Samsung Pay Launches Today: LoopPay + NFC + Tokens

1 Mar 2015

———–Update 8pm

It seems that in the US, Samsung plans to create and certify a new software secure element within the ARM Trustzone architecture that precludes the need for SE Keys, avoids US MNO SE Key Ownership issues (that can’t make MNOs happy).

In other countries (China, EU, …) Samsung’s architecture would leverage the traditional NFC approach within the NXP SE (and traditional TSM).

This is a great technical approach, but is doesn’t appear that Samsung has bothered to sell US MNOs on the concept (of going around them). Anything US MNOs subsidize they must approve..  Which means no pre-installation, particularly given the new Google relationship outlined below.

—————-

Brilliant tech and security.. killed in the US by recent Softcard deal

Samsung has just launched its LoopPay plus NFC (plus tokens) with support of top 5 US banks, MA, Visa, Amex, FD. What is it? a mobile payment wallet that works at the POS within Samsung’s new S6. The “new” part is hardware based upon their recent LoopPay acquisition (Samsung calls MST ?Magnetic Secure Transmission?). What does this Loop stuff do? It enables your phone to talk to any payment terminal that accepts a swipe by “emulating” the magnetic field generated as your plastic card’s magnetic stripe goes across the payment terminals’ reader (ie head). This is SUPER cool stuff.. and addresses the key problem impacting ApplePay today: merchant acceptance. In other words a LoopPay enabled phone payment can be accepted anywhere a card swipe is accepted (mag stripe).

Operationally the new payment wallet will combine Loop’s mag stripe emulation plus traditional NFC to work with terminals in either a “swipe” or “tap” mode. If a terminal accepts NFC SamsungPay will detect it and use the more secure NFC, if not it will emulate the magstripe. Technically Samsung has done a super job creating a “secure enclave” equivalent within the ARM TrustZone (and NXP’s PN66T.. having dumped Samsung’s Snapdragon). Samsung may have achieved a coup over  Apple in this new architecture (approval for storing card encryption keys within a new software secure element which will be certified as EMV compliant). This means Samsung doesn’t require the SE keys (in the US) and can also ride on the existing token rails that were created by ApplePay, thereby leveraging the same provisioning process for enabling cards that the networks created in ApplePay. Interestingly neither Samsung nor Google have been able to get the 15bps that Apple got.. showing that banks have learned lessons and that the ApplePay late followers (Samsung)  are now in a weaker position.

The “bad news” is that SamsungPay software is VERY VERY far behind (think Aug/Sept best case), and even if it were ready today it will never be be pre-loaded on ANY phone in the US (given the recent Google/Softcard deal with all 3 major US MNOs). The Google/Softcard deal hit Samsung HARD.. a complete surprise. What does this mean? Complete chaos. SamsungPay Loop requires specialized hardware (MST in S6 Only),  This means that SamsungPay will not work with any existing US handsets (all the SE keys went to Google and old phones don’t have the new ARM TEE with Software SE), applekorea-nov2014-counterpoint

Why would Samsung make this kind of “marketing announcement” without an operational wallet, carrier support and big US holes? Guess is they are feeling the pressure from Apple. The new iPhone is even grabbing over 33% marketshare even in Samsung’s home market (see Reuters article). There are MANY pieces necessary to make a wallet launch work: hardware, new loop acquisition, tokens, certification, bank support, it looks like they have those taken care of.. what is missing? MNO support, SW SE certification and a production ready software wallet.

While I’m rather negative on the prospects for Samsung in the US, I’m very enthused about Samsung’s prospects outside the US by leveraging a traditional NFC architecture plus tokens. As I discussed in Secure Element, NFC, HCE, EMV, Tokens and Cards, tokens plus mobile enabled identity (token assurance information) have enabled software to displace specialize hardware. In this case, a tokenized LoopPay is pure genius.. taking a basic device the tricks the card head into accepting information.. into a card transaction much more secure. I’m not going into the fraud prevention measures, but rest assured “replay attacks” will not be possible.

The purported “mobile acceptance gap” that Samsung’s wallet WOULD address is primarily in the US and due to a lack of merchant terminals that accept NFC. LoopPay addresses this gap through emulating the mag stripe swipe.. The US is where mag stripe swipe remains predominant, and only in a very short term “interim” period before EMV becomes mandatory in October of this year. Thus the market where mag stripe emulation would deliver the most value is the US, yet it is only so for the near term (EMV rollout), with a much delayed software release (September) in an inaccessible MNO environment (per Google/MNO reasons above).

Summary

  • SamsungPay is LoopPay plus NFC plus tokens. There won’t be anything to even trial until late summer, it is a marketing launch only (S6 contains the necessary HW)
  • Google/Softcard/US MNO deal has completely killed hopes for SamsungPay in the US, as MNOs CAN NOT pre-install on any Android phone (including S6).
  • Samsung’s hardware is very innovative, leveraging Arm’s TrustZone to store the EMV keys in a new software secure element within ARM’s TEE. I’d be surprised that the networks have already certified this.
  • Visa/MA and Amex will leverage their existing token infrastructure (from ApplePay).
  • LoopPay is super cool and tokens make is super secure.
  • Banks will be able to provision cards to SamsungPay just the same as the do with ApplePay today. Some banks may want to consider the incremental risks associated with the LoopPay card emulation. It looks like the controls are there, but it is not a card presentment mechanism that many have experience with.
  • Perhaps my biggest news here is something that wasn’t announced. My understanding was that Paypal was part of the launch. Perhaps they want to get a little momentum before pissing off all the banks.
  • My biggest unknowns: software live date, bank rev share, TEE certification for holding card keys (Tier 1 TSP), Paypal, HCE in the US (to by pass the Google’s SE key ownership), how will consumer install on top of (next to) GW and why would they want to?

 

 

 

Structural Changes in Payments

2 January 2015

Today’s blog is focused on discussing the structural changes influencing consumer retail payments in the US. For those interested in looking at a broader global view of all payments, I highly recommend reading the Cap Gemini World Payments Report (https://www.worldpaymentsreport.com/) .

Payment Value - highlighted

Payments have been a focus of mine for 20 or so years… it is perhaps the MOST interesting of all network businesses. Payment is a critical part of commerce and a product of it. It is the event in which almost every commercial contract is based upon. Payments can be simple (cash), complex (bitcoin), and political (interchange, rules). Payment efficacy, reliability and data are important to: consumers, merchants, banks, governments and economies.

Globally, electronic payments are still in their infancy, which makes investing in it so much more exciting. For example, over 90% of the global electronic transactions occur in the top 10 markets (representing less than 10% of the world’s population).  This would seem to point to a future where electronic payments (and the banking/commerce they represent) are poised to grow geometrically as the number of nodes grow. There is a chicken and egg argument here.. are payments the result of strong economic environments or are they the enabler? Perhaps a bit of both, but finding markets where they are growing (ie Brazil, Peru, Philippines, Kenya, … ) are worth exploring (Democratizing Access to Capital – see blog).

Not only are payments poised for exciting growth, there are also tremendous forces driving change within existing systems and networks. Investors must consider these structural changes impacting existing players across the entire value chain.

In its simplest form, payments are a brokering business which manages value exchange between two entities engaged in commerce. Logically, a broker must be removed from the transaction to maintain the trust of both parties, and deliver value through managing the financial risk associated with the transaction. My view is that Card issuing banks, have lost the neutrality of their “brokering” role by creating a card rewards system that incents card use (paid by the merchant). However, this ideal “neutral” world is NOT the nirvana that we should seek, as no one would invest and we would be stuck with cash (and SEPA in the EU .. see blog).

Complexity in payments is driven by the quest for control and margin of the various participants, not by necessity. This is what makes understanding payments so hard…. most of the changes are not logical, but political. The friction (inefficiencies and illogical design) in payments is what makes them work. As I’ve stated before, no engineer would design a payment system to operate the way we do today (see Push Payments). Thus there is beauty in this chaos! The V/MA model created incentives for 1000s of banks to invest in payments, and I doubt if we will ever see any other companies that could repeat this feat (thus my V/MA personal investments).

What changes are likely to impact the world’s oldest profession in the next 10 years? My list (in order of impact)

  1. Risk and Identity
  2. Data/Commerce Value
  3. Consumer Behavior/Trust/Acceptance
  4. Issuance/Customer Acquisition/HCE
  5. Regulatory/Rates/Rules (Fees)
  6. Mobile/Payment in the OS

#1 Risk and Identity: Authentication and Authorization

How would you authenticate someone’s identity? Best practice is to validate a combination of what you are (biometric, image, DNA), with something you have (mobile, token, OTP FOB, …) and something you know (shared secret). Apple’s new iPhone 6 is the first major consumer device that can manage all 3 securely. It is truly revolutionary.  The ability to authenticate a consumer eliminates fraud risk, and thus impacts both Account Opening and Transaction Authorization.  Both of these services in turn impact the “core” banking relationship (see Future of Retail Banking).. How do consumers choose a bank? A credit card? What is the value proposition?PIN Fraud Rate 2013 Value

Before there is payment there must be an account in which to pay from. The key to opening an account is identity (Regulatory KYC or Know Your Customer). Account Opening has been automated (and online) for over 10 years. In 2004, my team at Wachovia was the first in the world to introduce instant account opening (online) for deposit accounts (Credit Cards were just 2 years ahead of us..). 10 years ago I used products like Equifax accountChex or EWS AOA (Validating questions based on prior financial history and credit bureau data), today could I use Apple!?

