Post image for Demystifying India’s Digital Payment Infrastructure

There is a growing curiosity about India’s payments systems. These systems, and their role in the “India stack”, have been the subject of many articles speculating their importance in shaping India’s future.

Despite this attention, there is still considerable confusion about what these initiatives are, and how they interact with each other. This led me to write this piece, a simple explanation of the basic pieces of India’s digital payment infrastructure. A follow-on piece will analyze the Government of India’s unique approach in developing this payments infrastructure, focusing on the recent demonetization of major currency bills in the country.

India Stack [Source: ispirit]

Aadhaar – National Identity Platform

There are a multiple key initiatives that combine to make India a leader in payments. First is Aadhaar, India’s 12-digit national identity number with biometric information. A lot of countries today have national IDs with biometric information but what makes Aadhaar unique is its federated architecture. The Aadhaar database can be queried by any entity that needs to verify an Aadhaar number and biometric information against the information available in the database through the Aadhaar Auth API. No personal or biometric information is shared with the parties; the query will only respond with a “Yes” if there’s a match between the information sent and the central Aadhaar database. This feature has enormous potential to drive “presence-less” and “paper-less” authentication of transactions in multiple industries particularly in banking and payments, across public and private sectors.

Aadhaar is like a new fuel that is accelerating the usability and performance of India’s payment systems.

Building the Cashless Layer of India Stack

India has developed a set of highly advanced retail payment systems over the past decade, all under the auspices of the National Payments Corporation of India (NPCI), the umbrella organization jointly owned by the Reserve Bank of India and major commercial banks. NPCI is responsible for building and managing these payment systems and is the most important player in the ecosystem.

Today, NPCI is managing four important payment schemes:

  1. National Financial Switch (NFS) – the largest network of ATMs in India, which also functions as the switch for many other payment schemes including IMPS.
  1. Immediate Payments Service (IMPS) – an interoperable push payment scheme that allows banks and wallet providers across India to transfer funds in real-time 24×7. An immediate funds transfer system, IMPS transactions can be carried out using ATM, mobile, and web interfaces. IMPS is an important payment system as it is used as a foundation for building several other payments services including Unified Payments Interface (UPI), and the recently launched interoperable Bharat QR Code.
  1. Unified Payments Interface (UPI) – an interoperable mobile push payment service that works real-time, 24×7 across banks in India. UPI is built on the IMPS platform, and comes with some really interesting features:- Payees can send ‘request to pay’ notifications to payers- Customers can link ‘virtual payment addresses’ (e.g. payshiv@abcbank) to their bank account that they can get paid without having to disclose their account number.These features are expected to make digital payments seamless and increase small-value merchant transactions. UPI is made available via a set of APIs, which banks and Fintech companies can use to build mobile applications. NPCI also built its own UPI App called BHIM (Bharat Interface for Money) which participating banks can use. The standardized APIs allow customers to make UPI transactions from their bank account using any UPI-based app.  This is quite remarkable: you can use “Bank A’s” app to access your account at “Bank B”!
  1. Aadhaar based payment systems – the NPCI, working with the Unique Identification Authority of India (UIDAI), created the Aadhaar Payments Bridge (APB) to channel Government to Person (G2P) payments directly into beneficiaries’ bank accounts using the Aadhaar number as the payment address. APB uses National Automated Clearing House (NACH) to affect the fund transfer. There’s no need to know the beneficiaries’ account number. Additionally, the Aadhaar-enabled Payment System (AePS) allows customers to use their biometric information to authenticate and perform cash-in and cash-out transactions at any bank agent who has a biometrically-enabled POS device. These schemes require customers to link their bank account to their Aadhaar number. The “Bank’s Issuer Identification# to Aadhaar#” mapping information is held in a Mapper Unit managed by NPCI. The NPCI Mapper Unit is also the engine that allows customers to use their Aadhaar number as the payment address (instead of account numbers) while making IMPS or UPI transactions. Recently, Aadhaar Payment App was launched using AePS which allows consumers to pay merchants by entering their Aadhaar# and authenticating with their biometric information. Merchants have to download the App and connect their smart phone to a biometric reader.

The impact of these initiatives increases as the number of Indians with a mobile phone and bank account continues to grow swiftly, and the benefits will percolate to the “bottom of the pyramid”.

You’ll be surprised to know that a smart phone is not mandatory to enjoy many of the above-mentioned services. NPCI’s National Unified USSD Platform (NUUP) allows any feature phone user to dial *99# regardless of their mobile carrier or bank to make IMPS enabled transactions.

India’s Payment Systems and Services

 

These payment systems and services are not standalone setups but rather layers of infrastructure laid one over the other. NFS is used to provide IMPS. UPI is built over IMPS. When layered with Aadhaar (using the Mapper Unit), Aadhaar based payment systems are created. The use of layers in an infrastructure stack—as opposed to a value chain based approach—is what makes India’s payment ecosystem quite incredible!

There are other, less tangible but all-important ingredients that have contributed to the India stack’s success. The first is strong government commitment to the program.  The second is the trust that the government enjoys among its citizens. Indian citizens are quite willing to share their biometric information with the government, a situation hard to imagine in most developed countries. Last, the government has endorsed and evangelized this payments infrastructure and continues to play a very important role in fostering quick, widespread adoption and usage.

Do you have more questions about India’s systems? Let me know. I’ll follow up this post with one addressing the Indian government’s unique approach of supporting the country’s payment infrastructure.

{ 0 comments }

Post image for MRC Las Vegas 2017:  It’s Not Just About Transaction Risk

This past week, over 1400 payments professionals convened in Las Vegas for the annual Merchant Risk Council (MRC) conference, an event that I’ve had the pleasure of attending for over a decade.  While merchant fraud detection and risk management continue to be the core theme of the conference, traditional payment service providers had a strong showing at the event, helping cultivate an environment including nearly every payments and fraud-related area that could ever interest a merchant.

