Author: Consult Hyperion

The future in our control

8th March 2013by Consult HyperionLeave a comment

[Jane Adams] At the recent 6th London BarCampBank Unconference, organised in London by Consult Hyperion, 90 attendees managed to leap the waiting list and attend the sold out event.

Unlike traditional conferences, unconferences focus on generating ideas and knowledge from all attendees. First of all we asked each delegate to write down their interests on post-it notes. We then sorted these into themes and delegates were seated in round table discussions according to theme. The ensuing discussions were both vital and intense and generated a wide range of visions, wishes and inspirations about the future of payments. Here are the main outcomes.

One key theme was the nature of the future bank. Was it a platform? Was it a utility? How did it differ from non-banks and near banks?

While delegates disliked the idea of banking as a utility, there was some interest in the idea of the bank as a trusted service manager, presenting a set of APIs to applications whose quality would need to be rigorously controlled. The real innovation would come in the area of distribution of these services and applications.

There was concern that not everyone understands that what separates banks and non-banks is the taking of deposits. Perhaps the varying terminology doesn’t help – to near-banks and non-banks, attendees added the neologism neo-banks. However despite the industry leading role of many of the attendees, only 50% professed themselves ready to trust new entrants.

Add to that a regulatory regime that seems to benefit incumbents and new entrants might have a problem. Delegates stressed the importance of regulation that benefited customers as well as banks, leading to greater transparency and a pro-innovation mindset.

One area of genuinely contentious discussion was whether in this future scenario, Visa and MasterCard had a role to play. There were few ideas about what would happen to what one delegate claimed was the 3.6 billion accounts that currently carry association branding, nor to how the industry would do without chargeback. However there was some suggestion that the future might reverse a past trend with a return to smaller local brands rather than another global acceptance brand.

One of the biggest questions is what will happen to cash. Dave Birch makes no secret of his views on the burdens cash imposes on the economy but attendees seemed to think that if cash disappeared there would need to be some sort of replacement. Cash was seen as local, convenient, trusted and personal and any replacement would have to have those features too. Anonymity and privacy were also seen as desirable features. A future visioning ‘writers’ discussion’ which I chaired ran with this idea and came to the disappointing conclusion that the replacement for cash was probably cash.

One brighter idea was that there could be different types of money for different purposes, with money shifting away from being something national towards becoming something specific to different types of economy.

Prepaid should be free with the business case coming from added value to both parties, unlike many current prepaid approaches. In fact customers could even receive discounts for using it, with aggregators enabling the customer to compare and choose the best discount.

Delegates were also asked why mobile might be better than cards. Partly this question foundered on definitions but three points to consider in any discussion were defined – the axes of security versus usability and innovation versus regulation and also the question of who holds the power to take mobile forward – merchants, schemes or consumers?

Identity played a large role in the discussion, although there was much disagreement about how banks could be involved. Some felt that banks were uniquely placed to provide data provisioning for identification services but others pointed out that identity on the Internet is multiple and much more subtle than pure KYC based identity. Where ‘what we are’ is more important than ‘who we are’, a link between the two may not be helpful.

In all cases, payment should be under the control of the payer not the payee – my money, my control – with friction being self imposed. That means any viable future alternatives to current payments methods must feature push payments.

Broadcast views

5th March 2013by Consult HyperionLeave a comment

[Anthony Pickup] Watching TV can sometimes spark interesting payments-related thoughts. The other night, it struck me how many live news broadcasts are now being performed via Internet services like Skype, at both local and national level, according to Skype. Compared to using a camera man and a dedicated transmission link, the quality is somewhat degraded but the cost is much, much lower.

The degradation is not only in terms of picture quality and sound but also in the unreliability of the connection, with lines dropping out either prior to or during the transmission. The thing is, none of that really matters. Sometimes there are other benefits too:

Monday night saw the first council meeting since the decision had been taken by local politicians in December. That meeting had been marred by disorder and disruption to proceedings by protesters who’d reached the back door of the building. Due to concerns over a repeat of the trouble, the decision was taken not to deploy a satellite truck, but instead to cover the meeting live for BBC Newsline using the Skype app on an iPad.
[From BBC Academy Blogs – Live Skype Broadcast on iPad hits Belfast Deadline]

The cost savings and the resulting access to more content are making these services becoming more and more the norm for news broadcasting, and as the above shows not just for user generated content from Joe Public wielding his mobile phone at accidents.