Identity and authentication is changing rapidly, and if the first two paragraphs were not already enough to ponder on this topic, we must mention Bitcoin. As opposed to authenticating the person to give access to funds and services, bitcoin authenticates itself enabling the holder to be anonymous. It is a self authenticating instrument.. imagine a dollar bill that can tell you it is genuine with 100% accuracy.  Self authenticating instruments exist independently of the holder and are a store of value (ie, Gold, Bitcoin, …etc). Normally there was physical presence required to exchange self authenticating instruments (exchanging gold), bitcoin changed all of that. A virtual self authenticating instrument that can be exchanged remotely and cannot be tracked (easily). Whereas payments are instructions move money (value) from one bank (store of value) to another, a bitcoin exchange is value exchange (not instructions). bitcoinhow-100032615-orig

The power of bitcoin to disrupt payments, companies, government, economies, .. cannot be understated.  How could any central bank manage money supply in this model? How can you tax something that cannot be tracked? The growth challenge for bitcoin is in “connecting” to other payment networks and regulated entities (ie cash out).  Unfortunately the entities which benefit the most from bitcoin are those that seek anonymity… which of course impacts the willingness of mainstream (regulated) institutions to accept it.

Fraud and Risk

As you can see from picture above “risk” in payments has several components: credit risk, settlement risk, fraud risk, regulatory/AML risk, … etc. Fraud risk is the area in the most flux, both WHO owns the risk and HOW it is managed. In the US Card Not Present transactions follow the pattern of ACH and Checks in that the originator of the transaction bears the risk of loss. In a retail transaction, that is the merchant. applepayinapps

Risk and fraud management were historically the key areas where banks excelled and differentiated (big banks have multi billion dollar investments), but the merchants and platforms have now passed banks in their ability to manage it. This mobile authentication advancement had rendered the multi billion dollar bank risk investments moot (for mobile initiated payments).  Proof is in the picture above (see Federal Reserve 2013 Payment Study), all fraud has fallen tremendously! Both for Card Present, Card Not Present and even for Checks. Why? As the former EVP of a Kleiner Perkins backed Fraud Prevention company I’m not going to give you all the details, but suffice to say that identity plays a key role. Paypal, Amazon, Google, Apple all have fraud rates under 8bps, some have the around 3bps.  These numbers will get better for Apple and Google as mcommerce starts to take an ever larger share of eCommerce (see my previous blog) and they bake in biometrics into mobile payments.

A key point that investors must understand here is that the large CNP merchants have gotten so good at managing fraud, that they could care less about a liability shift. What they want is a rate reduction (risk based pricing).  After all, if you could manage fraud at a rate of 3-8bps.. what work is the bank doing to justify taking 240 for payments? The Paypal investors read this and say “ahh.. Apple and Google want to become Paypal”.. No they don’t! while Apple/Google COULD assume all the functions of Paypal, their role as commerce orchestrators is of FAR greater value. In this role you must not force a consumer to a merchant, a good, or a payment instrument. “Let the consumer decide” is the common mantra across the Google, Apple, Amazon.

The investor impact is complex. Large merchants have proven ability to manage fraud and risk, and want the consumer to choose the payment instrument of their choice. Banks ability to differentiate in managing risk is greatly reduced, and the cost of issuance/acquisition is dropping to 0. Banks have proven incompetent at creating a Visa/MA replacement. What are the levers in negotiation? How will merchants negotiate a lower rate?

The path in Europe, Australia and the US (Durbin/Debit) has been driven by regulation. No one likes having regulators define the rules, but my investment hypothesis is that there will be a very large TILT of Visa/MA toward the merchant. This will address the both regulatory pressure, and open up new revenue streams surrounding data (below). This tilt means moving rates in the direction that retailers want, creating new rate tiers where risk and identity can be managed by the merchant/platform. Remember Apple is getting 25 bps for their service, the next logical move would be make this same “discount” available to anyone that can drive down risk. Personal-Data-Ecosystem-Diagram-from-FTC-Roundtable

From an identity perspective, Google and Apple have authentication as the CORE feature of their mobile platforms.. it is key to everything they do in mobile. See my blogs on Brokering Identity Authentication in Value Nets, and Authentication – Key Battle for Monetizing Mobile for more here.

#2 Data and Commerce Value

The comments below are largely taken from my blog Banks, Non-Banks and Commerce Networks. As a side note, this is the focus of my new Company: CommerceSignals. We are working with the Fortune 50 to serve as the neutral broker, one layer above the network, supporting companies working together offline and in mobile.

Today, every issuer and card network is chasing after American Express and Alliance Data Systems. Both ADS and Amex have made SUBSTANTIAL progress in working with merchants to deliver new value to consumers. AMEX and ADS have the benefit of working in a 3 party model where they own both the merchant and the consumer relationship.  As I’ve stated before, I believe these 2 companies are 3-5 years ahead of everyone else. Is this data stuff delivering any revenue? Market Size AdvertisingFor ADS the answer is a resounding yes, for Amex the benefits seem to be less direct and more on customer loyalty/spend/engagement. See my blog on Amex Innovation Leader for more details.

Think about the battle in connecting networks, as each of us have limited resources we can connect only to a finite set of “hubs” (unless there is some larger orchestrator). Examples are Wikipedia and Google… these serve as the directories of information. It is almost IMPOSSIBLE to displace an efficient hub. This is why I love Visa, MA and Amex. If they can shake the issuer “tilt”.. and add a few merchant friendly services, they could leverage their networks in many new ways. The revenue opportunity? Payments in the US is roughly a $200B business (issuers, acquires, processors, networks), whereas marketing is $750B (in US).Infographic_Showrooming-lg

Payments work well, but so did the Sony Walkman. The bets that Google, Apple, Amazon, Facebook and others are making is on value orchestration. Does this involve payment? Not really.. at least not as a primary focus.. Payment is there.. but orchestration is about commerce; payment is just one of many important processes (See blog Payment in the OS).  Don’t look at payments as something in isolation, payments are the “connections” made in commerce; they are made for a purpose. Visa and MA also have the potential to expand their “traditional network”, but this must involve a separate agreement with separate rules.

Payments = Network

Here is my network view. Payments are the connections of the GDP. If we were to map payment flows, we would unlock a map of the global GDP at the micro level, from employment to shopping, behavior and preferences, to demand and supply. Free information flow on the internet is enabled through openness and a single primary protocol, whereas payments operate within 100s of proprietary networks with a complex series of clusters and “switches” (there is effort in connecting, authenticating and managing risk). Just as it would be nearly impossible to change the protocol for the internet, it would be difficult to bring fundamental change in payments (see Rewiring commerce).  Now think about the value of payment data. Connecting business is much different than connecting information (the core of CommerceSignals.. but I digress).

From a network strategy perspective, the business opportunity of changing “payments” pales in comparison to the opportunity to influence connections in commerce, banking and manufacturing. Payments support business and consumer needs; they do not alter their path. This insight is the downfall of bank payment strategies around “control”, and their inability to “tilt” toward merchant friendly value propositions.

A top 5 retailer provided my favorite commerce quote

“I think of Commerce as a highway, the payment networks are like a toll bridge. I don’t mind paying them $0.25 to cross the bridge, but they want to see what is in my truck and take 2-3% of what is inside. Hence I’m looking for another bridge… “

ADS, Amex, Google, Amazon, Facebook, Alibaba, V, MA all understand this. Rather than charging toll for crossing their bridge, these networks are beginning to execute against plans to grow the size of the goods in the merchant’s truck.

Existing networks have an existing value proposition, and many don’t like to have their services leveraged by competitors, thus there is a much more highly “regulated” flow of information. Intelligent use of data increases the effectiveness of networks in a way that also benefits consumers. Tilting more toward merchants and consumers.. means tilting away from banks. This is VERY hard for a bank to initiate. It is a change worth making however, as assisting merchants (or consumers) is what brokering is about. My firm belief is that both V and MA have the opportunity to grow Revenue 4x+ in the next 5-10 years. Their principal challenge is to “tilt” their models away from Banks and toward the 2 parties that matter most in commerce: Merchants and Consumers.

#3 Consumer Behavior/Trust/Acceptance

Perhaps nothing matters more in business than consumer behavior (see Consumer Behavior: Discerning and Capturing Value). In payments we learn over and over again that behavior changes slowly in 20 year cycles (Checks, Debit Cards, ATMs, Mobile). Any investor looking for payment innovation should run away unless there is some underlyibranch visitsng commerce value proposition. Payments work REALLY well its everything else that is broken (in OECD 20 countries)…. Among Payment innovators/founders there is a common saying.. you only start ONE payment company.

It is easiest to find the hotspots in payment by looking first for the changes in consumer behavior. For example, the tremendous change in how consumer’s are using their phones, as I outlined earlier this week in eCommerce/mCommerce Convergence.  The banking relationship is also changing, as customers visit branches less than 3 times per year, and the billions spent on huge buildings, huge vaults, sports sponsorships and brand names gives way to value.

Brand reputations for 2014 just came out last week (see Venture Beat), with Amazon, Apple, Google topping the list. How did these companies earn this reputation? Through consbank likabilityistent daily interaction delivering value in every interaction. Value delivery and interaction are my key metrics for assessing investment and focus; both are key measures of consumer behavior and trust. There are many strategies: whereas Google engages with the average consumer 10-50 times per day (winning in frequency and insight), Amazon has a lower interaction but a much greater impact on transaction (value delivery), Apple’s interaction is more holistic within a much more affluent base, Facebook’s is more social.

