Google/Mastercard.. The new Oil or Uranium?

Bloomberg published a thorough article today on Secret Google/MA Deal and how the data is used in attribution (I wrote about this in May of 2017 Payment Data and Google Attribution). Attribution is big business. Most marketers still grapple with the old adage “Half the money I spend on advertising is wasted; the trouble is, I don’t know which half.”. Accurately closing the loop between advertising and incremental sales allows marketers to know what is working and what is not. As outlined in Bloomberg,

“Beforehand, the company received $5.70 in revenue for every dollar spent on marketing in the ad campaign with Google, according to an iProspect analysis. With the new transaction feature, the return nearly doubled to $10.60”.

The GREAT news is that cards are an instrumental part of helping retailers improve the marketing! The bad news: inconsistent controls, “leakage” of payment data, concerns over consumer privacy and the raw “power” google and FB have in gaining further “data advantage” over everyone else.

Summary

Attribution and “closing the loop” is a strategic priority for Goog/FB because when you know what’s working, you can optimize spend and double marketing ROI. We have seen the same thing at Commerce Signals as we measure the sales impact of client ads outside of the walled gardens. The economic value created is a tremendous opportunity for banks here.
Google has “access” to 70% of US transaction data through Mastercard, 1-2 participating processors, a bank data aggregator, and retailers sending data to Google directly (last week’s blog). However, there are substantial issues with granting Google/FB ad hoc access to payment data. While there are no doubt agreements associated with access and use, the data owner has given up control and thus placed themselves at unnecssary risk.
Commerce Signals provides this same closing the loop service in a way that allows the data owner to maintain full control and protects re-identifcation of private consumer financial information.
Trust is the core of both banking and marketing. All parties should be able to report on WHO is using their data and HOW they are using it. This requires transparency (and auditability).
Building great consumer experiences take collaboration. Collaboration will be the center of all future payment networks (ex Alipay). Commercial networks are transforming – a process which will unlock $2T in value. (Small Wins and Transformation of Commercial Networks)
Data has been called the “new oil”, I would posit that it is the “new uranium”. While great power can be unleashed by refining it, you must control how it is disseminated and used… or it will everyone will be at risk

Transparency and the 3 Rules of Data

There are 3 basic rules to consider for any party participating in a data exchange

Right to have the data
Right to use the data
Right to share the data

Transparency is critical to creating trust and enabling data. To be clear we have no relationship or business with either Google or Mastercard and I have no knowledge of the precise architecture, my educated guess on the structure is below a purely “hypothetical” design based upon experience.

Mastercard sees transaction data, but has no consumer information tied to it. In other words they only have the Primary Account Number (PAN) and no nothing else about you. Within 4 party networks only issuers have consumer information. V/MA schemes are designed to protect consumer anonymity through to the POS. However, there are agents that can map a consumer to a PAN, either through seeing things like online transactions (where you put your name and PAN to order goods), credit card bureaus, …etc. These entities can help holders of PANs map to an anonymized ID. These anonymized IDs in payments are also held by advertisers. Each party has a “unique” anonymized ID and can’t coordinate with each other without the “key pair translator”

DATA “COLLABORATION” WITH WALLED GARDENS

Google and FB. The issues in making payment data work with Google and FB are the data rules set by Google and FB: they do not let data leave their control (ex media exposure files). Thus data must go INTO GOOGLE. The 3-4 yrs of delay in MA/Google operation would likely be surrounding where the Google Data and MA data would collectively reside. Google is in a place to financially take risk on this, and my guess is that payment partners (like MA) have agreed to a “white room” where their payment data resides which can be accessed in a controlled/structured manner by Google.

Consumer information leaving Mastercard: Contractually none as they probably maintain “ownership” of the neutral white room (perhaps a separate legal entity). There are also likely controls placed upon the structure of analysis (example cohorts must be greater than 50 matched consumer records) within an operating agreement.

Issues: Google has ad hoc access to payment data within a set of rules. My rule #3 (right to “share” the data) may be broken here as permissions must be granted by either: the consumer, merchant, or issuer (depending on data). Standard questions anyone should ask on this architecture:

Who created the operating agreement?
Who granted the permissions?
Who is managing the controls?
What auditability is granted to the impacted parties?
Who bears the risk of breach?

Banks and Merchants (the advertisers) must be able to clearly communicate: who used their data for what purpose? For example, while there may be aggregated data controls, what if Google asked the same question for a group of 50 buyers of Joe’s sporting goods, and then changed the cohort by 1 person (Tom). They would know what I bought during the time period.

Federated Data = Controlled Use

At Commerce Signals we do not have any payment data inhouse. We recognized that for data to be controlled it must stay within the premises of the owner, it can only be released if you understand both WHO is requesting the data and HOW it will be used. All data exchanges are tracked and operate within defined terms and agreements. If agreements stop, so does the data flow. We ask our financial partners a question that like this:

For this group of 1M consumers. What was the total spend of this group during the period before the advertisement and what was the total spend of this group during the media period

Consumer level information leaving financial partner: None. Just the aggregate spend of the group of the 1M. As a neutral party we hold no consumer level payment data, or ad exposure data. We provide all parties with transparent view of both USE and permissions. The only way to make TRUST operaterative in networks is to have a neutral party.

In our Joe’s sporting goods example (above), Commerce Signals monitors ID velocity, and takes actions based upon the direction of the data owner. We work as the neutral traffic cop that enforces rules of all parties. We enable quality data to play with transparency. For example, we recognize that ID partners must be able to have clarity into how their information was used (example PAN to ID mapping). While ID agents may permission a mapping for the purpose of aggregate measurement, they may choose to defer on others. Enabling ID partners to permission use improves the market for deterministic ID providers (vs probabilistic). Tracking use also allows Commerce Signals to manage opt outs across multiple partners and ID providers consistently.

Data has been called the “new oil”. I would say it is rather the “new uranium”. While great power can be unleashed by refining it, you must control how it is disseminated and used… or everyone will be at risk. This is our business at Commerce Signals.

