Token Acceleration

20 Feb 2014

Let me state up front this blog is far too short, and I’m leaving far too much out. Token strategies are moving at light speed… never in the history of man has a new card present scheme developed so quickly (4-6 MONTHS, see announcement yesterday). As I tweeted yesterday, the payment industry is seldomly driven by logic, and much more by politics. Given many of my friends (you) make investments in this industry, and EVERY BUSINESS conducts commerce and payments, movements here have very broad implications. The objective of this blog is to give insight into these moves so we can all make best use of our time (and money). I was flattered at Money 2020 when a number of you came up and told me that this blog was the best “inside baseball” view on payments. Perhaps the only thing that makes our Starpoint Team unique is that we have a view on payments from multiple perspectives: Bank, Network, Merchant, Online, Wallet, MSB, Processor, … etc.

It’s hard to believe I’ve already written 12 blogs on tokens… more than one per month in last year. As I outlined in December there are (at least) 10 different token initiatives (see blog).  Why all the energy around tokens? Perhaps my first blog on Tokens answered this best… a battle for the Consumer Directory. It is the battle to place a number in the phone/cloud that ties a customer to content and services (and Cards). The DIRECTORY is the Key service of ANY network strategy (see Network Strategy and Openness). For example, with TCH Tokens Banks were hoping to circumvent V/MA… (see blog). The problem with this Bank led scheme (see blog): NO VALUE to consumer, wallet provider or merchant. It was all about bank control.  The optimal TCH test dummy was almost certainly Google, and the “benefit pitched” was that Regulators were going to MANDATE tokens, so come on board now and you can be the first.Token schemes

Obviously this did NOT happen (perhaps because of my token blog – LOL), but the prospect of a regulatory push was the reason for my energy in responding to the Feds call for comments on payments. In addition to the failure of a regulatory push, the networks all got together to say no Tokens on my Rails (see blog). Obviously without network rail allowance, a new token scheme would have to tackle acquiring, at least for every bank but JPM/CPT (see blog).   Paul Gallant spent 3 yrs pushing this scheme uphill and had no choice but to look for greener pastures as the CEO of Verifone (Congrats Paul).

In the background of this token effort is EMV. I’m fortunate to work at the CEO level in many of the top banks and can tell you with certainty that US Banks were not in support of Visa’s EMV announcement last year. One CEO told me “Tom I found out about EMV the way you did, in a PRESS RELEASE, and I’m their [Top 5] largest issuer in the world”. Banks were, and still are, FUMING. US Banks had planned to “skip” EMV (see blog EMV impacts Mobile Payments). The networks are public companies now, and large issuers are not in control of rules (at least in ways they were before). Another point… in the US EMV IS NOT A REQUIREMENT A MANDATE OR A REGULATORY INITIATIVE. It is a change in terms between: Networks and Issuers, and Networks and Acquirers, and Acquirers and Merchants (with carrots and sticks).

In addition to all of this, there were also tracks on NFC/ISIS (which all banks have walked away from in the US), Google Wallet (See Don’t wrap me),  MCX, Durbin, and the implosion of US Retail Banking.

You can see why payment strategy is so dynamic and this area is sooooo hard to keep track of. Seemingly Obvious ideas like the COIN card, are brilliant in their simplicity and ability to deliver value in a network/regulatory muck. This MUCK is precisely why retailers are working

Payment Value

to form their own payment network (MCX), retailers and MNOs are taking roles in Retail banking, and why Amex has so much more flexibility (and potential growth).

Key Message for Today.

With respect to Tokens, HCE moves are not the end. While Networks have jumped on this wagon because of HCE’s amazing potential to increase their network CONTROL, Banks now have the opportunity to work DIRECTLY with holders of CARDS on File to tokenize INDEPENDENT of the Networks.

Example, if JPM told PayPal or Apple we will give you:

  • an x% interchange reduction
  • Treat as Card Present, and own fraud (can not certify unless acquirer)
  • Access to DATA as permissioned by consumer
  • Share fraudulent account/closed account activity with you to sync

If you:

  • Tokenize (dynamically) every one of our JPM cards on file
  • Pass authentication information
  • Collaborate on Fraud

This is MUCH stronger business case for participation than V/MA can create (Visa can not discount interchange, or give access to data).

This means that smaller banks will go into the V/MA HCE schemes and larger banks, private label cards, … will DIY Tokens, or work with SimplyTapp in direct relationship with key COF holders.

Sorry for the short blog. Hope it was useful

Token Activity – 10 Approaches?

11 December 2013

I’m preparing for a few institutional investor chats next week in NYC and thought it was time to update my view on the payment landscape. Summary: much chaos and noise, with existing players throwing sand in everyone else’s gears… lots of energy.. but NO HEAT. This blog contains a brief inventory of initiatives I’m aware of. One of the reasons I do this is to solicit further dialog from blog readers.. so your thoughts are always appreciated. It is very difficult for small companies to identify activities which will impact them.. turns out that most non banks and even Visa and MA are ill informed on some of these as well.

In my June Blog Tokens: Merchant Options, and September blog Money 2020: Tokens and Networks I laid out 5 token initiatives.. we have now almost doubled..

The key differentiation between these Token initiatives is WHERE the translation occurs (Wallet, POS, Processor, Network, Issuer).  Translation is also referred to as DIRECTORY, which I define as the mapping of consumer information to payment information (see blog Battle of Cloud Part 1). The owner of the consumer directory is the winner in all of this, as the value of payment pales in comparison to the value of data and the consumer relationship. This is the core of the token battle

Inventory is for POS payments only. 

Token schemes

  • Form A (TCH Pilot – Processor Translation)
    • Consumer Directory: Bank
    • Token is presented to Merchant at POS (QR code, NFC, Barcode, …)
    • POS forwards token to Merchant processor (ie Elavon)
    • Elavon translates token into card through TCH service
    • TCH can resolve token directly (switch to network), or forward to participating bank for resolution (switch to network)
    • Issuer sends Authorization to Elavon
    • POS settlement
    • Patent issues surrounding merchant processor translation of tokensTCH Scheme
  • Form B – Wallet Translation (Push Payments)
    • Consumer Directory: Wallet
    • Token is presented by Merchant and read by Wallet. Token represents MID, TID, Processor and Amount
    • Merchant POS is awaiting authorization as if a card was swiped
    • Wallet sends token to Issuer (circumventing Visa/MA). Note this is WEAK LINK as data connectivity required for Consumer’s phone at POS
    • Issuer translates token into authorization, sends to processor
    • Processor passes authorization through to TID as if card was swiped
    • SMS based payments done in this model for years. Form of tokens could be beacons, QR, biometrics. Difficult to patent as core for operation is consumer directing bank to make payment.
    • Key differences (globally) are how consumer IDs the merchant and amount, and how does issuer pass the auth
  • Form C (C for Chase with their unique VisaNet deal)
    • Consumer Directory: Bank
    • Token is card number, Presentment is TBD.
    • If Merchant is a CMS merchant, Card routes through JPM’s version of Visa net for offers/incentives (given merchant participation.. of which there is none).
    • If Consumer card is JPM then deliver Card Linked Offers. Again.. not much here.
    • Unique capabilities, but all based upon Visa’s network. Barrier to replication is the unique deal that JPM constructed to “branch” VisaNet
    • JPM Visa flow
  • Form E – EMV/NFC
  • Form G (G for Google’s old Mastercard proxy model)
    • Consumer Directory: Google
    • Token is a card number – Issuer is google (See blog)
    • A plastic version of this was planned in 2012 as reported by Android Police, but was pulled because of high stakes war involving top issuers and Mastercard.
    • Merchant runs transaction as normal
    • Google acts as issuer receives authorization request and routes to selected card (using facilities of TXVIA).
    • After receiving authorization from funding card, google authorizes transaction
    • Issuers make all of the interchange they did before, but don’t like being wrapped. They also don’t like the data leakage and the fact that this impairs their ability to offer unique services (10% off at Kinkos).
    • Note: this scheme has a value proposition for everyone.. and banks still don’t like it… Google loses money on every transaction.
    • Another little known fact is that early versions of GW ran in this model due to limitations within NXP’s chip (only supporting one card emulation app)
    • No Patent issues, few other companies could afford to take a loss on every transaction (buying data). Network rules are the primary issue.
  • Form H – Host Card Emulation  (Google, MA, SimplyTapp) I like – this one
    • Consumer Directory: Issuer
    • HCE Blog
    • Blend of NFC and Form V below. Simplifies the NFC supply chain
    • No dedicated hardware, NFC just another radioExposure: 000 : 00 : 00 . 156 %Accumulated%=0
    • Issuer Creates One time use tokens for EMV key generation
    • Merchant acceptance hurdle CURRENTLY same as NFC
    • Can be leveraged for non EMV purposes (Beacons, QR, wi-fi, …)
    • HCE is GPL, but ability to generate one time use tokens for EMV generation is unique.
  • Form M – MCX/Target Redcard
    • Consumer Directory: Wallet/Retailer
    • See Gemalto/MCX Blog
    • Very similar to Model S (Square) below except wallet is owned by the retailer and form factor is QR code
  • Form P – Paypal/Discover
    • Consumer Directory: PayPal
    • OK… this is not mobile yet.. but since I have Square down below, I thought I would be fair
    • Consumer registered for Paypal Card running on Discover network.
    • Consumer enters phone number at POS + PIN
    • Processor translates phone + PIN into Discover transaction
    • Discover routes to Paypal for authorization
    • Very similar to Model G above
    • Transaction authorized
  • Form S – Square/Starbucks/LevelUp – POS translation
    • Consumer Directory: Wallet/Square/Starbucks
    • Consumer account mapped to phone, ID, voiceprint, card, picture, location
    • POS translates ID to Card
    • POS request authorization as a card not present transaction
    • Consumer Authorization was taken during service registration
    • Consumer receives digital receipt for transaction
    • See Square Stand, LevelUp
  • Form V – Visa/Amex/MA – Network Tokens (TBD)
    • Consumer Directory: Network (Issuers don’t like this)
    • Press Release
    • See blog on Battle of the Cloud Part 4 – Clusters Form
    • Tokens will evolve to a very long number which will be translated to an issuer/account number. This is what Visa/MA do today.
    • Patents will be around generation, use and validation of token. In the future, merchants will not store your card numbers on file (COF), each merchant will have a unique token based upon your actual account number and their own ID.