If I were to outline one KEY point to my bank friends it is this: you can’t reach consumers where you want them to be.. you must reach them where they are. This is the essence of why most bank strategies to engage are failing. Consumers choose to go to Google, Apple, Amazon because of the value and service. As the charts above show, most banks are challenged to deliver value within the core banking products they already delivery, why would any customer want to use a new service in this environment. Thus Bank’s efforts are ill suited to drive a deliver products outside of their core, and outside of existing consumer behavior, banks play a role in SUPPORTING commerce.. not leading it (see Card Linked Offers).Measure Data

Apple is the greatest company in the world in delivering value, experience and changing consumer behavior (see blog Apple and Physical Commerce, and Consumer Behavior). Apple’s reputation is well deserved and earned “the hard way” by remaking: phones, music, mice, computers, apps, …etc.  Through consistent delivery of value within fantastic hardware delivering great (and fun) consumer experiences they earned trust for their products and brand. The greatest NEW opportunity for Apple to influence consumers beyond the individual (music/contacts/calendar) and eCommerce (browser, apps) to the real world: Commerce.

Unfortunately Apple is inept at partnerships, even within its own supply chain. While apple has the talent to accomplish this, their commerce, payment and ad teams are buried within a hardware culture. They will only succeed if they are spun off into a separate division, thus my view is that there is a very low probability of Apple acting in an orchestration role across 1000s of Banks, millions of retailers and billions of consumers. If they did move, it my recommendation (and guess) is that it would be a consumer centric orchestration role as I outlined in Brokering Identity.

One technology (and behavior) I’m keeping an eye on is Beacons and mobile use in store (engagement). Qualcomm Retail Systems spun off the IP around Beacons to Gimbal with Qualcom and Apple both rumored to have 30-40% of the equity. Today Retailers are the entity best positioned to change consumer instore activity for 2 reasons: they alone know consumer product preferences, and they physically touch the consumer (trust, value, presence). See Retailers as Publishers , and Apple iBeacon Experience for more detail.greendot

#4 Issuance/Customer Acquisition/HCE

Now this is a mixed bag of topics. What is fundamentally changing in card issuance? Most of you know I ran remote channels at both Citi (06-07) and Wachovia (02-06). Today, most new customer bank accounts are originated online as branch visits go down and direct mail (the old way) even directs the consumer to this “instant” channel.

Historically I had to spend about $150 in marketing for every new card customer, and around $80 for every new deposit customer. Banks still incur roughly these same costs, but prepaid cards have an acquiring cost of less than a tenth of this cost (See Future of Retail Banking: Prepaid). In this pre-paid model banking products sit on a shelf in a retailer and compete for customers just like shampoo and candy bars.

I would challenge all card participants to think about the credit card product… what delivers value? what about it is unique? how do consumers view it? how is it part of a great consumer experience? When you leave Disney World do you think wow.. buying the ticket with my card was just fantastic? How are new customers acquired? Who benefits when cost of issuance is $0? Is charging the average consumer 12-16% on a card, paying them 0.2% on their savings charging merchant 2% a great model?  Do you think that there is room for improvement? Where do retailers win (ADS, Private Label, Co-Brand, )?

What prohibits you from having 20 retailer cards in your wallet today? Bank card issuers will roll their eyes, but you can not understate the influence that trusted retailers have in consumer decisions. Take this trust together with direct sales force and frequent consumer interaction and you have Private Label and industry whose cards outnumber everyone else’s by a factor of 2. As this week’s Morningstar article on Private Label shows, private label (the largest card segment) is making a tremendous comeback.Private label market share

Citi, GE (now Sychrony), ADS, HSBC are leaders in this space, with ADS advancing most in use of technology. Retailers like Nordstrom, Macy’s, Sears and Kohls are fanatical on their private label program, as their most valuable customers use this product. All new customer experience must first address this base, which you can see is one reason why we don’t see ApplePay being pushed here at all. As I described in Retail 101 (and What do Retailers want in Mobile), most retailers don’t know who their customers are today. Private label and Loyalty programs solve this problem.

Let me throw in a little tech now. I’m on the board of advisors of SimplyTapp, the company that created HCE. Instant issuance is key to everyone in the card space, why wouldn’t every retailer want to enable a private label card if card issuance cost is $0!? Credit worth customers can get store credit, sub-prime get decoupled debit (see Target Red Card) and everyone else gets a loyalty only? I believe we will see this happen, not only within MCX but within platforms like Google, with PL managers like ADS and Citi. This is the strategy focus of the top retailers… (focusing on their top customers).Private Label Profitability

My bet on the future of Google wallet is that it will be very merchant and consumer friendly, enabling them to uniquely integrate to 100s of merchant platforms to create great consumer experiences. This linking of PL, Loyalty, in store, maps, mobile, advertising is value orchestration.. but it all starts with consumer opt in. The opt in is both to merchant (private label/loyalty) and to Google. See blog Host Card Emulation for more background.  Google made the right technical move in HCE, but it dropped the ball in enabling merchants through last mile.. not a technical limitation .. an educational / awareness one.

Do I believe that the world will go private label!? No, it will be at the margins. My view of Visa and Mastercard have changed over the last 2 years. Before I was much keener on the development of a new scheme, but no more. Why? How many networks can you list where millions of participants have invested billions of dollars to make it work? Visa has 1.7B cards and 36M merchants.. how could anyone compete with this? This network works REALLY well, with the only issues with their network are in their control (merchant costs and rules).

#5 Regulatory

From a regulatory perspective, the US retail payment system has been impacted by the Durbin Amendment and the EU to an even greater extent by SEPA and PSD (see my blog).  Most of you have also read my token blogs outlining how the US banks were planning to build a new payment network to compete with V/MA (Now dead).  If someone has a info-graph picture of global acceptance rates I’ll put it in here.. but suffice to say that airline ticket pricing has NOTHING on the complexity of payment pricing.

Visa and Mastercard are largely insulated from the regulatory driven pricing changes, as the issuers continue to bare most of the impact. The EU has created a payment nightmare environment with “cross border” Credit card merchant interchange (MIF) at 30bps starting in later this week Jan 1, 2015 (see article and Visa’s response). The EU can not mandate change within country (domestic transactions), but there will be a race to the bottom in fees.

EU competition commissioner Margrethe Vestager claimed that interchange fees are a form of tax levied on retailers by banks and said that the new legislation would reduce those costs and “lead to lower prices and visibility of costs for consumers”.

Ms Vestager may be correct from a transparency perspective, but SEPA and the PSD put governments into the brokering role with no incentives for intermediaries to invest.. making payments a nearly free infrastructure service (with agreement of consumers and merchants). Network work best when there are shared incentives, and minimal regulation.  I believe Visa and Mastercard will work with new vigor to build relationships with merchants and deliver value, to head off the regulatory driven approach. Unfortunately Europe is already too far gone for this to work.

A prediction (next week’s blog) will be merchants providing greater influence in V/MA rules.

#6 Payments in the OS

My blog from this week: Payment in the OS

card-financial-compete view

Comments appreciated.

Banks/Non-Banks and Commerce Networks

Banks/Non-Banks and Commerce Networks (Why I love V/MA)

27 July 2014

This blog has been in 50% mode for 2 weeks! Obviously summer is not my productive time (I must be German). There will be a noticeable change in my blogs these next few months as I work on a newco launch. Blog will therefore focus more on concept, much less G2.  This will be a transition piece…

What is the benefit of becoming a bank? Would Paypal buy a bank? That is the rumor… I have no idea on this one.. 0% confidence.. my guess is no way. There are some great payment+bank companies (Amex, Wirecard and Alliance Data), and some great payment non-bank companies (Visa, MA, Stripe, Paypal, …etc). What are the business drivers of becoming a bank? What are the Pros/Cons?

Summary

For those without time to read below, a bank license brings on enormous compliance cost and restricts: what business you can do, how you manage consumers and their data, and what risks you can take. The upside for being a bank? You get to take risk with other people’s money. Simply put, any company contemplating a bank license must have a business plan MORE dependent on managing risk than on orchestrating commerce value.  Today there are many bank licensed “specialists” which support non-banks (TBBK, Meta, Alliance Data)… so why would you want to become one? Paypal is on the fence here, as historically they won in eCommerce because of their ability to manage risk (CNP Fraud). Do they want to grow in risk management? or in everything else?

When looking for the right regulatory structure of any company, we must assess their current network plans in the context of commerce AND banking. Not just how your network delivers value today… but rather how you deliver value in the future? Banks tend to make most of their money within their own node, whereas others in commerce are highly dependent upon other partners (manufacturers, distributors, agencies, sales, …). Electronic payment growth and network services are set to grow geometrically, yet payments are very very sticky and hard to change. This is the start up investor conundrum:  How do you make intelligent investments in payments/new networks? There are 3 basic options

1) Help others expand their networks

2) Build new networks

3) Build communities with minimal need to network outside of your environment (Facebook, Amazon, Alibaba, BANKS?…)

92% of all electronic transactions are done in the top 10 markets. (Cap Gemini’s World Payments Report is a must read). 90% of the worlds population is not connected to financial services. There is a n-squared dynamic when this takes place.

Many entrepreneurs, journalists and technologists miss THE CORE facet of Visa and Mastercard: a business platform where thousands companies invest billions of dollars. There is no way to compete technically with this business model, rather the ONLY way to “compete” is on value and services. Where Amex has the ability to deliver much broader and richer services (as they own both merchant and consumer accounts), they have a downside: no one else investing in their network (scale/adoption).

