Post image for EP42: Payments Data with Russ Jones

As the breadth of transaction data expands, even the definition of payment data is getting stretched. Payment data, when combined with other sources, is becoming a valuable tool for both commerce and security. If we know your first name, we can figure out if you’re male or female 92%+ of the time. If your email address is at AOL, you’re probably over 50. What you might buy can be inferred from the websites you visit. And that’s just the start of data’s role in payments.

Take a dip into the payment data pool in this podcast with Glenbrook’s Russ Jones. Russ discusses artificial intelligence, privacy, and the spread of Bluetooth beacons. For a deeper dive into the topic, join Russ at the Payments Data Insight Workshop on October 13 in Palo Alto because data’s influence in payments continues to expand.



Photo: Scott Loftesness


A few weeks ago I joined my client Raj Jain, CEO of RS Software, for my third visit to India. RS Software is headquartered in Kolkata which was our first stop for the annual general meeting of shareholders. After that, we visited Mumbai and Bangalore – along the way we met with many of the key individuals helping drive the now rapid change that’s unfolding for payments in India.

My last visit was in January of 2015 –– just the week before President Obama made his second visit to India and early on during the administration of Prime Minister Modi. The sense of change was in the air – a definite uptick in energy, excitement, and renewed optimism about India’s future.

On my first visit to India six years ago, I spent much of my flight reading Nandan Nilekani’s then new book “Imagining India: The Idea of a Renewed Nation.” For me, this book was a great introduction and, since that time, it’s become clear that many of Nilekani’s ideas in that book are now seeing the light of day.

The first example I remember from the book was his push for what he called “Single resident I.D.” The goal of this idea was to provide each resident of India with a unique identification number that could ultimately be used to help solve trust and identification issues in a common way and provide a foundation for “know your customer” responsibility.

Discussion around this idea led to the formation of the Unique Identification Authority of India which was the vehicle that addressed the issues of technology, enrollment, rules for usage, etc. The unique numbers became called Aadhaar numbers –– since the first one was issued in 2010, over 1 billion Aadhaar numbers have now been issued to Indians.  Each of these numbers is coupled with biometric authentication details captured at the time of enrollment. As with any such national identity scheme, the program was controversial but ultimately survived and Aadhaar now provides the foundation layer for what has come to be called the “India Stack” – and helped set up the opportunity for the next idea to be implemented. Starting in 2010 with no legacy, the team had an opportunity to think digital/cloud from day zero, and Aadhaar was conceived and implemented as an open, online ID from the beginning.

Another one of Nilekani’s ideas, the electronic payment of government benefits to citizens, began implementation last year. This new approach, known as Direct Benefit Transfer, eliminated the middlemen who were dipping into the funds intended for citizens. In parallel, Jan Dhan Yojana, a program launched by Modi early in his tenure, enabled all households with a bank account and accompanying RuPay debit cards to access their funds. Having the bank account is the key to enabling government payments to flow directly to citizens. The results have been stunning – with over 230 million new bank accounts opened in a little over a year.

Shortly after I was in India last year, momentum started building around simplifying domestic payments in the country. About five years before, India had invested in the development of IMPS – Immediate Payment Service – a real-time interbank electronic funds transfer system. With the growth in mobile and smartphones, usage has grown dramatically and now exceeds debit cards in usage.

IMPS was developed and managed by the National Payments Corporation of India (NPCI), a unique umbrella organization for all retail payment systems founded by a number of the banks in India with the support of the Reserve Bank of India. In February 2015, NPCI announced a new initiative – Unified Payment Interface – to address current market needs. In particular, a key goal of UPI was to provide mobile users with a way to send and receive money using a single identifier – either the Aadhaar number, mobile number, or bank assigned virtual address. UPI would decouple the service from any requirement on users to provide bank details for sending/receiving money.

NPCI went through a formal global tender process resulting in the selection of RS Software to build UPI. This was an important step for RS Software as it represented the first payments project undertaken by the company in India. Although headquartered in Kolkata, the company has for twenty-five years served as an outsourced development partner to global leaders in the  payments industry in the U.S. and Europe. RS Software delivered UPI successfully and has also assisted some India banks in their implementation of UPI. UPI, as it removes friction from consumer payments, is expected to grow quickly following its recent launch by NPCI and many of the major Indian banks. The company also won another opportunity with NPCI to build the Bharat Bill Payment System for India (BBPS) which will be launching next month. Together, UPI and BBPS form a foundation layer for India’s digital payments infrastructure.