From Business Implications of Tokens

Business Drivers

As I outlined in New ACH System in US, my view of Bank business drivers for Tokenization are:

  1. Stop the dissemination and storage of Card numbers, DDA RTN and Account Numbers
  2. Control the bank clearing network. Particularly third party senders and stopping the next paypal where consumer funds are directed to unknown destinations through aggregators.
  3. Own New Mobile POS Schemes to protect their risk investment
  4. Improve ACH clearing speed (new rules, new capabilities to manage risk). In a token model the differences between an ACH debit and a debit card will blend as banks leverage common infrastructure.
  5. Create new ACH based pricing scheme somewhere between debit ($0.21) and credit cards
  6. Regulatory, Financial Pandemic, AML controls (per  blog on HSBC)
  7. Take Visa and MA out of the debit game (yes this is a major story)
  8. Maintain risk models (see both sides of transaction)
  9. Control Retailer’s efforts to form a new payment network

What banks seem to be missing is that mobile payment is not just about payment (seeDirectory Battle Part 1). Payments SUPPORT commerce, Banks therefore do not operate from a position of control but rather of enablement. Most retailers recognize that Consumer access to credit has resulted in improved retail spending, however most would also say consumer addition to bank rewards has been detrimental to their margin.

Perfect Authentication… A Nightmare?

This question is very similar to the story above on EMV. The engineer in me recoils at the thought that a sophisticated technology (which decreases risk), would not be welcomed within a market. To understand WHY, you must answer the question: WHO benefits from the risk reduction? If your business is risk management, and someone takes risk away, what is your business?

4 Nov 2013

Long blog.. load of typos

As I’ve stated before, this blog has been a great way to make new friends and stay in touch with my 100s of friends and former employees around the world. When you are in a small company you tend to lose touch with what else is going on as you no longer have 1000s of folks feeding you market intelligence. Small companies live and die by the risks they take, and I’m primarily focused on reducing risk by sharing G2 and perspective.worry-about-identity-theft-confession-ecard-someecards

Industry History (experts can skip this section)

I’m fortunate to have worked with some of the best teams in both Security and Fraud areas. Back in 1998 I ran Oracle’s Payment and Security National Practice where we did things like PKI, Single Sign On, as well as Oracle’s first Java application: iBill and Pay (built on Oracle’s first Application Server OAS which scaled to 40 users regardless of hardware). I switched from the tech side to the business side in 02, and can assure you that running online Banks keeps you in the security AND Fraud space. In 2008 I left Citibank to go to 41st Parameter (just acquired last month by Experian). 41st Parameter was founded by a visionary fraud prevention guy.. Ori Eisen, with a focus device ID.

From a Commercial/operational perspective there is always friction between the security teams and the Fraud/Operations teams. The security teams are always working to enhance security, the fraud and operations teams are always working to mop up the mess from any holes in security and create proactive processes by which they can stop it. As I said in my blog last week, if I let security guys have their way with authentication …. customer experience would be awful.. and no one would use online banking. Hence we have services like Risk Based Authentication, Honey Pots, Fraud Controls, …

This same Security vs. Fraud dynamic plays out in payments. From the 1970s to the 1990s banks had built their authorization infrastructure around tools like HNC’s Falcon to create rules based authorization, with daily tuning of rules based upon fraud. Today Banks continue to invest billions of dollars in fraud and risk infrastructure (see blog). The metaphor for competition here

If you are camping with your friends and a hungry bear comes to your campsite.. you don’t have to be faster than the bear.. you just have to be faster than at least one other camper.

Thus the rule of thumb: fraudsters always attack the easiest target. Big bank billion dollar fraud platforms thus drive fraud to smaller competitors. This enables the large banks with sophisticated controls to derive higher margins in payment products, which drives incremental investment.  This is one reason why large US banks are so resistant to EMV (it levels the playing field). Fraud numbers in the US are not well reported, the best data is from my friend in the UK (see UK Card Association).  Large US banks were not involved (or informed) of Visa/MA’s plans to mandate EMV. As one CEO told me personally “Tom .. to this DAY Visa has never come by my office to discuss EMV, I found out about it the same way you did.. in a PRESS RELEASE.. “ [Top 3 Issuer].

In the late 90s Banks were not prepared for Card Not Present (CNP) Transactions that came from eCommerce. Their fraud systems (ex HNC Falcon rules) were not tuned for this type of transaction. Actually, banks really didn’t care much here because 100% of fraud loss was borne by the merchant. The only Bank impact was helping the customer deal with fraud (and reissuing cards). Thus RETAILERs began investing in Fraud systems and 3rd Party specialists (GSI, CYBS, 41st P, Digital River, 2CO, PayPal, …) emerged to help manage fraud on behalf of retailers. LARGE retailers followed the same path as large banks, investing in custom fraud infrastructure (ie Amazon, Apple, Google, Airlines, …).

Banks thus ceded eCommerce risk management to 3rd parties until around 2003 where 3DSecure was developed (See Wiki. Implemented as VBV by Visa and MSC by Mastercard). Merchants were incented to adopt the scheme by a liability shift (to banks) and an interchange reduction of 5-10bps. Rollout of the scheme in Europe was a disaster (see UK Guardian). Banks now owned a mountain of new fraud losses (as 3DS technology was broken), with only ONE tool to address: Decline Transactions. See my 2010 blog and Schneier’s: Online Credit/Debit Card Security Failure

Mobile

Banks are determined to avoid their prior mistakes, in eCommerce risk/roles,  and take a leadership position in mobile (ie payments, risk, authentication, data, … ). I’ve detailed their efforts in:

Why is mobile so important to Banks?

#1 PRIMARY INTERACTIVE customer touchpoint. 10 years ago, how did you interact with your bank when you were away from home, work and a branch? The only interaction you had was a piece of plastic.  Mobile enables a new class of Services.. but ALL mobile services must add value. The rest of these priorities pale in comparison to consumer touch… Banks are thus experimenting on what they COULD DO with mobile to remake banking.

#2 Authentication. Confirming identity of consumer.

#3 Risk Management. Both gaining additional consumer insight, and enabling new levels of risk control based on this data.

#4 Remaking of Retail Banking (reducing cost to serve)

#5 Mobile Payment.

#6 Partnerships. Sales, Distribution

I’ve touched on #1 many times, but before I go to Authentication/Authorization/Risk, let me provide a brief recap of my many blogs covering the “other services”. As I outlined in Card Linked Offers, Banks don’t realize is that just because you CAN interact with the consumer doesn’t mean that the consumer WILL. You must actually deliver VALUE if you want to capture consumer TIME. Having run 2 of the largest online banks I know what customers do. Retail Customers log in 3 times a week, check their balance, pay a bill or two and log off (180 seconds later).  Bank CEOs.. I gave my recommendation on what you SHOULD be doing in my Bank NewCo blog.