My firm belief is that both V and MA have the opportunity to grow Revenue 4-10x in the next 5-10 years. Their principal challenge is to “tilt” their models away from Banks and toward the 2 parties that matter most in commerce: Merchants and Consumers. Payments work well, but so did the Sony Walkman. The bets that Google, Apple, Amazon, Facebook and others are making is on value orchestration (in a new network). Does this involve payment? Not really.. at least not as a primary focus.. Payment is there.. but orchestration is about commerce; payment is just one of many important processes (See blog Payment in the OS).  Don’t look at payments as something in isolation, payments are the “connections” made in commerce; they are made for a purpose. These payment connections are rapidly changing from many environmental forces:

  • Internet flow of information,
  • Google enabled discovery
  • MNOs have enabled constant connectivity
  • Social has enabled reputation across activities
  • Online retail has enabled price transparency, comparison and product reputation
  • Changing of Bank roles, products and services
  • New Consumer behaviors

Payments = Network

Payments are the connections of the GDP. If we were to map payment flows, we would unlock a map of the global GDP at the micro level, from employment to shopping, behavior and preferences, to demand and supply. Perhaps this is why our government loves payment information. Oh.. the stories here.. (for another time). Free information flow on the internet is enabled through openness and a single primary protocol, whereas payments operates within 100s of proprietary networks with a complex series of clusters and “switches” (there is effort in connecting, authenticating and managing risk). Just as it would be nearly impossible to change the protocol for the internet, it would be difficult to bring abopayments pyramidut fundamental change in payments (see Rewiring commerce).  Connecting business is much different than connecting information (the core of my NewCo.. but I digress).

From a network strategy perspective, the business opportunity of changing “payments” pales in comparison to the opportunity to influence connections in commerce, banking and manufacturing. Payments support business and consumer needs; they do not alter their path. This insight is the downfall of bank payment strategies around “control”, and their inability to “tilt” toward merchant friendly value propositions.

A top 5 retailer provided my favorite commerce quote “I think of Commerce as a highway, the payment networks are like a toll bridge. I don’t mind paying them $0.25 to cross the bridge, but they want to see what is in my truck and takeUS Marketing Spend 2-3% of what is inside. Hence I’m looking for another bridge… “ (See Rewiring Commerce).  Google, Amazon, Facebook, Alibaba, Rakutan, V, MA, Amex, eBay all understand this. Rather than charging toll for crossing their bridge, these networks are beginning to execute against plans to grow the size of the goods in the merchant’s truck.

Intelligent use of data increases the effectiveness of the merchants, and in a way that also benefits consumers. Tilting more toward merchants and consumers.. means tilting away from banks. This is VERY hard for a bank to do. It is a change worth making however, as assisting merchants could meant 4x-10x of their current value creation (payments is roughly a $200B US business, marketing is $750B).

My favorite book on networks is Weak Links by Peter Csermely (viewable on Google Books here). If I had one book for you to read this is it. This book is tremendously arcane, detailed, technical, deep.. but I guarantee you that you will have a new view of commerce, banking, advertising, biology, social networks, payments, and society after reading it. In connecting to networks, each of us have limited resources. Therefore optimize our connections through finite set of “hubs” (unless there is some larger orchestrator).

Think about the battle in connecting networks, as each of us have limited resources we can connect only to a finite set of “hubs” (unless there is some larger orchestrator). Examples are Wikipedia and Google… these serve as the directories of information. It is almost IMPOSSIBLE to displace an efficient hub. This is why I love Visa, MA and Amex. If they can shake the issuer legacy.. and add a few merchant friendly services, they could drive 4x of their current value. Specifically, payments is roughly a $200B business, whereas marketing is $750B (in US).

Against this network strategy and services backdrop, there is an enormous transformation taking place in Commerce and Banking. In other words existing networks are evolving their services, as the “hubs” that they connect to (banks, retailers, manufacturers, aggregators, ..etc) undergo change within their “core”. See Remaking Retail, Future of Retail Banking: Prepaid?.

The regulatory/compliance “headache” for payment “innovators” revolve around connecting networks and engaging in non-commerce transactions. I’m not just talking about just small guys.. but BIG ones too (think Google, Apple, Amazon, Walmart, MCX, …etc).  Existing networks have an existing value proposition, and many don’t like to have their services leveraged by competitors (see Banking and Commerce: What is the Difference?, Don’t Wrap Me).

Banking Services

This leads us to Banking Services… expanding beyond commerce. This is area is very nebulous because of the complexity of regulatory authorities covering “banking” and money services. Here are just a few of the US regulators

Source – 2012 Dimon Letter to Shareholders

What are Banking Services? Anything the regulators say are banking services. I’m not joking.. this is why I put the Paypal 2002 prospectus at the top. Banks are highly regulated, and the compliance costs are extraordinary. Regulators are attacking all things payments and banking with renewed vigor. Along with compliance constraints, there are constraints on how you can use data. As an example, my online banking team in Germany had to purge the server logs of IP addresses every 30 minutes (regardless of use for fraud).   (see Banking and Commerce: What is the Difference).

So what is the upside of being a bank? It’s certainly not the regulation or the mandatory compliance courses forced on every employee. The “benefit” of being a bank is the ability to take risk with other people’s money. Unfortunately, the BIG downside to being a bank, is that data can no longer flow outside of your organization. I cannot understate this limitation.

Banks have much clearer and hence stricter obligations as regards the sharing and protection of sensitive information, commonly known as ‘bank secrecy’. This matches the generally more extensive regulation of a bank, as opposed to the regulation of an ELMI or MSB.

Acquiring a new consumer financial account is hard, even if you get the consumer to create an account with you, you must get them to fund it, or take credit risk on them. These are the problems that banks have dealt with for 100s of years.
take rate

Banks have much clearer and hence stricter obligations as regards the sharing and protection of sensitive information, commonly known as ‘bank secrecy’. This matches the generally more extensive regulation of a bank, as opposed to the regulation of an ELMI or PI. Based on the same reasoning why non-banks require less strict regulation for their business and prudential risk involved, it follows that also their activities and also access and handling of certain information and data is restricted accordingly.

Would Paypal Buy a Bank?

Again, I have no idea here, but it doesn’t seem to make much sense. Considering a bank license is like watching flies in your kitchen window: the ones on the outside want in, and the ones on the inside want out.

For long time readers, I put together a blog about 4 years ago covering this topic Payment Startup: MSB or Bank? and US Payment Regulations.  As I outlined, there are very few payment regulations covering purchase of tangible commercial goods (this is true globally). We can see the evolution from PayPal’s 2002 prospectus.

We believe the licensing requirements of the Office of the Comptroller of the Currency, the Federal Reserve Board or other federal or state agencies that regulate or monitor banks or other types of providers of electronic commerce services do not apply to us. One or more states may conclude that, under its or their statutes, we are engaged in an unauthorized banking business. In that event, we might be subject to monetary penalties and adverse publicity and might be required to cease doing business with residents of those states. A number of states have enacted legislation regulating check sellers, money transmitters or service providers to banks, and we have applied for, or are in the process of applying for, licenses under this legislation in particular jurisdictions. To date, we have obtained licenses in two states.

How does Paypal operate today?

US

  • Licensed money services business in 47 states (all states which require one)
  • Bill Me Later, and paypal working capital are structured so that loans are originated by WebBank (Utah ILC). See this 2013 note on structure/issues
  • PayPal had been a market leader in “deposit” rates, through the Paypal Money Market fund (see Link). This fund was shut down in 2011 due to treasury rates/market conditions (see link).
  • A Discover partnership has yielded little fruit at the POS. Paypal had been claiming that there was an “exclusive” nature to the network agreement, whereas DFS was clear they could work around it by providing other services. (My blog on topic)
  • Paypal has been telling investors it plans to move to the POS, both with mobile, and an experimental paypal plastic card (running on Discover). Nothing is moving here, my guess is that JambaJuice is their #1 in volume and would be surprised if that had more than $50-$100M TPV ($1.5M-$5M in Revenue).
  • MasterCard pre-paid card for PayPal “balance” spend. I love this product, it is how I get cash out of my paypal account at the ATM.
  • Wells Fargo Clears Paypal ACH volume in US.
  • Paypal as strong acquiring relationship with Chase.
  • ADS partnership (see WSJ). In 2013 Paypal and ADS created a partnership with 3 primary components: ADS credit risk management (BML), Paypal merchant acceptance, Data/analytics/marketing at POS.

Europe

Asia

  • In Australia, PayPal serves its customers through PayPal Australia Pty. Ltd., which is licensed by the Australian Securities Investment Commission as a financial product
  • Per eBay’s 10k “In markets other than the U.S., the EU, Australia, Canada, Brazil, and Russia, PayPal serves its customers through PayPal Pte. Ltd., a wholly-owned subsidiary of PayPal that is based in Singapore. PayPal Pte. Ltd. is supervised in Singapore as a holder of a stored value facility.”

I see little upside for Paypal expanding it’s EU bank model to the US, as its current network assets and future opportunity revolve more around supporting commerce than managing risk.  Paypal’s current structure and partnerships (with ADS, Discover, MA, GE, …) provide the flexibility to deliver banking/lending services. For Paypal, Bank ownership would only hinder their broader efforts to deliver value to consumer (through data). Alternatively, a bank structure does work for other companies like Wirecard. The Wirecard bank model is a tremendous fit within a network where mobile operators serve distribution channels for financial services.

With respect to the Paypal/Bank rumors, my guess is that there is an “opportunistic” assessment going on .. and that this rumor is just one of the paths they have looked at. I also have a strong feeling that Discover is looking for a “partner/acquirer” that can make use of its network while it is still somewhat relevant.  Particularly since its M&A discussions with a top 5 bank 2 years ago did not happen.

Apple iBeacon Payment Experience

14 May 2014ibeacon

Last week I outlined what was coming out in the iPhone 6 from a capability/payment perspective. Today I will cover my best guess at the user experience, a 50% confidence guess…

Beacons

First a little about Beacons: Qualcomm is the technology behind Beacons and they just spun out Qualcomm Retail Solutions last week with external investors to form Gimbal. My bet is that Apple was in the mix, as Apple’s iBeacon is the brand and handset side of what QCOM developed and owns. Apple’s iBeacon appears to be dependent upon QCOM license (see Patently Apple). You can see the similarity in Apple’s patented logo with QCOM’s logo.

info_graphic29.24.13

Think of beacons as proximity devices with context. From QCOM

Gimbal proximity beacons complement GPS by allowing devices and applications to derive their proximity to beacons at a micro-level not currently afforded by GPS technology on consumer devices. A user’s mobile app can be enabled to look for the beacon’s transmission. When it’s within physical proximity to the beacon and detects it, the app can notify the customer of location-relevant content, promotions, and offers.