Change is most definitely in the air as many new companies continue to enter the fraud prevention marketplace, existing providers expand their strategy, and traditional payment service providers work to offer more value beyond standard payment processing.   While there were tons of topics discussed throughout the week, we saw several prevailing themes:

Machine Learning Continues to be Red Hot

Back in November, my colleague, Russ Jones, wrote about Artificial Intelligence in Payments, stating that “it has never been a hotter topic than it is right now” and from the showing at this year’s MRC, it would be difficult to disagree. Whether you call it “machine learning”, call it “A.I.”, or go back to specific techniques that have been used for years, such as neural networks, machine learning was front and center at this year’s event.

The story, however, is one of old vs. new, as well as apples vs. oranges. Newer fraud prevention providers, including the likes of Signifyd, Forter, Riskified, Feedzai, Sift Science, NuData Security and Datavisor bring machine learning to the forefront of their solution. At the same time, established risk management platform players, such as ACI ReD, Kount and Cybersource tout machine learning capabilities that supplement their multi-dimensional systems.

One thing is for sure:  not all machine learning is the same.  For some providers, machine learning is part of their DNA, while others simply use it to augment the performance of other risk technologies. And, to be frank, many flog it because it’s a topical marketing buzzword, regardless of whether it’s integral to their solution or not.

This complex and fragmented market makes one other thing clear:  many merchants are confused about the different machine learning solutions that are out there.  Merchants will need to dig deep to understand the value that machine learning brings and how every provider’s implementation differs.

Guaranteed Providers Try to Find their Sweet Spot

In January, I wrote about the current wave of fraud prevention providers who offer a simple guarantee: they will take all risk and liability for chargebacks, fine and fees when they don’t identify a fraudulent transaction.  Forter, Signifyd, Clearsale, Riskified, Vesta, Radial and Appruvd are among the providers who offer this promise.  But as this market continues to mature, providers in this space have also realized that they need to tweak their strategy, value proposition, and pricing models.

I spoke with a number of providers who are supplementing their guaranteed service offering with non-guaranteed services, in order to appeal to a broader group of merchants.  Reaching merchants who may not be sold on the guaranteed value proposition could help expand these providers’ addressable markets, but also puts them squarely in competition with established non-guaranteed players in a market that is already flooded with fraud prevention solutions.

Several providers also spoke to me about implementing new pricing models, where their pricing would be structured such that it would never exceed a merchant’s current total cost of fraud operations, while still offering a fraud guarantee.  This type of pricing structure could be attractive to merchants who cannot take the hit on the 1%-plus fees that guaranteed providers often charge, but also challenges providers and merchants to determine accurate costs of fraud operations, which can be difficult to determine or agree upon.

Lastly, there was a clear sense among guaranteed providers that they are taking a “guaranteed works for everyone” approach – even very low risk merchants.  There is a case to be made that low-risk merchants can greatly benefit from guaranteed fraud solutions since they could quickly do away with significant operational costs or the management of multiple fraud technologies. Handing over all fraud operations to a vendor who offers a guarantee could potentially reduce overall costs while providing CFOs with an absolute, predictable cost of fraud management.

Payment Service Providers Fight to Get a Greater Share of the Market

One of the great things about MRC is that its scope isn’t just limited to fraud. Major players in the payment processing and acquiring space are typically well-represented.  This year was no different and payment service providers did their best to show a fraud-minded crowd that they were more than just about switching card transactions.

Cybersource, for example, strongly pushed its enterprise tokenization service, while firmly reminding merchants that sensitive data is stored in rock-solid Visa-run data centers.  Sister company Cardinal Commerce had a strong presence in what was essentially its coming out party since its acquisition by Visa, in an important year where we will most likely see the advent of 3DSecure 2.0 and stronger authentication requirements dictated by the European Union’s PSD2.

One of the most interesting announcements of the show was First Data’s acquisition of Acculynk, the online PIN and PINless debit processor.  While Acculynk has been around for quite some time now, it’s PIN-based online debit system hasn’t exactly hit mainstream.  Perhaps First Data feel that they have the sales power and greater platform to make it successful, but I’m sure that they also saw value in Acculynk’s debit gateway product, which can neatly bolt on to First Data’s existing set of platforms.

Fraud Just Doesn’t Occur at the Payment Transaction

For decades now, e-commerce fraud solutions have had an intense focus on payments transaction fraud.  However, merchants have seen massive growth in account-related fraud, including login fraud, account takeover, false account creation, account abuse, and collusion.  Many are thirsty for solutions that help them address these complex problems.  It’s easy to see how account fraud can lead to payments fraud, with illegitimate purchases coming from a legitimate account or by using a good account to make purchases with stolen card data.  Nothing good comes out of letting bad actors into a system.

At this year’s conference, there was a renewed focus on account-related fraud, both in topics presented by attendees and in solutions offered by service providers.   We saw Western Union speak about out-of-band authentication methods used to mitigate social engineering attacks, as well as trends related to account takeover fraud. TSYS and Featurespace also joined up to talk about the challenges associated with social engineering risk, while Ria Financial spoke about the importance of reducing risk during customer onboarding to mitigate transactional fraud.   Etsy spoke about machine learning-based approaches used to mitigate account abuse in its global marketplace.

On the provider front, Sift Science teamed up with Patreon to speak about account takeover fraud, conveniently on the heels of Sift introducing a new account takeover product to complement their existing suite of fraud and abuse tools.  And long-time purveyors of device identification technologies, iovation, heavily pitched identity management and device-based authentication solutions alongside their newly-acquired LaunchKey multifactor authentication product.

