I'm very happy to announce the road's taken me in a new direction and that I have joined Glenbrook Partners, LLC.
Everyone says the payments industry will change more in the next 5 years than the last 25. I'm a believer. And a skeptic. Payments are complicated. Innovation can be very hard. I'm taking a couple of months for this Payments Innovation Road Trip to meet with POS system vendors, processors, payment service providers, MNOs, card brands, retailers, and more. Then I'll put it on the Payments Innovation Map. Keep me company on the ride.
Tuesday, March 19, 2013
Friday, February 15, 2013
Mobile Payments are Growing - But Keep It in Perspective, Folks
Yesterday, Business Insider sent a Valentine to the mobile payments industry with the announcement of a new report. The new report (I haven't seen it) covers the exciting stuff that's happening in payments from the mobile vector and, as we all know, that's a lot. The press release put out some relevant numbers I thought were intriguing to examine.
Now, I'm a mobile transaction fan. I just made my first Isis payment at my local pharmacy here in Massachusetts. (No, Isis hasn't opened up here, I just had a SIM/UICC swapped out at the last Smart Card Alliance show in Salt Lake City. And, yes, it worked. More on that later as I gain more experience with it.)
My wife's jaw dropped today when I deposited a check from one of her tutoring students using my smartphone.
I've got Starbucks, Square Wallet, LevelUp, and more.
I like this stuff.
But I'm something of an outlier. It's my business. And it's my business to be both encouraging and skeptical.
So, upon seeing the numbers reported in the BI report press release, it got me wondering about how big mobile really is when looked at against the backdrop of all card payment volume. So, using the press release's numbers and rounding them up to $25B and putting them against recent enough US credit and debit card volume of $2,158 trillion, we have, well, a start.
1. These are the baby's first steps. But, like the infant, all of the equipment's in place and it just needs practice and time to grow.
2. Merchants are excited by what tablets can do with the right software. And it's not just Square. NCR's Silver iPad-based POS software is gaining attention. There are dozens of others. Expect a LOT of Level 4 merchants (that's the small ones) to look seriously at this approach.
3. Consumers are, at least, intrigued by paying or handling coupons via their smartphones. According to the report, there's 7.9 million of us who have used either NFC or QR code based mobile payments. That leaves 80 million and more to go.
Even if the mobile numbers are over or understated by 50%, the number is of sufficient size for everyone to acknowledge that mobile isn't just a fad and it isn't going away. And it's still an infant.
Happy Valentine's Day, Kiddo!
(BTW, it might be pretty embarrassing for PayPal should Square's volume surpass it. That's a race to watch!)
Now, I'm a mobile transaction fan. I just made my first Isis payment at my local pharmacy here in Massachusetts. (No, Isis hasn't opened up here, I just had a SIM/UICC swapped out at the last Smart Card Alliance show in Salt Lake City. And, yes, it worked. More on that later as I gain more experience with it.)
My wife's jaw dropped today when I deposited a check from one of her tutoring students using my smartphone.
I've got Starbucks, Square Wallet, LevelUp, and more.
I like this stuff.
But I'm something of an outlier. It's my business. And it's my business to be both encouraging and skeptical.
So, upon seeing the numbers reported in the BI report press release, it got me wondering about how big mobile really is when looked at against the backdrop of all card payment volume. So, using the press release's numbers and rounding them up to $25B and putting them against recent enough US credit and debit card volume of $2,158 trillion, we have, well, a start.
Billions | |
PayPal mobile volume | 14.0 |
Square volume | 10.0 |
All other in-store mobile | .6 |
Total | 24.6 |
rounded up to | 25.0 |
All credit and debit card volume, 2011* | 2,158 |
All mobile as percentage of all credit + debit cards | 1.16% |
* Nilson Report |
Baby Steps
It's clear, we're still in mobile's infancy at 1.6%. That's where we are today. That number's diminutive stature would be almost laughable except for, at least, a few reasons:1. These are the baby's first steps. But, like the infant, all of the equipment's in place and it just needs practice and time to grow.
2. Merchants are excited by what tablets can do with the right software. And it's not just Square. NCR's Silver iPad-based POS software is gaining attention. There are dozens of others. Expect a LOT of Level 4 merchants (that's the small ones) to look seriously at this approach.
3. Consumers are, at least, intrigued by paying or handling coupons via their smartphones. According to the report, there's 7.9 million of us who have used either NFC or QR code based mobile payments. That leaves 80 million and more to go.
Even if the mobile numbers are over or understated by 50%, the number is of sufficient size for everyone to acknowledge that mobile isn't just a fad and it isn't going away. And it's still an infant.
Happy Valentine's Day, Kiddo!
(BTW, it might be pretty embarrassing for PayPal should Square's volume surpass it. That's a race to watch!)
Monday, February 11, 2013
EMV and the ISO / ISV Bottleneck
In the payments industry everyone is holding their breath about something. Customer experience management, cost of payment acceptance and processing, mobile wallets, NFC and mobile transaction origination techniques are all top of mind issues, any one of which has the capacity to shift the payments business. But underlying all of them is the growing problem of fraud and the challenge of payment security.
Few dispute the security inadequacies of the U.S. payment infrastructure. The magstripe card and static data, potent devices that they were when the payment network ran on its own, cannot stand up to Internet-born technologies in the hands of Internet-powered hackers never mind the simple trick of card skimming.
PCI has brought no little order and discipline to payment and networks security. But today's fast pace of innovation, particularly at the mobile edge of the network, makes standards development, and even development guidelines, challenging. The PCI DSS has to be a reactive set of standards.
The PCI data security standards cannot do more than require the construction of high coffer dams around a payments system that was, like the Internet itself, designed with limited security in mind. As long as magstripe-encoded static data exists there will be breaches in that dam. While PCI encourages stronger techniques, like EMV, it must deal with current operations and near-term options.
The payment industry's answer is, of course, EMV, the smart card-based security framework that, among other attributes, makes payment cards nearly impossible to counterfeit. It is coming. But, as the last magstripe holdout, the US is a fat target for counterfeit fraud at the POS and ATM. EMV will go after the counterfeit card problem.
One of the great shames of the payments industry is the lack of transparency regarding fraud losses. Issuers don't want to report losses. Neither do card networks or processors. The origins of such reticence may have started in the now absurdly vain attempt to maintain consumer confidence in payment security. Good job. No doubt, lawyer-driven CYA is today's main driver.