Here is a fantastic blog by beekn outlining how beacons operate and the advantages of the QCOM Gimbal platform. Beacons only transmit…they do not listen. Beacons can operate in a private mode where the UUID is dynamic and resolvable only within the Gimbal cloud, be public (Static UUIDs) where any application can read them, or registered as iBeacons  (see Gimbals as iBeacons).apple bump

Apple Patents

In January, the USPTO published a new Apple patent application: Method to send payment data through various air interfaces without compromising user data (see Patently Apple). PCT/US2013/049622. US20140019367

[0002] Devices located in close proximity to each other can communicate directly using proximity technologies such as Near-Field Communications (NFC), Radio Frequency Identifier (RFID), and the like. These protocols can establish wireless communication links between devices quickly and conveniently, without, for example, performing setup and registration of the devices with a network provider. NFC can be used in electronic transactions, e.g., to securely send order and payment information for online purchases from a purchaser's mobile device to a seller's point of sale (POS) device.
[0003]Currently, payment information such as credit card data in mobile devices is sent directly from a secure element (SE) located in a device such as a mobile phone through proximity interfaces, such as near field communications (NFC), without an associated application processor (AP), such as an application program in the device, accessing the payment information. Preventing the AP from accessing the sensitive payment information is necessary because current payment schemes use real payment information (credit card number, expiration date, etc.) that can be used to make purchases through other means, include online and via the phone, and data in the AP can be intercepted and compromised by rogue applications.
[0004] Thus, there exists a need for a secure method of executing a commercial transaction that is both secure and user friendly.

I believe the patent above describes what Apple is going to market with this October. There are several potential payment experiences depending on the merchant integration and the consumer handset. Specifically the patent seems to be written broadly enough where NFC is NOT a requirement for the “secure commercial transaction” referred to as the second secure link. As I stated Payment via BLE/Beacons will Still Happen, the issues are around:

  1. Issuer certification of tokens,
  2. bluetooth as the transport in the new EMVCo spec
  3. who will provide token assurance information and how will they be compensated, and to what degree will interchange be discouneted
  4. Treatment of token in Card Not Present (interchange)
  5. Merchant Adoption of NFC, Beacons and BLE

In the scenario of a new BLE capable point of sale, with a “second secure link” operating as BLE with the POS there is no need for a payment terminal at all.. and all iPhones with Bluetooth could interact directly with the POS (think Micros/Starbucks). Here is my short list of customer experience use cases

apple ibeacon options

Optimal Payment Experience

Here is my best guess and what Apple would like to have happen:

Set up

  • Consumer has BLE capable phone
  • Consumer enables Apple wallet and permissions payment with physical merchant
  • Banks have loaded tokens into Apple wallet for each registered card (see blog)
  • Merchant installs iBeacons near multi lane checkout, and registers location with apple merchant application. Another option would be to allow payment terminals to broadcast MID/TID beacons.
  • Merchant installs POS Bluetooth capability to receive consumer identifier and send total amount due, as well as eReciept.
  • Merchant payment terminals are upgraded to receive tokens through Bluetooth or other “Air Interface”

Experience

  1. Consumer walks up to cash register, beacons determine close proximity and wake up Apple payment application,gimbal-beacon-series10
  2. Consumer preferences are checked and approved merchants receive apple identifier, consumer loyalty card information, applicable discounts/coupons to the point of sale
  3. Merchant scans goods for purchase and processes loyalty, coupon, discount information
  4. Merchant POS (or payment terminal) sends total amount due to consumer phone directly via BLE based upon apple identifier
  5. Consumer receives notice on phone “Pay $100 to Merchant? Please confirm with fingerprint”
  6. Consumer validates transaction with fingerprint biometric
  7. Phone submits Card token to Payment Terminal via Bluetooth (not happening in October.. it will be NFC)
  8. Merchant processor routes token to payment network which translates and routes to bank for authorization
  9. Payment is authorized (as happens today).

October Launch Experience

Since Banks won’t support tokens over Bluetooth, Apple is stuck with NFC. The process is very similar to above, but my guess is that merchants will not be prepared to support the exchange of consumer information.. so it is iBeacon plus NFC only.

  1. Consumer walks up to cash register, a payment terminal beacon provides information to Apple payment application that it is close proximity to payment terminal ID xxxxx (TID),
  2. Merchant scans goods for purchase. No mobile processing of loyalty, coupon, discount information
  3. Merchant payment terminal cannot send total amount due since it does not have Apple handset information/UUID. So how will Apple do it? My guess is Apple will provide UUID to the Payment Terminal via BLE at application wake up to perform a “lite” checkin with payment terminal. Good news is that there would be no data connectivity requirements, but it requires a new payment terminal… For everyone else.. there is no total amount due (99% at launch).
  4. Legacy NFC. At application wake up,  phone asks “pay merchant with Apple wallet”?
  5. Consumer validates transaction with fingerprint biometric
  6. Consumer taps phone (NFC) and Card token presented Payment Terminal via NFC Merchant processor routes token to payment network which translates and routes to bank for authorization
  7. Payment is authorized (as happens today).

Apple’s biggest challenges?

  1. Merchant NFC adoption. Much of it is caught up in the fact that there are no debit cards in the mobile wallets (see blog Forces against NFC)
  2. Merchant adoption of Beacons and new payment terminals. No wonder Verifone is excited.. big merchants know this can all work without ANY payment terminal.. this is the big leap. The decision on payment terminal is now just nuts. EMV, EMV+PIN, EMV + PIN + BEACON, EMV+ PIN + BEACON + BLE…
  3. No business case for Apple in payments. Perhaps one of the reasons they are struggling to get an exec to lead this over there. Apple’s product people should ensure that their Treasury guys aren’t going to kill this thing. Banks know if consumers can’t choose their payment product that wallets will die. Apple should be focused on getting every single one of their 800M cards on file into the wallet, and ensuring the debit cards are added. This is key to making this work
  4. Organizational. No one leading
  5. Bank certification of Tokens in a Bluetooth transfer
  6. Token assurance information
  7. Merchant POS integration (see the optimal example above)

 

That is how I see it… comments welcome

Another good article on the overall Beacon/Retail Experience.

http://www.pcmag.com/article2/0,2817,2425052,00.asp

iPhone 6 – Payment Predictions

30 April 2014

I’m on a roll, so thought I would put this out there as a positive prediction (vs describing how Apple is Throwing GSMA’s NFC under the Bus). My views are as much informed from the “negative” as the positive. For example, my starting hypothesis is Apple will enable a POS payment capability in iPhone 6. It was the reason for the timing of the Oct 2013 “token” announcement from the big 3 payment networks. As most of us asked “where on earth did this come from”…. It came from Apple (or the network response to Apple’s initial plan).

My problem in figuring out what is going on (if anything) is that Banks have no idea what Apple is planning. Current guess below revolves around assumption that the 3 payment networks do understand the plan. Thus the question becomes “what can Apple do in payments that starts with the payment networks, but does not involve the banks”? Constraints? It must involve: tokens, Apple’s security architecture, 600M cards on file, existing card presentment infrastructure, existing rules, recent lessons learned, and be able to expand to iBeacons.

My predictions

  • Apple will have a certified EMV contactless capability from V, MA and Amex in the iPhone 6.
  • Apple’s contactless is a proprietary architecture, based upon both tokens, and 3 card emulation applications (4 perhaps with Paypal)
  • Each Network will act as a Token Service Provider (TSP), with one token in each card emulation application. The TSP specs give this away, per the Spec, the TSP must be approved by issuer and have ability to translate token to Card. Apple may want to be the TSP… but Banks will say no. This solves a BIG problem with card provisioning, with V/MA/Amex already having the “proxy” card/token provisioned in the iPhone, and each bank working with respective network to turn on their card.  This is the Google model, with the networks running the TSP as opposed to Google/TXVIA.
  • Apple will not work in iBeacon model at launch, but rather EMV Contactless. You notice I’m not saying NFC.. from a merchants perspective this will look like NFC, and use the NFC protocol, but certainly not from a GSMA NFC perspective. There are no other vendors in this solution beyond Apple and their hardware suppliers (?Broadcom?)
  • Cards will be “provisioned” into the wallet through complex process involving Issuing banks, TSPs, and Apple. Apple’s inventory of Cards on file will be registered with the TSPs, and Banks issuers will approve based upon Token Assurance information , MNO information, card usage information … (yesterday’s blog).
  • Fingerprint will be key process which unlocks card/wallet and enables EMV Contactless interaction. Customer experience? EMV Contactless, consumer unlocks phone with fingerprint and authorizes purchase on Payment Terminal. iBeacon? Same thing only works on all iPhones via BLE (no proximity/NFC)
  • How will Apple make money on this? They won’t… nada. Altough there COULD be a way forward given that the product presented to merchant is in control of Networks AND the Issuers are in control of their cards.. a potential… but given lack of issuer participation, I have no idea of how they would pull this off. I do believe that there are groups in Apple that want to make money on a card present transaction, but join the club.. there is no economic model in any network agreement for a wallet provider.
  • I want to emphasize again.. this is just the easy payment part. I strongly believe that looking at payments in isolation is the wrong way to view this (see Blog).

I like this.. IF consumers can choose which payment products to store in phone (debit card). I think the Bank Issuers will flip out when they hear that V/MA have locked themselves into the TSP role.. talk about a reversal from TCH. Issuers could make the case that the networks own the fraud loss since it is a network proxy card wrapping the issuers card…. can’t wait for that one to happen.