MRC Goes Global

If you missed MRC Las Vegas this year or want a more international taste of what’s going on in the world of risk and fraud, MRC hosts its annual European conference in London on April 24, followed by a European Platinum meeting in September.  Its US roadshow will pick up again with its fall Platinum Meeting in San Diego this October.

And if you need help understanding the ever-evolving fraud prevention market, Glenbrook has assisted many merchants and service providers navigate this complex landscape.   Please reach out to explore how we may be able to help you.

 

{ 0 comments }

Post image for Episode 48 – APIs, ACH, and Faster Money – Dwolla

Sometimes a change in direction is the way forward. Network aspirant Dwolla has recently pivoted its work toward the product and development teams inside financial institutions. Instead of being a system operator, Dwolla now offers a broad set of APIs designed for those FIs to take advantage of the ACH’s overnight and Same Day ACH services. Dwolla’s shift also comes as the company and the US anticipates the impact of new immediate funds transfer systems Zelle, The Clearing House, and likely others.

Take a listen to this conversation with Jordan Lampe, Dwolla’s Director of Communications and Policy Affairs, and Glenbrook’s George Peabody as they discuss the Federal Reserve Faster Payments Payments Task Force Steering Committee, use cases for Same Day ACH, and more.

 

{ 0 comments }

Post image for Payments in Real Time

As the U.S. payments industry is preparing to enter another exciting phase as immediate funds transfer options come online, I’m thinking back to my interaction in the Fall of 2013 with the inquisitive team at Planet Money. Perplexed about why it took so long for the monies from their Kickstarter fundraising campaign to make the electronic journey to their bank account, the team dug into this issue and created one of their podcasts called The Invisible Plumbing of our Economy.

All told, it took five days for the funds to reach them. Keen to understand why the transfer was so slow, Planet Money reached out to a few payments experts to try and make sense of it.  Naturally I had hoped to communicate the complexity and competitiveness of the U.S. banking and payment systems, the fact that our low-cost ACH was designed in the 1970s and the daunting economics of upgrading or implementing a system that reaches thousands of financial institutions serving some 300 million consumers. Alas, in the end, I think my most effective explanation for this admittedly outdated situation was, simply, “The ACH keeps bankers’ hours.”

It’s taken another three and a half years but in 2017, new payment systems are coming on line that will totally transform how many payments are made. Zelle and the new Real Time Payments rail from The Clearing House are joining contenders like PayPal.

Just for fun, let’s imagine that the Planet Money transaction was being kicked off today and see how different the experience would be:

  • End to end time – Rather than 5 days, the transfer should take no longer than a few seconds to register in the receiving account.
  • Batches – The transfer would be a single, credit transfer instruction and wouldn’t have to wait until the next payment batch is scheduled.
  • Business hours – These will be all day, every day.
  • Business days — Every day is a business day for real time payments, including weekends and holidays.
  • Funds availability – Funds will be available to be withdrawn immediately by the receiver, no more waiting for good funds. Funds will also be taken out of the sender’s account immediately before the transfer is made.
  • Confirmation – The Planet Money team would also get an email or text confirmation that the funds are available in their account. No more guessing. The sender would also be notified when the transfer is complete.

In this sense, payments will work a lot like email – always available and instant. Well, okay, it’s not quite like email just yet:

  • Transfers initiated in the Zelle, Real Time Payments, or PayPal rails don’t interoperate in the same way AOL does with Gmail (or ATT with Verizon), and
  • These transfers don’t work internationally (unless you’re a PayPal user sending to another PayPal user and even then a few caveats apply).

I’ll dive more deeply into these issues this week—and what they mean for consumers and businesses—with great panelists from ACI, Fiserv, NACHA (yes, Same Day ACH is in the mix as well) and SunTrust Bank at the Technology Association of Georgia FinTech 2017 event in Atlanta on 9 February. I hope you can join the discussion!

{ 0 comments }

Post image for Payments 2017 – One Month In

Business evolution—whether it’s automotive, bioscience, or in the payments industry—proceeds along a predictable path of incremental improvements and optimization. Until it doesn’t and a step function takes effect.

Last year was sleepy compared to what we can expect during the next eleven months. 2016 was characterized by the more familiar path, through themes set in motion in prior years. EMV. Bitcoin and blockchain. The “pays” from Apple, Google, Samsung, and leading merchants. In 2016, these elements grew and evolved along predictable lines. Yes, they’ve made an impact but none represent anything resembling a tectonic shift.

Now that 2017 is underway, it’s clearer that prospects for 2017 include increasing tectonic activity that will be rough or smooth depending upon which side of the tectonic plate you are standing on.

Let’s examine the shifts we know about. If you’re all about politics, skip to the end.

Immediate Funds Transfer, Finally

2017 will see the addition of several sets of payment rails to the US. It’s been decades since new bank-based payment systems have been introduced so this is significant. The Clearing House will turn up its Real Time Payments (RTP) system for account-to-account push payments. Zelle, the consumer-facing brand of Early Warning’s P2P payment system, will begin its marketing effort to convert the word Zelle into a verb. And while not new rails, even NACHA’s Same Day ACH service will be in the mix, competing for business.

This is a global phenomenon with over 20 countries at various stages of deployment, from planning to full production. In the EU, SEPA (Single European Payment Area) rule makers have released the specification for SEPA Inst, an immediate funds transfer, push payment system scheduled for a 2018 deployment. With the global axis tilting toward this credit push model, these new payment rails will pull share from their predecessors.

In the U.S., system economics will get clearer in 2017 as these schemes compete for volume across P2P, bill pay, income payments, and other use cases. We will continue to track these changes closely because new payment systems are so rare and potentially so disruptive.

One area we will be watching is the security of these immediate funds transfer systems compared to pull-based systems. The UK’s Faster Payments scheme experienced higher fraud rates than expected until bank authentication was strengthened. No surprise there; new payment systems of any kind are catnip for hackers and what could be more appealing than a new system that pushes money in near real-time?