So, that leaves us with today's unfortunately frequent reports of card data breaches, punctuated by an occasional spectacularly successful theft of millions. (It's unfortunate that the card pictured in this news story is an EMV contact chip card because it's very unlikely that chip card data fueled these losses).
However, in a brief private conversation, one processor reported to me that the losses it was seeing across all payment brands now exceed a $200 million annual rate. Based on that and other sources, we are on a trajectory toward multiple billions per year in card-related losses.
Fortunately, EMV is coming to remove counterfeit cards and let dynamic data kill off transaction replay attacks. End-to-end encryption and point-to-point encryption promise to remove card data and PII from the transaction stream. Tokenization, encryption's handmaiden, simplifies securing transaction history and other data-at-rest concerns. Mobile approaches based on NFC or more data-driven schemes promise to tighten the mobile perimeter.
All of that effort will make $200 million breaches, and even the $2,000 variety, far harder to accomplish. From a security point of view, we're headed in the right direction.
The largest retailers are already well along the path. Knowing the cost of brand damage due to data breach never mind actual data loss, PCI compliance among the largest retailers exceeds 90%. They already have EMV-capable terminals or have them in their acquisition plans. They already have scope-mitigating encryption and tokenization approaches in play. They get it.
While the Level 1 and 2 merchants, those largest of retail brands, have payment security on their corporate radar, the Level 4 merchants who represent the millions of small business operators in the US can hardly spell it.
Last fall's survey by PCI compliance solutions vendor ControlScan and Boston-based ISO Merchant Warehouse shows how far small merchant awareness has to rise before they get the scope of the PCI problem.
In other words, talking to Level 4 merchants about the risks of payment security is like, as Crash Davis said in the film Bull Durham, like a Martian talking to a fungo.
Gulp.
An industry mandate to push merchants, all of them, to adopt new security technology is the only viable approach. That's what the October 1, 2015 liability shift date is about. Pushing a portion of that growing fraud burden onto the merchant should get their attention.
The key question for the industry is "how do we get EMV and other security protections down to the Level 4 merchant?" There are no few barriers to achieving that goal:
Besides the sheer scope of the US card market, we have many more moving, and often independent, parts. In Europe, where they are still in the acquiring business, banks enforce compliance, limiting choices and excuses. But here in the US, the merchant services business is a supply chain of acquiring processors, merchant acquirers, gateway operators, independent sales organizations, merchant-level sales reps, independent software vendors, and value-added resellers. It's a cat-herding problem.
Yes, some acquiring processors take a different approach. Heartland Payment Systems is vertically integrated with its own tightly managed sales force who are taught to sell, and have available, a widening set of services that go well beyond credit and debit card processing. But they're the exception.
A major complicating factor is the mismatch of incentives between the organization who sell merchant services and the merchants they serve. The ISO "feet on the street" whether in-house or contracted merchant level sales reps have, for a decade, been principally focused on portfolio development and management, not about offering innovative, non-payment related services that help their merchant customer be more successful.
Many ISOs are on a dive to the bottom trajectory, selling card services on price. As a result, this cadre views good account maintenance by how long they can stay away from the customer because when they do contact the customer, it only invites a discussion on price.
The merchant services industry has made a high art of pricing and fee obfuscation. Very few merchants can decipher their own statements. Some ISOs and their channel allies look at PCI compliance, and non-compliance fees, as an additional revenue source. Profiting from security concerns, they can charge high-margin fees for network scanning and other "security" services.
This is the channel that, through complicated statementing and fear-based fees, has pushed card acceptance costs for some merchants past 5% of sales.
And this is the channel that the industry will be relying on to roll-out EMV terminals and new security services. ISVs, with their vertical software for merchants of all kinds, will also be responsible for pushing security to the edge of the payment network.
No wonder Square's 2.75%, with its rich software offerings, is making inroads at the POS and generating high decibel buzz and merchant mindshare.
The merchant services industry has few options.
1. Clean up the Act. Price transparency matters. Today's obfuscation makes the price predictability of Square and its like all the more compelling.
2. Sell on Value. Besides card acceptance, what can be sold to merchants that make the merchant more successful selling? If the answer's nothing more than card acceptance, maybe it's time to leave the business to those who can.
3. Get Real about Security. That doesn't mean ripping out every creaky dial-up terminal today. It does mean getting it into the merchant's mind that enforcement is on the way. Even if the liability shift date slips (and my guess is that it will) we're at the end of a technology's life.
None of these steps will be new to the merchant services industry or the ISV community. Many have been ignoring similar advice for years. But given their critical role in deploying new terminal technology, where will payment security be if they fail?
PCI - Driving in the Rearview Mirror
Few dispute the security inadequacies of the U.S. payment infrastructure. The magstripe card and static data, potent devices that they were when the payment network ran on its own, cannot stand up to Internet-born technologies in the hands of Internet-powered hackers never mind the simple trick of card skimming.
PCI has brought no little order and discipline to payment and networks security. But today's fast pace of innovation, particularly at the mobile edge of the network, makes standards development, and even development guidelines, challenging. The PCI DSS has to be a reactive set of standards.
The PCI data security standards cannot do more than require the construction of high coffer dams around a payments system that was, like the Internet itself, designed with limited security in mind. As long as magstripe-encoded static data exists there will be breaches in that dam. While PCI encourages stronger techniques, like EMV, it must deal with current operations and near-term options.
The payment industry's answer is, of course, EMV, the smart card-based security framework that, among other attributes, makes payment cards nearly impossible to counterfeit. It is coming. But, as the last magstripe holdout, the US is a fat target for counterfeit fraud at the POS and ATM. EMV will go after the counterfeit card problem.
It's Harder to Improve What You Don't Measure
One of the great shames of the payments industry is the lack of transparency regarding fraud losses. Issuers don't want to report losses. Neither do card networks or processors. The origins of such reticence may have started in the now absurdly vain attempt to maintain consumer confidence in payment security. Good job. No doubt, lawyer-driven CYA is today's main driver.
So, that leaves us with today's unfortunately frequent reports of card data breaches, punctuated by an occasional spectacularly successful theft of millions. (It's unfortunate that the card pictured in this news story is an EMV contact chip card because it's very unlikely that chip card data fueled these losses).
