Hip to be Square

Many years ago, when I was a mere slip of a consultant, I was sent by a client to check out a company called WorldPay, then run by Forum friend Nick Ogden. I reported back to the retail bank I was engaged by that I couldn’t see where WorldPay was going, since it didn’t provide any service that the bank couldn’t provide themselves given a small amount of development effort. Therefore I assumed that the bank, like all other banks, would soon be providing a comprehensive range of services for new internet businesses and that WorldPay’s niche would vanish.

Royal Bank of Scotland Group Plc, the U.K.’s biggest government-owned bank, agreed to sell its credit- card payment processing unit to Advent International Corp. and Bain Capital LLC for 1.7 billion pounds ($2.7 billion).

[From RBS Sells WorldPay to Advent, Bain for $2.7 Billion – Bloomberg]

Please! Don’t listen to me about anything to do with business! I didn’t realise that there is no such thing as a quick and dirty development in a bank, and that starting a new line of business doesn’t happen overnight. There’s a big, big gap between people like me saying that all the bank needs is a simple internet gateway and a merchant acquisition process and these systems and processes actually getting going. Things just don’t work like that, for all of the well-known reasons (focus on core business etc). I was thinking about this when I got into a discussion with someone a few days ago. They said that Square does nothing that existing stakeholders in the card business couldn’t do themselves, so it has no long-term future, the argument being that Barclays or Streamline could just offer a similar service. And Square is reducing its charges, meaning less margin, so they won’t be able to beat the big boys on cost either.

Square’s rates will fall to a flat fee of 2.75 percent per transaction instead of charging 2.75 percent plus an additional 15 cents. (The rate for when a credit card number is keyed in, rather than swiped, will remain the same at 3.5 percent plus 15 cents.)

[From Square Sacrifices Revenues to Ramp Mobile Payment Volumes | Tricia Duryee | eMoney | AllThingsD]

All true. But the reality is that just because other merchant acquirers could do this does not mean that they can do this, and if Square can provide just enough added-value with their app to get traction in the small business sector (they are already processing a million dollars a day), then when new payment technologies come along (eg, NFC phones that can accept payments from contactless cards) the merchants will just expect Square to handle them for them. We have long been advising clients that the key disruptive role of mobile phones in the payments world is the ability to take payments, not to make them.

Incidentally, I can’t resisting commenting on the Square-based debate that sprung up over the last few days. As I’m sure you all know, Verifone wrote an open letter pointing out that Square is not fully PCI compliant, something that has been known since the product was first announced.

iPhone cannot be made PCI compliant without first encrypting the card BEFORE it gets into the iPhone (see the Verifone solution)

[From Square Up update « FinVentures]

Not that interesting, to be honest, but it did stir things up and Square had to respond, which they did by pointing out that the problem is with a payment system built on trivially-copyable magnetic stripes and the like.

In his response, Dorsey said any technology, including “an encrypted card reader, phone camera or plain old pen and paper,” can be used to steal information. “If you provide your credit card to someone who intends to steal from you, they already have everything they need: the information on the front of your card,”

[From Square Responds to VeriFone s Security Claims – American Banker Article]

Will master criminals intent on skimming card numbers sign up with Square and then install a dodgy app? Probably not. There are plenty of better options out there, including the existing magnetic stripe readers that the criminals already use.

Exposing Square’s security vulnerabilities in this manner is an act of outright hostility on VeriFone’s part, and a sign that it’s unnerved by Square’s growth.

[From VeriFone Attacks Rival Square With Ethically-Questionable Security Exploit: Apple News, Tips and Reviews «]

Not that it’s any of my business, but this is why the letter looks like a mistake. If I were Verifone, I would have spent my time making a better iPhone card reader, or something that plugs in to Android phones or EMV chip/contactless readers or whatever, or partnering with people to deliver great merchant service, or something else to compete.