Online Security

Bad as it was in 2016 (remember the SWIFT breaches?), the crisis that is internet security will worsen in 2017. While defensive barriers and intrusion detection improve, the attackers enjoy the broad availability of personally identifiable information (PII), an ever-expanding set of attack surfaces, and the realities of human nature that make phishing so effective and security maintenance so difficult. Because of the broad availability of personally identifiable information, the hackers can have more current information than the accountholder. Account takeover will get more severe.

Effective payment defenses are being erected but there’s no hockey stick increase in their usage for this year. Issuer tokenization of payment card data is hugely effective but its use will remain well below 15% of CNP transactions. It is going to be 18 months before we start to see 3D Secure 2.0 (3DS2)—the more risk-based approach to merchant and issuer payment authorization messaging—move into broad production. That means issuers and merchants must continue to rely on defenses built internally or by others to manage fraud.

The Internet of Things (IoT) will expand even faster in 2017 but its security will continue to be deplorable. Manufacturers are focused on low cost and functionality. Buyers pay for the same attributes and are not paying for security features like secure elements or even basic crypto processing. That leaves whole fleets of IoT devices susceptible to botnet recruitment. Many IoT devices can barely be upgraded with new software to improve security, all while many are or will be payments-capable. This may only be solved by regulation unless all IoT players up their security game.

How Far do the “Pays” Go?

While their creators expanded the geographic coverage of these services, Apple Pay, Android Pay and Samsung Pay saw modest growth in 2016, still accounting for low single digit volumes at the point of sale. 2017 should see that steady, modest growth continue (changes Glenbrook is tracking closely). Two things must happen. First, consumers have to understand that these mobile payments methods are more secure rather than less. But no one really looks forward to educating consumers on new, improved security methods because it raises questions in everyone’s mind about the current system. Second, these “platform” Pays have to benefit consumers with loyalty points, rewards, and couponing. And that’s tough.

At Glenbrook, we believe the “pays” coming from large merchants that are able to combine both payment convenience and incentives in one package have more magic to offer. If you can get your discount, loyalty points, an improved buying and checkout experience from an app provided by a favorite merchant, you’re going to use it. Starbucks is proof. 2017 will be the year we see how successful other merchants—particularly retailers like Target who don’t sell hot, somewhat addictive products—fare with their in-store apps.

Blockchains Move into the Real World, Slowly

If 2016 was the year of the pivot from bitcoin to blockchain, 2017 will be the year when a handful of blockchain-based applications prove themselves, or not, in limited production. Use cases requiring the fewest participants and simpler data sharing requirements may well succeed from a technical point of view. Exposure of these use cases to the stubborn facts of economics (is a blockchain cheaper than a traditional database?) and rule making (can all participants benefit from the same set of rules?) will be the next hurdle for blockchain implementations.

Ripple is an example. While its technology is in place, the company has recognized the need to develop common rules for its participants. It has formed the Global Payments Steering Group with an interbank group composed of Bank of America Merrill Lynch, Santander, UniCredit, Standard Chartered, Westpac Banking Corporation, Royal Bank of Canada and CIBC to steer that rule making process for cross-border transactions. Once up and running under those rules, this will be a visible test case for blockchain payments.

Payments by Ear, and Voice

My partner Russ Jones has been calling this one for years. We expect the use of audio interfaces to blossom in 2017. The Amazon Echo, Cortana, Siri, and Android are teaching us to speak to our devices and now they’re getting better at both listening and doing useful work. Amazon’s Alexa has a “skill” to let Capital One accountholders make inquiries and payments. Before long, a Starbucks order-ahead skill will be added to Alexa. We’ll be watching for many more audio implementations this year.

AI and Machine Learning Everywhere

While these technologies have a certain “shiny new toy” glamor about them, there’s little doubt that 2017 will see an acceleration of machine learning and artificial intelligence applied to payments and commerce. We’ve already seen machine learning systems optimized for transaction risk management from firms like Feedzai and Sift Science. But even at the level of consumer interactions, AI-based bots are lowering the cost of customer service as well as guiding consumers through commerce flows. Last year’s bots were not all successful. And don’t expect your next bot encounter to pass the Turing test; it won’t “exhibit intelligent behavior equivalent to, or indistinguishable from, that of a human.” But it just might speed you through buying a new pair of shoes, including asking for the payment method of your choice.

International Inspiration?

Watching the international payments landscape finds nations and regions making profound decisions around money. India’s demonetization program and the EU’s PSD2 (Revised Payment Service Directive) are two.

The EU is retiring the 500 euro note out of concern for its potential role in illicit activities. This past November, India made 90% of its notes in circulation invalid to make money laundering, counterfeiting, and corruption more difficult.

Both regions are innovating beyond cash. India is linking via APIs its payment system building blocks – mobile, the Aadhaar identity management system, and financial institutions. Europe’s PSD2 directive is opening third party access to both bank account information and payment initiation services.

Could moves like this take place in the U.S.? Could the private sector do something along these lines with RTP and Zelle?  While there’s zero likelihood of a national effort backed by rulemaking, competition is already making some U.S. financial institutions to open and promote their API marketplaces. CBW in the wholesale banking area and BBVA with its API_Market are two examples.

Politics, Payments, Uncertainty, and Change

The foregoing shifts will take place against the background of global political and governmental changes. Here in the U.S. the big elephant in today’s payments room is Uncertainty. Tomorrow’s elephant will likely be named Change. The fast pace at which the new U.S. administration and Congress are executing, and evolving, their agenda suggests there are substantial shifts ahead.