However, in a brief private conversation, one processor reported to me that the losses it was seeing across all payment brands now exceed a $200 million annual rate. Based on that and other sources, we are on a trajectory toward multiple billions per year in card-related losses.
Fortunately, EMV is coming to remove counterfeit cards and let dynamic data kill off transaction replay attacks. End-to-end encryption and point-to-point encryption promise to remove card data and PII from the transaction stream. Tokenization, encryption's handmaiden, simplifies securing transaction history and other data-at-rest concerns. Mobile approaches based on NFC or more data-driven schemes promise to tighten the mobile perimeter.
All of that effort will make $200 million breaches, and even the $2,000 variety, far harder to accomplish. From a security point of view, we're headed in the right direction.
Largest Retailers Get It
The largest retailers are already well along the path. Knowing the cost of brand damage due to data breach never mind actual data loss, PCI compliance among the largest retailers exceeds 90%. They already have EMV-capable terminals or have them in their acquisition plans. They already have scope-mitigating encryption and tokenization approaches in play. They get it.
The Coming Level 4 Disaster
While the Level 1 and 2 merchants, those largest of retail brands, have payment security on their corporate radar, the Level 4 merchants who represent the millions of small business operators in the US can hardly spell it.
Last fall's survey by PCI compliance solutions vendor ControlScan and Boston-based ISO Merchant Warehouse shows how far small merchant awareness has to rise before they get the scope of the PCI problem.
- After 7 years, just 54% of small merchants said they were aware of PCI.
- And compared to last year's report, among the aware, action has declined. Just 50% report themselves as validated PCI, a drop of 7%. Fewer can even find their SAQs.
- Down three points, only 48% are spending any money on compliance.
In other words, talking to Level 4 merchants about the risks of payment security is like, as Crash Davis said in the film Bull Durham, like a Martian talking to a fungo.
Gulp.
An industry mandate to push merchants, all of them, to adopt new security technology is the only viable approach. That's what the October 1, 2015 liability shift date is about. Pushing a portion of that growing fraud burden onto the merchant should get their attention.
The key question for the industry is "how do we get EMV and other security protections down to the Level 4 merchant?" There are no few barriers to achieving that goal:
- If they're even aware of it, many merchants are looking at the impending liability shift - still 900+ days away - and saying "I'll take the counterfeit risk. It's cheaper than replacing all of my POS gear."
- Level 4 merchants believe terminals should last forever. They simply want to take payments so there's no need to upgrade to a more secure device. The millions of technologically ancient dial-up terminals still in use are proof. Oh and, by the way, how is it that security expenditures improve my sales?
- As the ControlScan / Merchant Warehouse survey showed, many already believe they're secure.
Yes, It's Complicated
Besides the sheer scope of the US card market, we have many more moving, and often independent, parts. In Europe, where they are still in the acquiring business, banks enforce compliance, limiting choices and excuses. But here in the US, the merchant services business is a supply chain of acquiring processors, merchant acquirers, gateway operators, independent sales organizations, merchant-level sales reps, independent software vendors, and value-added resellers. It's a cat-herding problem.
Yes, some acquiring processors take a different approach. Heartland Payment Systems is vertically integrated with its own tightly managed sales force who are taught to sell, and have available, a widening set of services that go well beyond credit and debit card processing. But they're the exception.
A Weak Link in the Deployment Plan
A major complicating factor is the mismatch of incentives between the organization who sell merchant services and the merchants they serve. The ISO "feet on the street" whether in-house or contracted merchant level sales reps have, for a decade, been principally focused on portfolio development and management, not about offering innovative, non-payment related services that help their merchant customer be more successful.
Many ISOs are on a dive to the bottom trajectory, selling card services on price. As a result, this cadre views good account maintenance by how long they can stay away from the customer because when they do contact the customer, it only invites a discussion on price.
Fox in the Henhouse?
The merchant services industry has made a high art of pricing and fee obfuscation. Very few merchants can decipher their own statements. Some ISOs and their channel allies look at PCI compliance, and non-compliance fees, as an additional revenue source. Profiting from security concerns, they can charge high-margin fees for network scanning and other "security" services.
This is the channel that, through complicated statementing and fear-based fees, has pushed card acceptance costs for some merchants past 5% of sales.
And this is the channel that the industry will be relying on to roll-out EMV terminals and new security services. ISVs, with their vertical software for merchants of all kinds, will also be responsible for pushing security to the edge of the payment network.
No wonder Square's 2.75%, with its rich software offerings, is making inroads at the POS and generating high decibel buzz and merchant mindshare.
Get With It or Go Away
The merchant services industry has few options.
1. Clean up the Act. Price transparency matters. Today's obfuscation makes the price predictability of Square and its like all the more compelling.
2. Sell on Value. Besides card acceptance, what can be sold to merchants that make the merchant more successful selling? If the answer's nothing more than card acceptance, maybe it's time to leave the business to those who can.
3. Get Real about Security. That doesn't mean ripping out every creaky dial-up terminal today. It does mean getting it into the merchant's mind that enforcement is on the way. Even if the liability shift date slips (and my guess is that it will) we're at the end of a technology's life.
None of these steps will be new to the merchant services industry or the ISV community. Many have been ignoring similar advice for years. But given their critical role in deploying new terminal technology, where will payment security be if they fail?
Thursday, February 7, 2013
Canada retires the penny
Chicago Tribune - Canada drops penny from its currency [feedly]
Time for the US to follow?
Meanwhile, Remote Mobile Acceptance Continues to Spread
I've got a lot more to write about the Smart Card Alliance 2013 Payments Conference in Salt Lake. (And about Salt Lake, too. It's an intriguing, friendly, and on the downtown streets, very quiet city).
But before I go there again, literally and figuratively, proof that remote mobile payments are now firmly in the culture was abundantly clear on my taxi ride to Salt Lake City's friendly airport (my best TSA experiences are always in SLC - and I generally loathe the TSA process as pure security theater).
My driver had a tablet based scheme that he didn't care for. He also uses Square. But his favorite is PayAnywhere because of the fact they actually have real customer service. They call him every two months to see how he's doing. They have phone support. They even answer the phone when he calls. They sent him a 1099 to help him prepare his taxes. The swiper works. He likes the fact that the tip calculator is on the top of the signature screen. The customer adds the tip when she signs for the transaction instead of beforehand like Square. He pays 2.69% v. Square's 2.75% and he gets customer service.