Authentication – THE Lynch Pin

As I stated in Who do you Trust,

Google and Apple are working to secure their platforms, and assume the central trust role in authenticating the consumer. I’m much more interested in the Apple’s new developer APIs than I am in the fingerprint app. How will they begin to “lock down” applications, what new authentication features will they expose to developers? How will they allow consumers to provision sensitive data to other apps?NFC Change

Hardware is evolving to software (from NFC to the SIM). …[ If Google locks down Android with a new secure OS, they will be in a position to provision Google applications (Maps, mail, search, …), identities, and cloud based services (drive, Google Now, Commerce, …).  The “freeware” model could still exist, but without the cutting edge Google services it becomes a COMMODITY HARDWARE game.

What we will see at Money 2020, is that there is an all-out war going on for the Trust role: Banks (see Tokenization), MA/V, MNOs, Samsung, retailers… everyone realizes this is the “key” to unlocking future value in the convergence of the virtual and physical world.

and in Authentication – A Core Battle for Monetizing Mobile

As Ross Anderson said “if you solve for authentication.. everything else is just accounting”. Think of how much bank infrastructure is dedicated to authentication of the consumer and risk/fraud management. This infrastructure was built over last 30 years because there was VERY poor ability to authenticate a consumer (ex. signature and possession of card) AND inconsistent CONNECTIVITY at each commercial “node” touching the transaction. Today we have complete connectivity, but the MODEL has not evolved from its archaic past.

Beyond Authentication, mobile also plays SUBSTANTIALLY on the risk side, as it enables Banks to interact OVERTLY and COVERTLY with the customer. For example a risk system could ask: is the customer’s cell phone within 20 yards of their transaction (at X merchant).  Or even issue the customer a one-time PIN (or PIN request) to complete transaction.

Perfect Authentication – A threat to Banks?

This question is very similar to the story above on EMV. The engineer in me recoils at the thought that a sophisticated technology (which decreases risk), would not be welcomed within a market. To understand WHY, you must answer the question: WHO benefits from the risk reduction? If your business is risk management, and someone takes risk away, what is your business?

If we made an inventory of payment systems (technical investment) between merchant to consumer bank we would see today’s systems, processes and rules would be DESTROYED by a future state of connectivity and authentication. I’m sure this one line statement will be questioned “prove it”, but I don’t have time.. I’ll leave it to someone else. Take this statement for what it is: my opinion.

Authentication is 0-1, Risk and Fraud deal in shades of grey. For example, if there is a CHANCE that Joe Smith is a really a the end of the transaction, and he is my wealth customer, I’ll let him in the door, see what he wants to do and then risk it based on it. I certainly won’t LOCK HIM OUT.  Another example, if I could authenticate a customer why do I need to make the transaction secure? This is the BEAUTY of the Square “pay with your name” scenario.  Why do I need tokens? Someone just needs to map consumer ID to payment types.

The very concepts of payment “products” begins to dilute. No more credit, debit, pre-paid, Amex, ACH, check, … In a world of perfect Authentication “old line” products evolve toward dumb pipes as competition shifts to speed and cost (not risk).

From Cash Replacement

Networks are designed around a value proposition.  For payments to flourish, a coordinated system of instructions which can be read by trusted participants is necessary. Providers of payment services must consider what network participants are providing in order to collaborate in risk management and settlement; the greater the number of consumers and businesses that participate, the greater the collaboration and interdependency. As more people adopt the payment system, its value increases, since it provides access to more people; this encourages larger networks. Not only do the benefits increase as the network expands, but the per unit cost of service falls. This behavior is the basis for what economists refer to as a “network effect”.

Once a payment system reaches a “critical mass”, economic value will be created at the ends of networks. At the core- the point most distant from users-generic, scale-intensive functions will consolidate. At the periphery-the end closest to users-highly customized connections with customers will be made. This trend pertains not only to technological networks but to networks of banks as well as small merchants and even to consumers who engage in shared tasks9. From a payment network perspective, this means that the “routing” of payments will provide much less revenue opportunity than managing the end points (e.g. the customer interaction or the products which are sold on the network).

…] Payment networks are inherently “sticky” with investments required by consumers, merchants, and banks for effective functioning. Payment networks also have substantial government involvement to support Commerce and Treasury functions that ensure stability, resilience and protection of parties. Innovation in payments is challenged by this network dynamic. As most small companies know, getting a bank to make a decision is tough… but nothing compared to getting 4-6 groups (issuers, acquirers, merchants, MNOs, Regulators, networks, ..) to collaborate in making coordinated change. A level of difficulty that is only superseded by the challenge new entrants face in competing directly against these existing networks.

A truely jaw dropping piece of research was completed last month by philippon_newfig1NYU’s Thomas Philippon (  http://www.voxeu.org/article/where-wal-mart-when-we-need-it).

The cost of intermediation grows from 2% to 6% from 1870 to 1930. It shrinks to less than 4% in 1950, grows slowly to 5% in 1980, and then increases rapidly to almost 9% in 2010

In other words Payments and Banking are one of the few network businesses in the HISTORY OF MAN to grow less efficient (rail, telecom, energy, …). This is BY DESIGN as the orchestrators of banking have successfully created constructs to squeeze COMMERCE. Further demonstrating that existing payment networks are incapable of leading ANY FORM creative destruction. As I stated in Commerce Battlefield

Mobile is a platform which enables a radically improved customer experience. With respect to payments it also offers a unique ability to authenticate a consumer (fingerprint, GPS, cell tower location, voice, camera, …). Yet, no banks are looking to leverage these “new” capabilities in a “new” payment system. After all, given a clean sheet of paper, no one in their right mind would design a payment system like we have in Visa/MA: present a credential to a merchant, who passes to a processor, who passes to network and routes to issuer to approve a customer transaction… giving the auth to everyone in the chain again.. and getting back another message. If everything is connected why not just ask the consumer to send the money from their bank (ex Sofort,  Push Payments also read Banks will Win in Payment ).

Why? Well because Banks can’t make money in a Sofort model.. (would need to create all new merchant agreements). This is why Banks are going through contortions to stay within Visa/MA, yet attempting to alter it fundamentally (ie Tokens). … (Also see Push Payments)

Regulation… the KEY

Payments, telecom, commerce, customer data, … all are regulated (merchants … not so much). Banks are completely justified in seeking solutions to their current regulatory burden. After all they bear most of the AML, BSA, CPFB, FED, OCC, .. burdens here. What needs to happen is that regulators must allow non-bank entities to bear risk. This is where innovation occurs. See blog US Payment Innovation and Regulation

US Payment Innovation and Regulation

A core “investment assumption” by TCH banks was that “regulators” were going to force the use of tokens in the US. As a primary means for meeting obligations under BSA/AML. The “value proposition” pitched to pilot participants was thus “regs are coming which will drive PayPal out of business.. everyone will be required to tokenize.. pilot participation means you can have a jump on everyone else.” Obviously this has not been the case..

29 Oct 2013

Short Blog.. will update next week. Sorry for Typos

Is anyone else struggling to see the logic of Bank led token initiatives? These folks are smart people.. we obviously see why they want to do it (control)… but they are smart enough to construct some kind of value proposition. It’s not as if they can MAKE every merchant and wallet service convert.

Well… this is NOT necessarily a good assumption (value proposition). I met with a few folks this week, each touched TCH SecureCloud.  A core “investment assumption” by TCH banks was that “regulators” were going to force the use of tokens in the US. As a primary means for meeting obligations under BSA/AML. The “value proposition” pitched to pilot participants was thus “regs are coming which will drive PayPal out of business.. everyone will be required to tokenize.. pilot participation means you can have a jump on everyone else.”  Obviously this has not been the case..

The Banks wanted to start with tokenizing eCommerce Cards on File (COF), as this enabled them to keep the favorable credit card mix (75%+ credit) in a new mobile world. If would have been much easier if they just pushed all of the consumers approved payment products down to Apple, Amazon, Paypal, Google… but Banks don’t really want consumers to have a choice.. they want friction and fear in debit.  This Credit on Mobile Strategy may not be a STATED goal of TCH tokens.. but it is certainly a corollary which Banks don’t care to address.

Visa/MA/Amex did an end run on Bank token plans with a proposed interoperable standard. It thus seems that the 20 odd Bank TCH token participants will give the utility to the networks, with the hope that there will be a continued credit focus. What will TCH do? Probably be a standards body of some sort, and be the token authority for things like ACH.

The ACH LOCKDOWN strategy had 3 prongs: NACHA Rules, Regulation, and an alternative. See related Post around NACHA Rules. With respect to alternative.. this is the driver of Clearxchange, a real time ACH that circumvents NACHA…

One of the Bank leaders quipped “in 5 years we hope to put Paypal out of business in the US”… implying banks could lock out non-banks in riding ACH rails. This would also have significant implications to MCX… My view is that there are ways to get around all of these grand plans IF they ever materialize (ie Bank partnerships).