There’s a parallel with payments.

EMV is equivalent to the previous norm in broadcasting – each person (payee) is given a card that reliably and securely provides the service at a high cost using dedicated infrastructure. These costs are things like integration and scheme certification.
Bar codes, QR codes and mobile apps are like Internet broadcasting – each person provides their own infrastructure to make a payment. This may sometimes be less reliable but it’s reliable enough for consumers, both payers and payees to think it’s worth it for the added convenience.

Now, there are still people out there who say we don’t need these new systems because the dedicated card system works just fine. But to extend the metaphor from broadcast cameras to regular cameras, think about that famous business school case study about Kodak. Kodak invented digital photography but shelved the idea, partly because it looked like a threat to what they viewed as their core business and partly because the quality wasn’t good enough. But for consumers it turned out that the lower quality was plenty good enough and the benefits of flexibility, cheapness and convenience far outweighed any initial image quality issues, leading to entirely new social phenomena and businesses. And look what happened to Kodak.

In just the same way as digital photography and Skype is good enough for many consumers and TV watchers, so are lower quality payments. Yes, EMV is more secure, more reliable and so on but for the great majority of low value payments it’s as much an overkill as using an entire film crew and a satellite to send a greeting to Granny.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Should we tax electronic money?

4th March 2013by Consult HyperionLeave a comment

[Dave Birch] It seems to me that there is a something a little wrong in charging central banks with maintaining efficient, effective and stable payment systems when they not only have a dog in the fight but have a particularly naughty dog in the fight. If a central bank’s income derives from cash, it can hardly be expected to take an independent view of cash as one of a number of alternative payment options in the economy, can it?

A central bank’s prime charter is to provide stability in the financial system; cash is still an important part of that system and a significant revenue earner for governments through seigniorage. If nothing is done, then inevitably we will see the demise of banknotes and coin sooner rather than later.
[From The Demise of Cash – More Radical Change Needed — Counting On Currency]

You can see the problem with this: if alternatives to cash that are better for the economy (because they are cheaper, for example) come along then it means that the central bank, and therefore the government, will lose revenues unless they (in the spirit of the Royal Canadian Mint’s MintChip Challenge decide to issue the electronic money themselves. Marc Brule of the Royal Canadian Mint will be talking about the MintChip system and their experiences at our Tomorrow’s Transactions Forum next week, by the way.

Thinking about government or central bank issuance of electronic money makes you wonder whether electronic money is actually money or not, doesn’t it? If it is, should it then be provided by the central bank as a public good? If it isn’t, shouldn’t private issuers compensate the government for lack of income?

The key message then is that M-PESA units should not really be considered Kenyan base money (M0) in the traditional sense. In fact, it’s much more of a parallel currency.
[From Why central banks should take charge of their digital currencies | FT Alphaville]

Personally I wouldn’t characterise M-PESA as a parallel currency, but is clearly isn’t part of M0 since the ultimate liability for the M-PESA balances rests with the commercial banks where the float is deposited (M-PESA has a 100% reserve). The fact that it isn’t part of M0 is, from the government’s point of view, a potential problem.

M0 being an interest-free liability of the Central Bank toward cash holders vs M1/M2 being a liability of commercial banks towards deposit holders. In the worst-case scenario, M0 keeps shrinking, depriving the state of seigniorage revenue, which the government needs to compensate with a special tax on mobile money operators.
[From Why central banks should take charge of their digital currencies | FT Alphaville]

This would be true in the UK as well, but the way. The government obtains something in the region of £2 billion per annum in seigniorage revenue. This is nothing compared to the US, which earns fantastic profits from the wads of $100 bills stuffed under mattresses in Latin America, Russia and elsewhere.