Here are some of the key questions we’ll be asking during the rest of 2017:

  • What will happen to the Dodd-Frank legislation? With the broad Dodd-Frank bill up for revision, what will be the impact on the Durbin amendment’s debit interchange rate cap? Who will benefit from those changes: large or smaller financial institutions? How will the merchant community react to a presumed return of higher debit interchange costs and other fees? In 2016, regulations were introduced to revise or up-end Dodd-Frank. Given the power shift in Washington, DC, a favorable reception to those bills is now more likely than not.
  • Will the Consumer Finance Protection Bureau (CFPB) continue to exist in its current form? Will the CFPB’s governance model be changed, perhaps to a commission structure, or will the bureau be altered entirely? Born via Dodd-Frank, the CFPB, despite its increasing maturity, may have a very different future.
  • Similar questions abound elsewhere in the world. Looking at the UK and the EU, what will be the impact on payments, banking and privacy regulations of the long Brexit process, EU PSD2 regulations, Privacy Shield, etc.

After one month, we can already say that the rest of 2017 is going to shake up the payments industry more than last year. Hang on tight. Embrace the change.

The Glenbrook team is constantly evaluating the strategic impact of these and other trends. We look forward to engaging with you through our strategy consulting, our boot camp programs, our market scan services, and through your feedback here. Or just through a conversation. We welcome your thoughts!

{ 0 comments }

Post image for Guaranteed Fraud Prevention Solutions:  Maybe Some Things in Life Are Guaranteed?

I’ve had the pleasure of working in the e-commerce fraud prevention space since the late nineties and, just as e-commerce has significantly evolved over the better part of two decades, the way merchants battle fraud has changed substantially.  Fraudsters have kept merchants on their toes and the industry has responded. We now have a host of new tools, technologies and techniques to assist merchants with a growing fraud problem that always seems to be one step ahead of what the “good guys” can keep up with.

One thing that has remained largely the same, however, is the business model associated with e-commerce fraud prevention.  For the most part, service providers have charged merchants a per-transaction or flat-license fee to use their tools, whether they be comprehensive fraud platforms offered by providers like Accertify, Kount or Cybersource, or specialized fraud technologies offered by the likes of iovation, ThreatMetrix or Quova.   In this model, service providers don’t have direct “skin in the game” in regards to a merchant’s key fraud metrics, such as chargeback, false positive and manual review rates.  However, they are motived to evolve and innovate their services in order to retain customers and grow market share.

The Guaranteed Model

But over the past several years, we have seen a significant departure from the per-transaction model that incumbent fraud prevention providers have traditionally offered.  A host of new providers have entered the market with guaranteed fraud prevention solutions that offer a very simple and tempting value proposition:  If a fraud chargeback occurs, the provider will cover all costs associated with fraud, leaving the merchant with zero fraud liability.  At face value, this seems like a no-brainer for merchants, but, as we’ll explore in more detail, a fraud guarantee often comes with cost and complexities that many may not be ready to swallow.

If we take a look back, we’ll find the concept of an e-commerce fraud guarantee isn’t a new one.  PayPal, for example, has offered its “Seller Protection” model to physical goods merchants for many years.  Companies like Vesta have offered merchants in the telephony space indemnification from chargebacks for over a decade.  And at one point, even traditional insurance companies entered the market with policies to protect online merchants against large fraud losses, an option that most merchants found to be too expensive and riddled with complexities. What was missing from the market were generally-available, guaranteed solutions that could be used by any e-commerce retailer, regardless of what they sold or what payment types they accepted.  This is the gap that this new class of guaranteed service providers has filled.

But with a promise to eliminate the cost of fraud chargebacks, why aren’t all merchants flocking to these guaranteed solutions?   There are two key reasons:  cost and control.   The guarantee offered by these providers comes with a price premium that usually costs a merchant between 1% and 4% of the transaction value, in additional to payment processing costs.  Obviously, this equates to a significantly higher per-transaction fraud screening cost, potentially costing a merchant many dollars to screen even a good transaction, versus pennies per transaction in the historical models.  In addition, guaranteed service providers typically must assume ultimate control over the fraud strategy and decision process, which is something many merchants aren’t comfortable with.  Some merchants believe that only they can understand their business well enough to control fraud while ensuring that good customers are never insulted.  The notion of giving up control is something that many of these merchants simply will not entertain.

A Full ROI Analysis

The higher cost associated with guaranteed services, however, shouldn’t be looked at in a vacuum, but taken as part of a full ROI analysis.  When merchants look at total potential chargeback and operational savings, many will find that the guaranteed service proposition is attractive.  For example, merchants have the ability to greatly reduce operational costs by eliminating the need for fraud analysts and modelers, reducing the size of manual review teams and streamlining backend operations that process and fight fraud chargebacks.  Coupled with the elimination of chargeback losses, fees and fines, merchants may find that a 2% to 3% fraud screening cost still provides a healthy ROI when compared to managing all fraud support functions in-house.

Although many merchants may, at first glance, still have “sticker shock” over these costs, guaranteed service providers have demonstrated that they can be flexible with pricing, depending on the merchant’s industry, the types of goods sold and the perceived risk.  As part of their pricing assessment, providers may ask for historical chargeback data and example transaction data sets in order to ensure that they can manage fraud risk while offering the best possible price.  The bottom line is that this new type of model only works when there is a win/win for both the merchant and the provider.

And while cost may be the most compelling driver for some merchants, many also consider three key questions, regardless of the type of solution they are evaluating:

  • Do I wish to outsource all fraud functions or keep them in-house?
  • What is the cost of change?
  • What impact will this have on my customers?

Time will Tell

The answer to these questions, of course, will vary greatly from merchant to merchant.  And while the landscape of fraud prevention solutions that exists today is vast, the industry continues to evolve, offering many solutions that address a broad range of risk challenges.

So, will the guaranteed model become the de facto outsourced model when fighting fraud?  Time can only tell, but many in the industry are excited about the prospect of what these providers have to offer.  For example, in the past three years alone, equity investments in guaranteed service providers have exceeded $225 million.   But the cycle for merchants to change providers is often long, so it will most likely take some time before we fully understand how many merchants choose these new services and how effective they are in the long run.

