Paze Update – 4 Elements of the PAZE Wallet (70% confidence)

Posted on by

© Starpoint LLP, 2022. No part of this site, blog.starpointllp.com, may be reproduced in whole or in part in any manner without the permission of the copyright owner.

Free blog – no subscription required.

Over the last 5 yrs I’ve written 9 blogs on PAZE/SRC, and over 20 on the TCH’s 13 yr effort to own mobile payments. Today is my update and latest best guess at what they are building. This is a 70% confidence guess based upon my discussions with Merchants, Early Warning alumni, former bank execs, and previous releases (ex Authentify). 

Previous PAZE/SRC blogs

  1. SRC and W3C – April 2018
  2. TCH Tokens and Real Time Payments – Feb 2020
  3. Authentify – Bank ID Service – April 2022
  4. Role of Identity and Trust in eCom – April 2022
  5. TCH Phase 1 – eCom Wallet – Sept 2022
  6. Merchants Tokenize – eCom Wallet Challenges – Oct 2022
  7. SRC Focus – Airlines Nov 2022
  8. PAZE – SRC Why Now and What is the Opportunity – Feb 2023
  9. Identity Driving Payments – April 2023
  10. Payment Authorization: Under the Hood – Mar 2023

Recap

  1. Top 7 US banks have been working to own mobile payments since 2010. There have been many iterations, but today PAZE is the result.
  2. PAZE is a ‘white label” form of the EMVCo and W3C SRC standard. It is dependent on both 3DS and w3C payment request/secure payment confirmation. 
  3. In the US, only Amex and Mastercard provide for liability shift of tokenized transactions, thus 3DS is not operable in the US market and has poor bank support in ROW with over 50% of merchants seeking opt-out as they alone have the tools to risk a transaction (see blog).
  4. Liability shift is a key driver of network tokenization, although both V and MA have a 10bps penalty on non tokenized transaction, large merchant terms provide them with exceptions. For merchants that do use network tokens, they also hold the PAN within processor tokenized schemes to provide alternative for authorization. 
  5. Prior to the 2023 launch of PAZE, early warning’s first wallet launch attempt was and identity wallet based upon Authentify. Think of this as a “form fill” of identity information for an application, or with a merchant. This was a failure, but capability still exists.
  6. US Banks presented key merchants an early preview of PAZE last October at Money 2020 (blog), and again at the MRC in April of this year (blog).  There is no plan for liability shift (Visa), but there is a mandate for network tokenization. Merchant experience with tokenization is that it does drive some improvement in authorization for some issuers (like COF and JPM) but it is a disaster from a customer support perspective. See blog on how merchants manage PARs and DPANs. Thus there is a significant overhead cost for merchant adoption of DPAN tokens with a potential improvement in authorization rates (not proven). 
  7. Large merchants drive over 80% of all eCom transaction volume. There are none interested in the PAZE value proposition. That reduces PAZE TAM to small merchants (ie Other below – Shopify and Stripe customers) and specialized vertices like airlines (see blog).  In the US (about $1T in eCom sales), the leading eCommerce wallets are
    1. Amazon – $397B – 39%
    2. PayPal – $360B – 36%
    3. Google Chrome – $180B – 18% (some overlap here ex WMT)
    4. Walmart – $47B – 5%
    5. Apple Pay – 0,8% (eCom – requires safari, recurring much higher)
    6. Other – 2%  (TAM of PAZE)
  8. Banks seek to develop new payment instruments (ie bank BNPL), new networks (ex RTP) and a core footprint on the mobile phone (see What is the Opportunity). Generically they believe there are “too many mouths to feed” in the current payment network scheme and would love to cut out both networks and processors. Given that POS payments requires and acceptance device and significant change in consumer behavior, eCommerce is the logical place to start. Unfortunately, eCommerce is a rather concentrated sector, with all of the value, data, and tools centered around the merchant, as they are the group that has had to manage payments (see blog). 

Paze Value Proposition

Based on the themes above, and my recent discussion, I believe there are 5 key elements of “TCH” bank wallet strategy.

  1. Own mobile payment (and stop Apple from making progress in eCom)
  2. Own consumer identity and how it is used in payment
  3. Own consumer identity and how it is stored with merchant
  4. Convert card flows off network where possible (ex recurring payments – think Netflix)
  5. Keep control points away from networks and within bank owned entities
    1. Prevent V/MA from taking a role in Merchant-Bank data interchange
    2. Prevent V/MA from taking a role in consumer identity and authorization (ie 3DS)
    3. Prevent V/MA from controlling tokenization

PAZE Go-to-Market (my 70% confidence guess)

In order to estimate what PAZE will deliver, against this value proposition, we need to review the core features of a generic eCommerce “wallet”.

  1. Consumer Identity/Biometrics for Authentication
    1. Secure Device/Hardware Storage
  2. Consumer registration/authentication at merchant (ex log in with Google)
  3. Consumer Payment instrument management (valid PANs, balances, …etc)
  4. Payment instrument presentment by consumer to merchant
    1. Merchant Authorization request to Issuing Bank (ie 3DS and ACS) 
  5. Consumer Authorization (Card out of band, RfP, Zelle, …etc)
  6. Consumer disputes, rebates and returns
  7. Consumer rewards (issuer)
  8. Consumer rewards merchant
  9. ??