Governments, after all, earn money from seigniorage – the profit from issuing coins and notes rated at more than their intrinsic value. The US Treasury department, for example, received $77bn in profits from the Federal Reserve in 2011.
[From Finance: More flash than cash – FT.com]

Money for nothing, as they say. In essence, this is a stealth tax on the people who use cash (predominantly the poor). But it’s significant government revenue. It seems to me then that the advent of electronic money and the reduction in M0 (except for criminal purposes) mean a revenue gap opening up. Governments therefore have two choices: they can reduce expenditure and become more efficient and effective users of tax revenues or they can find alternative sources of tax income. Since the former is a fantasy, the latter is inevitable. Thus we find Kenya, pioneers in M0 replacement, is instituting a new tax on mobile money.

The amendments are contained in the Finance Act of 2012, which introduces a 10 percent excise duty tax on transaction fees for all mobile money transfer services provided by cellular phone providers, banks, money transfer agencies and other financial service providers.
[From Kenya: M-Pesa mobile money users hit by new Government Tax – The Habari Network]

The impact of this is that Safaricom, already Kenya’s largest taxpayer, has just put its M-PESA fees up by 10%. So just as the unbanked trapped in a cash economy pay the stealth tax on notes and coins, they are now paying the not-to-stealthy for the replacement.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Did anyone notice? There was just an NFC earthquake

4th March 2013by Consult HyperionLeave a comment

Updated 4th March 2013. Please add any comments to 13th March post “NFC Aftershocks“.

[Dave Birch] There was a lot of talk about NFC at this year’s Mobile World Congress in Barcelona, but I can’t say that the opinions I heard were wholly positive. One of the most common opinions was that people were sick of hearing about it, since it’s been talked about for years. Rory Cellan-Jones, the BBC’s Technology Correspondent, put it like this:

In 2007 I was involved in a trial where I used an early NFC phone to get access to London’s transport system and pay for a coffee or a sandwich. The experiment was hailed a success by the companies involved, but although you can now use NFC credit cards on London buses, there is no sign yet of travellers being allowed to swipe in via their phones.
[From BBC News – NFC – not for consumers?]

As it happens, Consult Hyperion were the consultants for that trial so I know rather a lot about it. I would point out that not only was the experiment hailed a success by Visa, O2 and TfL it was also hailed a success by the members of the public who used it.

Nine out of ten participants were happy using NFC technology on a mobile phone and 78% said they would be interested in using contactless services. Perhaps unsurprisingly, given the pervasive use of Oyster cards in London, almost nine in ten of the trial participants said that the availability of the Oyster application would influence their future choice of mobile phones.
[From Digital Money: NFC drivers]

So how is it that nothing has happened in the last few years? It could be that one reason is that the industry as a whole chose an incredibly complicated and expensive mechanism for implementing payments and ticketing in mobile phones, a mechanism based on the presence of tamper-resistant Secure Elements (SEs) in the handsets. (Forum friend Roy Vella used to refer to this, rather amusingly, as the “nine party model”.)

In addition to the complexity was the issue of control. The mobile operators wanted to have the SEs co-located with SIMs on the same UICC, which held things up while the new “Single Wire Protocol” (SWP) was developed and that handsets redesigned. Access to the SE has also been restricted in various ways, and this means that it’s hard for developers to create great new NFC applications. I don’t think it is particularly controversial of me to say that, with the wisdom of hindsight, there were mistakes made. And the consequence is that, as Rory says, there is not a single mobile handset on sale in the UK today that you can use to get on a London bus.

I’m not saying that these technical details are the only problem, although a better understanding of the business implications of those technical decisions might have helped some of the organisations trying to deal with the consequences from making some less-than-optimal decisions about the path through the roadmap. I wonder, for example, if another problem might be that the people looking at business implications today don’t really understand how NFC works.

