Post image for Dennis Moser on Merchant Payments Complexity

Dennis Moser is Glenbrook’s payments systems expert.  He’s worked on building the engines that make payment networks run, especially the critical component of the POS and payment acceptance infrastructure.  He’s also been neck deep in payment data management systems, both as a designer and as a data mining practitioner.

Dennis and I have worked together on a few projects for merchants looking to strengthen their security posture and to get ready for EMV while expanding their payments acceptance flexibility.  After all, we’re in a new world of payment initiation methods.  Given those requirements, we’ve found in our work that the complexity of the payments acceptance and routing challenges for merchants is going up. Increases in complexity often increase costs, too.

Wrapping up a recent project, we landed on the topic of how merchants should be thinking about their payments infrastructure and how, often, its very complexity causes trouble for the merchant.  Here’s the gist of our conversation.

George Peabody: Dennis, do you think national and global merchants adequately understand their payment systems?  What are they missing most often?

Dennis Moser: Of the many payments issues facing merchants, I would mention two:

First and foremost, security of payments data.  There is nothing payments-related that is more damaging to a merchant than a severe security breach. We should talk a bit more about that.

Second, I think that more merchants should work on reporting systems that show the trends of payment cost and operational status over time.  Payments should be viewed holistically – all channels and payment types.  Cost of payments should include external costs and internal cost.  Operational status reporting should provide longer term insight than day-to-day reconciliation activities. When payments are understood in this broader context, merchants are often able to take actions to reduce costs or improve efficiencies that otherwise would go unnoticed.  We think that about 40% of US merchants have this type of reporting.  I’ve been working on projects in this area and have found that a phased approach can be used to develop meaningful perspective reporting and initial costs for initial implementation can be low.

George: Given PCI, security, EMV, routing issues, payment switching, we’re seeing merchants look at outsourcing more often, in a “make the payment pain go away” move.  What’s your view?

Dennis:  If we focus on PCI and security,I beleive that many merchants are rethinking – or should be rethinking – how they manage this.  There is an emerging capability for vendors to provide end-to-end solutions that relieve merchants of much of the PCI/security hassle.  I think these capabilities deserve a close look by many merchants, particularly those that do not have a highly skilled security team.  As you know, the project we recently worked on recommended an outsource approach!

George: EMV, and security awareness in general, have both been pushed forward because of the Target breach.  Any thoughts on the recent compromises?

Dennis:  The Target breach is, I think, a significant milestone.  It may be the impetus to give EMV critical momentum.  It may cause merchants to rethink their security along the lines we just spoke about – vendor end-to-end solutions that relieve PCI requirements.  I wouldn’t go so far as to say that it suggests that merchants, given the business they are in, are simply not suited to deal with the security challenges.  But Target is large and sophisticated and it happened to them.

George: We’re hearing a lot about data analytics, Big Data, these days.  Payments data is a huge component of that.  But it has its limitations. It often comes too late, after the sale, to be helpful to a merchant trying to sell more or better to an individual customer.  There are privacy concerns, too. How do you approach the mining of payments data? Where’s it most useful and to who?

Dennis: We should both go to our “Data in Payments” workshop!  I say this because, although I have done a ton of work with payments data, it has been pretty narrowly focused:  the mining of “minimal” payment data to get value.  By minimal, I mean data elements like transaction amount, date of purchase, merchant name, etc.  Russ is teaching the workshop and has done a lot of thinking about broader implications and uses of payment data.

There are probably a number of definitions of Big Data.  If you were only to look at the quantity of data, examples would be Google clicks, space telescope data downloads, etc.

The transactions flowing through a Visa or MasterCard would have been considered big data years ago, but not any more.  But when transaction data is combined with other information such as item detail, or location of customer in store, then we are talking Big Data in the quantity dimension.

There is another dimension to consider:  response time.  If you are, for example, attempting to do real-time scoring with payments data, the speed of response needed could drive a normally medium data problem into Big Data territory.

One other way to look at data is to ask what kind of technology do you need.  If the answer is 1,000 processors and Hadoop, you have a Big Data problem.  If the answer is a large relational database system, it’s probably not Big Data.

When you mine payments data, big or otherwise, customer privacy is a key concern.  In my own work on payments data mining, great care was taken to remove sensitive information from the analysis.  As an example, in loyalty work, customer categories are determined from the detailed data, and customers get assigned to their category.  But the individual customer’s data is not in play when the category is used.

