Wallets, APIs and Trust

Posted on by

6 Page Blog

Top of mind today are Wallets, Identity and Application Program Interfaces (APIs). APIs are the core concept behind many new business models investors must decipher:

  • Software as a Service (SaaS)
  • Payments as a Service (PaaS)
  • Banking as a Service (PaaS)
  • Open Banking – PISP, AISP, ..etc
  • Account Aggregation – FDX, Plaid, Akoya, … etc
  • Payment Service Provider (PSP) – Stripe, Adyen, PYPL/Braintree, … etc

Previously, I’ve covered this topic in Open Banking and Open Payments and Trust Networks (2020)  Part 3 – Internet 2.5 (2022), Modularity and Trust (2022) and Evolution of V/MA – Moving Beyond Cards (2021). Summary points from these previous blogs:

  1. Open standards are a great technical construct but make for a very poor business model. 
  2. The internet is an open, anonymous network with no guarantee of delivery. Today big tech super hubs dominate in a virtuous cycle of data. Web 3 envisions the destruction of the centralized hubs through a federated model of trusted peer-peer interaction. 
  3. Trust and anonymity are a core battle of Web 3.0 and not everyone agrees. Many others are in the DeFi Camp, a world where value exchange can happen without an intermediary (I’m not convinced).
  4. “Trust” is an amorphous concept that represents an entity’s current and historical ability to operate in the context of a contract, process or relationship. Trust is proportional to economic alignment and ability to bear risk and inversely proportional to modularity criteria. Commercially, trust communicates identity, contexts, ability to bear financial risks, deliver against expectations, manage privacy, and surpass auditing and legal/regulatory requirements.
  5. The core asset of a trust network is a well defined operating model. This operating model enables shared investment between known participants (ie ability to enter commercial agreements, indemnify and assume risk).
  6. The “trust” of banking is distributed through Payments. Today it is V/MA that have become the “trust layer” of today’s internet with services that TRANSFORM anonymous nodes providing uncertain service into known, defined and guaranteed service providers. Payments are the key contractual control point AND the key measurement for monetization/value exchange between parties (see Modularity and Trust)
  7. Payments enable platform monetization, however margin is driven by “last mile” services that deliver value, and integrate to the end point (ie consumer, merchant, bank, market, …etc).  
  8. Trust is domain specific. Large banks and FIs have trouble competing (and partnering) in verticalized solutions, or as specialized trust networks. The virtuous cycle of specialist platforms allows them to operate with a significant data advantage. Top merchant banks and processors become generalists (with commodity products). 
  9. On the merchant side, Platforms transform disconnected systems as increased data powers intelligent services where economic value created. Greater intelligence powers nodal switching, thereby increasing the commoditization of other specialists 
  10. On the consumer side, the same power exists within wallet providers. As wallets become the center of TRUST and INTERACTION with greater consumer intelligence (Google Wallet blog – 2012).  Alipay and WeChat Pay are the best example platforms. While I see little chance of a US “Super App”, I do see Apple/Google as the super consumer platform empowering consumer choice and protecting consumer data.

Wallets, Identity and Trust

APIs are data exchange. Today’s data privacy environment mandates that data flows involving PII must be permissioned by the consumer for a specific USE (and time period). In the US I covered this in my blogs on Akoya, and Consumer Data Bureau. Technically, there are many architectures for extending trust assertions (ex tokens in SAML/OAuth2), the business challenges are 

  • Who has the rights to use consumer data
  • Who has consumer permissions for the proposed exchange
  • Who is responsible for ensuring that the data was used for that purpose
  • Who is responsible for regulatory compliance and reporting
  • How to prevent consumer data leakage
  • How owns the risk when things go wrong

As founder and CEO of one of the largest card data businesses, US and EU banks are VERY serous about managing consumer data appropriately. Retailers and the advertising ecosystem are not (see data leakage). Advertisers operate on probabilistic “good enough” behavioral data which has escaped most of the privacy regs.  