We’d love to hear your thoughts about how this exciting sector is evolving!  I’m going to be in Atlanta on February 9th at the TAG Fintech 2017 event. I’d love to meet you there to discuss these and other concerns. I hope to see you there!

And if you need help understanding the ever-evolving fraud prevention market, Glenbrook has helped many merchants and service providers navigate this complex landscape.   Please reach out to see how we may be able to help you.

{ 4 comments }

Post image for Episode 47 – Blockchains and Moving Money on the Internet – Circle Internet Finance

Turning money movement into a core capability of the internet is the guiding principle of Circle Internet Financial. Not an easy task. While technical issues abound, regulatory and business hurdles pose larger challenges.

Join Payments on Fire host George Peabody and Circle’s co-founders Jeremy Allaire and Sean Neville for this discussion on Circle’s geographic expansion, its recent shift in bitcoin support, and its development of Spark, a blockchain-based open source smart contract platform optimized to share and store payments meta-data including exchange rates, KYC details, identity, etc.

{ 0 comments }

Post image for Episode 46 – 3D Secure, Visa, and CardinalCommerce

One of last year’s most anticipated advances in fraud management was the final release of EMVCo’s 3D Secure 2.0 protocol specification. Designed to take a risk-based approach to authorization and lower the checkout friction of its predecessor, 3DS2 will be a new tool in the growing anti-fraud arsenal.

One of its supporters and a service provider that’s been closely tied to 3D Secure is CardinalCommerce. Cardinal, now a new addition to Visa’s arsenal with its recent acquisition, has been working with the risk-based approach for quite awhile. Take a listen to Visa’s Mark Nelson and Mike Keresman and Tim Sherwin of CardinalCommerce in this discussion about 3DS2, card network mandates, Cardinal’s acquisition by Visa, and when the market will see 3DS2 solutions.

{ 0 comments }

Post image for Episode 45 – False Declines and Ethoca’s Role

In e-commerce and mobile commerce the problem of false declines is significant, especially during the holidays. Issuers decline transactions that online merchants approve. And vice versa. In other words, the necessary process of sorting out fraud from good transactions catches good transactions with the bad. This poor decision making means merchants lose the sale and the issuer its transaction fees.

In this Payments on Fire podcast, Glenbrook‘s George Peabody discusses the false decline issue with Ethoca’s CMO Keith Briscoe as well as the company’s program to encourage more merchants and issuers to take advantage of its shared data service.

{ 0 comments }

Last week in Geneva, the ITU wrapped up a two-year project – the “Focus Group on Digital Financial Services and Financial Inclusion”. Several hundred organizations and people participated in the Focus Group, which produced research papers and policy recommendations on a wide variety of topics. The papers are available on the Focus Group website.

Glenbrook’s Carol Coye Benson and Allen Weinberg were active members of the group: Carol ran the “Ecosystem Working Group” and Allen led a group of people on in-depth research and exploration of topics relating to merchant acceptance of payments in emerging economies. Glenbrook partner Elizabeth McQuerry was at the closing session, participating on a panel discussion of “New Frontiers in Regulation.”

Hear Carol’s perspective on the effort.

{ 0 comments }

Post image for Episode 44 – On Privacy, IoT, and Security – Online Trust Alliance

Multiple organizations have emerged to address different aspects of security, privacy, and identity. In this Payments on Fire Podcast, Glenbrook‘s George Peabody speaks with Craig Spiezle, Executive Director of the Online Trust Alliance, an organization bringing together privacy and security best practices for a range of industries, including payments. Take a listen to this conversation about the security challenges ahead, especially around the Internet of Things.

{ 0 comments }

Post image for Artificial Intelligence in Payments

We have started development on this year’s Innovation in Payments workshop, and I wanted to share our current thinking on a new topic we’re including for the first time –– the use of artificial intelligence technologies in the payments industry.

AI technologies have been around for a while in the payments industry –– think about the neural networks used for dynamic risk scoring –– but it has never been hotter as a topic than it is right now. This is largely due to the huge amounts of venture financing that is flowing into AI, the emphasis that Google and others are putting on AI as the next market battleground, and the tangible results that have been shown to date.

The investments are significant. According to CB Insights, over 200 companies raised $1.5 billion of equity funding in the first half of 2016. Most of that is going into self-driving cars, enhanced medical diagnosis, and intelligent assistants. But some of those investment dollars are also flowing into machine learning startups dedicated to applying AI techniques to the world of finance.

But before we get too far into the use of AI in the payments industry, let’s circle back and explore what people are talking about when they use the term “artificial intelligence”. There are many definitions that people use, but the one that seems to resonate best with how AI technologies are used in the payments industry speaks to the ability of algorithms to learn and adjust based upon changes across the payments ecosystem. This is possible, in part, because of the feedback loop inherent in payments. Bad transactions at the issuer level are reported back to the network, as specified by the operating rules, where they can feed the risk scoring algorithms. Bad transactions at the merchant level, for example, get reported back to the merchant in the form of chargebacks.

machinelearning

AI specialist tend to break the discipline into a number of well-established domains such as natural language processing, vision recognition, robotics, and decision making. I haven’t seen the payment robots, yet, but there are plentiful examples of payment and commerce-related applications in the other domains.

The domain of natural language processing is the home of automatic speech recognition (e.g., Apple Siri), text-to-speech conversion (e.g., Audible playback of books), and automated language translation (e.g., Google Translate) among other areas of specialization. In the world of commerce, Amazon’s Alexa is now able to recognize audible commands to buy products from Amazon and its partners. More payment-oriented still, Apple has extended Siri to support a vocabulary for initiating P2P payments through voice commands. Square Cash, Venmo, and others are using this capability today.