When I look back on this brief history, I’m struck by several things, starting with the foundation layer that was laid with Aadhaar and, ultimately, smartphone based biometric authentication. The national effort required to first complete the work of designing, building, and then enrolling the population has been substantial. I cannot envision anything similar happening in most of the developed countries that I know.

Second is the importance of industry collaboration to make efficient progress on agreeing on standards, deciding what to build, and everything that goes along with delivering that in a market of India’s size. The Reserve Bank of India, a particularly strong regulator in my experience, very much played important roles in this evolution – working with both NPCI and the banks.

Finally, the overlay of mobile and how mobile technology is changing everything. Mobile enabled payments are different from the card payments world I grew up in. Sure, we have Apple Pay, Android Pay and others which “mobile-enable” more efficient and secure mobile payments. But if you’re open to a new approach that doesn’t have to support a legacy world of card payments, new things are possible – indeed very likely. The combination of IMPS and UPI means that all of those newly opened bank accounts are going to have easy access to mobile real-time payments.  Another example is the likely shedding of the traditional card-based requirement for merchants to have point-of-sale acceptance devices and, indeed, acquirers. The new mobile payments approaches we’re seeing emerging rapidly in India require neither.

Equipped with the Aadhaar identity, new banks accounts and the rapidly increasing presence of smartphones, India is on the cusp of rapid and accelerating change.  In the world of payments, I find this story out of India pretty incredible!

Note: In a discussion like this about the evolution of payments in India, I must recognize a few key individuals from the private sector in India who have invested their time to help make this evolution possible. In particular, Dr. Pramod Varma, the former co-founder/CTO of Yantra, who has been a leader in defining the entire India Stack platform and Sanjay Jain, a former Google Product Manager. Alongside them are about 15 other technology professionals – including my good friend Sanjay Swamy – who gave their time to help architect and convince the government and regulators to accept and deploy this important new architecture for India.

{ 1 comment }


One of the payments obsessions here at Glenbrook is understanding the ways in which mobile payment and digital financial services are taking hold around the world. Once effectively limited to the early success of M-PESA and P2P payment in Kenya, today there are a number of services underway. M-PESA itself, in around a decade, has evolved to offer bill payment, savings options, small loans and is also working on merchant payments.­­

The models that such services are based on vary considerably. Kenya is a classic example of mobile carriers like Safaricom stepping into the void left by banks that were not providing affordable financial services to the vast majority of the population. While all of the M-PESA services involve a bank in one way or another (for example, the value loaded on mobile wallets is on deposit at a commercial bank), the services are driven by the mobile carrier as a service offering to their customer base.

More recently banks like Equity are challenging M-PESA for a piece of this growing market. Equity’s Eazzy 247 is notably carrier agnostic and therefore available to anyone who has a mobile phone, not just Safaricom customers. As well, the Kenya Bankers Association is developing a real time switch that will allow all banks to offer the immediacy of payment via M-PESA.

Two years ago, in this post, we shared the developments underway among the 15 countries in the Southern African Development Community (SADC). At that time, the SADC payments initiative had created a settlement system for high-value payments among banks and were preparing to extend the functionality to low value or retail payments. SADC is different than other initiatives because all payments in the SADC scheme are cross-border – the objective is to improve the efficiency and reduce the risk of the growing number of cross-border transfers that occur in the closely-knit region.

In addition to the fifteen country framework, also notable about the SADC project is that it is an interoperable scheme, using a common payment standard (ISO 20022) to transact between providers. Even more notable is the more recent move to include non bank payment providers such as authorized mobile money operators in the SADC scheme.

While Europe introduced the concept of “payments institutions” in 2009, having banks and non banks interacting in the same scheme has not gained traction elsewhere. Mexico allows authorized non banks to access its payments system but very few have chosen to participate. More recently, Brazil created a similar category but the development is too new there to measure how widely used it will be.

At a recent meeting for the SADC initiative, several banks and non banks elected to participate in a pilot or proof of concept of cross-border retail payments focused on the mobile channel. Here mobile money operators will have the opportunity to easily transact with mobile money operators in other SADC countries. Similarly, banks will be able to exchange mobile initiated payments with banks in other SADC countries.

The truly novel aspect will be the opportunity for banks and non-banks to transact with each other in the multilateral scheme. This opens up the possibility of wallet to account as well as account to wallet payments. While this may already occur in a handful of bilateral arrangements between banks and mobile money operators, the SADC framework offers the opportunity to scale this regionally.

