30 September 2014
ApplePay/eCommerce/Tokens/Card Not Present
Quick blog, based on Apple Pay in eCommerce.. following on to my March Blog Tokens and Card Not Present (NOT the POS NFC stuff). I won’t do this topic justice, but hey half the fun is getting comments. I’m heads down on a few things.. so this will be my last post for at least 3 weeks.. and I want to make a few key points prior to money 2020.
- So much for Paypal being acquired.. wow!! Dan Schulman is the right guy here, and I must congratulate the eBay BOD. This thing can NOT survive without a major change. Dan is a “direct to consumer” Innovation Superstar: Priceline, Virgin mobile, Serve/Bluebird, .. etc. He knows how to run a global organization, he knows mobile, he knows payments, he knows retail. His biggest challenge will be rebuilding a house on fire during a Hurricane.
- Apple and eCom: No change in CNP rates with Tokens.. Tokens in Apple Pay are used for both POS and eCom, but the issuers revolted at the prospect of a CNP revenue loss. I do see “next phase” where we will see A NEW RATE TIER for tokens in eCommerce.. for any online merchant replacing their Cards on File (99% confident). Funny battle here is “who” will lead this. Visa/MA have the TSP up and running now. 3-5 issuers should have theirs running in next 5-7 months. Can you imagine having to work with each and every issuer separately to tokenize? NO WAY. But they just don’t get it..
- Big issuers are concerned that the Apple Pay launch was a watershed “freedom” moment for V/MA. However Issuers did win a very important battle.. keeping a primary control point: token binding (deciding when and where their cards can reside), and the also have the ability to create their own token authority.. but they have work to do.
- ApplePay’s focus is 1) POS $15-$20B and 2) “in app” payments $5B 2015 GDV.. US eCommerce payments will remained locked in the status quo battle among the giants of Amazon, Visa/CYBS, Paypal.. with Google, Off Amazon On Click and Alipay as 3 of the new challengers here.
- Apple Pay Tokens: Visa and Mastercard did 90% of the work to get this scheme from concept to reality in 12 months. The fastest time to market for a new scheme IN HISTORY. It is a thing of beauty.. seriously. I believe the networks learned many lessons here (like build it first then bring the Banks on board to tweek it).
- There will likely be a new rate tier for tokens in eCommerce with liability shifting back onto the banks, but issuers must support in order for this to gain traction and merchants learned from VBV that you don’t get into a scheme where issuers don’t support (ie declines matter more than interchange).
- iPhone 6 is a revolutionary product, which will impact identity, trust, retail, banking and payments. I see the revolution beginning outside of payments, where value can be created.
- eCommerce wallets are an aggregation function. There are only 4-5 companies that can possibly make this work, each having a different value proposition. Visa and Google are the leaders here.
What did I get wrong on Apple Pay?
- I did not see the NXP SE. I thought that Apple would encapsulate the SE functionality within the Secure Enclave. While the Secure Enclave has secure storage, it did not have secure execution, nor did it have a way for a third party to update applications and data in secure storage/execution. Hence the SE, with First data running the “TSM” function.
- The tokens within Apple Pay are NOT provisioned at time of manufacture (not burned). They are provisioned by the Visa/MA after a binding process. The token issuance/binding process is just fantastic, leveraging the existing AUTH message set to avoid network changes. Issuer process to ApplePay: sign an agreement, turn on the Visa services (most are not EMV enabled), decides who’s BINs you want (your own or Visa’s), and prepare to respond to auth requests for binding/tokenizing cards.
- There does not seem to be a beacon/BLE experience within Apple Pay (yet). My guess is that there is a 3 phase road map. Phase 1 traditional NFC, Phase 2 Merchants enhance the checkout process with Beacon at the POS to improve application “wake up” and perhaps another loyalty app that can interact, Phase 3 All BLE, with perhaps an NFC handshake to “sign”.
- Issuers giving up 15bps. I can’t believe they went for this.. Issuers only sustainable business case for this is around shifting spend to credit cards.
- Visa and Mastercard did and amazing job in this token design. Getting all this done from concept to production in 12 months is just incredible. There is much to celebrate here, and it could be the most successful network accomplishment in 20 years. There are major implications here, shifting roles of control, managing consumer identity, and of course a new “model” process for change in the future (no design by committee, let the banks comment after it is complete).
- Paypal was thrown out of the Apple Pay deal… They were in, but they were thrown out. My guess (and this is purely an informed guess) is that the Issuers and V/MA gave Apple an ultimatum: you can launch with us, or with them.. your choice.. Enabling Paypal allows Apple and consumers to end run the card network.
