHP rate tier will be the “old” 3DS rate plan (10-30 bps and liability shift).. coming to you THIS YEAR. Also see Tokens and CNP.

Issuers are justifiable concerned that centralized token facilities, combined with mobile authentication have created new dependencies. The TCH Bell ID project would enable issuers to vault their own tokens (Bell ID), and create non card tokens (ex ACH, Wires), but if the tokens are V/MA they must still be routed through Visa/MA (Network as TSP, TCH at Vault). The control point for issuers is token binding and vaulting, they decide if and when their cards are tokenized. (See Boston Federal Reserve Whitepaper for tech details here).Boston Fed Token Vault

Most large banks obtain tokenization services at no cost from V/MA, and it makes little sense for them to own.  Yet they all suffer from the same “acceptance problem”. To restate the problem in the bank token scheme is not technical, but rather what instrument is the consumer using with the merchant? Visa card? ACH? Within what rules (and rates) does the payment operate (see Wrapping, Rules and Acquiring)? The large issuers position (with top 5 COF holders) is that the PAN is their property and that the merchant processor can route directly through them (I’m not kidding). Visa/MA of course point to clear operating regs that cover consumer, merchant, processor, issuer … so I don’t understand how issuers can propose this scheme.

There is a standards battle going on.. and networks are winning:

  • existing EMVCo spec,
  • rates/rules
  • speed at which they add on to it (example 3DS 2.0, Google HCE, …)
  • ability to expand use through developer community with APIs for adoption
  • need of mobile platforms for consistency

The directory of IDs is the Key Service within a payment network (see Network Strategy and Openness). The challenge this Bank led scheme (see blog): NO VALUE to consumer, wallet provider or merchant. It is about bank control.  In 2012, the TCH test dummy was Google, and the “benefit pitched” was that Regulators were going to MANDATE tokens, so come on board now and you can be the first. Wow.. that is some value prop huh? But there is and EVEN WORSE approach

When Android Pay was relaunching last year (from Google Wallet), a large issuer told Google “just forget about the deal we did with Apple (15bps), we won’t start there, but rather what you will pay me to add scale to your efforts”.  So this bank’s customers can’t use Google Wallet. Not that Google cares… no one is really using any mobile wallet.. and the ones that that do just load up another card. The bank just distanced itself from the most successful commerce company in the world that was paying them full freight. So much for collaboration!

Bank Challenge

Banks have an interesting challenge: Payments are a platform for banking and an loss leading network service supporting commerce. One requires leadership and control, one requires neutrality and speed. I don’t remember the payment industry ever being this interesting. From an investor perspective the payments industry has been enormously successful by every measure since the 2006/7 IPOs of Visa/MasterCard, with most players enjoying multiples of 25x-30x.

You would think that this broad industry success would breed cohesion; as a rising tide lifts all boats. Visa and Mastercard are enormously efficient networks that operate in a winning economic model (for all parties). As I outlined in the Changing Economics of Payments, the beauty of the V/MA model is that it creates incentives for millions of businesses to invest billions of dollars. For investors, the attraction of V/MA is that it is scale free.. with minimal effort required to add volume. While there are MANY more logical ways to deliver payments.. there are none with more profitable incentives for investment. (see detailed discussion in Tilting the Networks).5yr-return-payment-stocks

The investment hurdle to circumvent V/MA exceeds the total capital deployed in infrastructure ($500B) the revenue of all current participants ($200B+) and consumer acquisition costs ($300B) and merchant acquisition costs ($200B+) in the US alone. Having been a bank payment executive I know that “the plate is full” today (see Inventory of Bank Payment Decisions.), and it is logical for a bank to evaluate the network through which its services are delivered. Bank should indeed work to define core processes of issuance and tokenization, but this should not be the core focus.

Banks are accustomed to owning both distribution/servicing infrastructure (branches, ATMs, Networks…etc) and the form factors of banking (cards, checks, ..etc). Banks must support consumers WHERE THEY ARE (not where we want them to be). They must pivot from a view of “control” to a view of “enablement”. Unfortunately checking your bank balance is just not as interesting or as valuable as socializing with friends or shopping for products. As an ex banker I can understand the desire to own the mobile channel, but they are operating in someone else’s store now (Apple, Google, Facebook).

Example… In 2006, the MNOs agreed to restrict how consumers could access their bank through Firethorn. MNOs were planning to block browser access to Bank URLs, and app installs to ONLY allow you to check your bank balance through this mobile app at $1/use. I’m not kidding.. I joined Citi and they were in the midst of rolling out a mobile app we built with mFoundry, I asked how they resolved the MNO restriction.. they hadn’t even met with them. Banks had no idea that MNOs were restricting what App could be on a phone. Citi ran ASAP to cut a deal with ATT (being their co-brand) and Verizon followed. I tell this story to show the stupidity of “control”.. and the constant recurrence of attempts to regain it.