He wondered how Square could manage without phone support.
PayAnywhere provides detailed receipts, too, when compared to Square.
PayAnywhere is a registered ISO/MSP for HSBC Bank USA, NA, Buffalo, NY
But before I go there again, literally and figuratively, proof that remote mobile payments are now firmly in the culture was abundantly clear on my taxi ride to Salt Lake City's friendly airport (my best TSA experiences are always in SLC - and I generally loathe the TSA process as pure security theater).
My driver had a tablet based scheme that he didn't care for. He also uses Square. But his favorite is PayAnywhere because of the fact they actually have real customer service. They call him every two months to see how he's doing. They have phone support. They even answer the phone when he calls. They sent him a 1099 to help him prepare his taxes. The swiper works. He likes the fact that the tip calculator is on the top of the signature screen. The customer adds the tip when she signs for the transaction instead of beforehand like Square. He pays 2.69% v. Square's 2.75% and he gets customer service.
He wondered how Square could manage without phone support.
PayAnywhere provides detailed receipts, too, when compared to Square.
PayAnywhere is a registered ISO/MSP for HSBC Bank USA, NA, Buffalo, NY
Wednesday, February 6, 2013
US EMV Pulling out of the Station
At this year's Smart Card Alliance 2013 Payments Summit, at least one thing is clear in this complex US payments environment. The EMV way of payment device authentication and management is coming to the US. For years, constituents have been filling the water tanker and the coal car and assembling the passenger and box cars on the track. At last, there's a head of steam up and the train is in motion.
This is good news for the US payments infrastructure and as Vantiv's Patty Walters eloquently and forcefully put it, "good for our children and grandchildren." Secure payments is a no-BS, no-kidding component of social and national infrastructure and EMV is a proven method of improving payment security.
For a country that's been woefully short on infrastructure investment (lights out at the shared national festival of the Super Bowl? Really?!) this is progress.
It's also unclear how strong the engine is going to be. Will we have an out-of-date, steam-powered approach? EMV's been around for awhile. Are we going to "rush into the Nineties?" with a single purpose approach?
Will we do a little better but still underinvest to create an Amtrak-like scheme that limps along, serving only a subset of the need?
Or will we have a high speed system like the French TGV and its feeder rail systems?
EMV is a security platform that can be applied to use cases way beyond the contact-only chip card and its anti-counterfeiting role at the POS or ATM. That minimal investment approach is advocated by Visa as a way to get things moving. A number of merchants and MasterCard want EMV's more costly offline capabilities to be employed, for the increasingly rare instances where offline transactions are required during international travel or the even rarer cases when POS networks go down at major retailers because of a fiber cut or a Sandy or Katrina level event.
The TGV solution requires a dual interface card and a contactless acceptance infrastructure. But now we've doubled the cost from $1 to $2 per card and $50 to $100 per terminal on the bet that merchants will deploy new terminals with contactless capabilities (fairly safe) and that we can develop the business models to encourage use of these cards for authentication in online banking, e-commerce and more as well as payments (not so safe).
The entire industry will be spending billions on deploying EMV into what is the largest card market with the greatest number of POS terminals and transaction points. It's an ecosystem build out. But if we take the cheapest, lowest common denominator track, the ROI potential for that investment could be constrained and it will definitely be delayed.
Perhaps that choice is what's needed to get the train rolling. Going down the track a ways will teach us a lot about EMV and its potential while we start to decrease the size of what's become the fattest global payments fraud target. But there'd better be plenty of connections to the high value system ahead or we'll have spent a lot of money and careers-worth of time to manage a counterfeit card problem that has been, for the most part, under control with today's tools. The fact that today's tools are losing the battle may in fact be the best argument for getting underway.
Here's to building robust infrastructure and here's a shout-out to all those driving to do so.
For those who were at the session, Walters' remarks about the urgency and importance of making the right choice around EMV deployment was an inspiring moment. Here's to more such leadership.
A special shout out to Randy Vanderhoof and his team at the SCA, too. What was a sleepy, preaching to the choir event five years ago has expanded and improved enormously. Randy's holding the space for the EMV Migration Forum, too. It's a big important job. Thanks, Randy.
This is good news for the US payments infrastructure and as Vantiv's Patty Walters eloquently and forcefully put it, "good for our children and grandchildren." Secure payments is a no-BS, no-kidding component of social and national infrastructure and EMV is a proven method of improving payment security.
For a country that's been woefully short on infrastructure investment (lights out at the shared national festival of the Super Bowl? Really?!) this is progress.
Steam Train, Amtrak, or Tres Grand Vitesse?
But there are multiple forks and switches in the track ahead and it remains unclear which track the train will take.It's also unclear how strong the engine is going to be. Will we have an out-of-date, steam-powered approach? EMV's been around for awhile. Are we going to "rush into the Nineties?" with a single purpose approach?
Will we do a little better but still underinvest to create an Amtrak-like scheme that limps along, serving only a subset of the need?
Or will we have a high speed system like the French TGV and its feeder rail systems?
EMV is a security platform that can be applied to use cases way beyond the contact-only chip card and its anti-counterfeiting role at the POS or ATM. That minimal investment approach is advocated by Visa as a way to get things moving. A number of merchants and MasterCard want EMV's more costly offline capabilities to be employed, for the increasingly rare instances where offline transactions are required during international travel or the even rarer cases when POS networks go down at major retailers because of a fiber cut or a Sandy or Katrina level event.
The TGV solution requires a dual interface card and a contactless acceptance infrastructure. But now we've doubled the cost from $1 to $2 per card and $50 to $100 per terminal on the bet that merchants will deploy new terminals with contactless capabilities (fairly safe) and that we can develop the business models to encourage use of these cards for authentication in online banking, e-commerce and more as well as payments (not so safe).
The entire industry will be spending billions on deploying EMV into what is the largest card market with the greatest number of POS terminals and transaction points. It's an ecosystem build out. But if we take the cheapest, lowest common denominator track, the ROI potential for that investment could be constrained and it will definitely be delayed.