Industry recommendations:

Quality data can only play where there is transparency and control.
Retailers should view measurement and optimization as a core IN HOUSE responsibility. Card Networks and merchant processors are great partners to accomplish this with no work on your side. You can enable the same optimization described in the Bloomberg article across all of your marketing.
Google and FB must recognize that payment data is of greater sensitivity than ad exposure data. While 3rd party data partners have been curtailed, 1st party data is greatly accelerating. I believe consumers will be shocked to find out that their real time purchase information is made available to Google and FB. While there is an immediate media effectiveness impact in turning this on, there are better ways to accomplish it.
Retailers should recognize the double edge sword of data sharing with Google. While it does improve marketing results, and they can write very big checks, it also leaks consumer preferences.
We are at a Data Tipping Point (blog) where all parties must be accountable for HOW data plays with WHOM for WHAT use. Create a mission control for all of your data interactions. Who is using your data today? It is your data, and it must operate under your rules (more here)
Banks… must work to ensure transparency of data use, and that the actors participating abide by the rules (see my Bank Recommendations)

Rewiring – Part 2: Walmart+Goog, Amazon+Whole Foods, …

I’m taking a rather abbreviated approach to blogging today.. as most of my key points have more detail in my other posts. I’ll just link to my old posts and focus on a few new thoughts. Continue reading “Rewiring – Part 2: Walmart+Goog, Amazon+Whole Foods, …”

The Ledger.. and a new SWIFT Killer?

Money 2020 was a little short on big announcements. My #1? Visa/Chain announcement. Chain will open its entire platform (software core) to developers enabling distributed innovation (ie investment) by hundreds of start-ups and bespoke networks looking to connect. My #1 bet is that the first focus area for Visa/Chain will be in replacing SWIFT. For those not familiar with the intricacies of global commercial money transfer via SWIFT see my youtube video.

SWIFT is a global messaging network that enables all member banks to communicate in common language, it handles no funds, nor does it manage settlement. Swift sends standard messages to banks to settle funds. In the SWIFT model the instruction is normally sent by the originator of the payment to a beneficiary. Originating banks can determine which set of correspondent banks to use (think routing control).

Visa and Mastercard are also messaging networks (see Structural Changes in Payment, and Real Time Payments). The short summary of these blogs:

Real time gross settlement (RTGS) is only possible if all parties have funds in a common settlement entity.
Fedwire, NYSE, ..have real time settlement as all “members” have funded accounts for a net settlement (think daily margin calls).. but all other US payment networks are messaging only, with settlement handled as a (daily) back end process.

The idea of Blockchain “replacing” SWIFT is not new, Ripple has been working with Santander, Bank of America and others (see Finextra). Ripple is both messaging, and real-time gross settlement system (RTGS in XRPs). Ripple’s messaging is called the Ripple Transaction Protocol (RTXP) or Ripple protocol, it is built upon a distributed open source Internet protocol, consensus ledger and native currency called XRP (ripples). Think of Ripples as a private bitcoin. One of the most common criticisms of Ripple is that Of the 100 billion XRPs created, 20 billion XRP were retained by the creators, who were also the founders of Ripple Labs.

Chain on the other hand is blockchain infrastructure (great WSJ article) open for innovation. Chain powers distributed ledger(s) for multiple uses. Think of Chain as enabling each bank to have a local copy of a indisputable record… an incorruptible and infallible accounting ledger. Fund transfer certainly needs such a record, but for “accounting” to be effective there must be trust and settlement. Note that Ripple handles this settlement problem (XRP ownership ledger) trust, but has issuess in conversion to the “common XRP currency”.

Trust among financial intuitions is historically managed by networks and operating rules. For example there are operating rule for NACHA, Visa, Mastercard, … etc. Operating rules also are governed by laws and regulation (ex WHO can transact, how are transactions reversed, how are participants certified). I would argue that a payment network’s greatest asset is Trust among parties (and devices, form factors), with each participant governed by complex sets of rules, terms, certifications, operations, standards.

Important to note that Blockchain doesn’t require trust to properly record transaction, but rather rules to take action upon the ledger’s data. In other words, it is technically feasible to give a copy of the transaction ledger to every participant (who owes what to whom every day). However it is very hard for banks to take action on the ledger’s data (Transferring money – ex net settlement) without a trust/settlement network. The common ledger is a must improved messaging approach, that still requires a operating rules (Trust) and a Settlement Approach.

Mastercard’s acquisition of Vocalink (the UK’s Settlement network) enables them to lead in commercial (and debit) transactions for both UK and US. This is a brilliant move, but certainly much more of a traditional technology/architecture approach. The challenge with Vocalink is that innovation is constrained by existing customers and services.

Chain/Visa has the opportunity to disrupt the commercial payment landscape, particularly when viewed in combination with Visa’s existing card network and a new settlement system. For example, most Visa transactions were settled at end of day through JPM Chase (every Visa member had settlement account). For cross border transactions, Visa’s settlement “hubs” have correspondent relationships.

If Visa created a new Chain settlement infrastructure, or had member Bank support to leverage current infrastructure, it could quickly replace SWIFT with a far superior product which would offer transaction clearing times in 24 hrs (vs the 2-7 days with Swift). The biggest unknown is what part of Visa’s current operating rules could be leveraged to create this new settlement infrastructure. For the economic opportunity see this Fed Study

Browser Tokens – Payments in OS Part 4

My last articles on this topic were

I’ll forgive you if you didn’t see the big news out of Google I/O. There is a MUST READ article in Android Police that is spot on. Summary? Google (Chrome/Android) and Apple (Safari) are ready to integrate payment tokens in the browser.. Buy buttons will be integrated into ads, product listings, or a single “pay” button with no subsequent user information to fill out “quasi one-click”. From Android Police

Continue reading “Browser Tokens – Payments in OS Part 4”

Changing Economics of Payments

2 Dec 2015

Happy ‘After’ Thanksgiving everyone, I’m coming out of my tryptophan coma and thought I would go for a mental stretch. This is a pretty big topic, and I won’t do it justice. Thanks in advance for your comments and perspective. [Note I’m not naming the titles of my reference blogs and used only URLs.] Continue reading “Changing Economics of Payments”

Google+Softcard Levels Field Against Apple

24 Feb 2014

Well done Google. As predicted last month, Google announced last night that it had acquired “some exciting technology and IP from Softcard”. The price? My guess is around $50-60M, plus multi year revenue share (below). This is a FAR cry from the $3-$4 BILLION that these same Mobile Operators wanted for “NFC RIGHTS” in 2011. Google proposed a rev share back then too.. but MNOs were convinced they could go it alone. After dropping almost a billion in ISIS/Softcard with no future revenue of any kind in sight the drivers of the deal were obvious. Not only did carriers need an exit for their investment, they needed a partnership that gives them a role in the future of mCommerce.