Vision recognition as a domain is the home of object recognition, facial recognition, event detection, and motion tracking. Of these specialization, facial recognition seems to have the best fit in the payments industry. Jack Ma, CEO of Alibaba, recently demonstrated “smile to pay” which is essentially the use of facial recognition as a second authentication factor to unlock payment credentials and initiate a payment. Mastercard is working on a similar concept that it calls “Mastercard Identity Check”. Google is also developing a POS payment capability that uses facial recognition. In the popular press, the use of facial recognition in payment authentication is often categorized to as a “selfie pay” innovation. I love that.

Decision making is by far the most mature of the AI domains, with every day areas of specialization like product recommendations (e.g., Netflix Recommendations), scheduling optimization (e.g., airlines), and route planning (e.g., Google Maps). In the world of commerce and payments, there are areas of specialization in card fraud detection, card portfolio optimization, offer personalization, and money laundering detection.  

The use of AI technologies in automated card fraud detection is important for a number of reasons, not the least of which is the sheer magnitude of the amounts of money moving through the card system. And while global card fraud absorbed by issuers, acquirers, and merchants reached $21.84 billion in 2015, according to The Nilson Report, it only represented 7 basis points of losses in total.

Card issuers have long used the FICO Falcon Fraud Platform for automated risk scoring of every card authorization request against a pool of billions of card transactions. On the merchant side, machine learning is increasingly being used alongside address verification, device IDs, and experiential databases to mitigate the impact of online fraud. Companies such as Sift Science and Feedzai have brought a pure machine learning approach to the established field of online risk management. The traditional providers such as CyberSource and ACI ReD Shield have also added machine learning technology to their suite of risk management tools. Stripe recently introduced a machine learning technology it calls “Stripe Radar” to augment its traditional approach to risk management.  

At a macro-level, AI-based innovation is flourishing in the payments industry. Beyond the specific examples mentioned, there is a growing segment of the industry focused on offer optimization. There is also early thinking being done on the use of machine learning to dynamically determine the optimal routing path for transaction authorization. Interesting stuff.

To learn more about the use of Artificial Intelligence in the Payments Industry, I invite you to attend Glenbrook’s upcoming Innovation in Payments workshop being held December 8th in Palo Alto. This is a special Glenbrook Insight Workshop being held after our final Payments Boot Camp of the year. If you are interested in attending both, there is special discounted pricing available when you bundle both workshops together. I hope to see you there.

{ 0 comments }

Post image for “I know Scott!”

Our co-founder, partner and friend, Scott Loftesness, is formally retiring from Glenbrook today.  I can’t begin to say how much I will miss him – as a colleague, as a mentor, and as an endless source of ideas and insights.  Glenbrook is today what it is largely because of Scott’s vision for the firm: a place for peers to meet, interested in collaboration; a platform for Glenbrook partners to do the work that interests them; a means to bring our collective knowledge to bear on clients’ needs. Above all else, Scott has a fierce determination to understand the workings of our industry.  This passion led Scott to create and nurture our Glenbrook Payments News site: an incredible accomplishment and a valuable source of news and knowledge for payments professionals throughout the industry.

scott

Among his many admirable qualities, Scott has always had a razor focus on what is important – a natural genius, you might say, for sorting out the wheat from the chaff.  We’ve always enjoyed that, and been guided by it:  I remember when, in about 2005, he turned to us and said “you know, I think we should start thinking about mobile again….”

Scott, best wishes for the years ahead.  I know you will continue to follow the industry and I hope you will always let us know about the next big topic we should focus on.  In your (relative) leisure in the years to come, I’m sure your passion for photography will stand you well.  I have some of your pieces on my living room walls, and I certainly hope I can add to my collection in the coming years.

Many people have been encouraged by Scott over the years.  I can’t tell you how many times, when I have mentioned to people that I am with Glenbrook, that I have heard: “Glenbrook – that’s where Scott Loftesness is, right?  I know Scott!”  Sometimes these were people who had worked closely with Scott, but often they were people who had just met with him once, but felt a deep connection. So I will also join the chorus, and say “I know Scott!” – and I’m glad I do.

Do you know Scott? Add your comments below.

 

{ 15 comments }

Post image for Money20/20 Wrap-up

We’ve seen a lot of innovation in payment initiation over the last few years. Apple Pay, Android Pay, Walmart Pay and their like have filled Payments News headline stories. But this year, at Money20/20, consumer-facing innovation downshifted to a lower gear. And that’s a good thing.

Getting Down to Work

“Mobile” news cooled because the competitive models have been established: platform/OS, bank-led, and merchant-based wallets. Now, it’s time for the marketplace to determine the outcome. While mobile wallets are arguably more convenient than EMV cards, the hard work of adding financial incentives like coupons, discounts, and other commerce-driving functions is still underway. Merchant-based apps have the edge here. We have a lot to watch over the next few years as these models mature and best practices emerge.

That’s not to say that this year’s Money20/20 was without announcements and discussions that will shape the industry.

FIDO Alliance and EMVCo Partnership

Building technology to secure payment card data while maintaining card system interoperability is the province of EMVCo. The organization continues to evolve its card data protection toolkit by expanding the use of dynamic data and card number tokenization. Great tools that help. A lot. But limiting access to accounts that control that card data is also necessary and that’s the domain of stronger authentication, code for “killing the password” through biometrics. So, it’s significant that EMVCo is now working with the FIDO Alliance on authentication in card payments.

FIDO, the organization dedicated to replacing the password model with open, interoperable, biometric-based authentication, will work on a standard method for mobile wallet providers and payment app developers in support of the Consumer Device Cardholder Verification Method (CDCVM). To optimize the user experience, they will work on biometric authentication flows that speed the transaction through “user verification caching.” The work will be included in the Web Authentication specification already under development by the Word Wide Web Consortium.