Perhaps that choice is what's needed to get the train rolling. Going down the track a ways will teach us a lot about EMV and its potential while we start to decrease the size of what's become the fattest global payments fraud target. But there'd better be plenty of connections to the high value system ahead or we'll have spent a lot of money and careers-worth of time to manage a counterfeit card problem that has been, for the most part, under control with today's tools. The fact that today's tools are losing the battle may in fact be the best argument for getting underway.
Here's to building robust infrastructure and here's a shout-out to all those driving to do so.
For those who were at the session, Walters' remarks about the urgency and importance of making the right choice around EMV deployment was an inspiring moment. Here's to more such leadership.
A special shout out to Randy Vanderhoof and his team at the SCA, too. What was a sleepy, preaching to the choir event five years ago has expanded and improved enormously. Randy's holding the space for the EMV Migration Forum, too. It's a big important job. Thanks, Randy.
Sunday, February 3, 2013
The road trip continues. Next stop Salt Lake City
The Smart Card Alliance conference gets started tomorrow. Looking forward to seeing old friends and getting that dang certification exam over with.
Tuesday, January 22, 2013
Wrapping Up the NRF Big Show 2013 with PayPal and eBay
From a payments point of view, PayPal was a major story of the show once again this year. Or was eBay the story?
That small bit of confusion is, in fact, evidence that the parent company is beginning to leverage the multiple assets it has acquired over the years and to flex its brand muscles beyond the eBay Marketplace.
Unlike last year's exclusive PayPal focus, "eBay Inc" asserted its corporate brand at the NRF show. PayPal's logo was in evidence throughout but the banner above the booth and the name in the directory was all eBay.
Besides the obvious power shift toward the eBay brand management team, this year, at last, the capabilities of its many acquisitions become a major part of the story. Synergy instead of Internet conglomerate was the theme.
Magento, from what was once an open source shopping cart, has evolved into a sophisticated e-commerce and mobile development platform with an enormous cadre of third party developers expert in tuning it for individual merchants. It had a major place at the booth.
An example demoed at the show was a Magento-driven interface for a women's apparel shop, tied to a GSI-based inventory feed, powering a tablet interface for use by in-store sales associates. The app included to-do items such as putting an item aside for in-store pickup as well as, based on customer permissions, a record of recent purchases, favorite colors, and a display of items the customer might find attractive.
GSI Commerce, the $2.4B, 2011 acquisition, had a strong role as well. The logistics powerhouse, behind the online presence of many major retailers in their battle against Amazon, powered the apparel shop demonstration's back end.
Another eBay acquisition Milo.com, coupled now with GSI-based inventory sophistication, powers eBay Local. To Milo's local product search, eBay's GSI unit provides an important feature for, in particular, smaller merchants who want online ordering and in-store pickup capabilities. To accomplish that, the retailer provides an inventory feed to eBay on an, at least, daily basis, a now more or less straightforward process. I just checked and both my local Kmart and Staples are out of iPad Minis.
And if I lived in San Francisco or New York, I could have that tablet delivered to me within an hour or so via messenger. Speaking with JJ McCarthy, eBay Local's Director of Marketing, messengers have delivered massive HD monitors, the usual complement of tech gear, and a small flood of sundry items. At $5 a delivery, it's hard to see how eBay makes much money but it has to be a full employment act for bicycle messengers.
Don't Forget PayPal
eBay, Inc's payments division announced more major retailers who are now supporting its digital wallet as a method of payment."The 23 national brand name retailers are Famous Footwear, Dollar General, Mapco Express, RadioShack, Spartan Stores, Abercrombie & Fitch, Advance Auto Parts, Aéropostale, American Eagle Outfitters, Barnes & Noble, Foot Locker, Guitar Center, the Home Depot, Jamba Juice, JC Penney, Jos. A. Bank Clothiers, Nine West, Office Depot, Rooms To Go, Tiger Direct, Toys “R” Us and two additional partners that we will share publicly soon."
NCR Tie-up
Another significant announcement from the show was NCR's agreement with PayPal to bring its method of payment to NCR point of sale devices. This is a big event for PayPal given NCR's footprint of hundreds of thousands of electronic cash registers and payment terminals. While the splashy news of expanding the number of national retail brands taking PayPal is important, getting access to the array of small and medium sized business using NCR gear means PayPal acceptance will not just be something that happens at the mall. Getting into little stores, no matter what the means, is big.Demo Beauty
Once again, the company demonstrated its vision for the future of commerce using beautiful graphical interfaces, massive touch screens, and attractive, intelligent actors to lead you through the storyline. And, like last year's demonstrations on the show floor and in elaborate detail at its demonstration store way downtown, the story is a compelling one. The visual sophistication and appeal of these demos is remarkable. We've come a very long way. And there's a ways to go yet. Demos aren't commitments, they're suggestions of what's possible. Last year's demos haven't all made it out the door yet. The levels of integration I've mentioned don't exist. But the major components are in place. It's now a matter of figuring out which combinations to assemble - and that's what demos are meant to help determine.Wrapping Up
First, it's time for everyone to admit that PayPal is getting some traction with retailers and industry partners who recognize its growing rolle in consumers' lives. Sure, it's going to take plenty of time for PayPal to drive volume through its retailers or NCR. But there's been zero volume because there was zero capability before. That's over.It also appears that MCX is getting some traction, too. Assuming that the MCX ownership agreement is non-exclusive - despite the fact that there should be economic reasons to steer transactions in its direction - it will be, as the integration effort required of a retailer drops away given software power tools and consumable data, that merchants will take whatever payment mechanism comes along, provided its footprint is sufficiently broad. For those 23+ national and regional merchants, PayPal's tens of millions of active users is no small draw as a transaction funding pool. In other words, the PayPal message is resonating even if the cost is many basis points higher than a typical card transaction.
And both PayPal and MCX are taking the same open-minded approach. They have moved beyond the "one wallet to rule them all, one wallet to bind them" mentality of competitive efforts. Each will have its own branded app for consumers. That one picks up the brand loyalists. Each will also expose its digital wallet APIs for retailers to incorporate within their own merchant apps.
PayPal was clear that it's building tools for retailers to manage their customer experience, from appearance to process. Of course, those PayPal tools, or contractual terms and conditions, will likely not allow the use of the MCX payment method. And vice versa. Top of wallet, "top of app" will still matter.