All of this seems a little too smart, too complex, too dependent on regulations by a regulator that isn’t really doing much to help Banks these days.

Message to Regulators.

PLEASE DON’T FORCE TOKENS.. but rather allow risk to be owned by non-bank entities (ex MSBs) originating transactions. There are so many new ways to mitigate risk and authenticate a customer. Mandating tokens will kill innovation and keep control locked inside intuitions that innovate at the rate of glaciers.

Reminds me of a joke. Did you hear about the Bank mobile SVP that tried to commit suicide? He threw himself in front of a Glacier.

Authentication is key to unlocking billions of dollars in revenue and bringing enormous efficiency to the market… allowing for the REWIRING of Retail, Advertising, Commerce.

Regulators should not focus on payment tokens, but facilities for managing distributed TRUST and AUTHENTICATION. Allowing other entities to assume risk in payments. This may mean creating new quasi bank licenses (regulated trust authority) or a new federally approved MSB that does not hold any deposits. A first start may be to open up Fed Wire to non bank participants. With ability to take risk on settlement funds.

I actually agree with Banks in their token plans.. IF they are ultimately accountable for EVERYTHING.. they must control EVERYTHING.

 

Divide and Conquer: Commerce Battlefield

What “standards” are there in commerce?

Do we advertise in the same way? Locate in the same geographies? Price products the same way? Have the same eCommerce or mobile “store” and services?

What about Payment?

Payment is perhaps one of the few “standards” that retailers have in commerce. I had an “ah hah” moment at Money 2020. It was from a presentation by Jim McCarthy of Visa.. the theme: Visa is a model where everyone wins, and participants can monetize their respective roles. Of course I should know this.. but it really just struck me on WHY the Banks want to work within the Visa model.. if they break it.. they will no longer be able to monetize payments.

Mobile is a platform which enables a radically improved customer experience. With respect to payments it also offers a unique ability to authenticate a consumer (fingerprint, GPS, cell tower location, voice, camera, …). Yet, no banks are looking to leverage these “new” capabilities in a “new” payment system. After all, given a clean sheet of paper, no one in their right mind would design a payment system like we have in Visa/MA: present a credential to a merchant, who passes to a processor, who passes to network and routes to issuer to approve a customer transaction… giving the auth to everyone in the chain again.. and getting back another message. If everything is connected why not just ask the consumer to send the money from their bank (ex Sofort,  Push Payments also read Banks will Win in Payment ).

Why? Well because Banks can’t make money in a Sofort model.. (would need to create all new merchant agreements). This is why Banks are going through contortions to stay within Visa/MA, yet attempting to alter it fundamentally (ie Tokens). A top 3 Retailer provided me a great example “if tokens are not created by Visa/MA do I have to accept all tokens like I have to accept all cards”?

Defining the Battlefield

My real “ah-hah” came when thinking about how the Card “standard” has been managed for the last 50 yrs. Quite frankly the Banks have been playing Chess while everyone else has been playing checkers (quote from a Retail Client).

This reminds me of Sun Tzu

Whoever is first in the field and awaits the coming of the enemy, will be fresh for the fight; whoever is second in the field and has to hasten to battle will arrive exhausted

Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.

Sun Tzu – Book 6

Retailers have been playing on someone else’s field.. they have been so distracted in competing with each other.. that they did not even identify a common enemy. This has shifted significantly in the last 5 years. The payment burden has become so substantial that Retailers realize they must define their own rules and create a new network (aka field).. thus we now have MCX in the US, SEPA in EU, EFTPOS Australia, CUP/China, Interac/Canada…  This is not just the US, take a look at what is happening in the UK last week, or with Card EU regulation cross border.

Implications of Tokens

I cannot understate the business implications of tokens to Retailers, Processors, Wallet Providers, eCommerce/mCommerce companies, and Start Ups(also see Money2020 and Tokens). It will impact every company that keeps cards on file (COF), or processes transactions electronically.  What is most concerning? These entities have few existing mechanisms to coordinate/collaborate … a coordinated Bank/Network consortium is battling a bunch of unorganized tribes… and setting them against one another. The hectic activity in payments has caused a fog of war which serves to obfuscate the primary advances of the opposition. While everyone is focused on litigation, debit, mobile, MCX…  banks are moving 3 steps ahead.

Banks have wrapped tokens in secrecy (per Sun Tzu) with motherhood and apple pie stories pertaining to protection.  I can assure you that Banks are not dropping over $1B+ to protect consumers.. they are spending this to protect themselves from competition. As I said previously, Banks know they cannot innovate at the pace of Google, Square, Cardspring, Braintree, … thus they must control the battlefield. Tokens enable them to recast the battle.

The new battle surrounds data. As my friend Osama told Tim Geithner, the value of data exchange may quickly outweigh the value of risk management and clearing in payments. JPMC has even created a new DIVISION run by Len Laufer to focus on data, as Jamie would say “we have better data than Google”.  Bank Card CEOs are furious at the thought of anyone delivering value on their cards, particularly efforts by the networks themselves (V.me, Visa Offers, …). Other token drivers:

  • Control who can be a wallet provider
  • Control who can add value to a card number
  • Control how a merchant can identify a customer via a card number (See payment CRM)
  • Control how payments are cleared (ex. What they did to Google Wallet).
  • Control how and WHEN mobile payments succeed
  • Control what payment instrument is used in mobile POS payments (ie Credit)
  • …etc

Banks are so far ahead on strategy….. I’m concerned Retailers will have no idea of what hit them.

How to respond?

  • Coordinate on a plan of action (glad to assist)
  • Create a new Battlefield.. create a new set of rules that Retailers control (thus the brilliance of MCX)
  • Join MCX.. just to ensure Banks know they must take this seriously
  • Frustrate the Banks on their Battlefield… Visa/MA and the issuers are not on the same page.. help to further the rift.. ensure new rules work to the Retailer’s benefit. For example, push V/MA to create a “certified wallet provider” that can translate cards to tokens WITHOUT THE ISSUER.
  • Regulatory… push payments into DUMB PIPES. Let innovators own the risk.. give banks a pass on payment compliance, open non bank owned pipes (Fed wire)…
  • Find Banks that will partner with Merchants to deliver value. On my short list are: Barclays, AMEX, Discover and Bank of America..
  • Help Banks solve their problems through you.. help Banks leverage their data for your benefit….instead of the other way around. Amex is FAR ahead in this.. 5 yrs ahead (see blog)
  • Break the Card revenue model…. Beyond what Chase did to VisaNet
  • Ensure you are viewed as fighting for the consumer.. NOT for yourself. Banks don’t exactly have a stellar reputation these days.
  • Banks also rightly fear that Debit will move from $0.21 to $0.05 or even $0.03.. making debit the equivalent of a quasi real time ACH system. How can you incent increased use of debit today?

I have a few others that I’m not going to share.. but we have got to stop falling on the same sword over and over again.  Banks are NOT the center of commerce, just as my ISP or MNO is not the reason I shop at Amazon.

Investors.. I’m not saying to short V/MA.. I see nothing to dent their global growth.. but in US/EU.. we will see their revenue drop substantially in 5 yrs.

My predictions

  • Visa/MA will create a rule that no one can wrap their card in a token but them… after all a card is really a token for an account number in the first place. Bank token efforts will die in next 12 months.. unless they can force a strategic change… or they make a move toward a 3 party network like discover.
  • Visa/MA will start off getting feedback from all participants.. but banks will win on their rules like they always do.  Merchants will resist efforts unless carrots are substantial (card present and fraud liability shift). If issuers are NOT on board merchants know (from VBV/MSC experience) that issuers will just tweak the decline rates to make for a terrible customer experience. In the end issuers have control over how any new scheme works for its consumers.. they have an unlimited ability to frustrate Visa’s rules… or leverage networks against each other.
  • Take a look at how long EMV, NFC, … have taken. I would make the case that EMV only succeeded because of regulatory pressure.  I see no impetus for change… no business case for either merchant or consumer.  PCI costs and Fraud are already managed…
  • Mobile successes will work around today’s plastic.. This is the beauty of Square..
  • Merchants have reached beyond the tipping point of collaboration on common payment services. It will happen… and there will be implications to V/MA volume (in 5 years)
  • There is only one entity that has the POWER to change consumer behavior on mobile: Apple. It took them over 20 years to earn consumer trust through their maniacal focus on quality and consumer experience. If Apple makes a move in mobile payments.. we should all “think different”
  • Merchant friendly solutions and big data.. are red hot areas. My favorite case study here is a little restaurant marketing company (Fishbowl).. will write a blog on them this month.

Money 2020

10 Oct

Great Conference! In fact I would vote it the best networking conference I have ever attended. Kudos to Anil, Jonathan and the rest of the Money2020 team.. !