Finance, healthcare, supply chains, …etc require data exchange that operates in a contractual context. Within payments I refer to the network of contractual relationships as the operating model. A model that entails a linkage of contractual agreements

  1. Consumer to Issuer
  2. Issuer to Network
  3. Network to Acquirer
  4. Acquirer to Processor
  5. Processor to Merchant
  6. Merchant to Specialist

For example, as I outlined in Pay by Bank – Where Does it Work and Why, bank agreements govern the operation of a bank transfer for 1) consumer to bank and 2) bank to merchant. There is no linkage of the retail purchase transaction (and rights, support, compliance, …etc). Thus only “high trust” flows go through pay by bank.  This list of agreements is only the tip of the iceberg in understanding to shared investment by all parties in the V/MA networks. 

Trust outside of Payments?

A primary question for any long-term V/MA investor is: can trust and “contracts” be managed separately from the payment network? Systematically speaking, it has only been large marketplaces (Taobao/Alipay, Amazon, eBay, ..), Social (WeChat, ) and 3 party networks (Amex, PayPal) that have been successful in creating scaled networks of retail participants (to manage trust). In these environments, the contractual landscape is GREATLY simplified, as the “hub” owns the agreements and “dictates” terms throughout its supplier network. 

An obvious question is why can’t an agreement operate that is separate from the financial network (covered in my DAO blog). While DAO’s provide the metaphor for managing multiparty transaction “contracts”, the thought of managing a separate contract for every transaction I make is the definition of idiocy. Today, I can’t even remember what End User License Agreements (EULA) I have accepted or the terms of even one of them. 

Side note, Retail Banks and Credit Bureaus have contemplated filing this role in a new structure (consumer data bureau) that would act on the consumer’s behalf to manage consumer data, EULAs and other “contracts” across all consumer interactions. See blog Consumer Data Bureau

From a retail perspective, the trust question also brings into scope the role of a retailer. For example, no one in the payment flow has knowledge of the item purchased. If “trust” is the key, then in many cases, it is the trust in the authenticity, quality, condition and operation of the item (with the OEM/CPG). Side note – focus of Accept Payments – Beta Stage. 

For example, leading manufacturers like Rolex are embedding card quality chips (see Digiseq) combined with DLT ledgers to ensure the authenticity of their merchandise. When buying a rolex you will have both the immutable NFT and the physical good. This chain of custody awareness of product origin and flows can be extended into other consumer goods (from Autos, electronics and fresh produce). In this model, the “contract” for items purchased is with the creator of the item. 

Similarly, large retailers like Amazon or Walmart have consumer protections (ex 30 day free returns) that surpass what payment networks provide. As such, they are agnostic to payment and care much more about supporting the method that consumers prefer (CX and conversion rate – see blog). 

Side note – Large retailers want cards to win (in US). This is one of my big learnings from last year. Top 10 retailers have negotiated substantial discounts form V/MA (~35-50bps) and operate at a cost superiority to their competitors. Free payments is a threat to their competitive differentiation as it levels the playing field equally for all their competitors. 

Wallets in Trust

Asia is the #1 payment growth area representing over 50% of the global payments profit pool  and is in the midst of a banking transformation (see Part 5 Future of Retail Banking). Asia is also a “wallet world”. Every payment investor should find a way to rebalance their portfolio to take part in this growth. 

Outside of China Wallets, the wallet environment is akin to “a thousand flowers blooming” (see Mckinsey report). There are several strategic imperatives driving change this year

  1. Central Banks quest to replicate India’s UPI success
  2. Russia Sanction Effect – Insulate payment systems from US/EU actions
  3. Bring wallet balances into the banking system (bank liquidity)
  4. Improve access to financial services 

Amidst the change, wallet providers are struggling as central banks force domestic interoperability and domiciliation of wallet balance, both of which defeat the core “walled garden” models in which they operate a closed network. Thus wallets must either focus on a merchant value proposition, or consumer. Note this is NOT a super app (blog). The consumer value proposition is particularly difficult given Google’s Asia success.  Google related to me that “we lose money on every payment transaction we do in Asia … our goal is to improve the consumer experience and reduce friction in commerce”. 

The “heavy” guidance by Asia’s central banks, combined with mandated domestic interoperability also opens the door for Google and bank wallets to play at parity (universal acceptance). Additionally, Asian central banks are working to enable 0 cost cross border interoperability (see Singapore-India and Google Pay Singapore). This spells immediate near term problems for every remittance service provider. 