It has taken two years for the SADC project to reach the point where the SADC scheme, regional regulators and participants are aligned and ready to launch a proof of concept. This is an ambitious endeavor that will be watched by many observers.

The interest in the project and the need for lower cost cross-border transfers has also started a discussion about introducing additional settlement currencies into the regional settlement system. Today the system, called SIRESS, only settles in Rand which is used in only 4 of the 15 countries.

Getting to the proof of concept is effectively a new starting point but this is only the starting point for what can be achieved. What we will be looking for out of the SADC mobile payments efforts:

  • Can banks and non banks truly cooperate?
  • Will end users be primarily consumers for family remittances or can the transfers also be attractive to small businesses who have high volumes of cross-border trade?
  • Will we see the number of payments decline that are transferred by bus or other courier type arrangements?
  • Will this type of collaboration lead to more transparency and lower prices for consumers? South Africa has the most expensive transfers among leading economies, according to the World Bank.
  • Can the concept be successful in currencies other than Rand?
  • How would multiple currency settlement work among the countries?
  • Is the regional regulatory and policy environment sufficiently harmonized such that it is effectively seamless to transfer from one country to another?
  • Can the introduction of affordable remittances be a gateway to improved financial inclusion among the SADC countries?
  • Will we see the SADC model being adopted by other regions?

We plan to report back on these topics. In the interim, we’d love to hear your thoughts on SADC and other noteworthy developments in the mobile payment space.





Post image for Merchants Just Want to Sell Stuff

Anyone who’s been in a Glenbrook Payments Boot Camp session with me has heard me emphatically stress that merchants “just want to sell stuff – they don’t want to be in the payments business”.

Of course many larger and more sophisticated merchants have figured out how to use payments strategically to increase sales – think private label credit, friction-reducing checkout, cross-border tender types, etc., – and/or to lower operating costs, but most of this is lost on the smaller Tier 3 and Tier 4 merchants. Those merchant tiers encompass the “mom and pop” stores – single store boutiques, dry cleaners, cafes and such, up to merchants with a few locations – generally generating up to a few million card transactions per year.

So where am I going with all of this? I was recently catching up with a former colleague of mine who is now head of sales at a major acquirer, discussing security solutions targeted at these Tier 3 and 4 / SMB merchants. I was lamenting what I consider to be a sad state of affairs in these segments, that relatively simple card security solutions have been in the market for years, but are not getting routinely deployed.

More specifically, I’m referring to what is known as “P2PE” – Point-to-Point Encryption solutions that essentially encrypt card data as it enters a point-of-sale device via a mag-stripe swipe or dip of the EMV chip and passes it securely to their card processor where it can be decrypted and sent to the card networks for processing. The overall goal, of course, is to get “radioactive” card data out of the merchant’s environment, protecting what is sometimes known as “data in flight”.

It’s worth pointing out that the PCI Data Security Council, the organization that sets industry-wide standards for card-related security, mandates that “data at rest” be encrypted in some fashion, but does not mandate point-to-point encryption. Instead, it does provide guidance on various other ways to protect data as it’s being transmitted from the point of sale to the merchant’s processor.  That said, the organization has provided “P2PE Solution Requirements and Testing Procedures” as well as associated FAQs[1].

In my opinion, P2PE is the closest thing to a silver bullet that we have to protecting mag-stripe and EMV transactions at Tier 3 and Tier 4 merchants right now, and it will be for a number of years until we have a critical mass of tokenized Apple Pay/Android Pay/Samsung Pay/Fill-in-the-Blank Pay transactions at physical POS (note that even the EMV specs don’t specify encrypting card data out the back end of the terminal).

Yes, this isn’t a trivial problem and with security every detail matters. If keeping merchant equipment out of PCI scope is the goal, then where encryption takes place and the path that data takes—back through the POS system or direct to the processor in the semi-integrated manner—makes a difference. Protection has to be in place at the application layer and over the communications link. But this is all settled science. There’s no mystery here.

So my problem is not that we don’t have the technology to protect these merchants with an affordable solution; my problem is that as an industry, we aren’t doing it. Instead, we are assaulting these poor SMBs with incomprehensible concepts such as “PCI compliance”, “mandated industry security standards” and the need to be “PCI certified”.  Why?  Shouldn’t the industry just build P2PE-type solutions into every point-of-sale device”?