What technology will stay? The SE Keys and the vending machine acceptance terminals.. seriously.. 98% of what ISIS/Softcard was is completely dead. My biggest unknown? I would love to see if Amex Serve could pick up the pre-paid card from Mastercard.. as the banks wanted to beat up my good friend Ed McLaughlin for doing what I still think was one of the best most innovative deals ever (Google pre-paid).

What did Google get? MANDATORY GOOGLE WALLET. That’s right, now EVERY ANDROID phone sold by the carriers will have wallet installed. This addresses a key advantage that Apple has in mandating an iTunes account (with credit card) for activating the iPhone. Apple’s brilliant registration process allowed it to know its customers (ID, card on file) where Android/Google did not. Many analysts believe that this ID/Payment deficiency is THE KEY reason why Apple’s environment is 8x-10x more profitable with less than 20% of the handsets. Now Google can compete in all things which require identity+payment. Not JUST in buying apps/music in Google Play, but in orchestrating commerce and brokering identity. I cannot understate the win here for Google. A brilliant move, and I firmly believe that this was the primary driver of the deal. Don’t look at this as a ApplePay competitive thing, it is about enabling Google to identify every Android holder as a default “opt in” during phone activation (iTunes Account Mandatory = Wallet Account Mandatory).

The Carriers? A partner that will share revenue. Where Apple takes 15bps for itself, my guess is that Google will give that to the MNOs, plus some revenue share for play services. My TOP 2015 prediction was that this would be the year of partnerships.. This is certainly my top new one for the year. MNOs are losing sleep about Apple’s unmatched “walled garden”, no one plays but Apple here. Google is developing an open model and this deal may be the first template for MNO/Platform revenue sharing.

Banks? Google will likely slowly “roll out” of its Google Wallet Card (also see TXVIA blog) which wrapped all other cards in a Mastercard Debit. Banks will be able to sign up for Google Wallet through network agreements just as they do for ApplePay today (at same rates/rules). This will mean that the networks will provision bank cards as tokens, and that Google will also benefit from forthcoming CNP token rules this summer. The primary difference in GW operation is HCE+Tokens (see blog). The Google Wallet model is not dependent on the SE Keys, or SD storage.. but it CAN operate in a non HCE model (from its GW 1.0 lineage).

Payment Networks. BIG WIN. Cards are the defacto standard for everything in mobile. I’m interested to see if the networks recognize (certify) the HCE card emulation application, as of 3 months ago it was still not certified. My belief is that they certify as part of tokenization scheme acceptance. This is a funny side story in itself. Most would ask how Google Wallet could run a non-certified card emulation app. Remember that the ONLY card being emulated was a Google owned mastercard debit.. just a brilliant work around. Note that in ApplePlay, Apple operates as a tier 1 token requestor in the current ApplePay model, and V/MA/Amex are tier 2 token requestors (see this excellent blog by SimplyTapp). In the Google model Visa and Mastercard will act as both Tier 1 and Tier 2 token requestors.

Big Losers? Samsung. OUCH!! No wonder they had to buy loop. Their new wallet strategy was to have a DUAL NFC/LOOP wallet. Google just got all the SE keys for the Samsung Phones. This means that Samsung’s wallet will only work on new phones.. a rather rough place to start. Paypal.. with the birth of a new CNP scheme this summer driving ApplePay and Google Wallet beyond Apps to mCom checkout.. Paypal has no future in Mobile… Except in emerging markets.

More to come.. but wanted to get this out today.

2015 Predictions

3 February 2015

Payments, commerce, data and mobile is this blog’s focus. I’m very very fortunate to have so many great friends, customers and partners in this area. My thoughts are not my own, as I’m greatly influenced by my “environment”.

I’ve made many new friends because of this blog. The funny story that comes to mind was in August of last year when the CEO of a Fortune 50 company comes into the room and says “ahh.. the INFAMOUS Tom Noyes”… (never a good way to start off a first date.. but we had a good laugh and thrilled he reads my blog.. ). Honest dialog has a way of creating great friendships. Thanks to all of you for providing such a fantastic environment! You make writing this thing fun.

2014 Prediction Eval

Before you bother reading my 2015 predictions you should probably see if it is worth your time. Best way is to evaluate what I projected last year in my 2014 Predictions