I’m backlogged and jet lagged but had to get a few thoughts out.

MCX IS REAL

I was fortunate to have lunch with Dekkers, though I can’t comment on anything relating to product, I will certainly comment on what I think is most surprising. Dekkers related that the degree professionalism and warmth of welcome has surpassed anything he has ever experienced in his career. It is NOT a herd of cats.. ! It is also not just a bunch of  interchange focused treasury guys.

Retailers are sick and tired of being handed rules by people that have no understanding of their business. They are competitors.. just as different as the Yankees and Red Sox… but they do agree on common rules .. and are determined to set them within their own “MCX” league.

Tokens

My panelist were great.. the content and answers were predictable.. hence the session was a little dry.  What is clear?

Banks want us all to believe that they support V/MA/Amex token efforts.. and this is all about security. I can assure you this story is complete BUNK!  At least from a business strategy perspective.    Card CEOs are furious at the thought of ANY ENTITY delivering value on top of their cards (see don’t wrap me):  Cardspring, Visa, MA, Retailers, Google, PAYPAL. There is an all out war to stop them.. the war is about DATA AND CONTROL and ESTABLISHING CREDIT as the primary mobile payment product.TCH Scheme

Consumers prefer debit for most POS transaction 8:1 (in Grocery).. but credit usage dominates eCommerce due to the better protections available to consumer (Reg Z) and reluctance to share debit card information online. Logically TOKENS should first extend to DEBIT in order to address these issues and ensure debit account security. Whether from action or inaction, most banks WANT to extend consumer UNCERTAINTY over eCommerce debit use into mobile.. CAN YOU BELIEVE THAT? Of course they would recast this statement “we want to deliver value to consumers [on credit] and ensure consumers are protected on mobile [using credit].. and we are making investments [in credit] to make this happen”.

Banks are investing over $1.5B (collectively) in data, offers and new ways to add value to CREDIT CARDS. However Banks don’t give a hoot about Debit (except BAC and CUs), the rest want to establish credit as the PRIMARY payment mechanism (in mobile POS payments). Their token moves are focused on protecting WHO CAN ADD VALUE TO CARDS ..  Make no mistake, token efforts are focused on protecting CARD BRANDS and the VALUE they deliver, with safety/security a distant second. Supporting Data:

  • Credit only in ISIS
  • No EMV
  • Bank investment in Data/CLOs
  • Bank investment in Tokens
  • Lack of investment/strategy in Debit
  • …etc

These credit focused banks know they can’t move as fast as Google, Square, PayPal.. hence they must stop them from adding value to cards. THIS IS THE PURPOSE OF TOKENS TODAY. Banks are seeking to create a new DATA Network that bypasses Visa/MA to deliver this value… Tokens are just part of it.

We all know this to be the case.. Bank preference for CREDIT the elephant in the room.. it’s the reason ISIS switched from Discover/Barclay card.. it’s the driver behind tokenization by an entity (TCH) that has never touched a credit card in their life. Along these lines, Jim McCarty did a great job of articulating Visa’s Value: [it’s not just about transactions, but a BUSINESS MODEL to drive revenue among network participants].  Credit drives MUCH MORE value to Banks:$0.03-0.12 /tran vs 2%+ of the SALE!

I told the bank head of the TCH initiative  “start with debit and everyone will jump on board … DEBIT FIRST is the only thing you can do to rebuild trust with retailers.. and you can do it without support of V/MA”  his answer  “what if we do both”?

My message to merchants, wallets, acquirers, mobile operators, … do nothing on tokens unless debit IS FIRST. It is how consumers pay at the POS today..  Banks are NOT doing the heavy lifting on mobile payments.. they are NOT the center of Commerce but a supporting actor.  We will never move this ball forward unless we create value to consumer and merchant.. we CANNOT operate in a model where only banks benefit and control the rules.

My view of MCX’s objective is clear and simple.. enable retailers to deliver value in a debit like model. Banks are not making investment here.. so we must find a way around them.

V/MA/AMEX Tokens

They have ALL the Carrots and ALL the control of existing rules on existing cards.. I see no way around their leadership.  The banks are very upset …

The network opportunity is to involve all commerce parties in rules construction.. a retailer said it best “Visa and Mastercard DO things to me.. they never talk to me.. they direct me.. the never listen.. they mandate… “  (see Network Tokens). Also see my blog outlining the different token strategies.

Money 2020: Tokens and Networks

Short post that I’ll update later in the week. I’ll be leading a panel at Money2020 on Tokenization, Wed Oct 9th 1:20 PST in Vegas. Joining the panel are James Anderson, Matt Dill, Dickson Chu, and Dave Fortney. Would love to have a retailer on.. and working on that still.

Tokens

Did anyone else have their mother say: “Just because you CAN doesn’t mean you Should“.  My Mom’s advice may be the most appropriate way to sum up the token “mess”.  As I related in Payment Tokenzation and Business Implications of Tokens why on earth would any merchant or wallet provider want to give up Cards on File (COF) for Tokens?  The ONLY token success stories are Plastic at POS w/  a merchant friendly value proposition: Reduce PCI Compliance. For more info, see the 2011 Javelin report on key POS Token players, also see MerchantLink’s  great perspective here in their blog.

Almost every entity below has some sort of token scheme planned. Their primary focus is on “CONTROL” not value. Can you imagine if the internet worked this way? Each site had a different token scheme, requiring you to log on to your Computer, ISP, Search Engine, Site you were visiting, Secure Application, … etc.    Who is trusted by whom? who sets security standards for what? (See blog Who do you Trust?)

Perhaps the best question to ask of parties is: WHO OWNS THE CUSTOMER? Retailer? Apple? Visa? Chase? Consumer is not owned?

token mess

I’m fortunate to work with both banks, merchants and wallets… my views are not necessarily accurate, but they are informed and can be best summarized: no one is listening to anyone else. HUNDREDS of MILLIONS have been spent here.. please stop the madness.. CEOs please have your teams solve a REAL problem first.

Almost universally, new token schemes are designed to benefit only one party. Let me take The Clearing House Secure Cloud token scheme as an example (see my Blog here).

TCH Tokens

Focus:

  • Physical POS Payments

Scheme

  • An early form of this is in patent app here
  • Wallet provider exchanges cards on file for TCH token
  • Form A (TCH Pilot)
    • Token is presented to Merchant at POS.
    • POS forwards token to Merchant processor (like Elevon)
    • Elevon translates token into card through TCH
    • Elevon then routes transaction as normal card

Other forms

  • Form B – Wallet Translation
    • Token is presented to Trust Authority by wallet service (note phone data connectivity required at POS… a MAJOR hurdle as companies like Padient discovered)
    • Wallet obtains new temporary card number
    • Temporary card number presented to merchant
    • Processed as normal
  • Form C (C for Chase with their unique VisaNet deal)
    • Token is card number
    • If Merchant is a CMS merchant, Card routes through JPM’s version of Visa net
    • Unique capabilities
  • Form G (G for Google)
    • Token is a card number – Issuer is google
    • Merchant runs transaction as normal
    • Google acts as issuer receives authorization request and routes to selected card
    • After receiving authorization from funding card, google authorizes transaction
    • All works beautifully today.. but my friends at Mastercard pulled the rug out from under them after issuer complaints. Issuers make all of the interchange they did before, but don’t like being wrapped. They also don’t like the data leakage and the fact that this impairs their ability to offer unique services (10% off at Kinkos).
    • Note: this scheme has a value proposition for everyone.. and banks still don’t like it… Google looses money on every transaction.

Now imagine you are a wallet provider… Google is a good example since they are now on all Android and IOS phones…. TCH tells Wallet Service: give me your cards on file and I’ll give you a token…. Wallet Service asks for business case:

  • Fraud? Well given the poor adoption of mobile POS payments there is no fraud problem right now
  • PCI compliance? Already made that investment.. not a problem
  • Cards on File? I still need those because of Google Play and digital goods, Tokens are useless here
  • Banks auto enrolling all of their customers to use my wallet? Well that would be nice, but banks can’t commit to that.
  • Card present rate discounts (maybe in the future with no commitment)
  • Liability shift? yes, we think we can do that.
  • Complete dependence on a bank service with poorly defined rules for every transaction… yep
  • Ability for banks to choose customer’s payment product whenever they want (ex Debit to Credit)? Yep..
  • Broken customer experience… yep
  • Single channel solution only (POS) with a remaining need to keep COF for eCommerce/Google Play? Yep
  • Get to see transaction data…? No way.. you don’t get to see this anymore

Token Success in Mobile

As described above, Plastic Token providers like MerchantLink are successful because they deliver value to the merchant. There are mobile token successes, most notably Starbucks … soon to be Square (see Interpreting the Square-Starbucks Deal). Most of us use the starbucks mobile app to pay for our coffee.. it is a token for the payment instrument behind it. Why is Starbucks successful? Value to Starbucks: Loyalty, customer insight, … Value to consumer: improved commerce experience. Notice that I did not talk about banks or mobile operators.. all other intermediaries need to be in the background (ie white label).. they have no business injecting themselves in Starbucks customer experience. People don’t go to Starbucks because of their debit card brands.. they go there for coffee.  Wallet providers want to enable a generic platform for 1000s of Starbucks like experiences.. card companies want to stop them.