This post profiles Glenbrook’s Dennis Moser.

{ 1 comment }

Post image for Glenbrook Launches Insight Workshop Bitcoin: Basics and Beyond

Any reader of Payments Views knows that most of us at Glenbrook are impressed by the potential of math-based currencies (MBCs). And all of us agree that participants in the payments industry (in the broadest sense) need to understand Bitcoin and its crypto-currency relatives. Having seen so many Internet technologies grow from concept to first iteration and then radiate into multiple roles, we’re convinced that math-based currencies are going to follow a similar arc. We already see remarkable applications in payments and value transfer. Further evolution is inevitable.

That’s the long reason we’ve built the Basics and Beyond Insight workshop.

The short reason we assembled the workshop is we’re payment geeks.  We want to shorten your learning curve so you can judge MBCs from a business perspective for yourself.

This is complex, unfamiliar territory, and we’ve found that explaining how Bitcoin works, in the clearest and most relevant manner, takes time. Now, in this engaging one-day workshop, we can share exactly what we’ve learned with you.

Our schedule is carefully designed to best meet your needs. Payments professionals need to first dive into the details of how Bitcoin works because, with all of the media attention Bitcoin has received, we arrive loaded with questions. Therefore, the workshop’s morning session minimizes important contextual material for the time being, and gets right into Bitcoin’s design and processing model.

With many questions and “ahas” along the way, the morning’s a fun session.

Once we nail down the mechanics, we examine the major attributes of Bitcoin as currency, commodity, payment rails, and programmable value exchange. While media and regulatory attention has been laser focused on the first two, we emphasize the potentially greater, and more relevant, roles of MBCs as payment rails and programmable money.

In the afternoon, we look at how Bitcoin and MBCs fit into specific payment domains such as B2B payments, international remittances, even point-of-sale purchases.  We also look at MBCs from the perspectives of payment system stakeholders including card networks, remittance companies, financial institutions, and others. (No surprise, the current consumer perspective is “What? Why bother?” Unless, of course, you’re a payments geek.)

Here’s one of the over 100 slides in the workshop’s book:


What would happen if Amazon accepted Bitcoin?

We spend time in exercises examining scenarios like this one and from multiple viewpoints.

MBCs are a new tool. We believe they have considerable potential. But, just as with any novel tool, understanding how it works and what it can do is necessary before we can assess how it could benefit us. By the end of the workshop, you’ll be far down both paths, knowing enough of the mechanics to judge if or how far you want to take MBCs for a spin.

It’s a great day of stimulating discussion, technical discovery, and entertaining instruction. If you’re considering what MBCs mean to your business, the Bitcoin: Basics and Beyond Insight workshop is your best first step.

We’re adding more dates and cities. Please check the schedule for upcoming Bitcoin: Basics and Beyond workshop dates and locations. If you’d like to have a private workshop that’s tailored directly to your business and its use of MBCs, get in touch with me at or 978-393-1737.


Post image for Bitcoin is like…

As is the case with many people in our industry, I’ve been giving  a lot of thought recently to Bitcoin.  When ever I run into something new, or puzzling, I try to find comparisons to help me understand it.  And comparisons abound in Bitlandia.  Many people compare it to the Internet, in terms of significance.  To cash, of course, in terms of its “I give it directly to you” attributes.  Some of my colleagues like the comparison to a bank’s ledgers.  And many compare it to gold, to tulips, etc.

But I think one of the more intriguing angles is to compare it to the introduction of the printing press.  (And no, I’m not talking about people printing money!) The printing press freed the written word from the control of the clergy, and let the masses have direct access to books, to the Bible, to politicians’ screeds. Bitcoin has the potential to free money from the control of bankers, central and otherwise.  I think that is staggering.  I’m not entirely sure it is a good thing: after all, in my heart I’m still a banker.  But if allowed to develop, it certainly would be a big thing.

Wences Casares said on WSJ Digits yesterday that he thought the value of one Bitcoin might reach a million (or a half million) dollars by the end of the decade.  I sure hope so: I own one.  I may just revise my retirement plan.

Let me know what you think.

 This post was written by Glenbrook’s Carol Coye Benson.