Consumer Privacy. Grade – C. Not much happened in 2014 on consumer side. I’m holding with my prediction, just not certain of timing and “tipping point”. How will we know when it happens? Imagine a Sony like incident with consumer data.. Regulated businesses like MNOs and Banks are highly attuned, Apple is the best in class here (consumer champion of privacy see Blog). The Ad industry is dependent upon tracking and data sharing in a very, very grey market approach. There is a better way… 2014 is perhaps the year of “awareness” with Snowden, DEA tracking license plates, State department keeping all of our phone records, to new super cookies on mobile. The next logical phase is ACTION.
Retail banking. Grade – A. Huge transformations going on. Prepaid and GPR products are segments growing at over 35% CAGR, US branch footprints are shrinking (see Blog)
Debit Volume. Grade – D. Not much going on here, after the DC court of appeals struck down Judge Leon’s ruling on debit interchange (March 2014). Not much consolidation in PIN debit either. I do believe US debit will evolve to look like Canada’s Interact and Australia’s EFTPOS.
Mobile BEACONS. Grade – F. Nothing happening in 2014. Looks like more of a 2016 thing. I’m holding to my projection.. but missed timing completely.. thought Apple would launch beacons at their Sept 9^th
mCommerce Payments. Grade – B. Summer 2015 is where we will see substantial progress. We see that the networks have turned over the new 3DS CNP scheme to EMVco last month (see link). As Payments move into the OS (see blog), Paypal doesn’t have one. Amazon, Google, Apple, will make SIGNIFICANT dents in Paypal as the platformcontrols authentication and authorization. Amex/Visa/MA’s new rules on tokens, combined with consumer privacy concerns, will accelerate the trend.
Specialized HardwareGrade Gives way to Commodity Hardware- Grade A.. makes way for commodity hardware and software. Launch of POYNT and CLOVR are best examples.
Host Card Emulation. Grade – B (for 2014), Grade A (by August 2015). Google did indeed push HCE into Android. With the death of ISIS and SEs in US phones.. things will be heating up in 2015 with a new Google launch.
EMV. Grade – D?. It appears to be happening.. I bet it would have been pushed back… I have the cards, but don’t yet see the retailer infrastructure. The chip and signature (vs Chip and PIN) is still a very strange one. It would take me 3 days to explain the politics behind it. What really baffles me is Samsung’s planned launch of LoopPay this summer (with Visa support).
Banks have given up on payment innovation. Grade – A+. I have a copy of the ApplePay issuer agreement (Sept 2014). Just can’t believe the banks have taken it on the chin like this.. not only ceding mobile to Apple, but Tokens to the Network and 15bps. What do they have left?
ISIS WILL DIE.. Grade – A+. Money ran out in Dec 2014, sale will be complete by March.
Apple will have NFC. Grade A+ … ApplePay 9/9/2014.. I was wrong on 3 things.. I projected October (it was 9/9) and there would be no SE, and Beacons would be part of launch (to wake up payment app). Big news (below) is that ApplePay will be in browser by summer 2015.. Paypal will be crushed with a double whammy on “value”: usability and a new rate tier (20-40bps off credit) for tokens in CNP.
Unlocking the cloud and authentication. Grade – B+ . Apple has done an amazing job here. See my blog on brokering identity.

Summary Grade: B+ . Looks like I’m a little aggressive in projecting the new stuff (Beacons, Identity, EMV, HCE). Except for EMV and Debit, I’m still confident in the predictions (philosophically) but my timelines are too aggressive in most cases.

2015 Predictions

These predictions based upon the Structural Changes in Payments which I discussed last month.

Big Picture Predictions

The Year of Partnerships, new Clusters and multi-tenant walled gardens (forced by Apple/Google Dominance).
Mobile moves from Small World organization to Real World Orchestration (my next blog)… starting with merchant friendly value propositions. You must be where customers are, or influence them in the real (offline) world. We have spent the last 10 years enabling a handset that does more than take calls and connecting it to the virtual world. We will spend the next 10 connecting it to the physical world. From POS Payment, Google Shopping Express and Beacons to Door opening and document signing.
Tipping point of Privacy (Apple Defines Best Practice)
Politicization of networks. Government regulation in internet prioritization, payment networks, social networks, advocacy networks and advertising networks. Networks are needed for the efficient life of a firm. Star network resembles dictatorships in social networks, and “channel masters” in business networks. Star networks are optimal for business, however we have grown quite used to the state of `organized criticality’, the scale-free, democratic and highly complex social net. Government involvement in networks usually does not improve efficiency and can lead to significant disruption. Take a look at what Europe has created in SEPA.. a standard that no one will invest in.
Collapse of “wallets” into Payment in the OS – mCom trumps eCom. Tokens take over in eCommerce w/ ApplePay, Visa Checkout and Google Wallet
Marketing… the year of measurement… and beginning of pay for performance
The most trusted consumer brands will remain: Apple, Google and Amazon… with banks suffering most as their products become commodities and mobile rendering physical footprints moot.

Tactical/Deal Predictions

Apple will launch aggressive effort to bring ApplePay into Browser by Summer 2015
We will have a new rate tier from Visa and Mastercard based upon tokens in CNP (see EMVCo 3DS PR)
Google will GO BIG in launch of new wallet in an HCE model akin to ApplePay. It will have dynamic tokenization. Google will excel in getting retailers private label and loyalty cards integrated, and pass Apple in BLE integration (in store).
Alliance Data will be bought by JPM, C, Paypal, Hedgefund+Acquirer or Amex. ADS is my top stock recommendation for 2015, V/MA are my long term.
Samsung will Launch LoopPay with support from Visa by September 2015.
Visa will complete purchase of Visa Europe (hopefully at a 2015 discount) with strong dollar and weak EU growth.
MCX will pivot to a payment instrument within another wallet (think Target Redcard) vs a wallet unto themselves .
Beacon pilots will launch in top 20 retailers. In store navigation, product location, couponing and gamification will be first uses.
Facebook payment will go live and be integrated into a new form of social advertising, where you are paid based upon your ability to influence your network, will see first pilots. Facebook will remain king of CPG advertising
Behind the scenes there is tremendous progress in the collaboration of Banks, Telecos, and Mobile Platforms to Validate Identity. Short term impact is near elimination of mobile payment fraud. 2015 will be year of formalizing an identity verification infrastructure (in the cloud).

2015 the year of Partnerships

Google and Apple against Everyone Else?

I don’t have time to go over all 15 of my projections.. will do so in coming weeks. Over the last 6 months network and system design has consumed my thoughts like nothing else: proprietary networks vs. open networks, integrated vs modular, distributed innovation vs controlled platform, Apple vs. Google, Amex vs Visa, net neutrality vs. prioritization. At what point does OPEN win? My blogs on the subject was Value Creation and Distributed Innovation, Banks non-Banks and Commerce Network and my two favorite books are Platform Leadership and Weak Links by Peter Csermely (viewable on Google Books here).

Any analysis of this area must focus on Apple. Wow! What a machine! The most loved brand, the most profitable, highest in consumer satisfaction, most sales per square foot, creator of new categories, inventors of new consumer experiences, trusted by the most affluent demographic, champion of privacy… on and on. Is Apple an exception? Can any company ever aspire to replicate their success in any industry? How can anyone else compete in areas they touch? Do the rest of us just pick up the crumbs? Apple’s latest results show that their model is improving, garnering over 86% of the “mobile” industry’s profits (see Forbes).

Open networks are harder to build, and are certainly less profitable than closed. My prediction on “year of partnerships” is due to necessity, NOT the efficacy of collaboration. Few companies can compete with the data advantage of Google, Amazon and Facebook. Apple’s trust and reputation advantage is perhaps even more insurmountable. For large companies it may take 2-5 partnerships in a focused area. Imagine the data challenges small companies face. This is not a technical challenge as much as a business one. How many successful partnerships have you seen (elephants dancing). Remember that are injured elephants facing as structural changes in consumer behavior, mobile, information, distribution, trust … impact products and strategies. CommerceSignals is working to help bridge this gap, but that is for another blog.