4 Key Elements of the PAZE WALLET

Delivering against the core wallet features above, I see PAZE 2023 GTM consisting of 4 key elements

  1. SRC – Payment instrument registration and wallet activation within online banking
  2. Network Tokens with improved authorization (as outlined in Money 2020 blog). Mastercard banks have already built custom ACS servers. I suspect Visa banks will do the same as part of PAZE 
  3. Retailer “auto enroll” (powered by Authentify) with retailer authentication (ie tires.com) provided by PAZE in a bank version of OpenID. Where Google, FB, MSFT and others collaborate in Open ID.. I believe the banks want to take that role.  Banks seek to control of the dissemination of consumer identity AND the payment credential. This is their mechanism. Google does this today
  4. Mobile authorization capable of supporting both card and non card transactions (ex TCH RfP). Much the same way PSD2 works in europe with the bank app creating a notification “did you authorize this transaction”. Note authorization takes both processor and gateway participation. JPM’s Merchant Services (ie Paymentech) and partnerships with Square, Shopify, …etc provide this.
  5. Focus
    1. SMBs thru key partnerships (ie Shopify, Stripe, …etc)
    2. specialty retail/travel (low recurring purchases)
    3. Recurring payments (first target of RTP schemes, take away from V/MA)

Retailer Reaction?

My first hand conversation with large retailers is that there is little hope for US banks efforts. Tokenization makes sense but only if there is no cost or shortcoming in required detokenization AND there is a guaranteed improvement in authorization rates. Without these elements, retailers will retain control over tokenization and fraud. 

Perhaps Paze’s 7 owning banks are planning to delay the liability shift (Visa) until the time where integrated authentication (FIDO/OpenID) is ready for rollout. In other words, once banks own both tokens and the authentication process to a merchant they will be taking liability. This is the only thing that makes sense. Liabilty shift is the obvious carrot that should be in the current merchant pitch. Its either a delay for a new capability (auth) or its a delay because all issuers are not yet ready to take it on (ACS/3DS). 

Broadly I see a myopic approach to market. While I understand what the banks want to do (control), best practice in creating a new product centers around solving a problem with one customer. Control is not a value proposition PAZE solves no problems, has no proven value, requires a change to consumer behavior and competes with Google and Apple.

Retailer reactions are below, I’ll be speaking at the MRC’s September event in Santa Clara in September where I will get a refreshed view. 

  1. What does my processor think?  Retailers’ most trusted partner in payments is their processor. They love them. Processors look at this overall solution and ask 1) why aren’t networks involved? 2) Who is accountable to make this work and audit compliance issues? 3) Why do the owners of this scheme want to cut me out (as a mouth to feed). 
  2. “Why would I want to partner with banks? I can’t get them to respond to returns.. They just throw shit over the wall and expect me to clean it up.. And they want MORE control? You have got to be kidding!”
  3. Banks abdicated the eCom space 25 yrs ago, why are they coming back now?  What can I turn off by doing this? What costs will I save? A: nothing.. Its just another added cost to me from a new group I’ve never worked with before. 
  4. “Visa and Mastercard are the ‘Devil’ I know, who runs this?” Talk about own owns the rules, compliance, response, standards, specs process, …etc. Why don’t banks trust V/MA to run this? They must have a grander plan they aren’t telling us about.
  5. Small and Mid tier retailers are interested in anything that will improve authorization rates. For Auth rates to improve Issuers must make substantial investments in their ACS servers. To my knowledge only JPM and COF have done so in US.  Thus PAZE could get started on the wrong foot as tokenized transactions are sent with enhanced 3DS DDC payloads to Issuers with no ability to process (see blog). 
  6. ‘Open ID’ like authorization and autofill is a new service from banks and a massive change in consumer behavior. Google autofill works fine, can banks compete here? Do consumers want to manage identity with Google, Apple, Facebook AND THEIR BANK? Retailers have a low degree of trust with Issuers. Their experience points to banks creating fees for all services. If consumer jump to a autofill and bank Open ID auth will banks seek to control or price it in anyway? Can they impair consumer access? Doesn’t Google do this already? This seems 10 yrs too late. We also have the data point of last year’s Authentify wallet launch (a complete failure).
  7. Mobile authorization.   This make sense, but credential management makes most sense where there is hardware storage of biometric data and access to secure storage (ie secure enclave). It would seem Banks require both Google and Apple’s support to make this work.
  8. Consumer experience will it improve? 
  9. Testing.. It must improve the marketing funnel (blog). How will it be measured? 
  10. What will it cost? Processor, Online Store, Customer Support, Transaction Routing, Reporting?
  11. What consumers are using it today (and what does it replace)?  There are no users
  12. Does it increase costs (ex credit vs debit)
  13. “Visa and Mastercard are the ‘Devil’ I know, who runs this?” Talk about rules, compliance, response, supporting vendors
  14. Does it impair my transaction routing? (ex Durbin/Debit)
  15. Can I turn it off without customer impact?
  16. Why would my customers do this vs Apple Pay?

Clearly a heavy lift for 2% of US eCom

Wrap up

US banks will be challenged to set up either the front end (wallet) or the back end (3DS/ACS auth) without networks (V/MA). The idea that there are “too many mouths to feed” ignores the value that every existing participant created, and the relationships they have built to…

Just noticed that my Wells Fargo EULA/Online Access Agreement was changed for PAZE. Quite surprised at the data exchange in 10b. Not sure I want a new third party obtaining

  • SSN/DOB, ….
  • Device information
  • Centralizing all insights on all my eCom purchases. V/MA don’t do this… 

 

Please Login to Comment.