The NRF Big Show is a favorite conference. It's well run, I like NYC, and it shows where payments are going - into merchant and consumer devices and into the customer experience.
Friday, January 18, 2013
Silly Analysis of Facebook Likes
While reading PayPal's blog I noticed its Facebook Likes tally at 384,135 people. That got me curious about other big payment brands which then got me curious about other major brands. So, I took a few minutes to gin up a tally:
While this is NOT a tally of transaction volume, it's suggestive of relative market power and, more important, brand focus. It could also be an indicator of which organization has the stronger social media team. The truth is somewhere in the middle.
If Facebook 'Likes' are an indicator of relative brand strength, the direct-to-consumer model it employs is winning that battle. As far as that goes, I'm surprised Visa and AMEX do so well. They're not direct-to-consumer brands.
Actually, when I began this little exercise, I started with PayPal, went to the card brands, then the banks and was surprised that the brands were so dominant. Then I looked at Apple, Google and the wireless companies (but who really likes their wireless provider?). It wasn't until I hit on Walmart and Target that I developed a more context-rich perspective.
I know. I'm not sure I "like" this analysis either. "Likes" don't predict revenue. But looking at Apple, Google, Walmart and Target, perhaps they do.
While this is NOT a tally of transaction volume, it's suggestive of relative market power and, more important, brand focus. It could also be an indicator of which organization has the stronger social media team. The truth is somewhere in the middle.
If Facebook 'Likes' are an indicator of relative brand strength, the direct-to-consumer model it employs is winning that battle. As far as that goes, I'm surprised Visa and AMEX do so well. They're not direct-to-consumer brands.
Actually, when I began this little exercise, I started with PayPal, went to the card brands, then the banks and was surprised that the brands were so dominant. Then I looked at Apple, Google and the wireless companies (but who really likes their wireless provider?). It wasn't until I hit on Walmart and Target that I developed a more context-rich perspective.
I know. I'm not sure I "like" this analysis either. "Likes" don't predict revenue. But looking at Apple, Google, Walmart and Target, perhaps they do.
Tuesday, January 15, 2013
Merchant Customer Exchange takes another deliberate step forward
The Merchant Consumer Exchange (MCX) took another measured step toward reality through a panel-based session in front of an audience of 250 at the National Retail Federation's annual Big Show at New York's Javits Center. The presentation's main purposes was to encourage new retailers to join MCX as fellow owners as well as demonstrate that the work of building an organization that satisfies the needs of some fierce competitors is well underway. Of particular note is the MCX's well developed set of operating rules to guide participation are well underway. Dates and details on when its mobile wallet solution will be delivery were absent.
MCX (pronounced M-secs by MCX executive Dodd Roberts) is "a merchant-owned mobile wallet from merchants, by retailers, for retailers" for use by a wide array of merchant types. New "owners" were announced including Wawa and Dick's Sporting Goods. The participating owners now represent over 400 million consumer visits each week, at 75,000 stores, with $1T in annual sales volume. It's a credible crew.
The organization affirmed it is working on a barcode based smartphone-based wallet app. A stand-alone MCX mobile wallet will be available. The payments underpinnings will be available via APIs for use by merchants within their own apps.
Jamie Henry of Walmart did say MCX would work with issuers and card networks but not under card network rules. He also said that, over the magstripe, the smartphone represents a big improvement in transaction security which will leverage the capabilities of "world class technology partners."
The presentation reviewed the organization's main principles:
- Provide superior customer experience to create a streamlined, intuitive, convenient, fast, and easy transaction that enhances the relationship between customers and merchants.
- Security. To secure mobile transaction and manage the risk, the MCX will move away from magstripe to leverage barcodes in combination with cloud services. Account tokenization will be a feature of the wallet service. All PII will come out of the system. With this approach, a software-based approach that makes use of the camera is all that's needed.
- Preserve and Enhance Customer Relations. This principle is about data ownership. The MCX panel participants were adamant on the principle that SKU-level data was the property of the individual merchant and the consumer. This exclusive use principle was put forward as a direct challenge to the value proposition of Isis, PayPal, Google, and other intermediaries intent on monetization of consumer data.
- Provide Balanced Operating Rules that are equitable for all stakeholders. "If we take today's card model and slap it onto the mobile phone, we will have missed a huge opportunity," according to Henry. Mobility occupies a very different environment and operating rules are written to reflect that new reality.
- Employ a cost-based approach to pricing. "How much more does that $300 transaction cost to handle than a $3 ticket?" was the equestion asks by a Lowe's representative.
- Limit Stakeholder Burden. The goal is to reduce complexity and minimize costs associated with mobile transactions. In other words, this is addresses merchant objections to the PCI process and their need to fix what is, in their view, a data security problem generated by the payments industry.
Addressing merchant needs beyond payment acceptance, MCX is intended to support "transactions and interactions" by embedding the MCX payment into the overall flow of the customer experience. Therefore, it is not tied to a specific brand of smartphone nor to NFC. "It's about far more than customer transactions. It's about building relationships."
"Walmart looks at mobile as a way to drive a deeper relationships. Mobile payments isn't a strategy. Mobile commerce is," said Henry. "Not everyone will have the Walmart app. But once customers get accustomed to using the phone, our goal is for this to become the ubiquitous approach."
Shelley Perelmutter, VP / CRM of Gap said, "we want to validate to consumers the validity of the approach by having competitors use the same approach."
No schedule of announcements was given nor was a development roadmap provided.
The waiting continues...
Thursday, January 10, 2013
NetSuite Acquires Point-of-Sale Company Retail Anywhere
NetSuite's acquisition of Retail Anywhere is another sign of how payment acceptance is evolving into an embedded function of an overall line of business system.
NetSuites is a cloud-based business software and services provider. Its SuiteCommerce line has found some favor among retailers who are looking to simplify their in-store operations. Dumping thick-client PC-based cash registers for tablets with apps, nailed down to the counter or in the hands of roving sales associates, makes for a simpler IT management system and some ability to push bug fixes and new business processes out to the store faster.
That integration of the back end and front end also gives the retailer the ability to optimize the customer experience. Imagine that inventory integration access via a slick web interface or tablet app. Makes in-store pick-up capability straight forward.