Where Google, Apple and Amazon are self sustaining Stars (networks), clusters and multi-tenant walled gardens are forming to compete in a quasi open model. The challenges here are not technical, but organizational and value creation. History reveals few consortiums renowned for their efficiency. Value is best created where it can be controlled and monetized in “small worlds”. Networks in business are functional in 2 areas: around a specific function with broad use (Visa/MA, Credit Bureaus, ?Android?) and where market forces can take operate (NASDAQ, …). This is my big hypothesis… would greatly appreciate input here.

2015 must be the year of merchant friendly value propositions. Logically, the majority of commerce happens in a retailer.. and hence the “solutions” must as well. The inability to partner will give way to platforms that enable partnership… optimally platforms that would allow millions of “lightly structured” interactions to test 1000s of value propositions until something sticks (this is Commerce Signals). Take beacons for example.. we know that Apple can maintain security and confidentiality.. but the retailer must install beacons that work for everyone and have a business case (consumer insight). Consumers want to know how insights will be used. How do you manage the agreement between Manufacturer, Beacon Provider, Apple, Retailer and Consumer?

iPhone 6 – Tipping Point for Platforms

As I outlined in iPhone 6 – Apple’s Strategic Opportunity, I believe the iPhone 6 represents the dawning of a new age of mobile “platform”. What was a music manager with a phone has turned into the most secure, easy to use device ever created. The factors of competition have changed, it is no longer about camera resolution, storage, and screen size. The visible (obvious) attributes of competition have become a commodity; as are the “problems” that your phone solves (telephone, music, calendar, pictures). Where previous phones helped you manage items in your “small world”, the iPhone 6 has become both the secure key to the cloud with the ability to broker interaction in the physical world (NFC, BLE, identity, tokens). The “convergence device”. See my blogs Brokering Identity and Authentication in Value Nets.

Unfortunately, Apple is so focused on the consumer it has no ability to partner. While there is no company better in creating devices that thrill a consumer, there is perhaps no company worse at building partnerships and business models where value is shared. Given Apple’s cash hoard, my top recommendation.. create a new division focused on network.. helping connect consumers to the physical environment they live in (thermostats, health, retail, cars, advertising, …). This is NOT a handset function.

Abrupt end here.. this blog has been in partial completion mode for 6 weeks. I had to get it out. Will articulate my views on the other “Top 5” predictions this month.

iPhone 6 – Payment Update – Sept 2014

Super short post that summarized my 20 odd tweets this week. Frequent readers should skip to last section “New G2”

Feel 100% comfortable with my March Predictions iPhone 6 – Payment Predictions, only thing I missed was release date (September 9th… not October).

Looks like Apple got squeezed into the bank box. As I related in Apple… Payment via BLE/Beacons will still happen (but when is issue) Apple wanted to launch the payment product with BLE (not NFC) but existing payment networks didn’t want to cause merchant chaos in fragmentation of acceptance infrastructure.. so pushed apple back into the NFC mold. The payment experience is as I outlined in May Apple iBeacon Payment Experience. I don’t see ereciepts as part of launch.

Also confident in my predictions that Visa and MA are running the TSP (see iPhone 6 – Payment Predictions)

Consumer walks up to cash register, a payment terminal beacon provides information to Apple payment application that it is close proximity to payment terminal ID xxxxx (TID),
Merchant scans goods for purchase. No mobile processing of loyalty, coupon, discount information
Merchant payment terminal cannot send total amount due since it does not have Apple handset information/UUID. So how will Apple do it? My guess is Apple will provide UUID to the Payment Terminal via BLE at application wake up to perform a “lite” checkin with payment terminal. Good news is that there would be no data connectivity requirements, but it requires a new payment terminal… For everyone else.. there is no total amount due (99% at launch).
Legacy NFC. At application wake up, phone asks “pay merchant with Apple wallet”?
Consumer validates transaction with fingerprint biometric
Consumer taps phone (NFC) and Card token presented Payment Terminal via NFC Merchant processor routes token to payment network which translates and routes to bank for authorization
Payment is authorized (as happens today).

NEW G2

Launch customers in payment likely to include Macy’s and Nordstrom
Apple will also likely launch with Starwood Hotels for hotel room door key provisioning (as I tweeted last week)
Apple was able to get 15-25bps from top 5 issuers (JPM, C, COF, BAC, Amex). These are the only issuers that will work at launch. As part of this fee, Apple will release token assurance information (see Token Assurance – Updated)
Apple will also launch an eCommerce/mCommerce buy button in EasyPay. This will NOT receive any card present or preferential rate. This is less a function of in App purchases and more a function of 3rd party ecommerce sites having a EasyPay button for fast IOS checkout. Will in App purchases have this as well? Good question, seems logical
The following cards are provisioned into Apple’s secure enclave at time of manufacture/OS loading: Visa Debit, Visa Credit, MA Debit, MA Credit, Amex, China Union Pay. (NO DISCOVER)

Unknowns

What will apple do for all the iTunes cards not from one of the top 5 issuers. That will be a rude experience. How will they enroll 3000+ issuers into this scheme and get each one to cough up 25bps
What is pricing on debit. Technically everyone will support debit, but no one is incented to make it work.
Don’t know how Paypal will run in this model.. so this is a mystery, particularly with launch of EasyPay.. will Paypal be a whitelabel here? I am confident that Paypal will be part of launch.. what I don’t know is how..
How will Apple ensure they get 25bps from the banks, they have no insight into the transaction.. the card is presented and that is the last Apple sees of it. This has been a problem for other wallets as well. It is one reason why google created the proxy card.. to see all the transactions.

Updates Sept 8

Enrollment, looks like Banks will be supporting a BarclayCard/Google Wallet like enrollment process from within online banking.. This is very, very smart.
Bank of America, Citi and Wells are all rumored to be supporting Debit card inclusion in Apple wallet day one..