I’m 90% confident in the above… lets see if I can keep my perfect track record on Apple, Google, Tokens and NFC.

 

What is NFC? What part is Dead? A: The GSMA part

23 Feb 2014

I decided to turn this into a Wiki update.. as the prior entry is somewhat lacking. For example: Who created the TSM? Single Wire Protocol in the UICC? Who certifies a device for payment?

The New Wiki is now (with the last 2 para’s just added)

Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into proximity, usually no more than a few inches.

Present and anticipated applications include contactless transactions, data exchange, and simplified setup of more complex communications such as Wi-Fi.[1] Communication is also possible between an NFC device and an unpowered NFC chip, called a “tag”.[2]

NFC standards cover communications protocols and data exchange formats, and are based on existing radio-frequency identification (RFID) standards including ISO/IEC 14443and FeliCa.[3] The standards include ISO/IEC 18092[4] and those defined by the NFC Forum, which was founded in 2004 by NokiaPhilips Semiconductors (became NXP Semiconductors since 2006) and Sony, and now has more than 160 members.The Forum also promotes NFC and certifies device compliance[5] and if it fits the criteria for being considered a personal area network.[citation needed]

In addition to the NFC Forum, the GSMA has also worked to define a platform for the deployment of “GSMA NFC Standards”. within mobile handsets. GSMA’s efforts include“Trusted Services Manager”., Single Wire Protocol, testing and certification, “secure element”..

The GSMA’s standards surrounding the deployment of NFC protocols (governed by the NFC Forum above) on mobile handsets are not exclusive nor universally accepted. For example, Google’s deployment of Host Card Emulation on “Android KitKat 4.4”. in January 2014 provides for software control of a universal radio. In this “HCE Deployment”., the NFC protocol is leveraged without the GSMAs standards.

 

From a mobile payment perspective, NFC is

  1. Protocol. NFC Forum owns the Protocols making up the ISO specifications.  These protocols are the “universal” aspect of NFC that is NOT changing.
  2. Platform for How NFC works in a Phone
    • GSMA NFC Specifications, reference architectures, platform constructs (TSM, ..) outlining a SCHEME for how NFC manifests itself within a Handset Architecture
    • HCE
    • Apple Secure Enclave
    • ??
  3. Payment Network Standards and Certification. Exxon Mobile and Mastercard were the first contactless payment mechanisms, and Mastercard PayPass was the first Network Standard with reference implementation and certification for presentment and acceptance.

With HCE, the entire GSMA “NFC platform” is dead, but NOT the protocol (No UICC/SWP role, No TSM, Access to “controller” and Secure Element, no Handset Certification).

Comments on Wiki and blog welcom

 

 

Token Acceleration

20 Feb 2014

Let me state up front this blog is far too short, and I’m leaving far too much out. Token strategies are moving at light speed… never in the history of man has a new card present scheme developed so quickly (4-6 MONTHS, see announcement yesterday). As I tweeted yesterday, the payment industry is seldomly driven by logic, and much more by politics. Given many of my friends (you) make investments in this industry, and EVERY BUSINESS conducts commerce and payments, movements here have very broad implications. The objective of this blog is to give insight into these moves so we can all make best use of our time (and money). I was flattered at Money 2020 when a number of you came up and told me that this blog was the best “inside baseball” view on payments. Perhaps the only thing that makes our Starpoint Team unique is that we have a view on payments from multiple perspectives: Bank, Network, Merchant, Online, Wallet, MSB, Processor, … etc.

It’s hard to believe I’ve already written 12 blogs on tokens… more than one per month in last year. As I outlined in December there are (at least) 10 different token initiatives (see blog).  Why all the energy around tokens? Perhaps my first blog on Tokens answered this best… a battle for the Consumer Directory. It is the battle to place a number in the phone/cloud that ties a customer to content and services (and Cards). The DIRECTORY is the Key service of ANY network strategy (see Network Strategy and Openness). For example, with TCH Tokens Banks were hoping to circumvent V/MA… (see blog). The problem with this Bank led scheme (see blog): NO VALUE to consumer, wallet provider or merchant. It was all about bank control.  The optimal TCH test dummy was almost certainly Google, and the “benefit pitched” was that Regulators were going to MANDATE tokens, so come on board now and you can be the first.Token schemes

Obviously this did NOT happen (perhaps because of my token blog – LOL), but the prospect of a regulatory push was the reason for my energy in responding to the Feds call for comments on payments. In addition to the failure of a regulatory push, the networks all got together to say no Tokens on my Rails (see blog). Obviously without network rail allowance, a new token scheme would have to tackle acquiring, at least for every bank but JPM/CPT (see blog).   Paul Gallant spent 3 yrs pushing this scheme uphill and had no choice but to look for greener pastures as the CEO of Verifone (Congrats Paul).

In the background of this token effort is EMV. I’m fortunate to work at the CEO level in many of the top banks and can tell you with certainty that US Banks were not in support of Visa’s EMV announcement last year. One CEO told me “Tom I found out about EMV the way you did, in a PRESS RELEASE, and I’m their [Top 5] largest issuer in the world”. Banks were, and still are, FUMING. US Banks had planned to “skip” EMV (see blog EMV impacts Mobile Payments). The networks are public companies now, and large issuers are not in control of rules (at least in ways they were before). Another point… in the US EMV IS NOT A REQUIREMENT A MANDATE OR A REGULATORY INITIATIVE. It is a change in terms between: Networks and Issuers, and Networks and Acquirers, and Acquirers and Merchants (with carrots and sticks).

In addition to all of this, there were also tracks on NFC/ISIS (which all banks have walked away from in the US), Google Wallet (See Don’t wrap me),  MCX, Durbin, and the implosion of US Retail Banking.

You can see why payment strategy is so dynamic and this area is sooooo hard to keep track of. Seemingly Obvious ideas like the COIN card, are brilliant in their simplicity and ability to deliver value in a network/regulatory muck. This MUCK is precisely why retailers are working

Payment Value

to form their own payment network (MCX), retailers and MNOs are taking roles in Retail banking, and why Amex has so much more flexibility (and potential growth).

Key Message for Today.

With respect to Tokens, HCE moves are not the end. While Networks have jumped on this wagon because of HCE’s amazing potential to increase their network CONTROL, Banks now have the opportunity to work DIRECTLY with holders of CARDS on File to tokenize INDEPENDENT of the Networks.

Example, if JPM told PayPal or Apple we will give you:

  • an x% interchange reduction
  • Treat as Card Present, and own fraud (can not certify unless acquirer)
  • Access to DATA as permissioned by consumer
  • Share fraudulent account/closed account activity with you to sync

If you:

  • Tokenize (dynamically) every one of our JPM cards on file
  • Pass authentication information
  • Collaborate on Fraud

This is MUCH stronger business case for participation than V/MA can create (Visa can not discount interchange, or give access to data).

This means that smaller banks will go into the V/MA HCE schemes and larger banks, private label cards, … will DIY Tokens, or work with SimplyTapp in direct relationship with key COF holders.

Sorry for the short blog. Hope it was useful

Another Bank Consortium? Paydiant

Banks have not put all of their eggs in the TCH basket. There is another Bank Consortium around payments which I have not discussed: Paydiant has been working with 27 odd banks around a “Push Payments” pilot for last 2 yrs.

PUSH Payments – 27 Bank ‘Consortium’

Summary

  • Banks have another “consortium” on payments I have not discussed: Paydiant Push Payments
  • Trials have been underway for over 2 years
  • Competes with TCH tokens
  • Led by BAC, FIS, and other top banks
  • Objective: minimize changes to POS, through a new payment terminal which displays QR code.
  • Flow: Customer takes picture of Payment Terminal QR Code (which contains MID and TID), Code sent from Consumer Phone to FIS service, translated in to card (currently), Processed in normal Auth flow, then Auth PUSHED to POS terminal.
  • Elavon in primary processor for TCH tokens, FIS is focused on Paydiantpaydient

Background

On a flight to SFO today and I’m looking at 50 odd emails from last week questioning my blog on Host Card Emulation (HCE). It has certainly caused a stir with the NFC community. As most know, companies like SimplyTap have been able to make this work on the Blackberry platform for some time…. I don’t mention vendors by mistake… but can’t tell you much more here other than it would be worth your time to work with them if you want to evaluate HCE.

How does HCE play in a world of Tokens, QR codes, merchant run networks, NFC, and Push payments? Well quite frankly nothing is happening now, and until a critical mass of Banks, retailers and platforms start to deliver value (beyond payment) nothing will.  I’ve stated many times that existing networks are ill equipped to drive fundamental change. For example banks look at mobile as a chance to cement use of credit card and maintain control over payments (and consumers).

Those that have read my numerous Token articles know that Banks have been working to disintermediate Visa/Mastercard. The theme is “if there is a number stored on the mobile phone, we want that number to be one we own and control.. not a V/MA number.. but ours”. This number is the Token I referred to in Tokens – Volunteer Needed, Directory Battle, and Tokens and Networks,  …etc. Last month Visa, MA and Amex launched their own competing token scheme to ensure Issuers did not end run them. This has put significant dampers on the TCH project, together with the loss of its early bank champions (Paul Gallant now CEO of Verifone).  The TCH project is likely to morph into ACH and perhaps debit tokens, as well as coordinator of standards, with the Card Network consortium winning the battle over Card tokenization. The only significant piece of new information on this is that the TCH bank champions were emphatic that Regulators would FORCE TOKENs in pending rules. Lets see if that happens.

PUSH PAYMENTS

Banks have not put all of their eggs in the TCH basket. There is another Bank Consortium around payments which I have not discussed: PAYDIANT (http://www.paydiant.com/). Paydiant has been working with 27 odd banks around a “Push Payments” pilot (see blog for Push discussion).