Apple Pay and eCommerce
This Custora blog provides an excellent economic view of Apple Pay’s eCommerce impact. Today I wanted to comment on a few additional items which influence the dynamic:
- Macro Environment – eCommerce
- In app vs browser
- Future: What if Tokens in eCommerce had card present rates/Liability Shift
- Tokens + Identity kill fraud, but they also create a whole new biz strategy for CONTROL
- Wallet = Trust
- Platform: Partners and acquirers for acceptance
- Other Strategies
Macro Environment – eCommerce
What is eCommerce? eCom is normally defined as buying physical goods in a browser. However, if your browser is an iPad or phone, this is typically categorized as mCommerce. I break mCommerce down into 3 major categories:
- Physical goods/services in a browser,
- Physical goods/services in an app, and
- Digital goods (songs, armor, movies).
eCommerce sales in the US are around $185B, while all mCommerce sales are about $20B. In a perfect world I would love to label ALL browser, and in-app purchase of physical goods/services as “eCommerce” and just track the consumer preferences in the app/browser that led to purchase.. but I might be alone in that quest.
The Apple Pay buy button is only available within approved iOS 8 applications (on iStore). This means that Apple will be focusing within the rather small “in-app” sub-segment of overall mCommerce market. This means that Apple Pay will have minimal impact Paypal, Visa Checkout/Cybersource , Masterpass, Checkout by Amazon, Google Wallet or any of the other eCommerce payment specialists .. …at least not in 2015 (estimate is $5-10B max). Apple is the dominant mobile platform for “purchase” even though it represents only 18% of handsets), accounting for over 70% of purchases.. wow talk about a great consumer base!! Of course this “in app” only could all change in 2 ways: 1) IF most retailers shift “sales” to APPs (like Target and Amazon) that exceed the functionality of browser based experience (ie App vs HTML 5), and #2 if Apple creates an eCommerce Apple Pay Button for the Safari Browser.
If online Fraud costs were the only justification for card not present (CNP) interchange, then logically the new EMVCo token process should eliminate the “barrier” between card present and card not present rates. But CNP rates are not based upon fraud, for example Google, Apple, Amazon, Paypal all have fraud rates hovering around 3bps, whereas the CNP to CP delta can be over 100bps. If you were in the room with one of these big eCom guys you would hear them tell issuers they want risk based interchange (aligning costs of acceptance to ability to manage risk). However, aligning the cost of payment acceptance to the cost of payment (and credit) provision is the crux of the merchant issues with card payment networks, particularly when the costs include loyalty schemes that do not deliver loyalty for the merchant (even though they pay the cost).
Banks are not keen to support Apple in creating great consumer experiences which they can’t control. For example, if tokens in eCommerce were treated at card present rates, they could be transmitted and exchanged in many different protocols (QR Codes, BLE, Wi-Fi, …). Tokens + authentication enables uncontrolled innovation in presentment and acceptance, thus destroying MERCHANT Incentives to support the bank driven uniform NFC contactless acceptance (ie BLE vs NFC) and uniform behavior (credit card, tap and pay), and limiting Banks ability to influence consumer behavior.
eCommerce in US is a lumpy business where the big 3 rule over 60% of spend and processing: Amazon, Cybersource (Visa), Paypal/GSI (eBay). To re-emphasize, Apple Pay does NOT impact the battle for a ubiquitous eCommerce wallet, which explains why we see all those cool Visa Checkout commercials on the NFL games this week. The INDUSTRY’s eCommerce problem is eliminating card numbers stored in 100s of locations.
With respect to eCom wallet.. most consumers just scratch their head.. “Why do I need one of those”. Amazon’s one-click, Chrome’s auto fill, Paypal checkout, iTunes buy.. it just works. Why do I need something that spans across merchants when 90% of my spend is with one of these 4 already? Additionally, consumers don’t really care about security, because they don’t bear the costs of fraud. So we have a situation where Banks want to solve for cards stored everywhere, and consumers won’t take part. This means that banks must develop a merchant value proposition to TOKENIZE their cards on file (COF). Hence the prospect of a new rate structure for tokens in eCommerce.
Merchants may RUN toward tokenizing Cards on File if the recipe is right, however tokens by itself may not be enough to overcome the terrible history of VBV/MSC launch in EU (see my blog Authentication in Value Nets for detail). In addition to rates, Google has potential to bundle eCom payments with advertising (consumer acquisition), Amazon could do the same, and Apple.. . Consumer win for eCom tokenization? Anonymity, consistency, security, ease of use, more targeted advertising. A funny battle over tokenizing cards on file is taking place right now. Each issuer is trying to work with Amazon, Google, Apple, WMT… to tokenize. Can you imagine trying to do deals with each issuer? with seperate proprietary “on ramps”.. This issuers are concerned that Visa and MA will take this token issuance/binding process away from them .. but I don’t see another way.