Banks/Non-Banks and Commerce Networks

Banks/Non-Banks and Commerce Networks (Why I love V/MA)

27 July 2014

This blog has been in 50% mode for 2 weeks! Obviously summer is not my productive time (I must be German). There will be a noticeable change in my blogs these next few months as I work on a newco launch. Blog will therefore focus more on concept, much less G2. This will be a transition piece…

What is the benefit of becoming a bank? Would Paypal buy a bank? That is the rumor… I have no idea on this one.. 0% confidence.. my guess is no way. There are some great payment+bank companies (Amex, Wirecard and Alliance Data), and some great payment non-bank companies (Visa, MA, Stripe, Paypal, …etc). What are the business drivers of becoming a bank? What are the Pros/Cons?

Summary

For those without time to read below, a bank license brings on enormous compliance cost and restricts: what business you can do, how you manage consumers and their data, and what risks you can take. The upside for being a bank? You get to take risk with other people’s money. Simply put, any company contemplating a bank license must have a business plan MORE dependent on managing risk than on orchestrating commerce value. Today there are many bank licensed “specialists” which support non-banks (TBBK, Meta, Alliance Data)… so why would you want to become one? Paypal is on the fence here, as historically they won in eCommerce because of their ability to manage risk (CNP Fraud). Do they want to grow in risk management? or in everything else?

When looking for the right regulatory structure of any company, we must assess their current network plans in the context of commerce AND banking. Not just how your network delivers value today… but rather how you deliver value in the future? Banks tend to make most of their money within their own node, whereas others in commerce are highly dependent upon other partners (manufacturers, distributors, agencies, sales, …). Electronic payment growth and network services are set to grow geometrically, yet payments are very very sticky and hard to change. This is the start up investor conundrum: How do you make intelligent investments in payments/new networks? There are 3 basic options

1) Help others expand their networks

2) Build new networks

3) Build communities with minimal need to network outside of your environment (Facebook, Amazon, Alibaba, BANKS?…)

92% of all electronic transactions are done in the top 10 markets. (Cap Gemini’s World Payments Report is a must read). 90% of the worlds population is not connected to financial services. There is a n-squared dynamic when this takes place.

Many entrepreneurs, journalists and technologists miss THE CORE facet of Visa and Mastercard: a business platform where thousands companies invest billions of dollars. There is no way to compete technically with this business model, rather the ONLY way to “compete” is on value and services. Where Amex has the ability to deliver much broader and richer services (as they own both merchant and consumer accounts), they have a downside: no one else investing in their network (scale/adoption).

My firm belief is that both V and MA have the opportunity to grow Revenue 4-10x in the next 5-10 years. Their principal challenge is to “tilt” their models away from Banks and toward the 2 parties that matter most in commerce: Merchants and Consumers. Payments work well, but so did the Sony Walkman. The bets that Google, Apple, Amazon, Facebook and others are making is on value orchestration (in a new network). Does this involve payment? Not really.. at least not as a primary focus.. Payment is there.. but orchestration is about commerce; payment is just one of many important processes (See blog Payment in the OS). Don’t look at payments as something in isolation, payments are the “connections” made in commerce; they are made for a purpose. These payment connections are rapidly changing from many environmental forces:

Internet flow of information,
Google enabled discovery
MNOs have enabled constant connectivity
Social has enabled reputation across activities
Online retail has enabled price transparency, comparison and product reputation
Changing of Bank roles, products and services
New Consumer behaviors

Payments = Network

Payments are the connections of the GDP. If we were to map payment flows, we would unlock a map of the global GDP at the micro level, from employment to shopping, behavior and preferences, to demand and supply. Perhaps this is why our government loves payment information. Oh.. the stories here.. (for another time). Free information flow on the internet is enabled through openness and a single primary protocol, whereas payments operates within 100s of proprietary networks with a complex series of clusters and “switches” (there is effort in connecting, authenticating and managing risk). Just as it would be nearly impossible to change the protocol for the internet, it would be difficult to bring abo payments pyramid ut fundamental change in payments (see Rewiring commerce). Connecting business is much different than connecting information (the core of my NewCo.. but I digress).

From a network strategy perspective, the business opportunity of changing “payments” pales in comparison to the opportunity to influence connections in commerce, banking and manufacturing. Payments support business and consumer needs; they do not alter their path. This insight is the downfall of bank payment strategies around “control”, and their inability to “tilt” toward merchant friendly value propositions.

A top 5 retailer provided my favorite commerce quote “I think of Commerce as a highway, the payment networks are like a toll bridge. I don’t mind paying them $0.25 to cross the bridge, but they want to see what is in my truck and take 2-3% of what is inside. Hence I’m looking for another bridge… “ (See Rewiring Commerce). Google, Amazon, Facebook, Alibaba, Rakutan, V, MA, Amex, eBay all understand this. Rather than charging toll for crossing their bridge, these networks are beginning to execute against plans to grow the size of the goods in the merchant’s truck.

Intelligent use of data increases the effectiveness of the merchants, and in a way that also benefits consumers. Tilting more toward merchants and consumers.. means tilting away from banks. This is VERY hard for a bank to do. It is a change worth making however, as assisting merchants could meant 4x-10x of their current value creation (payments is roughly a $200B US business, marketing is $750B).

My favorite book on networks is Weak Links by Peter Csermely (viewable on Google Books here). If I had one book for you to read this is it. This book is tremendously arcane, detailed, technical, deep.. but I guarantee you that you will have a new view of commerce, banking, advertising, biology, social networks, payments, and society after reading it. In connecting to networks, each of us have limited resources. Therefore optimize our connections through finite set of “hubs” (unless there is some larger orchestrator).

Think about the battle in connecting networks, as each of us have limited resources we can connect only to a finite set of “hubs” (unless there is some larger orchestrator). Examples are Wikipedia and Google… these serve as the directories of information. It is almost IMPOSSIBLE to displace an efficient hub. This is why I love Visa, MA and Amex. If they can shake the issuer legacy.. and add a few merchant friendly services, they could drive 4x of their current value. Specifically, payments is roughly a $200B business, whereas marketing is $750B (in US).

Against this network strategy and services backdrop, there is an enormous transformation taking place in Commerce and Banking. In other words existing networks are evolving their services, as the “hubs” that they connect to (banks, retailers, manufacturers, aggregators, ..etc) undergo change within their “core”. See Remaking Retail, Future of Retail Banking: Prepaid?.