Something has to Change

Visa rates

Banks don’t orchestrate commerce… they are a dumb pipe payment service that cost far more than the value they provide. The greater they work to control the existing pipes, the greater the business case is for going around them, or regulating them into submission.  Retailers are fine with allowing them to offer open loop credit, but not forcing them to accept fees for credit acceptance. If Credit cards add value then drop the accept all cards rule.

From a network perspective the proprietary linkages are obvious indicators that a massive change will occur toward standardization, least cost routing and dumb pipes. My bet is that a new AUTHENTICATION provider (like ?Apple?) will be the tipping point where we begin to see substantial change. Payments work today.. but the costs of payments are primarily borne by merchants (particularly small ones). The bank that can construct a merchant friendly value proposition will win and have a significant lead on peers. My bet is that Amex is best suited to execute here.

G2 This Week

  • Paypal set to by Braintree/Venmo
  • Paul Gallant takes role as CEO of Verifone, was head of Bank/TCH token consortium and head of new “Emerging Payments”  at Citi. Talk about a projects.. good luck Paul.
  • Facebook enables autofill with a portfolio of providers (Braintree/Venmo, Stripe, Paypal). Paypal seems to be a partnership afterthought. General theme: if consumer has cards in your wallet, we will ask you for them to autofill the merchant. I love this approach, but don’t quite see how wallets will make any money here… merchants are not changing their processors. Winner is consumers and Facebook.
  • Google wallet off NFC only and on IOS. See google blog.
  • Square is in the midst of a capital raise. Rumor among institutional investors is that it is a net down round … and includes restructuring of existing investors.
  • Apple’s new phone and OS.. See Bluetooth Low Energy/Beacons What does this Mean?

 

Not on my Rails

We now see network resistance “Not on my rails”. Why on earth would Visa or MA want to let a Token ride on their rails? Perhaps the best example of “Rail” ownership is First Data’s refusal to support routing and processing of any Paypal/Discover BINs

In last year’s post “Don’t wrap me“, I described how issuers were responding to having their cards “wrapped” by Digital wallets and new Plastic aggregators (Serve and Paypal). Examples:

railroad_tracks414

  1. Paypal’s plastic. MA established a Staged Digital Wallet fee of 35bps, when its card brand was not used at the POS, but was the funding instrument for the transaction.  Amex and Visa also pushed back, although I don’t have details on rule changes here, they made clear that they wanted their brand at the POS.
  2. Serve. Hit by similar issues above,
  3. Google Wallet/Plastic. Visa reportedly issued a cease and desist to Google at the behest of Chase (See NFC Times)

All of these wallets (Virtual, NFC, Cloud, …) led issuers to wonder “what card is top of wallet”?.. and how does a customer select my plastic. Issuers have been (to date) the drivers of rule changes and resistance. They seem much more concerned about one physical plastic card wrapping them (ie Serve and Paypal) than a virtual wallet, but they are also very concerned about data (see blog). Letting a new intermediary see transaction data (and add offers/services on top of them). In other words “DON’T WRAP ME” (see blog Paypal at POS).

Issuers subsequently got together and developed the concept of tokens (see Business Implications of Tokens). The summary: IF issuers had the opportunity to give the customer an account number in a digital wallet. Why would it be a Mastercard, or a visa card number? They are thus working on a system for distributing 16 digit tokens which they own and control (see Secure Cloud PR from TCH).

We now see network resistance “Not on my rails”. Why on earth would Visa or MA want to let a Token ride on their rails? Perhaps the best example of “Rail” ownership is First Data’s refusal to support routing and processing of any Paypal/Discover BINs.  This means that every new “Home Depot” or “Jamba Juice” Paypal signs up must be serviced by a supporting processor (like Vantive).  Making your merchants switch processors in order to accept a more expensive payment instrument (240bps compared to debit pricing of $0.07-0.12) would seem to be a difficult sale. Quite frankly I didn’t see the weakness of Discover’s 3 party network until now.. it only acquires directly for top 100.. and is dependent on many other acquirers. Amex does not have this problem… paypal home depot

My guess is that Visa and MA will also throw up walls soon, but not sense in doing it now.. let the banks work feverishly to build a token machine.. only to find out that the tokens don’t fit in any “slots”.  The only bank globally to have worked all this out is JPMC with its new Visa deal, which bifurcates VisaNet to a new Chase version. Of course the other issuers will eventually ask for same… but these are 5 yr cycles.. All of this means V and MA will continue to rule the mainstream, and that any new competitor must have network control, issuer control and merchant control.

End Game

These rule and ownership battles make my head spin. Investing in this space is not for the faint of heart.  Perhaps the best way to really “change” payments is to first ride existing rails and establish a fantastic consumer/merchant value proposition .. THEN move that solution to a different network… or better yet enable a switch where payments are cleared on a least cost routing basis (like switching IP traffic).

Hopefully the Venture Community is aware of these pitched control battles: Network, wrapping, secure element, trust, card present, tokenization, … But information certainly does not flow well here. Just this week I learned of a start up about to launch a new P2P service built around Visa Money Transfer … allowing a user to “instantly” move money to another account.  Unfortunately they didn’t read my 2.5 yr old VMT Blog, or ensure it would work at ALL of the top 5 retail banks.

… I don’t have time to lay out the scenarios here.. but I like investment thesis that recognize DEBIT as equivalent to ACH…new rules may bring cost down from $0.21 to $0.07… Although PIN Debit and Signature debit both cost the same),  PIN debit is not routed through Visa/MA and operates under separate rules. For example, I love the way First Data and Cardspring are leveraging STAR for non payment data.. without any issuer participation. a VERY good model. Thus I see PIN debit as a ripe area for both for merchant led payment products, and for new bank products.

Issuers are just fuming over the fact that AMEX is completely untouched by Durbin and EU SEPA pricing.  Which is why I see Wells Fargo’s move to Amex as “possibly” strategic… is wells switching railroads? with a first “test” of affluent?.

Payments Part of OS: What does that mean?

Payments in the OS is perhaps best described as the intersection of the 2 major disruptive forces at work: Connectivity of Consumer and Merchant during shopping and purchase, Authentication. As I outlined in Cloud Wallet, it makes little sense to store anything in the mobile phone. If everything is connected, I should just need to authenticate my identity and payments, promotions, reminders, receipts, … everything else could happen in the background. If everything is connected, the nature of payment settlement risk changes (see credit push).

28 July 2013

Continuation of Friday’s Blog BIG Changes to NFC: Payments Part of the OS.

In 1996, I remember launching the first Client Server application for FirstUnion (Smalltalk, OS/2, Win 95).  I had left NASA just 2 yrs prior, and having a Sun Sparc, connected to Arpanet on my desk since 1987 had spoiled me..  The Win95/LAN environment was not designed for engineering… it was a poorly assembled toy for business. It didn’t have native TCP/IP in the OS, actually Microsoft itself didn’t even offer the protocol, I had to install a third party vendor stack on over 2000 PCs around the bank.  Hard to believe this was just 15 yrs ago.. MSFT seems to have embraced a few changes since then, and what was “outside” its platform is now part of it.

The same platform “integration dynamic” can be seen in: video boards, laptops (remember the external slots), mobile phones (Cameras, Bluetooth, Wifi,…), and now NFC from a dedicated NXP chipset to Integrated chipset (ex Broadcom BCM43341, plus firmware).  Most of my readers are not hardware people, so in layman’s terms.. dedicated hardware and software are merging into integrated “platform”.  Mobile phones are thus evolving. from telecom, to Toy, to entertainment, to COMMERCE CAPABLE, connected, devices beyond the browser.  For those interested in reading further, one of my top 10 business books is PLATFORM LEADERSHIP, a tremendous read.

The title of the book above is a great transition into the meat of this blog: Platforms require leadership.  Apple needs no lessons here, as they view stewardship of hardware, design, OS, app store, experience as core to their company. The “distributed” innovation model is akin to WINTEL, where generic industry standards were set, and again we see a core group (this time Google/Samsung/MOT) leading definition of a new platform, against a vision of MNOs (who customize and subsidize Android).  As hardware becomes a commodity, differentiation shifts to orchestration and network applications, this requires a central “orchestrator”.   MSFT itself shifted into this role in PCs, but Orchestration success is dependent on the number of nodes you touch.. and MSFTs nodes are still PCs, thereby allowing Google and Apple to more rapidly gain on their already advantageous positions.   