Paydiant Flow

  • Merchant has specialized Payment Terminal that can generate a Paydiant QR Code. No POS change necessary
  • Consumer has Paydiant application or Bank white labeled version
  1. Merchant pushes normal card button on ECR
  2. ECR sends Payment amount to FIS Card Reader
  3. FIS Reader Generates Unique QR code based upon Amount, Merchant ID (MID), Terminal ID (TID)
  4. Consumer launches application and takes a picture of the QR Code
  5. Application sends QR code to FIS/Processor for transalation and asks consumer to confirm amount/payment instrument selection
  6. Consumer confirms transaction
  7. FIS sends transaction through normal payment Auth flow.
  8. FIS receives Auth
  9. FIS Sends Auth to pending MID/TID
  10. Merhant Payment Terminal receives Authorization and communicates to ECR
  11. Transaction is completed

I think of this as a reverse Starbucks. Consumer reads a QR code instead of the other way around. In a perfect world this is a great example of push payments. Only supporting issuers can participate, and they can set rules for interchange, fraud or anything else they want to with Merchant. Banks can also completely circumvent Visa and Mastercard as actual card number did not have to be used.

This solution, while very attractive, does have a few problems. In my own personal experience

#1 Connectivity. Over half of participating merchants had to install wi-fi hot spots as consumers did not have data connectivity in stores. This makes for a very bad (and slow) consumer experience.

#2 Glare. I couldn’t take picture of the terminal without holding another hand up to block glare. Of course we could solve this with Bluetooth LE, or some other factor.. but today it is a problem.

#3 Learning curve. Taking a picture of a QR code is not something most of us do..  Cashiers are not in a place to help

#4 Why? This entire solution is cool.. but why? It is MUCH EASIER to just pay with my card. Just as in Card Linked Offers, there are very few advertisers or other offer content to make this attractive.  FIS seeks to offer LevelUp like loyalty services, but currently in its infancy.

Bank Chaos

The reason I’m telling this story is  to show you the chaos going around mobile payments. Just because the technology works doesn’t make this a great idea. However, I do like this particular initiative very much, as it is the BEGINNING of a new network and a NEW APPROACH to payments that could reinforce Bank roles in authentication.  The flow makes sense to me.. we just have a few problems with the phone to Payment Terminal interface.  Imagine if I could couple this with a SQUARE voice experience and Apple’s new fingerprint technology.

Paydiant was quite sure they were going to win the MCX business. The solution’s complete dependence on processors and issuers made this quite unattractive, and hence Gemalo’s win (see blog).

I have a number of friends in the payment s industry, and each bank seems to be involved in multiple intitiatives:

  1. Tokens
  2. CLOs
  3. NFC
  4. Paydiant
  5. Apple/Google Wallets
  6. MCX
  7. EMV/Reissuance
  8. Visa/MA/Amex Scheme
  9. …etc

It is a crazy time. Small companies and mobile investors need to be aware of this Chaos, and understand the diffusion of focus.

Perfect Authentication… A Nightmare?

This question is very similar to the story above on EMV. The engineer in me recoils at the thought that a sophisticated technology (which decreases risk), would not be welcomed within a market. To understand WHY, you must answer the question: WHO benefits from the risk reduction? If your business is risk management, and someone takes risk away, what is your business?

4 Nov 2013

Long blog.. load of typos

As I’ve stated before, this blog has been a great way to make new friends and stay in touch with my 100s of friends and former employees around the world. When you are in a small company you tend to lose touch with what else is going on as you no longer have 1000s of folks feeding you market intelligence. Small companies live and die by the risks they take, and I’m primarily focused on reducing risk by sharing G2 and perspective.worry-about-identity-theft-confession-ecard-someecards

Industry History (experts can skip this section)

I’m fortunate to have worked with some of the best teams in both Security and Fraud areas. Back in 1998 I ran Oracle’s Payment and Security National Practice where we did things like PKI, Single Sign On, as well as Oracle’s first Java application: iBill and Pay (built on Oracle’s first Application Server OAS which scaled to 40 users regardless of hardware). I switched from the tech side to the business side in 02, and can assure you that running online Banks keeps you in the security AND Fraud space. In 2008 I left Citibank to go to 41st Parameter (just acquired last month by Experian). 41st Parameter was founded by a visionary fraud prevention guy.. Ori Eisen, with a focus device ID.

From a Commercial/operational perspective there is always friction between the security teams and the Fraud/Operations teams. The security teams are always working to enhance security, the fraud and operations teams are always working to mop up the mess from any holes in security and create proactive processes by which they can stop it. As I said in my blog last week, if I let security guys have their way with authentication …. customer experience would be awful.. and no one would use online banking. Hence we have services like Risk Based Authentication, Honey Pots, Fraud Controls, …

This same Security vs. Fraud dynamic plays out in payments. From the 1970s to the 1990s banks had built their authorization infrastructure around tools like HNC’s Falcon to create rules based authorization, with daily tuning of rules based upon fraud. Today Banks continue to invest billions of dollars in fraud and risk infrastructure (see blog). The metaphor for competition here

If you are camping with your friends and a hungry bear comes to your campsite.. you don’t have to be faster than the bear.. you just have to be faster than at least one other camper.

Thus the rule of thumb: fraudsters always attack the easiest target. Big bank billion dollar fraud platforms thus drive fraud to smaller competitors. This enables the large banks with sophisticated controls to derive higher margins in payment products, which drives incremental investment.  This is one reason why large US banks are so resistant to EMV (it levels the playing field). Fraud numbers in the US are not well reported, the best data is from my friend in the UK (see UK Card Association).  Large US banks were not involved (or informed) of Visa/MA’s plans to mandate EMV. As one CEO told me personally “Tom .. to this DAY Visa has never come by my office to discuss EMV, I found out about it the same way you did.. in a PRESS RELEASE.. “ [Top 3 Issuer].

In the late 90s Banks were not prepared for Card Not Present (CNP) Transactions that came from eCommerce. Their fraud systems (ex HNC Falcon rules) were not tuned for this type of transaction. Actually, banks really didn’t care much here because 100% of fraud loss was borne by the merchant. The only Bank impact was helping the customer deal with fraud (and reissuing cards). Thus RETAILERs began investing in Fraud systems and 3rd Party specialists (GSI, CYBS, 41st P, Digital River, 2CO, PayPal, …) emerged to help manage fraud on behalf of retailers. LARGE retailers followed the same path as large banks, investing in custom fraud infrastructure (ie Amazon, Apple, Google, Airlines, …).

Banks thus ceded eCommerce risk management to 3rd parties until around 2003 where 3DSecure was developed (See Wiki. Implemented as VBV by Visa and MSC by Mastercard). Merchants were incented to adopt the scheme by a liability shift (to banks) and an interchange reduction of 5-10bps. Rollout of the scheme in Europe was a disaster (see UK Guardian). Banks now owned a mountain of new fraud losses (as 3DS technology was broken), with only ONE tool to address: Decline Transactions. See my 2010 blog and Schneier’s: Online Credit/Debit Card Security Failure

Mobile

Banks are determined to avoid their prior mistakes, in eCommerce risk/roles,  and take a leadership position in mobile (ie payments, risk, authentication, data, … ). I’ve detailed their efforts in:

Why is mobile so important to Banks?

#1 PRIMARY INTERACTIVE customer touchpoint. 10 years ago, how did you interact with your bank when you were away from home, work and a branch? The only interaction you had was a piece of plastic.  Mobile enables a new class of Services.. but ALL mobile services must add value. The rest of these priorities pale in comparison to consumer touch… Banks are thus experimenting on what they COULD DO with mobile to remake banking.

#2 Authentication. Confirming identity of consumer.

#3 Risk Management. Both gaining additional consumer insight, and enabling new levels of risk control based on this data.

#4 Remaking of Retail Banking (reducing cost to serve)

#5 Mobile Payment.

#6 Partnerships. Sales, Distribution

I’ve touched on #1 many times, but before I go to Authentication/Authorization/Risk, let me provide a brief recap of my many blogs covering the “other services”. As I outlined in Card Linked Offers, Banks don’t realize is that just because you CAN interact with the consumer doesn’t mean that the consumer WILL. You must actually deliver VALUE if you want to capture consumer TIME. Having run 2 of the largest online banks I know what customers do. Retail Customers log in 3 times a week, check their balance, pay a bill or two and log off (180 seconds later).  Bank CEOs.. I gave my recommendation on what you SHOULD be doing in my Bank NewCo blog.

Authentication – THE Lynch Pin

As I stated in Who do you Trust,

Google and Apple are working to secure their platforms, and assume the central trust role in authenticating the consumer. I’m much more interested in the Apple’s new developer APIs than I am in the fingerprint app. How will they begin to “lock down” applications, what new authentication features will they expose to developers? How will they allow consumers to provision sensitive data to other apps?NFC Change

Hardware is evolving to software (from NFC to the SIM). …[ If Google locks down Android with a new secure OS, they will be in a position to provision Google applications (Maps, mail, search, …), identities, and cloud based services (drive, Google Now, Commerce, …).  The “freeware” model could still exist, but without the cutting edge Google services it becomes a COMMODITY HARDWARE game.

What we will see at Money 2020, is that there is an all-out war going on for the Trust role: Banks (see Tokenization), MA/V, MNOs, Samsung, retailers… everyone realizes this is the “key” to unlocking future value in the convergence of the virtual and physical world.

and in Authentication – A Core Battle for Monetizing Mobile

As Ross Anderson said “if you solve for authentication.. everything else is just accounting”. Think of how much bank infrastructure is dedicated to authentication of the consumer and risk/fraud management. This infrastructure was built over last 30 years because there was VERY poor ability to authenticate a consumer (ex. signature and possession of card) AND inconsistent CONNECTIVITY at each commercial “node” touching the transaction. Today we have complete connectivity, but the MODEL has not evolved from its archaic past.