The regulatory/compliance “headache” for payment “innovators” revolve around connecting networks and engaging in non-commerce transactions. I’m not just talking about just small guys.. but BIG ones too (think Google, Apple, Amazon, Walmart, MCX, …etc). Existing networks have an existing value proposition, and many don’t like to have their services leveraged by competitors (see Banking and Commerce: What is the Difference?, Don’t Wrap Me).

Banking Services

This leads us to Banking Services… expanding beyond commerce. This is area is very nebulous because of the complexity of regulatory authorities covering “banking” and money services. Here are just a few of the US regulators

What are Banking Services? Anything the regulators say are banking services. I’m not joking.. this is why I put the Paypal 2002 prospectus at the top. Banks are highly regulated, and the compliance costs are extraordinary. Regulators are attacking all things payments and banking with renewed vigor. Along with compliance constraints, there are constraints on how you can use data. As an example, my online banking team in Germany had to purge the server logs of IP addresses every 30 minutes (regardless of use for fraud). (see Banking and Commerce: What is the Difference).

So what is the upside of being a bank? It’s certainly not the regulation or the mandatory compliance courses forced on every employee. The “benefit” of being a bank is the ability to take risk with other people’s money. Unfortunately, the BIG downside to being a bank, is that data can no longer flow outside of your organization. I cannot understate this limitation.

Acquiring a new consumer financial account is hard, even if you get the consumer to create an account with you, you must get them to fund it, or take credit risk on them. These are the problems that banks have dealt with for 100s of years.

Banks have much clearer and hence stricter obligations as regards the sharing and protection of sensitive information, commonly known as ‘bank secrecy’. This matches the generally more extensive regulation of a bank, as opposed to the regulation of an ELMI or PI. Based on the same reasoning why non-banks require less strict regulation for their business and prudential risk involved, it follows that also their activities and also access and handling of certain information and data is restricted accordingly.

Would Paypal Buy a Bank?

Again, I have no idea here, but it doesn’t seem to make much sense. Considering a bank license is like watching flies in your kitchen window: the ones on the outside want in, and the ones on the inside want out.

For long time readers, I put together a blog about 4 years ago covering this topic Payment Startup: MSB or Bank? and US Payment Regulations. As I outlined, there are very few payment regulations covering purchase of tangible commercial goods (this is true globally). We can see the evolution from PayPal’s 2002 prospectus.

We believe the licensing requirements of the Office of the Comptroller of the Currency, the Federal Reserve Board or other federal or state agencies that regulate or monitor banks or other types of providers of electronic commerce services do not apply to us. One or more states may conclude that, under its or their statutes, we are engaged in an unauthorized banking business. In that event, we might be subject to monetary penalties and adverse publicity and might be required to cease doing business with residents of those states. A number of states have enacted legislation regulating check sellers, money transmitters or service providers to banks, and we have applied for, or are in the process of applying for, licenses under this legislation in particular jurisdictions. To date, we have obtained licenses in two states.

How does Paypal operate today?

Licensed money services business in 47 states (all states which require one)
Bill Me Later, and paypal working capital are structured so that loans are originated by WebBank (Utah ILC). See this 2013 note on structure/issues
PayPal had been a market leader in “deposit” rates, through the Paypal Money Market fund (see Link). This fund was shut down in 2011 due to treasury rates/market conditions (see link).
A Discover partnership has yielded little fruit at the POS. Paypal had been claiming that there was an “exclusive” nature to the network agreement, whereas DFS was clear they could work around it by providing other services. (My blog on topic)
Paypal has been telling investors it plans to move to the POS, both with mobile, and an experimental paypal plastic card (running on Discover). Nothing is moving here, my guess is that JambaJuice is their #1 in volume and would be surprised if that had more than $50-$100M TPV ($1.5M-$5M in Revenue).
MasterCard pre-paid card for PayPal “balance” spend. I love this product, it is how I get cash out of my paypal account at the ATM.
Wells Fargo Clears Paypal ACH volume in US.
Paypal as strong acquiring relationship with Chase.
ADS partnership (see WSJ). In 2013 Paypal and ADS created a partnership with 3 primary components: ADS credit risk management (BML), Paypal merchant acceptance, Data/analytics/marketing at POS.

Europe

PayPal has had a bank license in the EU since 2007, when it merged its prior legal entity (Paypal Europe LTD) into this Lux based Bank. (http://www.paymentsnews.com/2007/05/paypal_obtains_.html)
Great outline of Paypal’s regulatory approach to EU is from their own whitepaper https://circabc.europa.eu/sd/d/3435be20-e7bb-45ea-8289-dfaaea253a23/reg_org-eu_paypal_en.pdf

Asia

In Australia, PayPal serves its customers through PayPal Australia Pty. Ltd., which is licensed by the Australian Securities Investment Commission as a financial product
Per eBay’s 10k “In markets other than the U.S., the EU, Australia, Canada, Brazil, and Russia, PayPal serves its customers through PayPal Pte. Ltd., a wholly-owned subsidiary of PayPal that is based in Singapore. PayPal Pte. Ltd. is supervised in Singapore as a holder of a stored value facility.”

I see little upside for Paypal expanding it’s EU bank model to the US, as its current network assets and future opportunity revolve more around supporting commerce than managing risk. Paypal’s current structure and partnerships (with ADS, Discover, MA, GE, …) provide the flexibility to deliver banking/lending services. For Paypal, Bank ownership would only hinder their broader efforts to deliver value to consumer (through data). Alternatively, a bank structure does work for other companies like Wirecard. The Wirecard bank model is a tremendous fit within a network where mobile operators serve distribution channels for financial services.

With respect to the Paypal/Bank rumors, my guess is that there is an “opportunistic” assessment going on .. and that this rumor is just one of the paths they have looked at. I also have a strong feeling that Discover is looking for a “partner/acquirer” that can make use of its network while it is still somewhat relevant. Particularly since its M&A discussions with a top 5 bank 2 years ago did not happen.

Secure Element, NFC, HCE, EMV, Tokens and Cards

7 May 2014

This blog is for my non-techie, non payment friends.. helping to make sense of all these acronyms.. experts may want to pass on this one.