And by the way, I should mention that it is now standard practice for most acquirers to charge their merchants monthly or annual “PCI Compliance Fees” that do NOT include installing P2PE on their terminals.  Oh yeah, and if the merchant is deemed to not be PCI-compliant, the merchant is usually hit with, you guessed it, a “PCI Non-Compliance Fee”.  And most acquirers charging PCI Compliance and Non-Compliance fees also sell security insurance to many SMBs to protect against potential fines and penalties stemming from data breaches that P2PE and tokenization could have mitigated in the first place.

Just to be clear, I’m not saying that P2PE and tokenization are sufficient to totally obviate SMBs having to think about card security. Merchants still need to be cognizant of how they handle physical cards, what they print on receipts, reports that may contain full account data, ensuring their terminals haven’t been tampered with, etc.  What I am saying is that the greatest risks can be largely mitigated relatively painlessly and cost-effectively.

To be fair, some acquirers do routinely install P2PE into their devices without explicit charges for it. They just build the cost into their pricing and/or include it into an add-on service such as data breach insurance. Although I really have to wonder about those acquirers that are happy to sell the SMBs data breach insurance without even requiring P2PE. I can only assume that they make more money paying off a claim here and there versus the cost of implementing P2PE.

But why are most acquirers not routinely implementing P2PE solutions as a matter of course? First, there is a cost to it – they need to modify, test, and certify their terminal apps as well as implement secure encryption key management practices (like they already do anyway with PIN pads). In addition, there are often technology licensing costs. And, in fact, many acquirers feel that the small merchants won’t pay them an explicit fee to cover these costs. But of course, it is now an industry standard to charge either PCI compliance or non-compliance fees that the merchants do pay. I have no idea how common this is, but I actually had an acquirer for a non-profit I volunteer for tell me that Visa and MasterCard required them to charge us those fees.

I don’t realistically believe that shining a spotlight on this issue will make much of a difference in the marketplace, but I do want to acknowledge those acquirers that are “doing the right thing”. I hesitate to mention those that I know of lest I forget some. But please feel free to acknowledge those that are in the comments section below. And as always, I’d truly appreciate your thoughts and perspectives.


{ 1 comment }

Post image for Marwan Forzley, Align Commerce, and the Evolution of Blockchain Business

Bitcoin’s reliability and transaction-level security has inspired today’s explosion of blockchain pilots, companies, and consortia. But the bitcoin rails already have solid commercial applications. Circle Internet Finance has focused on person to person payments. Align Commerce has focused on international B2B payments for smaller businesses. With growth, both have blended bitcoin rails with more traditional methods to accomplish fast, cost effective transfers.

Join Marwan Forzley, CEO of Align Commerce, and Glenbrook‘s George Peabody for a conversation about how Align moves money and the state of bitcoin and blockchain development. There may be no such thing as an international wire but this approach gets pretty close.


Post image for Inside the Visa / PayPal Partnership

After a great deal of speculation, Visa and PayPal (or is it PayPal and Visa?) have announced a partnership where the two companies will “collaborate to accelerate the adoption of digital payments.” The announcement, which was actually more detailed than most partnership announcements, speaks of putting the two companies “on a new path” for the benefit of consumers and merchants.

visapaypalIt’s always interesting to look at the motivation behind these sorts of partnerships, drill down into the benefits to each party, and explore the potential ramifications. Let’s walk through the deal points, see what they said, and then offer an interpretation.

Deal Point #1 – Funding Source Steering

Enhanced Consumer Choice and Improved Experience for Visa Cardholders: PayPal will make it easier for new and existing customers to choose to pay with their Visa cards and ensure a more seamless experience: Visa cards will be presented as a clear and equal payment option during enrollment and subsequent payments, with an easy ability for consumers to set as their preferred payment method; Visa digital card images will be incorporated into payment flows; PayPal will not encourage Visa cardholders to link to a bank account via ACH; PayPal will also support and work with issuers to identify consumers who choose to migrate existing ACH payment flows to their Visa cards.

Elimination of ACH steering primarily benefits Visa

Visa benefits from increased purchase volume that will come primarily from Visa cardholders that prefer to use their Visa cards but were too inconvenienced to change the funding source on a transaction-by-transaction basis. Visa purchase volume goes up; ACH purchase volume goes down. PayPal users, who are also Visa cardholders, will enjoy a cleaner user experience with less purchase friction. In spite of its stated strategic importance, Visa will have less urgency to establish Visa Checkout as an alternative to PayPal. This aspect of the partnership also scores points with Visa issuers for having converted non-revenue producing PayPal ACH transactions into revenue producing PayPal debit card transactions.