Beyond Authentication, mobile also plays SUBSTANTIALLY on the risk side, as it enables Banks to interact OVERTLY and COVERTLY with the customer. For example a risk system could ask: is the customer’s cell phone within 20 yards of their transaction (at X merchant).  Or even issue the customer a one-time PIN (or PIN request) to complete transaction.

Perfect Authentication – A threat to Banks?

This question is very similar to the story above on EMV. The engineer in me recoils at the thought that a sophisticated technology (which decreases risk), would not be welcomed within a market. To understand WHY, you must answer the question: WHO benefits from the risk reduction? If your business is risk management, and someone takes risk away, what is your business?

If we made an inventory of payment systems (technical investment) between merchant to consumer bank we would see today’s systems, processes and rules would be DESTROYED by a future state of connectivity and authentication. I’m sure this one line statement will be questioned “prove it”, but I don’t have time.. I’ll leave it to someone else. Take this statement for what it is: my opinion.

Authentication is 0-1, Risk and Fraud deal in shades of grey. For example, if there is a CHANCE that Joe Smith is a really a the end of the transaction, and he is my wealth customer, I’ll let him in the door, see what he wants to do and then risk it based on it. I certainly won’t LOCK HIM OUT.  Another example, if I could authenticate a customer why do I need to make the transaction secure? This is the BEAUTY of the Square “pay with your name” scenario.  Why do I need tokens? Someone just needs to map consumer ID to payment types.

The very concepts of payment “products” begins to dilute. No more credit, debit, pre-paid, Amex, ACH, check, … In a world of perfect Authentication “old line” products evolve toward dumb pipes as competition shifts to speed and cost (not risk).

From Cash Replacement

Networks are designed around a value proposition.  For payments to flourish, a coordinated system of instructions which can be read by trusted participants is necessary. Providers of payment services must consider what network participants are providing in order to collaborate in risk management and settlement; the greater the number of consumers and businesses that participate, the greater the collaboration and interdependency. As more people adopt the payment system, its value increases, since it provides access to more people; this encourages larger networks. Not only do the benefits increase as the network expands, but the per unit cost of service falls. This behavior is the basis for what economists refer to as a “network effect”.

Once a payment system reaches a “critical mass”, economic value will be created at the ends of networks. At the core- the point most distant from users-generic, scale-intensive functions will consolidate. At the periphery-the end closest to users-highly customized connections with customers will be made. This trend pertains not only to technological networks but to networks of banks as well as small merchants and even to consumers who engage in shared tasks9. From a payment network perspective, this means that the “routing” of payments will provide much less revenue opportunity than managing the end points (e.g. the customer interaction or the products which are sold on the network).

…] Payment networks are inherently “sticky” with investments required by consumers, merchants, and banks for effective functioning. Payment networks also have substantial government involvement to support Commerce and Treasury functions that ensure stability, resilience and protection of parties. Innovation in payments is challenged by this network dynamic. As most small companies know, getting a bank to make a decision is tough… but nothing compared to getting 4-6 groups (issuers, acquirers, merchants, MNOs, Regulators, networks, ..) to collaborate in making coordinated change. A level of difficulty that is only superseded by the challenge new entrants face in competing directly against these existing networks.

A truely jaw dropping piece of research was completed last month by philippon_newfig1NYU’s Thomas Philippon (  http://www.voxeu.org/article/where-wal-mart-when-we-need-it).

The cost of intermediation grows from 2% to 6% from 1870 to 1930. It shrinks to less than 4% in 1950, grows slowly to 5% in 1980, and then increases rapidly to almost 9% in 2010

In other words Payments and Banking are one of the few network businesses in the HISTORY OF MAN to grow less efficient (rail, telecom, energy, …). This is BY DESIGN as the orchestrators of banking have successfully created constructs to squeeze COMMERCE. Further demonstrating that existing payment networks are incapable of leading ANY FORM creative destruction. As I stated in Commerce Battlefield

Mobile is a platform which enables a radically improved customer experience. With respect to payments it also offers a unique ability to authenticate a consumer (fingerprint, GPS, cell tower location, voice, camera, …). Yet, no banks are looking to leverage these “new” capabilities in a “new” payment system. After all, given a clean sheet of paper, no one in their right mind would design a payment system like we have in Visa/MA: present a credential to a merchant, who passes to a processor, who passes to network and routes to issuer to approve a customer transaction… giving the auth to everyone in the chain again.. and getting back another message. If everything is connected why not just ask the consumer to send the money from their bank (ex Sofort,  Push Payments also read Banks will Win in Payment ).

Why? Well because Banks can’t make money in a Sofort model.. (would need to create all new merchant agreements). This is why Banks are going through contortions to stay within Visa/MA, yet attempting to alter it fundamentally (ie Tokens). … (Also see Push Payments)

Regulation… the KEY

Payments, telecom, commerce, customer data, … all are regulated (merchants … not so much). Banks are completely justified in seeking solutions to their current regulatory burden. After all they bear most of the AML, BSA, CPFB, FED, OCC, .. burdens here. What needs to happen is that regulators must allow non-bank entities to bear risk. This is where innovation occurs. See blog US Payment Innovation and Regulation

Money 2020

10 Oct

Great Conference! In fact I would vote it the best networking conference I have ever attended. Kudos to Anil, Jonathan and the rest of the Money2020 team.. !

I’m backlogged and jet lagged but had to get a few thoughts out.

MCX IS REAL

I was fortunate to have lunch with Dekkers, though I can’t comment on anything relating to product, I will certainly comment on what I think is most surprising. Dekkers related that the degree professionalism and warmth of welcome has surpassed anything he has ever experienced in his career. It is NOT a herd of cats.. ! It is also not just a bunch of  interchange focused treasury guys.

Retailers are sick and tired of being handed rules by people that have no understanding of their business. They are competitors.. just as different as the Yankees and Red Sox… but they do agree on common rules .. and are determined to set them within their own “MCX” league.

Tokens

My panelist were great.. the content and answers were predictable.. hence the session was a little dry.  What is clear?

Banks want us all to believe that they support V/MA/Amex token efforts.. and this is all about security. I can assure you this story is complete BUNK!  At least from a business strategy perspective.    Card CEOs are furious at the thought of ANY ENTITY delivering value on top of their cards (see don’t wrap me):  Cardspring, Visa, MA, Retailers, Google, PAYPAL. There is an all out war to stop them.. the war is about DATA AND CONTROL and ESTABLISHING CREDIT as the primary mobile payment product.TCH Scheme

Consumers prefer debit for most POS transaction 8:1 (in Grocery).. but credit usage dominates eCommerce due to the better protections available to consumer (Reg Z) and reluctance to share debit card information online. Logically TOKENS should first extend to DEBIT in order to address these issues and ensure debit account security. Whether from action or inaction, most banks WANT to extend consumer UNCERTAINTY over eCommerce debit use into mobile.. CAN YOU BELIEVE THAT? Of course they would recast this statement “we want to deliver value to consumers [on credit] and ensure consumers are protected on mobile [using credit].. and we are making investments [in credit] to make this happen”.

Banks are investing over $1.5B (collectively) in data, offers and new ways to add value to CREDIT CARDS. However Banks don’t give a hoot about Debit (except BAC and CUs), the rest want to establish credit as the PRIMARY payment mechanism (in mobile POS payments). Their token moves are focused on protecting WHO CAN ADD VALUE TO CARDS ..  Make no mistake, token efforts are focused on protecting CARD BRANDS and the VALUE they deliver, with safety/security a distant second. Supporting Data:

  • Credit only in ISIS
  • No EMV
  • Bank investment in Data/CLOs
  • Bank investment in Tokens
  • Lack of investment/strategy in Debit
  • …etc

These credit focused banks know they can’t move as fast as Google, Square, PayPal.. hence they must stop them from adding value to cards. THIS IS THE PURPOSE OF TOKENS TODAY. Banks are seeking to create a new DATA Network that bypasses Visa/MA to deliver this value… Tokens are just part of it.

We all know this to be the case.. Bank preference for CREDIT the elephant in the room.. it’s the reason ISIS switched from Discover/Barclay card.. it’s the driver behind tokenization by an entity (TCH) that has never touched a credit card in their life. Along these lines, Jim McCarty did a great job of articulating Visa’s Value: [it’s not just about transactions, but a BUSINESS MODEL to drive revenue among network participants].  Credit drives MUCH MORE value to Banks:$0.03-0.12 /tran vs 2%+ of the SALE!

I told the bank head of the TCH initiative  “start with debit and everyone will jump on board … DEBIT FIRST is the only thing you can do to rebuild trust with retailers.. and you can do it without support of V/MA”  his answer  “what if we do both”?

My message to merchants, wallets, acquirers, mobile operators, … do nothing on tokens unless debit IS FIRST. It is how consumers pay at the POS today..  Banks are NOT doing the heavy lifting on mobile payments.. they are NOT the center of Commerce but a supporting actor.  We will never move this ball forward unless we create value to consumer and merchant.. we CANNOT operate in a model where only banks benefit and control the rules.

My view of MCX’s objective is clear and simple.. enable retailers to deliver value in a debit like model. Banks are not making investment here.. so we must find a way around them.

V/MA/AMEX Tokens

They have ALL the Carrots and ALL the control of existing rules on existing cards.. I see no way around their leadership.  The banks are very upset …

The network opportunity is to involve all commerce parties in rules construction.. a retailer said it best “Visa and Mastercard DO things to me.. they never talk to me.. they direct me.. the never listen.. they mandate… “  (see Network Tokens). Also see my blog outlining the different token strategies.