The GSMA/NFC community is quite stirred up at the moment. This is quite understandable… after all they spent 8 years perfecting their vision of NFC only to have it thrown under the bus by Apple and Google. I’m not knowledgeable enough to go into the depths of the protocol, or EMVco 4.3 Book 3. I’m giving the quasi technical business explanation of what is going on. There is room for disagreement here, as there is substantial interpretation, as well as understanding of what is REALLY happening vs the specifications. Remember this is not my day job… so your comments/corrections are welcome. By far the most useful reference/summary page I have found online is located here http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/

It’s easiest for me to explain all of this in the context of an example. Credit cards are the easiest example as they are in the market today, with a few different implementations of contactless and touch the areas above.

EMV

EMVco has a contactless specification which I challenge any non-techie to read. For this short blog, the key point I wanted to make is that the Credit card number (PAN) is given to the POS unencrypted, in the clear. That’s right… don’t believe me? See:

Analysis from viaForensics.
Forbes Article on cloning of RFID creditcards
And a detailed Tutorial from this Blog
Great Overview from CryptoMathic

Your next question is probably “Where is the security?” the answer is that that along with the card information, the device sends a cryptogram that is uniquely signed. In other words there is a digital payload that rides along with this credit card primary account number (PAN). This digital payload uniquely identifies the device that EMULATED THE CARD. Think about is as someone validating your SIGNATURE on the document with your social security number on it… Your number is there.. but they make sure it is you by validating the signature.

So why is the SIMAlliance extolling the virtues of a Trusted Execution Environment (TEE) and SIM/UICC? After all we seem to live without this capability quite well in the PC world. Mobile operators want the ability to SIGN and AUTHORIZE more than access to mobile towers. That SIM card in your GSM phone signs and authorizes access to the mobile network, much as MNOs envisioned doing for payments. That is how the GSMA’s version of NFC evolved.. “hey we do this for network access.. lets do it for payments”. To be clear there is nothing technically wrong with the GSMA NFC approach.. it is beautiful… but there are substantial business model issues (see Payments part of the OS).

Apple and Google are both moving aggressively to act as Commerce Orchestrators as handsets become commodities and data moves to cloud, enabling the mobile phone to be the key services platform at the confluence of the virtual and physical world is critical. It is not about payment. Authentication is core to this orchestration role.. authentication is not something that can be given away to MNOs or to Banks.

TOKENS

It makes most sense to jump to TOKENS now. You can imagine that Banks don’t exactly like having their card numbers sent in the clear. In fairness they were involved in the specification, but the EMVCo contactless model is essentially a card number plus authentication. There is more than one way to achieve this, and improve on it by hiding the PAN… this is what tokens are (a few examples described in Money 2020: Tokens and Networks, Apple’s Plans and Google/TXVIA).

Tokens are not new (see Tokens… 10 Approaches). However Tokens are now an official EMVCo specification as of March 2014, with the major issue of Token Assurance outstanding. In this token model, the issuer chooses at Token Service Provider (or does it themselves) and creates a number to replace the PAN. This takes your PAN out of the open… and makes it useless. To be used the Token must be presented by the right party, with the right assurance information. All of this aligns VERY WELL to how banks and networks work today, which is why it is so popular (see blog on HCE). In the GSMA NFC model, the a cryptogram goes along with a PAN in the clear with the PAN stored in the phone in a secure element. In the token/HCE model a Token representing the card is stored in a less secure space, and presented with device and network information for translation by the TSP to the actual PAN. There are substantial Business Implications of Payment Tokens (blog) which I won’t go through again here, but clearly it cuts the mobile operator out of the “signing” role and they become dumb pipes.

My Gemalto friends will howl at how unsecure this is, or how it won’t work if the device has no network access. They are wrong. It is working today, and is secure enough. There is no connectivity requirement, that software token in the phone can change every 10 seconds, 10 minutes or 10 days. The TSP and Issuer can decide whether or not to accept an “old” token based upon the transaction. In other words the intelligence sits IN THE NETWORK.. NOT IN THE PHONE. This is why V/MA/AMEX love it so much. It cements their position (See Perfect Authentication… A Nightmare for Banks?)

Host Card Emulation

emvco token

This is an Android construct (see Software Secure Element – HCE Breaks the MNO NFC Lock) that allows any application to access the NFC Radio. Without Tokens, HCE would be useless for payments, as payment information can’t be securely maintained without an SE. Think of HCE as dependent on tokens, now a card emulation application can be certified to run outside the secure element. I don’t like to put Apple in the HCE boat, as they have a proprietary secure architecture using tokens. This is a uniquely apple construct where the networks seem to have certified Apple’s card emulation application(s) as well. It is important to note that they use none of the GSMA’s architecture (to my knowledge) and have embedded the TEE in the apple processor (see Apple Insiders note on Secure Enclave and Authentication in Value Nets).

Secure Element

Is it needed? Certainly it is needed for at least 2 functions: Mobile network access (SIM/UICC) and Biometrics. Fingers and Eyes are very hard to reissue.. so the actual information must be highly protected. Apple is handling biometrics in the A7 Secure Enclave (oddly enough has the same “SE” acronym) and Google is a tad bit behind but handling in ARM’s trustzone. Trust zone is largely a hardware construct, and much is made of Gemalto’s marketing announcement here. My view is that there are many more than on software solution for ARM.. and ARM is much more tied to Google and OEMs than Gemalto.

The “big news” here is that both Google and Apple are EMBEDDING SEs in their hardware architecture. Embedded SEs are a threat to Mobile Operators and their preferred Single Wire Protocol architecture. As you can imagine, an embedded SE has all the capabilities of the SE within that micro-SIM card.. and sets up the prospect for a Virtualized SIM (no more of those GSM cards popping into your phone). If the SIM can be virtualized you can switch your network provider anytime you want.. or have them bid for your phone call ( see Carriers as dumb pipes? , Who do you Trust?, Also see Apples patents on Virtualized SIM). To be clear, I believe MNOs can take a leadership position in Emerging markets and payments, but for POS Payments in OECD 20 markets it makes most sense for them to focus on the $5B KYC/Authentication/Fraud opportunity (NOT payments).

OK… now you can shoot me… Open to feedback.