Post image for Plaid – A Modern API for Card Data

Our work in payment data cuts across many areas. Who has what data? How is it best monetized? How can it be put to use for better decision making? How can it be augmented and enhanced.

It’s in this last area of “enhancements” that we’ve become fascinated with a new startup company called Plaid. They are making the first serious attempt we’ve seen in a while that rethinks the quality of the transaction data.

Every consumer knows how confusing it can be to open up a statement or view their recent activity and find a bunch of transactions for purchases that are not obvious at first glance or maybe not even obvious after a detailed investigation.  What is this? Is this a gas station? Was that me or somebody else using my card? And that’s with human reasoning. It gets a lot worse when you try to couple that level of transaction data quality with analytics and third party apps.

[click to continue…]


Post image for Same Day ACH – A Step (or Lurch) Ahead

NACHA recently announced plans for a phased introduction of same-day settlement for ACH.  I spoke with NACHA President and CEO Jan Estep this morning about the initiative.

First of all, I congratulate Jan – and the ACH community – for picking up the fallen banner, for as we know, a previous version of this was defeated by NACHA members last year.   It’s not easy to get some 13 thousand financial institutions to agree on anything.  But what NACHA is proposing is a good step forward – if, of course,  they can get the banks to agree this time!

There are many threads to the discussions underway in this country on the general subject of payments improvement – making payments faster, better, and cheaper for end-users.  The Fed is engaged with banks and non-banks in a thoughtful process to determine paths towards payments system improvement, and the possible role of the Fed in providing or facilitating new solutions.  Existing networks – particularly debit networks – are looking at how their “rails” can be repurposed to “push” credit payments through them.  And now the ACH, with its enviable ubiquitous reach to U.S. bank accounts, is proposing same day settlement.

[click to continue…]

{ 1 comment }

Post image for What Comes After Bitcoin?

Since the media latched onto Bitcoin as good fodder for the 24 hours news cycle, the hard focus has been on Bitcoin, its merits, and shortcomings, as a currency, commodity, and as next generation payment rails.

My thinking on its currency and commodity aspects is straightforward. If you don’t understand Bitcoin, don’t buy it, caveat emptor. And volatility is a feature of thinly traded anythings so price stability at this early stage is just not going to happen. Amidst all of that, Bitcoin’s USD value has found what looks to be a solid floor at the $600 level, despite the Mt.Gox meltdown and occasionally grumpy news from global regulators.

[click to continue…]

{ 1 comment }

Post image for How to Get Along and Do Good

Recently I shared my views about the developments underway in the mobile and payments space in Latin America. In that story, I address how individual countries are taking big strides toward reshaping their national payments landscape.

Another remarkable, and equally little known, story is happening in southern Africa where the payments infrastructure in 15 countries is being updated and aligned for future growth, especially to drive intraregional trade. All of this is being coordinated by the Southern African Development Community (SADC), an inter-governmental body with an ambitious, shared agenda to “achieve economic development, peace and security, and growth, alleviate poverty, enhance the standard and quality of life of the peoples of Southern Africa, and support the socially disadvantaged through Regional Integration.”

[click to continue…]

{ 1 comment }

One of the pleasures of joining Glenbrook has been getting to know what and how the other Glebrookers think about what’s happening in the payments industry.  We talk a lot at Glenbrook. Over iChat, email, mobile phones, Skype, Google Hangout with voice and video, through Google Docs, and whenever we meet up for client work and bootcamps.  It’s how we work our way through the news and the issues facing our clients.

[click to continue…]


Post image for Cards and Wallets and Mobile Oh My!

I can’t help it – I’m a consultant; I love putting things into categories and into context.  I always find pictures and “maps” help when things get confusing.  So here’s my latest attempt at making sense of what’s going on with mobile payments and cards.

What really jumps out for me is the issue of card-not-present rules for cloud wallets. Particularly if these wallets are populated with issuer tokens, rather than full card numbers – it seems like it might make sense for the CNP rules to change.


Post image for Is the Target Breach the Chernobyl of Payments?

Chernobyl is certainly at the top of the list of man-made disasters.  In light of recent events, I’ve been thinking that the Target breach has become the Chernobyl of the payments world.