From the AllThingsD post:
And things like that are having an effect on shoppers’ attitudes. A Deloitte survey conducted during the 2012 holiday season found that retailers who had several touchpoints through which to engage with a consumer had a 71 percent greater chance of selling to them than those who relied only on the old-school brick-and-mortar approach. What it means is that stores who can reach a customer both online and in person are more likely to sell to them. And that means you need to unify the experience. Pricing and inventory, for example, need to be in sync.
This also signals the increasing commoditization of payment card acceptance capability. Tablets are manufactured in high volume. Payment terminal models are built in lots an order of magnitude, or two, smaller. Plan for the tablet - in its many forms - to take over the screens we've grown accustomed to on payment terminals. And to see a lot of wrap-around, add-on payment card acceptance devices.
NetSuite Acquires Point-of-Sale Company Retail Anywhere - Arik Hesseldahl - News - AllThingsD:
'via Blog this'
NetSuites is a cloud-based business software and services provider. Its SuiteCommerce line has found some favor among retailers who are looking to simplify their in-store operations. Dumping thick-client PC-based cash registers for tablets with apps, nailed down to the counter or in the hands of roving sales associates, makes for a simpler IT management system and some ability to push bug fixes and new business processes out to the store faster.
That integration of the back end and front end also gives the retailer the ability to optimize the customer experience. Imagine that inventory integration access via a slick web interface or tablet app. Makes in-store pick-up capability straight forward.
From the AllThingsD post:
And things like that are having an effect on shoppers’ attitudes. A Deloitte survey conducted during the 2012 holiday season found that retailers who had several touchpoints through which to engage with a consumer had a 71 percent greater chance of selling to them than those who relied only on the old-school brick-and-mortar approach. What it means is that stores who can reach a customer both online and in person are more likely to sell to them. And that means you need to unify the experience. Pricing and inventory, for example, need to be in sync.
This also signals the increasing commoditization of payment card acceptance capability. Tablets are manufactured in high volume. Payment terminal models are built in lots an order of magnitude, or two, smaller. Plan for the tablet - in its many forms - to take over the screens we've grown accustomed to on payment terminals. And to see a lot of wrap-around, add-on payment card acceptance devices.
NetSuite Acquires Point-of-Sale Company Retail Anywhere - Arik Hesseldahl - News - AllThingsD:
'via Blog this'
Tuesday, January 8, 2013
Elegant Receipting on Mobile and via Email
"Rich" receipting is one of the advantages that the new payments players have to work with. Unlike their terminal-bound, block mode character printing competitors, outfits like PayPal, Square, and LevelUp can use email to deliver a receipt, complete with merchant branding, and other information.
Yesterday's post on Bank of America's Mobile Pay includes an image of its inferior receipt. (See the bottom of the post for more on the receipting issue. It's not pretty.)
Take a look at LevelUp's email receipt and reward calculations. Very clean. Tells me what I need to do next. This one I received via email.
Touching the "Show My Receipt" bar at the bottom displayed a mobile receipt.
Yesterday's post on Bank of America's Mobile Pay includes an image of its inferior receipt. (See the bottom of the post for more on the receipting issue. It's not pretty.)
Take a look at LevelUp's email receipt and reward calculations. Very clean. Tells me what I need to do next. This one I received via email.
And here's what I received from LevelUp on my mobile. It started with a push notification located at the bottom of this screenshot:
When I selected the LevelUp push notification, this screen was displayed:
Touching the "Show My Receipt" bar at the bottom displayed a mobile receipt.
That's a lot better looking than a piece of paper. Or some half baked efforts.
Still liking the MBTA mTicket app - and the commuter rail
I used the MBTA mTicket app again today and still find it straightforward. The train schedule presentation isn't that great but it gets the job done.
Another pleasure of the trip: a conductor I haven't seen for a decade checked my screen and then remembered my face from that time when I was a daily commuter. We shook hands and smiled at each other.
I think that's when all this mobile tech works best - when the transaction is streamlined so that the people have the time to interact. That's the reason, no doubt, that Starbucks invested in Square, to keep "interact" more important than "transact."
Maybe the MBTA app should display my name on the active ticket screen. The conductor could've greeted me by name.
Monday, January 7, 2013
Bank of America Mobile Pay Just Goes Part of the Way
Because I've worked for a large corporation for which I had some affection, one that was caught in the maelstrom of a fundamental technology shift, I'm one to, at least, hope for a good result when the behemoth incumbent in an industry attempts to replicate what the nimble start-up has done. If the incumbent can serve its current customers with something good enough to keep them in place, then, I generally call it a success or a successful stalling tactic until the next upheaval comes along, because these successes happen so rarely.
In mobile payments, that nimble start-up role has fallen largely to Square, Jack Dorsey's company that has successfully scared the hell out of half of the merchant services industry. The other half is too dumb to be frightened and will go the way of the buggy whip manufacturing sector. Square's done a great job making payment acceptance simple and receipting graceful for the cardholder. With its Square Wallet and Register it is now going well beyond payment acceptance.
So, when Bank of America came out with its snazzy looking Mobile Pay dongle, all tricked out in B of A red, white, and gray, I thought the behemoth bank's merchant services business unit might be teaching itself to dance a simple two-step if not the Square merengue.
From what I've seen, it's a one step. And even that's revealed a certain lack of grace.
The New Merchant
My daughter Anna is a registered dietician. She's opened up a private practice recently and decided to use BofA's new Mobile Pay service because the $9 monthly cost was offset by the free small business checking account she was offered and the fact that she could download her transaction files for use in QuickBooks. At 1.8%, the transaction fees are 0.95% lower than Square so she figured she'd come out ahead. She's used Square, liked it, but thought, on balance, the costs and potential integration with her banking relationship would be more advantageous. Seemed reasonable.
So far, her initial experience with setting up the device and getting her merchant account functioning has been less than smooth. She's been stymied by an incompletely thought out process, less than knowledgable customer support, the still inelegant onboarding process for a new merchant, and the delta between her mostly slick mobile user interface and the Web 1.5 (that's "web one and a half") interface provided by the BAMS merchant services site.
Receipting
Even the customer receipts show their merchant services undergarments with irrelevant, even off-putting transaction detail. Let's start there.
Here's a screenshot of one of my Square receipts. Merchant-branded. Simple. Elegant. Enough information for me as the cardholder to know where, when and how much, i.e. what I care about. And enough info to track it down if I need to complain.