For PayPal, the company loses the economic advantage of ACH funded transactions for Visa debit card-carrying users in the U.S., but this is offset somewhat by a reduction in ACH NSF reversals. Placing Visa on equal footing with other payment methods will also likely impact the extension of PayPal Credit in the U.S., which is a net win for Visa’s issuing partners. And, while minor in nature, a partnership with Visa also mitigates the competitive threat from Visa Checkout.

Deal Point #2 – Tokenization at POS

PayPal will Join the Visa Digital Enablement Program (VDEP) to Expand Point of Sale Acceptance: PayPal will join VDEP, a commercial framework for Visa partners to access Visa’s token services and other digital capabilities in the United States. This will enhance transaction security and expand acceptance for PayPal’s digital wallet to all physical retail locations where Visa contactless transactions are enabled. Consistent with VDEP, issuers will be able to choose whether to participate and retailers can expect to pay fees that are consistent with other contactless transactions they accept today.

Participation in the Visa tokenization program primarily benefits PayPal

By joining the Visa Digital Enablement Program, PayPal gains access to Visa tokens that can be used at the point of sale anywhere Visa contactless transactions are enabled, presumably through the PayPal app running on Android (with open access to the NFC radio.) Maybe we call this “PayPal Pay”. PayPal would have no economic angle on these transactions, as they would be processed through the merchant’s existing acquirer. The merchant would, in fact, have no relationship with PayPal. This is similar to Apple Pay and Android Pay, where neither company has a contractual relationship with the merchant and earns no revenue from merchants.

PayPal’s motivation here is likely to be increased utility of the PayPal app in the everyday life of the PayPal user, which is a stated corporate goal. Beyond the stated use at the POS, tokenized Visa payment credentials would also likely be used on all Visa-branded funding transactions for PayPal and Venmo. There is a real possibility that, long term, 3D Secure V2.0 (now being finalized by EMVco) might be used to shift some of the fraud liability away from PayPal and its merchants and to Visa issuers.

For Visa, it benefits indirectly by the further propagation of tokenization out into the industry and the accompanying reduction in the data breach footprint. This is also a big selling point for all the Visa issuers.

Deal Point #3 – Instant Withdrawal of Money

Instant Withdrawal of Money: Consumers will be able to instantly withdraw and move money from their PayPal and Venmo accounts to their bank account via their Visa debit cards leveraging Visa Direct – providing an experience that offers speed, security and convenience.

PayPal’s use of Visa Direct is a balanced benefit to both Visa and PayPal

For Visa, further adoption of so-called OCT transactions provides the firm with a leg up on the next generation Faster Payment system from The Clearing House coming to the U.S. in 2017. PayPal’s usage is an endorsement of the OCT technology in the U.S. and may spur others to adopt as well. More importantly, it may provide Visa issuers in the U.S. with an incentive to move to the optional “Fast Funds” model that many have ignored to date. Fast Funds is the model used to immediately post funds received to the recipient’s bank account. PayPal’s support for Visa Direct goes hand-in-hand with elimination of funding source steering for Visa cardholders. For these PayPal users, ACH will no longer be used to fund accounts OR to withdraw funds.

To the extent that Visa issuers participate in Fast Funds, withdrawals from PayPal and Venmo accounts via Visa Direct provide faster settlement to bank accounts and directly benefits PayPal’s customers. This comes at a cost however, as PayPal will now be paying card transaction fees instead of the ACH fees on withdrawals from a PayPal or Venmo account. Presumably, there will be a reduction in exception handling for PayPal as Visa Direct is able to verify the account exists and is open prior to the funds being pushed to the cardholder’s bank account.

Deal Point #4 – Enhanced Data Quality

Enhanced Data Quality: PayPal will ensure that data provided to issuers and their cardholders for Visa-funded transactions will be consistent with the information that is received with traditional Visa card transactions. This will ensure a better consumer experience, reduce cardholder confusion, ensure proper application of rewards, and reduce costly and time-consuming disputes.

Enhanced data quality primarily benefits Visa with no significant downside for PayPal

Visa has long held a stated grievance against PayPal for providing “incomplete” transaction data. Of course, PayPal provides the transaction data that is required by card company rules, but not a lot more. The card networks have changed their requirements over time – they now require PayPal to provide merchant tax IDs for example – but the grievance remains.