As a group, we Americans never thought that much about payment security – we really didn’t have to.  We are protected by federal laws limiting our liability for lost/stolen cards, while at the same time, the card networks’ rules give us even better “zero liability” protection, and have educated us about that protection with hundreds of millions of dollars (if not billions) of TV ads over the years. 

[click to continue…]


Post image for Mt.Gox Collapses, Bitcoin Shrugs It Off

Tuesday’s collapse of pioneer Bitcoin exchange Mt.Gox has been widely covered by the international tech and general media. There’s no doubt quite a story behind its demise. The rumored theft of hundreds of millions of dollars in bitcoin will provide plenty of fodder for journalists and investigators. The pain of those who lost their bitcoin entrusted to Mt.Gox has to be severe.

This is not, however, an existential event for Bitcoin as some news outlets have claimed.  A few observations:

[click to continue…]


Post image for Dispatch from the Smart Card Alliance Payments Conference

For those companies and individuals most committed to building the EMV and NFC ecosystems, the place to be February 3rd through 7th was Salt Lake City where the Smart Card Alliance hosted both an EMV Migration Forum meeting and its annual Payments Summit.  Over 525 people attended, representing the chip industry, payment processors, card brands, payment service providers, consultants, media, and even some merchants.

I’ve attended the conference for the last four years and its related antecedent CardTech/SecureTech before that.  Many of the same folks attend this conference and the same issues are often repeated.  As a result, there’s been a Groundhog Day quality to the experience.  This year, for EMV in the USA, that groundhog must not have seen his shadow because the card standard’s long winter in the US looks to be ending and, while hardly early, this may be springtime for EMV in the USA.

Here are a few of the takeaways:

[click to continue…]

{ 1 comment }

Carol Coye Benson - Glenbrook Partners

What’s the difference between card acceptance and a deposit?

In both cases, money is being delivered into a merchant’s bank account – in fact, a purist would point out that a deposit actually is the last stage of card acceptance for a merchant.

But consider instead a different kind of deposit – something that is more like the deposit of your salary into your bank account.  In the U.S., this is done through our ACH system.  Your employer sends a file to their bank, and a day or two later money is deposited into your account.

Your bank doesn’t charge you for accepting this deposit – in fact, they are glad to have your money come in.  They pay a tiny processing fee to the ACH operator who sends the file to them.    But no one pays anything like the “merchant discount fee” that a card-accepting merchant pays.

That’s a consumer example.  The ACH system is also used for business-to-business payments, and a business receiving an ACH payment from a business customer gets that deposited into their account.  They (the receiving business) may pay a small transaction fee to their bank for receiving the payment – but again, nothing like a “merchant discount fee”.

[click to continue…]


Post image for The Biggest Mobile Payments Story You’ve Never Heard

As we move into 2014 – yet (again) the year when many say mobile payments are destined to gain traction – let’s look at some key developments in the space. No, I’m not talking about the newest pilot participant in ISIS or whether Apple will be the new sheriff in town. Instead, let’s look to the south to where the foundation is being laid for mobile payments to take hold in a few Latin American countries.

Peru is likely to produce the most interesting developments in calendar year 2014 as its new real time, retail payment system rolls out in the second half of the year.  In response to recent legislation that requires interoperability for mobile payments, the new rails are being built by the bank consortium that operates check and ACH clearing in the country. Peru also created the new category of “Electronic Money Issuing Firm,” those who convert physical money to electronic money and store it on an electronic device. Qualifying E-Money providers can have access to the new real time system to make low-cost, interoperable payments to other mobile phones.

[click to continue…]


Post image for The Age of Context and Security

The news from Target, increasing the number of cards compromised to 70 million and the expansion of data loss to mailing and email addresses, phone numbers, and names, affirms that we’re in a security crisis.  As my colleague Scott Loftesness puts it, card data is, from a brand and business perspective, the new radioactive material.  Add personally identifiable information (PII) to the list of toxic isotopes.

The depressing vulnerabilities these breaches reveal are a result of skilled hackers, the Internet’s lack of inherent security, inadequate protections through misapplied tools or their outright absence.  Security is very, very hard when it comes to playing defense. There are no silver bullets, of course. Security is, like staying warm this winter, about layers.

There is a set of new technologies that could, in combination, produce a defense in depth that we have not enjoyed for some time.  This post takes a look at those approaches and what they may mean for security as a whole.

[click to continue…]


Clicky Web Analytics