Chase is Iron Man of Banking. JPM’s ChaseNet broke out on many rules through bifurcating VisaNet (see ChasePay). JPMC got “everything” it wanted (on us), but remains the leader in creating a Visa Alternative (or advocating infrastructure to further expand in an “on we” via TCH). The ChaseNet value prop goes like this: give away processing to get commercial IB/wholesale and reduce Visa volume in “on us”.

JPMC’s ChaseNet is running about $50B in volume, so there is traction, but this volume is at a loss to what they would have earned within the V/MA structure. Why? While I must complement JPMC for delivering value beyond the transaction, there is a mismatch in value creation and incentives.

Is running payments at a loss innovation? Only if there is a corresponding gain for the transacting parties aligned to the transaction. ChaseNet is 100% a banking strategy… not a commerce, payments, mobile or consumer value creation one. Whereas Google’s value is integrated around a merchant to consumer commerce “funnel”, JPMC’s value is integrated across radically different commercial processes and different organizational owners.

As I stated in ChasePay thoughts, JPMC has created a Visa warplan and I don’t understand why. Chase seems to want to build an Amex… at a time where Amex doesn’t even want to be Amex. JPMC may have a unique routing scheme, and a bundled bank value proposition for acquiring, but they need acceptance at non payment tech merchants for any consumer value proposition to take hold. In short a token is worthless if ALL merchants don’t know what to do with it…

Chase has 53% of ecommerce acquiring but only 17% of POS. Thus their focus is on eCom/mobile. I already told you the pitch JPMC gave to Amazon on ChasePay.. Walmart threw them under the bus after bending them over on give backs for WMT acceptance.   They are looking to buy eCommerce acceptance.. who is left? Paypal..! Paypal wants stronger bank partnerships, but why would you alienate a network/brand that drives all of your payment revenue for another one? My honest view is that JPMC is pushing tokens so hard because it needs them for its own strategy (acceptance) much more than because it helps industry reduce any V/MA dependency.JPM Visa flow

Payments as a Platform vs Commodity

There is a fantastic article in this month’s Harvard Business Review on Pipelines and Platforms. In a perfect world banks would own mobile…. and all commerce would pass through their toll bridge. But in a world of transparency, connectivity, speed and value …  commerce finds the most efficient path. This is why we have Paypal, Stripe, Uber… Banking and Commerce are networked industries and value is created at the intersection…. Thus the challenge is to CREATE THE MOST NUMBER OF INTERSECTIONS…

Commerce, consumer behavior, trust, mobile platforms, social networks, competitive dynamics, economies of scale, consumer data all are changing.  Banking and payments are becoming commodity infrastructure at the precise time that consumer behavior is radically moving to mobile, and payments are being treated as a loss leader.

Platforms enable specialization (think Intel/PCI), networks provide discovery, interaction and value exchange. MOBILE IS THE PLATFORM that has disrupted the payment network. For example, Google loses money on every payment transaction today, Apple’s biometrics and Visa’s tokens disrupts authentication, issuance and even the payment network.. after all if you solve for authentication in payments.. everything is just accounting (Ross Anderson – KC Fed).

Banks still have a dog in the fight, for example my favorite bank platform is Early Warning. This is where banks collaborate to prevent fraud.. a service that is key to all commerce and to payments…. In a model that pays each bank based upon the value it provides.

Platforms enable specialization

Structural Changes in Payments are enabling smaller players to compete at scale (think fintech). Value is flowing away from large issuers into the network (see orchestration). Today, Issuers give most of interchange back as rewards, and large issuers enjoy significant economies of scale particularly in areas such as risk mgmt, rule making and acquisition. Large players have historically enjoyed VERY significant advantages as they not only defined the rules, but owned the underlying infrastructure and built corresponding utilities (fraud/risk) that could not be matched by smaller players.

Most would agree that lending and credit risk management are highly competitive (securitized) services. Margin in payments (and in Commerce) is located at entity closest to consumer. Payments are the central “branding” and touch point with consumers.. the closest touch point.. the channel for credit.. and are at risk. While retail banks don’t care about loss of interchange (150bps), they care greatly about loss of NIM (900bps in Credit Card, 150bps Deposits). Thus, Top 10 banks consider Payments a battle they can’t lose (…. See Changing Economics).

Parting Thoughts

In 2006 the average consumer visited a branch bank 26.5 times a year, 2015? 2.3 times per year.  Ask consumers who they trust with their personal information? Apple is #1..  Banks will find substantial success in supporting great commerce experiences, as they work more closely with: mobile operators, retailers, OS providers, and OEMs to enable them. Citi, Cap One, ADS have done excellent work here (see related blog). Target is also one of the best financial services groups in the world hands down.. Redcard and cartwheel is innovation done right.