What services can wallets provide within a “trust network”? I don’t want to write a dissertation here, so I’ll keep this brief

  1. Identity 
  2. Attestation of Identity  
  3. Consumer permissions
  4. Secure storage of credentials and tokens (ie SE/Secure Enclave)
  5. Storage of Contracts and NFTs
  6. Instruments/Bank Connections
  7. Counterparty Verification/Reputation
  8. Merchandise Verification (ex NFTs)
  9. Alerts/Nofifications
  10. Token issuance and authorization
  11. Crypto Keys/Defi/Web 3
  12. Offline P2P – Exchange of value outside of networks
  13. ?? 

Wallets are the Key to Alternative Networks 

Everything revolves around a consumer and it begins with identity. Identity and the contexts in which it is used are the foundation of trust. The nuances of our languages, communication and cost of credit are all based upon the level of trust. Logically mobile is the device best suited to manage trust in the virtual and physical world. Within the device, the wallet metaphor is best suited for managing how a consumer interacts with these external parties. 

Trust typically involves either financial or regulatory risk. For wallets, it is better to be the conveyor or trust than it is to be the authority. Note avoidance is particularly important in the crypto/DLT space as there is a substantial need for credential management within a hardware wallet. Thus wallets should seek to reduce their financial/reputation risks and simplify their regulatory obligations by allowing banks and the ends of the network to define their trust (ie assertions). 

Across industries, many parallel efforts are attempting to guide the structure, protocols, exchange, and assertions associated with identity. For example

  1. Payments – AVS, CVV, tokenization, binding/provisioning, 3DS, payee confirmation (UK),
  2. Crypto/DeFi – DAOs, Authentication Provider, Oracle,
  3. Web 3.0/Metaverse – Decentralized Identifiers (DIDs), Verifiable Credentials (VCs)
  4. Government – Adhar, EDL, ePassports, eID (EU)
  5. Healthcare (NIST-800-63-3, RFC 3647, OIDC, UDAP, …etc)
  6. Authentication (FIDO, eIDAS2-EU, EU Digital ID Wallet, OAUTH2, …etc)

These are not separate silos, but rather overlapping ecosystems that must interact, thus the importance of enabling consumers to manage how they interact within these domains, as well as bridging identity across networks/domains (ex Banking to Healthcare see Blog – Trust is domain specific).

The wallet is the ONLY prospect for managing these functions. Given the list above, its hard not to laugh at organic bank attempts to create a mobile wallet, a battle they didn’t show up to in 1998 with PayPal. 

Message to Banks.. Start treating Apple and Google like valued strategic partners, and begin to act on their priorities.. 

Understanding API Business Models

I’m sure most of you are wondering why adding “APIs” to a wallet blog. Many of the consumer-facing challenges with API business models listed in first section are solved by wallets. For example, PSPs in the UK suffer from the ability to risk both sender and receiver of payments, as well as verify the goods associated with the transaction. 

The counterparty “agreement” also requires a verified identity and explicit consent. Payments become infrastructure commodity networks, and the “value” is at the ends of the network. That means wallet for consumers and acquiring for merchants. 

I will expand on this theme in a future blog.

Personal Story Data and Contracts – 

My ATS team at Oracle were the architects behind “integration” (now Oracle Fusion). While we would have loved every oracle application client to only use our service, we had to operate (and sell) in a heterogeneous environment (ex SAP Supply Chain, Seibel CRM and Oracle Financials). There are 2 rules of integration. #1 Getting data out is easy (just like screen scraping), #2 getting data in requires application of all business logic of the system. 

Beyond the complexity within a client, networked businesses (ie supply chain, payments) each have different systems. Even when there are well defined and supported APIs, there must be clear incentives for participation. For example I met with a CISCO supplier that wasn’t providing real time WIP information to the system they said “this is NOT a technical issues, there is no way I’m sending Cisco an automated feed of WIP. If they don’t like my number they will immediately shift production to another supplier. They are not aware of the overtime and reallocation that I can manage”. My contract specifies the terms for non-performance, providing this data will allow them to shift demand outside of the contract.

One thought on “Wallets, APIs and Trust

  1. hi Tom – regarding this comment, “Payments become infrastructure commodity networks, and the “value” is at the ends of the network. That means wallet for consumers and acquiring for merchants.
    I will expand on this theme in a future blog.”

    was this ever addressed / posted? Appreciate it if you can link it here. thank you

    Reply

Please Login to Comment.