In my opinion, this is a bit of a red herring issue as the only real data concern was likely just the incomplete mapping of PayPal sponsored merchants across all of the ISO merchant category codes (MCCs). This incomplete mapping is the result of PayPal asking small merchants to self-map against a predefined subset of MCCs rather than making them work their way through hundreds and hundreds of potential category codes. Instead of knowing that a specific merchant is a “specialty retailer,” Visa will now know that the merchant is actually a “jewelry store.”

Providing enhanced data quality to Visa does not really cost PayPal anything more on a transaction-by-transaction basis, but perhaps they have to invest some money into getting the MCC self-assignment mapping right. Not the biggest deal, but it speaks to how important payment data is today for the increasingly analytics-driven card companies. Providing Visa with this data does not detract from PayPal’s ability to use the same data.

There is a possibility that there is more to this deal point than meets the eye, but it’s hard to know at this point. There are lots of other data elements PayPal could share with Visa, but that would be beyond what is structurally provided to the network on a card transaction.

Deal Point #5 – Economic Incentives

Economic Incentives: The agreement affords PayPal certain economic incentives, including Visa incentives for increased volume, and greater long-term Visa fee certainty.

Economic incentives, of course, primarily benefit PayPal

If successful in implementing the various partnership components, PayPal will financially benefit from “Visa Incentives” meaning that some of the economic downside from other points in the partnership will be mitigated by these incentives. “Greater long-term Visa fee certainty” probably speaks to fixed (if not reduced) network assessments over the length of a long-term contract – and perhaps a promise that Visa will not dream up new fees that are specifically targeted at PayPal. Perhaps this deal point also includes some offsetting compensation for card-not-present transaction interchange on Visa transactions, but we have no way of knowing.

While this might appear as a pure cost to Visa, it indirectly benefits Visa as well, as the volume incentives provide PayPal with clear motivation to minimize their tendency (post-Durbin) to steer qualified Visa debit transactions over PINless debit rails from STAR and NYCE instead of over Visa’s signature network rails. This PINless debit steering technique is used by PayPal to reduce the cost of network assessments on select debit card funding transactions in the U.S. It also will occasionally result in the cardholder being denied debit reward points, through no fault of their own, when the transaction is routed over a non-signature card network. In the end, however, Visa purchase volume goes up; STAR and NYCE purchase volume goes down.

Glenbrook’s Take on the Partnership

At first blush, this partnership is broader and more far reaching than what we were expecting here at Glenbrook. While termed an “extension of their long-standing relationship” this is actually the first time Visa and PayPal have collaborated on anything. Historically, the companies have been arms-length competitors. It’s worth remembering that Visa Checkout is Visa’s third attempt to compete with PayPal in the digital wallet segment of the payments industry. And PayPal uses MasterCard as its network partner on its PayPal Debit MasterCard, PayPal Extras MasterCard, and PayPal Prepaid MasterCard products. So, not historically partners.

The terms of the relationship are specific to the U.S. market. This restriction seems a bit odd given that PayPal and Visa both think and act globally. Maybe Visa doesn’t feel that bank account steering is a major concern outside the U.S.? PayPal doesn’t offer it in many markets. Maybe PayPal doesn’t see Visa having a critical mass of tokenized payment credentials outside the U.S.? Maybe it’s just too early to look at extending the partnership globally?

While we have cast the partnership in terms of what it means to Visa and PayPal individually, some consumers and some merchants will come out ahead of where they were prior to the partnership. From their perspective, most of the benefits will come from the elimination of bank account steering in favor of authenticated debit card transactions.

Consumers in the U.S. carrying Visa cards will enjoy a dramatically streamlined user experience (with less friction) when using PayPal to buy at any of its 14 million merchants. Some merchants that accept PayPal as a form of payment—those that do not qualify for seller protection—should see fewer ACH NSF transaction reversals. To be fair, this is likely a small number of transactions for a small number of merchants. But it may prove meaningful to some.

In the end, though, this partnership isn’t really about consumers and merchants. It’s about generating incremental transaction volume for Visa and its issuers—and unleashing PayPal to compete against Apple, Google, and Samsung at the POS.

For PayPal, what’s particularly intriguing about this tap-and-pay thrust at the point of sale is what it might mean for Venmo users. The same Visa tokens used in the PayPal app could also, potentially, be used in the Venmo app at the POS with the same constraints and same processing model. Embedding tap-and-pay functionality into Venmo would further accelerate the momentum behind Venmo and be the perfect synergistic overlap of social payments and mobile payments for millennials.