One way of look at the chaos in payments is to see existing players attempt to create an orchestration role across platforms. Google did this in PC search in 02. Payment Clusters attempt to leverage old nodes (Cards) and current market position to form a new orchestration role (or platform) where others will coalesce (ex: See Network War). Examples: Telecom and ISIS, Visa, Amex, US Banks, Retailers and MCX, Google, Apple, Qualcomm (old),  (links for each of my blogs discussing).  For example, existing beneficiaries of current interchange model are working to retain their 2% tax on commerce (in consumer credit). Among Payment Players, Amex is furthest along here, as they can uniquely help merchants know who their customers are … and market to them.  Visa is working to build services around cards to increase “stickiness” and barriers to entry/change, Banks and retailers are working toward the same goals. All participants realizing that payments in and of itself is a rather ubiquitous service with many different options. The central problem for all of these initiatives: a SUCCESSFUL PLATFORM must deliver value to ALL participants. For Payments, the problem to be solved is COMMERCE.. a rather long process of which payments is only the last, easiest part.  Network Clusters

Focusing on payments, the NFC “platform” provided a way for a telecom/TSM to “control” a user’s data, and a radio on the phone. NFC is great “walled garden” strategy for the MNOs.. but why would anyone want to support an MNO holding the “Key” to mobile commerce? MNOs created a great technical solution without a supporting business model (see Carriers as Dumb Pipes). Mobile is uniquely positioned as the point of confluence between the virtual and physical world, a platform of untapped value to date.

Commerce Services

As I stated Friday, Mobile Platforms (Apple/Google/?MSFT?) recognize the key to margin in an undifferentiated hardware world is in Orchestration/Services. Platforms can’t afford to give the keys to this Platform away to anyone, and are thus integrating all commerce functions into the platform.  Take for instance the service of AUTHENTICATION, this function is critical to both physical world commerce and virtual world (cloud access, pictures, music, online services). Commerce services from advertising, to in-store marketing, and obviously to payment. Thus Google/Apple’s M&A and R&D activity in the space.  Diagram_android

Many of my own “bets” are locked up in the “other services bucket” within the platform, and therefore I’m not able to comment much further here. But as an example, think of the primary categories: infrastructure HW/OS (legacy telecom, embedded SIM/HW mgmt, authentication, location, connection management, secure storage, data management, authorization…), Platform Services/APIs (Administration, Service provisioning, data access, hardware access, service access, location, preferences, payment, …), Core Platform Apps (ie Passbook, Maps, Wallet, …), 3rd Party Apps,

Example Future View – Transit

Today, the top success stories in Transit are Octopus/HK, Oyster/UK, EZ-Link/SG, and Suica/JP. All have a version of mifare compliant interface in transit station gates, with a dedicated card (Japan/Suica  can do mobile top up/reload).  Today all are experimenting with NFC/TSM model. In future “platform” all will be able to create an app on phone to access radio capable of MiFare communication, simplifying the creating and testing process without a hardware NFC dependency or TSM.  A GREATLY simplified development process. Further, given that Platform’s like Apple have existing payment instruments stored, funds could be either transferred into a dedicated stored value account prior to ticket purchase, or authorized on the underlying payment instrument at time of purchase. NFC solves NONE of these funding problems.. it only solves a single secure “presentment” problem.

Example: Store Checkin

Today with Square, Foursquare and others you “check in” to a business, either though GPS, wi-fi or QR code scan.  Similarly Target, Macy’s and other retailers have developed custom apps to enhance in store experience. Its hard to imagine loading an app for every retailer you deal with, or even using the app for any one of them. With future platform services, consumers could publish rules for merchants and store applications leverage a broader set of “platform” services which may include customer insight.  When you walk into any store, a future retail application would give you relevant information depending on your preferences. Platforms will support store branding and communication, enabling a much broader reach (no app install) and capability (insight, payment, ). In this future, the “Platform” is taking on an orchestration role independent of the store you are in. The platform is a working on your behalf, but also transparently supporting retailer objectives. Today, we see Target mobile delivering a price comparison application that doesn’t compare prices. Is there any wonder that usage suffers.. ?

Not Mobile Payments…  CLOUD PAYMENTS

Payments in the OS is perhaps best described as the intersection of 2 major disruptive forces: Connectivity of Consumer and Merchant during shopping and purchase, Authentication. As I outlined in Cloud Wallet, it makes little sense to store anything in the mobile phone. If everything is connected, I should just need to authenticate my identity, allowing requestors cloud access to: payments, promotions, reminders, receipts, … everything else could happen in the background. If everything is connected, the nature of payment settlement risk changes (see credit push).  iPhone-6-Fingerprint-Detection-And-Apple-Release-Date-Rumors

Payments in the OS presents a disruptive opportunity for banks. If there is going to be a PAN (“number”) in the iCloud or iOS why on earth would Banks want to make it a Visa or Mastercard? This is yet another reason they are working on Tokens.. to ensure control of the process.  Problem is that for a new “token” scheme to gain adoption, is must deliver increased benefit to: merchant, consumer AND to the Platform. Bank token advocates will say that the benefit of mobile payment is that the consumer would never need to see the PAN, and thus Consumers do not need to be incented.  Even if this is the case, they must still incent merchant and Platform, particularly when Apple ALREADY HAS the PAN.  In their tokenization efforts, Banks are attempting to resurrect the TSM role, to justify their payments revenue.

However, my view is that IF authentication is owned by the platform, there is very little that banks can do to retain their fee. Just imagine a world where the retailer could proactively offer store credit based upon an individual’s data and behavior (accessed through platform). Where open loop cards displaced store credit 25 yrs ago, the forces could be easily reversed, enabling a new breed of consumer credit companies which support merchants. Banks are working to add value to their existing 16% interest premium credit product which costs merchants 250bps. Merchants may be well positioned to capture all of this revenue, if they had the data (and platform) to make this a seamless experience.  My personal bet is that we will first see a new credit card product which will offer a greatly enhanced value proposition to both consumer and merchant in exchange for consumer data sharing. This product would completely disrupt existing cards.

POS –> CRM and Digital Marketing

We can also see the new opportunities for Payment Enabled CRM when a platform can work with retailers. Leaders here are Square, Levelup and Fishbowl.   The “platform” works before the checkout.. here the key is consumer insight for targeting and relevance. Consumers will only pay attention to “items” which deliver value.

Closing Thoughts – Commerce a very BIG and Broken Market

Commerce is a very, very big market (see $1.46T non-grocery US retail sales, 2013 Deloitte Global Retail Study). US eCommerce sales last quarter were $61.2B, or an annualized $245B, making eCommerce just 17% of non-grocery and 5.5% of total Retail Sales (see US DOC).  Digital Ad Spend is over $100B globally, with the US taking about 40% of that. Google alone accounts for over 40% (eMarkter) and over 50% of mobile (eMarketer), with self reported revenue of $14.1B for 2Q13, (US 45% of Rev).digital ad spend

Looking at US numbers alone, there is ~$750B in total marketing spend (see Chart). Why is digital marketing only 5% of total non grocery sales? Note that this figure is off by 2x as a very large portion of online spend is by service providers (banks, tree cutting, accounting, ..) and restaurants. These 2 categories are not part of Retail sales.

My view on why more marketing spend is not digital:

  • There is no CROSS CHANNEL marketing.  Online ads are most effective when there is an online purchase (or at least most effectively tracked).  Advertisers typically don’t advertise online when products aren’t sold online.
  • Amazon/eBay and other large companies have locked up a substantial portion of eCommerce.
  • Digital advertising is fundamentally BROKEN (when was the last time you clicked on a banner ad).
  • Madison Ave is bypassed as most companies go direct, or use specialized agencies. “Brand Advertising” is big and sticky… big corps like to spend about what they did the year before.. independent of what value it is providing to the organization

 

US Marketing Spend

 

 

CEO View – Battle of the Cloud Part 5

There is a payment cluster war going on right now and it is the subject in the C Suite in Banks and the Payment industry. The battle is happening at every level. I’ll be leading a panel at Money 2020 which addresses several of these items, with participation from V/MA… should be interesting. Here are a few updates.

22 July 2013

This post is a continuation/update to my post back in March Network War – Battle of the Cloud Part 4. Sorry for typos.

There is a payment war going on right now and it is the subject of C Suite strategy talks. The battle is happening at every level. I’ll be leading a panel at Money 2020 which addresses several of these items, with participation from V/MA… should be interesting. Here are a few updates.