Who else could win the eCom “wallet” war? Visa! Their advantage? Brand, reach, marketing, Cybersource assets, rule making and acting as one of the only TSPs. Their challenge? signing up consumers.. and they seem to have the marketing muscle (and intent) to do it (V.me blog). Innovating in a 4 party network is normally next to impossible (see blog), but they have gained tremendous momentum in learning a “new way” to innovate through the Apple Pay experience.
This is a very, very major point.. and should lead V/MA investors to take a new fresh look at what these networks could accomplish beyond their traditional switching role. These are my largest personal holdings, so I am a little biased here.. there is so much upside.. but most of the future is dependent on tilting toward consumer and merchant. In emerging markets, I expect these network will assess their regulatory structure: do they become a bank? An MSB? An acquirer? in OECD 20 markets.. An advertisers? A merchant friendly loyalty provider?… YES!!. This is the YEAR for a network pivot away from issuers toward consumers and merchants.
Strategies in eCommerce
I think about eCommerce with the context of an acquisition funnel. Where did the consumer start? Where did they finish? Today more product purchases start with Amazon than with Google. Does anyone really thing Amazon wants to let another brand come in and help them (Sorry Chase Wallet). Where can anyone add value here? Amazon and Google may position that same day distribution of goods is far more important than payment (and I would agree). But perhaps the barrier for every mom and pop shop having their own self managed eCom sales site is fraud and payment acceptance. If Tokens solve for this, and help broker identity/preferences.. then EVERYONE could compete with Amazon, online retail becomes disrupted by taking away the advantages of scale. This model would be a huge boon to Google and Alibaba (they see a world of a million merchants and billions of products).
- Payment Networks are working to take risk out of payment acceptance, solve for consumer anonymity and improve on their only weakness: no direct consumer relationship. Thus they endeavor to directly enroll consumers in a direct service offering to serve the eCommerce wallet role (see Battle of Cloud Part 3). I am very high on these efforts. Why? Because they have ability to create a new value proposition when coupled with their tokenization efforts. I predict within 2 years that we will see a new rate structure for use of Tokens in eCommerce .. something near CP rates.
- Issuers are working to improve value to card holder and keep consumers within a Branded experience. JPM has created a new data division and purchase a card linked offer company. Banks are working to create their own “wallets” (Why on earth would a Amazon add a Chase Wallet button.. just plain stupid). Banks love the NFC and ApplePay token model where cards must be “provisioned” into a wallet. Banks thus control of which wallets to “authorize” and hide purchase data from the wallet provider. Why would any merchant accept this? EXACTLY!
- Apple, Google, Samsung, Microsoft working to make payments part of the OS (see blog). Payments in OS will impact “In App” first, eCommerce “browser” next.. authentication removes risk. This enables unstructured retail and disrupts marketplace concentration. I moved their strategy to the next section below (brokering trust)
- Marketplaces like Amazon, Rakutan, Alibaba have integrated payment into their platform and are not keen to exchange Cards on File (COF) for tokens without a liability shift and risk based pricing. I’m slowing down here.. should be able to put a few more things in..
- Paypal? Well.. let’s give Dan a little time here.
Brokering Trust (Platform strategy)
The ability of a mobile handset to authenticate consumers, and allow the consumers to delegate trust to 3rd parties (identity and secure data) will have major implications to retail, loyalty, payments, healthcare, social, MNOs, government, access management (see Brokering Identity). To understand the different strategies in this area, we must look at how tokens impact the existing model, who controls platforms/OS, who sees the data, where do consumers begin their product search (ie Amazon), who bears the cost of fraud, who is regulated?, what restrictions does entity have in collaboration/data? what is the consumers current behavior?, and who does the consumer trust to manage identity (see Who do you Trust?, Perfect Authentication – Nightmare for Banks, Token Assurance, KYC – $5B Opportunity, Authentication – Core to monetizing mobile).
Banks have historically played the central role in brokering commerce. They created the payment networks, and are central to many commercial payment processes we don’t see. Perfect authentication of consumers will completely disrupt payments, as the many new intermediaries can participate in risk (ex clearing and settlement). This is all happening at a time where retail banking is being turned upside down (WMT/GDOT Checking, Future of Retail Banking). The winner in this risk/identity battle will have the trust of the consumer and the ability to broker it against all possible market participants. Merchant “trust” can NOT be won without a merchant friendly value proposition.. hence the problem for any of the eCom wallet providers. My view is that Apple and Google are better placed to execute here, not because they are more trusted, but because they know how to partner and move more quickly.