Think Venmo Pay!

This post was written by Glenbrook’s Russ Jones.



Post image for Sensibill – Redefining Digital Receipts for FIs

Stretching the retail financial institution’s (FI) mission beyond checking account and debit card management is on that industry’s agenda. It’s what fires the imagination of fintech entrepreneurs too because retail financial services is an industry in need of creative, expansive approaches to accountholder services. Not every idea catches fire but fortunately there are those willing to light a match.

This Payments on Fire podcast looks at Sensibill, a digital receipting and data repository service for FIs. Join Glenbrook’s George Peabody and Sensibill’s CEO and co-founder Corey Gross in this discussion of how an FI can help its accountholders turn digital receipts into data far more useful than what’s on a statement or that piece of paper stuffed into a purse or wallet.

Transcript below the jump.

[click to continue…]


Post image for Machine Learning in Fraud Management

Machine learning and the broader category of artificial intelligence are rightly attracting attention and discussion. These are powerful technologies. But, like many new technology conversations, there’s the suggestion that they can address all use cases.

Maybe focusing on a single use case is the better approach right now. Join Glenbrook’s George Peabody and Nuno Sebastiao, Chairman and CEO of fraud management firm Feedzai, in this refreshing discussion about the role of machine learning in fraud management, some of its limitations, and how services like these fit into an enterprise’s fraud and risk management operations.

Read the transcript below the line

[click to continue…]


Post image for Biometrics, Big Data, and Tossing the Password

Digital identity is the black hole of the internet. Our online lives simply aren’t protected by a system without strong authentication. Killing the password is Mission One for security professionals because they’re so readily stolen through phishing attacks and malware. Users, warned to make passwords complex and unique, have no hope of remembering them. And a password is simply one factor of secure authentication. Biometrics and data, when used in combination, can relieve password fatigue and, for the relying party, increase security substantially, bringing some light to that dark place on the internet.

We talk with MasterCard’s biometrics and authentication leader, Bob Reany, about where biometrics work and the intersection of device-based tools with what the cloud provides through Big Data, particularly device profiling and behavioral analytics. Your fingerprint’s not just for unlocking the phone anymore.

Transcript below the break

[click to continue…]


Post image for The Merchant’s Challenge with Chargebacks

Chargebacks are one of the card system’s great consumer benefits. If fraud happens, the merchant doesn’t deliver on what was promised, or you’re charged six times for something you bought just once, the chargeback mechanism returns your money or restores your credit. What’s not to like? Well, if you’re a merchant, a lot. While there are plenty of legitimate chargebacks, there are also consumers who take advantage of the system through “friendly fraud,” the “I didn’t do it” chargeback category abused by all too many.

Chargebacks are expensive for merchants. There’s a chargeback handling fee from the acquirer. There’s the cost of disputing the chargeback. There’s the cost if, at the network’s discretion, the merchant loses the chargeback. And then there’s the small matter of the cost of the goods or services. Take a listen to this audio primer on chargebacks with Glenbrook’s George Peabody and Chargeback’s CEO Dave Wilkes. Hear how they work, what the trends are, and how Chargeback assists merchants in the chargeback dispute process.

[click to continue…]



Over the past several years, my colleagues and I at Glenbrook have been working on a variety of projects focused on bringing low-cost financial services to the poor in developing countries. While there has been a lot written on how mobile or eMoney payments systems such as M-PESA in Kenya have grown in many developing countries—and how they have brought much-needed electronic payments to the poor and underserved—there’s a critical missing piece that demands attention.

Specifically, few are talking about the criticality of merchant acceptance of eMoney payments.  At Glenbrook, we believe this is a problem, that the lack of widespread acceptance has both inhibited growth in these systems and remains a roadblock to “digital liquidity” in even the more successful of implementations.

Without exception in the developing world, the vast majority of transactions in mobile payment systems are person-to-person (P2P).  That’s fine since poor people, those at the bottom of the pyramid, derive meaningful benefits from the shift of cash to mobile transactions. Those benefits include reducing the theft risk of carrying cash—which can be very dangerous—and the efficiency of being able to send money to someone without losing half a day of work to travel across town. For someone able to afford it, the mobile eMoney service can also provide a safe place to store value but few poor people have the luxury of idle balances in their mobile money accounts.