Here's the receipt I received from the Mobile Pay service. The red arrows are what I don't like.
1. The B of A Merchant Services logo is the first thing you see. Now, that may be adjustable through the merchant services site but there's no reason to yell BAMS branding at the consumer. Compare that to Square's pitch at the bottom of the receipt.
2. Because a database field was not big enough to hold her business name, Whole Life Nutrition Services, the name is truncated. The letters S-E-R are orphaned and odd. That's no help to the merchant's own branding which is what a receipt should support first and foremost.
3. Response / Success??? OK, that's clearly of interest to BAMS and its processor, it's even of interest to the merchant but it's meaningless if not marginally offensive to the receipt recipient. Again, compare it to Square. The customer is the one who reads a receipt. It has to be put into customer relevant terms.
4. What is Stan? Why does the customer care?
The receipt doesn't address the needs of its multiple customers. It's too complicated and too provider oriented for the accountholder. For the merchant, it doesn't support the merchant's branding needs. And it's ugly. In this day of high quality design and production standards, there's no longer an excuse. The merchant services industry continues to get it wrong.
Mobile Software Installation
My daughter grew up with computers. She knew some MS-DOS commands and was facile with Windows and a mouse since she was very small. But, like most of us, she's grown to expect smartphone software to be quick and clear when it comes to installation. She's also hasty on occasion, like some of us. So, she got herself in trouble by installing the wrong Mobile Pay software from Bank of America, one that was not compatible with the new reader.
In the Apple App Store, she searched for 'bank of america mobile pay' and found three apps.
Would you have been confused by the first two?
She certainly was. Both the first and second app have the words 'Mobile Pay'. So, she installed the first one on the list which happened to be a more complex product written by Apriva. It didn't work. The confusion was only straightened out ten minutes into a support call with a perfectly polite but obviously out of her depth customer service rep who said, "you have to pick the one with the picture of the card reader."
Oh.
The Card Reader
She then plugged in the card reader. It's quite an elegant little device, supports BofA branding nicely through color and a logo embedded in the face. But it's less elegant in use.
BofA logo in the plastic
The protector over the audio jack is more easily pivoted off of the holder on the left than it is pulled straight off of the unit.
The red notch indicates which side the magstripe on the card has to face. Not exactly obvious. You have to learn it by trial and error.
The gray wings expand to grab the smartphone to give it a solid grip on the smartphone. The dongle has two points of connection. A better solution than the loose-fitting Square dongle. Here it is ready for a swipe.
Confronting Traditional Merchant Services
And then she was confronted by the web interface on the BAMS portal, still apparently powered by First Data. That's where the Web One and a Half character showed up and the industry-centric merchant account jargon poured onto the screen. BofA's Mobile Pay service is a classic merchant account based offering. It is not merchant aggregation a la Square.
As almost always is the case with new merchant accounts, Anna had to wait almost two weeks for the dongle to show up in the mail. Hilariously, she received a metal merchant plate to drop into a knuckle buster, along with a sticker full of card network logos, within a week. C'mon, people, this is the 21st century. Update and fix your process.
Since our first test, she's run client transactions and was caught by the need to close out her first batch before she could start receiving her payment and initiate automatic settlement. Nowhere was that written or explained to her. Fortunately, she either found or was assigned an excellent CSR at BAMS by the name of Jose who has continued to guide her through the labyrinth.
Conclusion
She's now taking payments and getting paid. She's spent at least an hour on the phone in multiple calls with at least two different individuals. Square took her zero calls. It's reader isn't as finicky perhaps because it's less secure.
Bank of America Mobile Pay, then, is an often inelegant mash-up, if not an outright collision, between the mobile world and the ugly - in presentation and process - merchant account creation and processing domains.
It is pretty clear that, on the Mobile Pay team, no one had the power and budget to see this developed as an end-to-end experience for the merchant. You can almost feel and see the multiple agendas of brand managers, processor operations, and mobile product managers trying to respond to Square. Without that focus on the real users of such a system, the user experience is poorer and uptake will be lower and the costs to deliver the service will remain high. Square doesn't make it easy to talk to someone for an hour because it doesn't have to.
As a reminder, Bank of America Mobile Pay doesn't even begin to follow Square's other vectors toward the store-based merchant (Register) or consumer engagement (Square Wallet). It's just a simple, me-too mobile payment acceptance tool, one that should have been much sharper.
To quote Guy Kawasaki, "Steve Jobs taught me that little details separate the mediocre from the excellent." Square's design aesthetic and process approach is excellent. Mobile Pay is promising but still mediocre. Putting a mobile wrapper on the merchant services process won't get the job done.
It's time to get some folks from outside the creaky old merchant services business and put them in charge, not just on the team, of initiatives like this. I understand that, given culture, tradition, someone's long service, such decisions are hard. I just don't have any sympathy for leaders who continue to avoid steps just because they're hard. Merchant services is an industry whose process and cost structures are based on "because we've always done it this way." On the current path, "always" is getting a lot shorter.
UPDATE and Rant Alert:
I pointed out in yesterday's post some of the receipt shortcomings of Bank of America's Mobile Pay service. While the merchant name field can be edited, believe it or not, the BAMS logo at the top of the merchant receipt cannot be changed to that of the merchant. Unlike Square. Unlike LevelUp.
Really?
Let's ask a few questions here:
- Who receives the receipt? The cardholder, of course. The customer of BAMS's customer.
- Did the cardholder do business with BAMS? No.
- Is the cardholder at all likely to care about merchant services? Not likely. Only if the merchant's customer is a small business owner or manager.
- Is a receipt that is strongly identified with a third party of value to the merchant's branding effort? No.
- Does the BAMS logo at the top provide an actionable way to actually do business with BAMS? No. Square's receipt provides a way for a consumer to get ahold of Square Wallet. It doesn't try to pitch card acceptance.
Then, why the BAMS logo at all? Probably because a product manager, knowing that BAMS was invisible compared to Square, was trying to wave the flag and make some senior executive happy. At the cost of giving their customer the needed tools to support their own branding which, in turn, helps the merchant get more repeat business, that in its turn makes BAMS the real money from processing.
Talk about taking your eye off the ball.
Mobile Pay brochure.
Subscribe to:
Posts (Atom)