Network Clusters

Network/Routing/Rules

  • $8B Revenue Impact. I apologize to my EU readers for my constant US focus. Let me break the mold now to emphasize the earth shaking changes going on in the EU (See today’s NYT blog, and today’s WSJ). Going from 250bps + cross border fees to 30 bps will be tremendous, and may set a precedent for the US litigation between Visa/MA and top retailers.
  • EU provides a glimpse at what a world of payment “dumb pipes”  and least cost routing looks like (see Blog Payments Innovation in Europe).  Canada and Australia also follow these lines in debit (see Blog). Also see my favorite case study in Europe  Sofort – ECB analysis, and Push Payments.
  • Networks, and their members are reacting to regulation and positioning themselves (individually) to “push” their respective vision of innovation in order to protect their brand and network (see Visa Money Transfer, and Visa Portfolio Manager). I don’t mean to limit this to just Visa and Mastercard (see picture, and blog).
  • New networks are forming (see Blog on Clusters)
  • Large issuers like JPM have successfully forced Visa to break/segment its Visa net, and run under unique JPM/CMS rules with new capabilities. Visa’s CEO comments to investors: “rules must be consistent with Visa”..  My view is that this is a major crack in Visa’s network ownership (see Golden Goose on the Menu).payments pyramid
  • From a wallet perspective the rules on “wrapping” are killing much innovation (see don’t wrap me). Top issuers are actively working to inhibit wrapping of their payment products (ex Mastercard’s staged digital wallet fee of 35bps on PREVIOUS years volume of over $50M..  which only impacts paypal).  Similarly Amex and Visa are working to ensure their cards are not wrapped.
  • Rules are being issued and ignored, from Visa Money Transfer to EMV (see below). Banks tell Visa “do you want me to write the waiver or will you send it over… as we are not going to do this”.. which is one reason JPM just created its own unique rule set. Similarly US merchants face a liability shift (on to them) if they do not accept EMV cards (chip and pin). All are playing a game of chicken as no one wants to re-issue plastic. Visa has created a new type of EMV, chip and SIGNATURE, which makes absolutely no sense at all, but helps them keep customers away from PIN (which Visa despises, but everyone else loves).
  • Cross boarder fees (see blog). As 20%-30% of network revenue moves to these fees, it is becoming a substantail pain point for global banks like Citi, HSBC, Barclays, .. A big topic I can’t fully cover here

Issuance

  • US Banks are spending 90% of their time in innovation around Credit Cards. Exception is Bank of America and to some extent my old team at Wells. In either case the banks have hit a wall, and recognize that innovation can’t happen in a 4 party network. American Express is 5 years ahead of them and they can’t catch up.. they must change.
  • The NATURE of card completion is changing in both credit and debit. Traditional Payment revenue is being REGULATED AWAY as payments become “dumb pipes”. The goal most have recognized is that the real value to be unlocked is in commerce data, particularly Payment Enabled CRM (see blog). Examples of just how focused this effort is: 22 Banks working in Secure Cloud, ~$1B in Google Wallet Investment,  ~$500M in ISIS investment,  JPM just hired Len Laufler (former CEO of Argus Data) to be the new CEO of Data in Chase.
  • Banks thus need to build a network which can accommodate both payments and “other data” which they own and control (like Amex)… hence “tokenization” (see Blog, and TCH Announcement).
  • Tokenization is currently going nowhere.. but it is “impacting” the industry and many start ups as banks and networks position themselves (see JPM/Visa Blog, Start up implications).
  •  Visa and MA also have their own secret token efforts. Merchants have a much better short term win in this approach with a liability shift and reduction in interchange, but they also know from past experience that if the issuers are not on board, there will be a much broader business impact in declines (see VBV post, and Visa’s Token Strategy).
  • Retailers are attacking from below. Bottom 40% of mass market customers are not profitable for banks (Durbin related items ranging from NSF fee changes, to debit interchange) . These customers are profitable for retailers like Walmart, Tesco, Target, .. (see Blog).
  • Telcos have a chance to own a new payments network, as they have both physical distribution, customer relationship, connectivity and device.. but they are focused on controlling a handset in a walled garden strategy. To succeed they must refocus efforts on COMMERCE, which means partnering with all participants to construct a value proposition (see blog).

Acquiring

  • The first hurdle of any “New” network is to get the merchants and acquirers on board.
    1. This is NOT going well for companies like Paypal … hence the complete failure of their DFS partnership (see blog). Specifically, there is at least one major acquirer which is refusing to route traffic on any of these new Discover/Paypal BINs, as well as at least 2 major retailers. Although Discover is a 3 party network, they only acquire directly for their top 100 merchants. Therefore Paypal must “incent” and negotiate with every single other acquirer AND merchant.
    2. Chase is working to build a new CMS acceptance brand, which will be different from Visa.
    3. Retailers are building their own network (MCX), and have hired Dekkers Davidson, a tremendous executive, to lead it.
  • Roughly 60% of acquiring profits come from bottom 30% of merchants. There are small independent merchants that are paying over 5% in acceptance fees thanks to the poor transparency within the ISO sales process. Companies like Levelup and Square are changing this (2.75% flat, or free if you commit to marketing). I’ve eaten my shoe on Square, as I never fully understood how badly the ISOs were treating small independent retailers. Their solution solves a short term pain point and also improves customer experience.
  • Acquirers are making POSITIVE headway in merchant friendly services (see blog), particularly helping merchants “merge” consumer data to gain new insights for loyalty and incentives. They are challenged to quickly ramp up this services revenue, in order to overcome the new aggregators acting on the side of small independents (ie Square).

POS Acceptance

  • Has anyone seen the graph of Verifone’s stock? Market cap of under $2B. A hardware company that could not adapt to a software world. At the bottom end they are being eaten by free Roam/Square dongles at the top end are facing integrated POS Terminals from IBM/Toshiba and Micros. Dedicated payment terminal are commodities, and thus suffer from commodity like competition. Grand hopes for re-terminalization with EMV and NFC are not happening (see blog). New dongles and mobile acceptance infrastructure is developing even in the complex EMV space (see Tedipay.com )stand
  • POS strategy centers around data as well. Google’s Zave purchase has given them opportunity to help retailers focus advertising and eliminate paper coupons independent of payment network. Other leaders like Fishbowl and Open Table in Restaurants have integrated into the POS. The BIG idea here is to integrate the POS to the cloud and Google is now 5-7 yrs ahead of everyone (2 yrs engineering, 2 yrs IBM Certification, 3 yrs to sell and test w/ retailers, +++ yrs in content/ads/targeting).
  • Square’s new Stand is an integrated payment, POS, inventory management, CRM, marketing and loyalty system.. all on an iPad.
  • Payment Terminal “software”. Verifone’s Verix architecture and equivalent schemes have failed. Idea was to allow 3rd party developers to create “apps” for a non-secure space in the payment terminal. For example, 2 years ago, Google’s first version of wallet leveraged NFC to communicate “coupons” to the payment terminal, which then relayed to the POS.  Problems are obvious..  A grocer like Safeway has 2,000 person development team around their IBM 4690 POS, guess how many engineers support the payment terminal? NONE. They don’t want apps on a PCI compliant payment terminal.. it goes beyond question of who will manage them. Also note that payment terminal interaction with the POS is simple today (payment request and authorization).  There is also significant development work to RECEIVE coupons from a PAYMENT Terminal.

Services

  • This section could fill a book, so I will make this brief. All network participants are working to deliver services. The 4 party networks cannot innovate. For example, take a look at my very first blog, topic was Googlization of FS. Visa built an offers services with Monitise and Clairmail 3-4 yrs ago, but the large issuers refused to use it, preferring to innovate themselves. Another example is V.me, a topic which makes Card CEOs red faced. These points exemplify the dynamic w/ V/MA and the large issuers.. Issuers want to dumb down the pipes and limit services, V/MA want to grow them and relationships with consumers.
  • Current state is myopia.. everyone is working as if they uniquely own the customer. Banks and Card Linked offers are top example. When you go into a bank branch, do you want to buy socks? dog food? Of course not! Banks have great data but they are in no position to run an advertising campaign. I’ve run 2 of the largest online banks in the world (Citi and Wachovia) and can tell you retail customers spend about 90 seconds with me, they log on check their balance make a payment and leave. They don’t stay around to click on coupons. Commerce, and retail, is in the midst of a fundamental restructuring as online and off line worlds converge in new ways (beyond show rooming).
  • Payments are just a small part of the overall commerce value chain, yet they have by far the highest cost. The proposed 30bps EU fee cap may occur in other markets, thus banks are working feverously to build services to replace this revenue (primarily around credit cards), with CLOs largely failing to deliver value (see blog). Yesterday we say Ally Bank discontinue Card offers, following Amex last week.