However, since most merchants don’t accept eMoney as payment, their customers must “cash out” their mobile monies in order to spend, a relatively expensive conversion.  Those cash-out costs work against the goal of providing low-cost payment services to the poor.

[click to continue…]


Post image for Shoptalk Conference 2016

This episode of Glenbrook’s Payments on Fire podcast comes from the Shoptalk conference, mid-May 2016. Focused on the entire customer engagement cycle, the attendees are all about influencing consumer behavior, the processes of moving customers through that cycle, about making some portion of enterprise IT work more smoothly, or, yes, even about payments.

Take a listen to my conversations with start-ups Tuku (in-store digital content delivery), Belly (in-store loyalty), Bold Financial Technologies (payout management for Treasury) and established fintech provider ACI Worldwide.


Post image for A Large Merchant Focuses on its Payments Strategy

Payments industry professionals naturally have a hard focus on the industry’™s own dynamics. So, it’s not uncommon to lose sight of who the customer is and who pays the freight. In retailing, yes, the consumer pays, but payments is a direct cost to the merchant. With all of the changes underway in the U.S. payments landscape, merchants now address payments as a complex, strategic element of their business, both as a way to drive new sales as well as a cost component to be tightly managed.

To learn what’s top of mind for a large scale retailer, take a listen to Dean Sheaffer, SVP of Financial Services at Boscov’€™s Inc., the U.S.’s largest family-owned department store. In this Payments on Fire podcast, Dean addresses payments as a sales tool (Dean and his team have upped usage of the Boscov private label card to 40% of tender!), payments and data security, and the potential of Faster Money.


Post image for Five Answers – Sort of – to the Big Questions on Blockchain and Bitcoin

I’m back from two days at Consensus 2016 in NYC, and reporting as promised into my investigation of the Five Big Questions.

1. Bitcoin technology: will the problems (versions, processing time, scalability) be  resolved?

Yes. My belief that we are all writing this off too soon in favor of “all things blockchain” was reinforced. Glenn Hutchins of Silver Lake Partners drew a parallel between private blockchains and intranets in the early internet days: important for enterprises but not radical or transformative in and of itself. He headlined his talk “Blockchain good, Bitcoin better”. Balaji Srinivasan of 21 spoke persuasively about how Bitcoin is the mechanism which will “free API’s to be API’s” and interact with other machines (my paraphrasing…)

2. Big banks: will they join hands in a single (or several) new blockchain-based networks? Will there be a new SWIFT? Will it be SWIFT? One of the currently formed consortia? Someone new?

Hard to tell. David Rutter of R3 bragged about 46 large financial institutions, and Chris Larsen of Ripple talked about the opportunity, but I didn’t hear from SWIFT, and there are other players out there…

3. Central banks: will they issue digital versions of fiat? Other digital currency? Support Bitcoin?

Yes. Fabulous panel with David Andolfatto of the St. Louis Fed (I’ve been reading his blogs on “Fedcoin”, MIT Media Lab, others – the energy on the topic is strong and clearly central banks of all kinds and stripes are thinking about it… but perhaps the most fascinating thought is that we could go back 100 years to a pre-central bank world, with central banks, commercial banks and other players issuing their own currencies…

4. Private blockchains: how many are there going to be? Thousands? Millions? Just how different is a private blockchain from a plain old secure database?

Millions. See above re: intranet. Not that different…

5. Interledger – incredibly cool, but how will it play out?

Not clear at all, but multiple private blockchains (or non blockchain ledgers) may need to interconnect. Interledger was referred to but not in detail; other options (Chain, Hyperledger) were more visible but we’re still in theory-land here. I wish there had been more on this.



Post image for Data Analytics, Lending, and the Next 100 Million Borrowers

Extension of credit to people in developing markets has been a long time challenge. Banks, of course, look to repayment history to make such determinations but in much of the world, banking relationships and repayment track records are few. But history has demonstrated that extension of credit in developing markets can be effective and profitable. Just look at the Grameen Bank’€™s high micro-loan repayment rates.

To address this repayment data dearth, built a lending data set in multiple developing countries, having gone into the lending business just to generate the data it needed to tune its machine learning capability. Lenddo then built its algorithms
that examine some 1,000 characteristics in the data drawn from social, mobile, and other sources. This Payments on Fire podcast with’€™s founder Jeff Stewart takes a look at lending in developing countries, social and mobile data sources, and examines the algorithmic “black box” that is at the heart of the company’€™s approach to making credit decisions in “thin file” markets.


Clicky Web Analytics