Faster Payments Heats Up

Glenbrook’s Elizabeth McQuerry led a panel, and the 300+ attendees, through the use and business cases for NACHA’s Same Day ACH service and The Clearing House’s real-time payments switch. In that roomful of payments insiders, the clear consensus was that the business case for these two systems will be made by B2B payments.

Card networks are vying heavily to be the rails for P2P payments as seen by their participation in the formal launch of Zelle, the consumer branding for Early Warning’s payments service formerly known as clearXchange. Visa Direct was a major focus at Money 2020. Stitching together the clearXchange switch with the “push to card” capabilities of Visa Direct and MasterCard Send, Zelle has the potential to blunt Venmo’s growth provided the user experience is excellent and branding is adequate. A whole lot of “viral” will be needed. Between the two, the cost of P2P payments incurred by participating financial institutions has gotten more reasonable but it’s still a cost. The push toward faster payments by banks in the U.S. now has three main camps – cards, Zelle, and The Clearing House.

Integrations and Partnerships

The cloud and apps have made it easier to assemble complementary capabilities and deliver them to where users can access them. PayPal’s reach into Facebook Messenger, announced on Monday, is an example. Messenger users can make purchases with their PayPal credentials and receive receipts and other messages via the Messenger interface. You go where the users are.

Other integrations of note include Android Pay’s support for Visa Checkout and Mastercard’s Masterpass. Integration enablements steps include Synchrony’s Plug-in that facilitates a retailer’s inclusion of e-gift cards into the retailer’s app.

Blockchain Evolution

Blockchain focused firms were at Money 20/20 but the most visible was Chain, the Visa-backed blockchain service developer that open sourced its blockchain creation and management code this week. Chain’s blockchain supports the creation of new asset classes and the issuance of those assets all on the same blockchain. Recording transactions within a one second window, Chain’s approach relies on both its code and the right behavior of its users to maintain trust. Business law and contracts, as well as regulation, will frame usage as much as the code. Chain’s own business model will include key management services based on host security modules, the HSM devices that manage PIN cryptography today.

In a nutshell, this year’s Money20/20 was about payments rails and their interconnections. Interconnections were also the theme for the Glenbrook team. With scores of meetings, it was great to catch up with so many clients and friends in our dynamic, fascinating industry. We look forward to seeing you there next year, if not much sooner!

{ 0 comments }

Post image for Two Paths for Faster

The always-interesting Federal Reserve Bank Chicago Payments Symposium just closed, and predictably, a lot of the discussion (and argument!) was around “faster” – the evolving progress of the United States towards improvements in our payments systems. I was particularly interested in hearing other people’s views on the outlook for this in our country.

I came away with two conflicting pictures in my crystal ball – either one of which could, I think, come to pass.

Picture One

A set of 10-20 faster payments “solutions” (systems, networks, products), all used by some reasonably large number of consumers and/or enterprises, which magically interoperate or exchange transactions among themselves in some fashion.  This is the “let a thousand flowers bloom” approach.  It is also the impression I got from talking to many people who are involved in the impressive, multi-year, 300+ person Federal Reserve Bank Faster Payments Task Force.

This group of people has been industriously working through a detailed process to come up with criteria for a faster system; evaluate a group of proposals from solution providers against these criteria; and explore what type of standards, governance bodies, or rule sets would be needed to make interoperability work.

The good news here is the thoroughness of the work, and the consensus value in having 300+ enterprises (yes, not multiple people from the same enterprise….) collaborate on this process.  The bad news is that this group has no real authority – no power, you might say.  So I think a reasonable person can question whether or not it can create a governance structure with rules which a diverse group of enterprises will agree to be bound by.  After all, in many cases such rules would run sharply into the problem of “network fantasies” which Glenbrook has written about in the past.  So I am troubled both by the difficulty of moving from theory to practicality, and, frankly, by the time this would take to do – even if it could happen.

Picture Two

The other option focuses on the coexistence of two concrete yet separate implementation efforts.  One, of course, is The Clearing House’s new real-time payments system, reportedly nearing readiness for technical testing, and expected to launch at some point in 2017.  This will be open to all banks in the U.S., and is roughly modeled on the U.K.’s hugely popular Faster Payments system.  The second implementation is the more organic process of connecting existing debit networks (definitely Visa and MasterCard, but the regional networks as well) to “front end” consumer payments ordering systems: think of both clearXchange (now owned by Early Warning) and PayPal as being in that category: look at recent news releases on deals between PayPal and the debit networks, and ditto for Early Warning.  The debit networks, of course, are using their “pull” pipes to “push” payments: essentially taking a real-time authorization message (used for cards) and repurposing it as a payments notice: instead of asking the authorization question “is there enough money?” they are sending a “push” message: “you’ve got money”.

In this second scenario, it is pretty easy to imagine that the debit-network solution, with a variety of front-ends, could dominate the consumer, P2P business, and also be used for a large variety of small consumer-to-business payments (gardener, nanny, plumber, etc.)  The Clearing House’s new system would then most likely become the dominant solution for B2B payments.  Bill payment is the “jump ball” – I could see this gravitating towards either system.

So the good news here is that this is going into place very quickly – the debit network capabilities are already there and the TCH solution is coming to market very soon.  The bad news, I’d argue, is that, in my humble opinion, it is quite unlikely that these two systems – the TCH system and the “network of (debit) networks” – would interoperate.  But maybe that’s not necessary.  I would argue that if this “picture” succeeds, the chances for the other picture – and all the other myriad systems – is pretty bleak.

What do you think?  We’re curious as to your opinions – please comment on this post, or, if you are going Money2020, go to the Faster Payments panel which is being moderated by our partner Elizabeth McQuerry.

 

 

{ 1 comment }

Clicky Web Analytics