I completely agree with Judd Linville at Citi.. payments will be moving to something we don’t even think about… THEY JUST WORK.  Consumer banks are thus challenged:  the primary instrument of consumer acquisition and profitability is becoming a transparent commodity running on someone else’s platform (ie Apple) and treated as a loss leader (see my long blog on Payment in OS).

Visa and MasterCard are public companies now, and are making decisions that are best for their network (consumers, merchants, processors, and issuers). The advent of tokenization has created a new role for V/MA in brokering trust/risk (which is far more valuable than routing data – See Blog). Most large banks think that they screwed up in 2001 by letting PayPal “happen”, particularly a risk management utility outside of banking. Similarly most banks regret the 15bps give away to Apple. Partnerships require investment and planning.. banking is about commerce enablement.. about helping MANY parties transact MORE efficiently.. NOT CREATING FRICTION.

The challenge retailers, banks and mobile operators face is determining how they operate within and around integrated consumer platforms of Google, Amazon, Facebook, … They must create new organizational teams focused on driving 100s of successful partnerships. No ONE COMPANY can compete with Google.. so the questions every payment CEO should ask:

  • Where are we driving value today?
  • Where do we LEAD in creating new value?
  • Where do we SUPPORT?
  • Who are our partners?
  • Is a Civil War worth fighting?

Will be glad to give you the Commerce Signals perspective.

Investors.. V/MA are still my biggest holdings.. I see this as wasted energy.. with very limited applications.

2 thoughts on “Payments – Civil War?”

  1. I’ve just read this whole thing, and it’s the first time I’ve ever been here. Thanks for sharing your thoughts. There is so much value you’ve put into that one.

    I’m intrigued by current developments. I’m fairly new to the payments space, although I’ve been in banking for quite a while. Never thought payment excites me more than trading ;).

    Would you agree on the following: Banks are currently being excluded of the club where commerce happens. They get a netted credit/debit on business accounts each day, though, without any look-through.

  2. Great post Tom and consistent with much of what you’ve been posting over several years.

    Apple Pay in browser supported by 3D Secure v2.0 is a watershed moment in digital payments. Here’s why I think you’re on to something…

    Prof. Clayton Christensen (author of the Innovator’s Dilemma) has written extensively about the move from proprietary to modular solutions. His thinking applies in this situation.

    During the early stages of an industry, when the functionality and reliability of a product isn’t yet adequate to meet customer’s needs, a proprietary solution is almost always the right solution — because it allows you to knit all the pieces together in an optimized way.

    But once the technology matures and becomes good enough, industry standards emerge. That leads to the standardization of interfaces, which lets companies specialize on pieces of the overall system, and the product becomes modular. At that point, the competitive advantage of the early leader dissipates, and the ability to make money migrates to whoever controls the performance-defining subsystem.- BusinessWeek 2006

    In mobile banking, MNO’s pursued their proprietary solution in the mid-2000’s, Apple’s app store framework provided the standards that allowed each bank to create their own iOS banking app. Price point for having a mobile banking app went from $1 per user per month to free within two years. Modularity won.

    Visa and MC have been piloting proprietary mobile payments solutions for more than a decade. Apple adopted the EMVCo token standards and launched Apple Pay in record time. But Apple Pay is still proprietary to Apple. Google launched AndroidPay with a promise to make it open. With the EMVCo standards in place, any bank can now launch a branded payments experience on an Android device – so Android is enabling the modularity where Apple is still proprietary (Christensen’s laws don’t seem to apply to Apple – the exception to the rule).

    Now EMVCo has published revised specs to enable issuer-authenticated transactions in a browser that minimize the downside to the poor UX from 3D Secure v1, If 3D Secure rules apply, the transactions come with liability shift and a preferred rate for the merchant.

    3D Secure v2 is a defining moment in the development of digital payments. And the standards are fully supported by V and MC. Because it’s web-based, modularity will absolutely win. On iOS, Apple will play the role of the authenticator (a modular position) and web developers will focus on innovative solutions that wrap around Apple’s authentication.

    Expect big impacts at the “point of interaction”. The pace of change in the shopping experience will accelerate – self-checkout, in-aisle buying, unattended kiosks, mobile ordering, etc. The handset becomes the POS terminal. Value shifts to the identity and authentication platforms. Google has a chance to lead here but it requires support from the Chrome team.

    In fact, real progress will emerge when industry-wide standards emerge across ALL browsers. Follow Web Payments @W3C if you’re interested.

    Change won’t happen overnight. So service providers who can straddle the old and new for the benefit of their merchants will also benefit. Too much modularity isn’t necessarily good. Value will also shift to the “curator” who can help merchants make sense of this in a seamless and easy way.

    There’s much at stake that will also increase the competitive intensity around “owning” the standards. And this is why payments is so much fun!

Leave a Reply

Your email address will not be published. Required fields are marked *