Whether it’s NFC, a QR code, a smoke signal, passing a note to a friend, it doesn’t matter.” – Paul Galant, Citi
[From Mobile World Congress 2013 – MasterCard’s Mobile World Symposium: mPayments Around The Globe | PYMNTS.com]

I don’t want to make a fuss, but Paul is wrong about this. Yes, NFC is a bit like a QR code in that it can read by a phone, and yes it’s a bit like smoke signal in that it is interactive (albeit over a much shorter range) and yes it’s a bit like passing a note to a friend in that it facilitates private conversations. But to say that it doesn’t matter is a big step. Studies have shown that consumers much prefer a simple tap to messing about with QR codes and while the current “card emulation” implementations of ticketing and payment applications do not take advantage of (or even use) NFC’s interactive peer-to-peer capabilities, they could do and they could use it to delver great customer experiences. I don’t want to use my phone camera to scan a QR code to get on the bus, I want to tap. I don’t want a paper receipt that takes a minute to print, I want the receipt sent via NFC when I tap to buy a coffee.

But back to the technical point about SEs. There were lots of announcements at MWC, but they all hinged on trying to animate the existing “value” chain.

All NFC-enabled digital wallets require access to a secure element on the device
[From Visa’s plan to spur NFC mobile wallet adoption may hit a snag | Mobile World Congress – CNET Reviews]

This is not true, but it has been taken as read by the industry. Hence I was surprised that one announcement didn’t attract more attention.

Spanish banking group Bankinter has developed an NFC payments solution that works without a secure element, potentially cutting out both mobile network operators and over-the-top players like Google from the NFC payments business.
[From Bankinter develops NFC payments service that eliminates need for secure elements • NFC World]

This is huge. They have announced an app that doesn’t use the handset manufacturer’s SE or the mobile operator’s SE or indeed an attached SE. It’s just an app that uses NFC, but that uses NFC to make secure transactions that are interoperable with the installed terminal estate. This ail radically reduces the cost of development, deployment and use, so it’s goodbye to the Trusted Service Manager (TSM) and the operator’s “apartment model” of renting SIM space. This is why the announcement of “no secure element” NFC is so important for banks. It means no more having to negotiate with operators and handset manufacturers and no more expensive over-the-air application provisioning. So long as a phone has NFC, it can be used to make payments at a standard, contactless EMV terminal. The next time that a bank sits down across the table to negotiate with an operator, it has a much, much stronger hand..

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Still dreaming of a cashless future

28th February 2013by Consult Hyperion1 Comment

[Dave Birch] My campaign for payments reform in Europe seems to be succeeding, albeit in a rather piecemeal fashion. I feel that my campaign to scrap the one- and two-euro cent coins must have obtained a significant boost when the 75,000 delegates to the Mobile World Congress in Barcelona discovered that the transit ticket machines do not accept them. Unfortunately, they do not accept mobile payments or mobile tickets either, so there was one of the traditional gigantic ATM queues that we associate with meetings of the world’s foremost mobile payments experts. They should probably put screens up to hide the embarrassing spectacle of the world’s foremost mobile payment experts standing in line to get cash.

This was followed, naturally, by the embarrassing spectacle of the world’s foremost mobile payments experts standing in a line to buy metro tickets.

Flying out of Barcelona on Vueling, I ordered one of the delicious in-flight snack-combo packages to reward them for accepting cards on board and I was gratified to note that they refuse to accept €100, €200 and €500 notes. Hurrah for them. There is no need whatsoever to print these notes and they should be withdrawn from circulation forthwith, if not sooner.

These are small signs of change, but they all count, and set me to thinking what other strings I might add to the cashlessness bow in addition to improving efficiency, reducing business costs and raising the costs of money laundering and tax evasion. This, naturally, led me to think about corruption. I thought it was illustrative that an electronic payments initiative in the Philippines was reported primarily as a corruption management tool rather than as a cost-saving or efficiency tool, even though it will undoubtedly help on both of those fronts.

Another tool to eliminate bribery and theft in government transactions with citizens, be they individuals or corporations, is within reach. Last week, the Department of Budget and Management launched a system through which government agencies can buy supplies online without using cash… The e-payment system “effectively brings us to the realm of cashless transactions, where procurement activities can be tracked and accounted for very quickly and accurately.”
[From ‘Cashless’ payments | Inquirer Opinion]

With all of these strings there to be played in harmony by a united electronic payments industry with a moral vision to make substantial reductions in the total social costs of payments in the not-too-distant future, surely the cashlessness future must be close. Like biorhythms aligning as their natural cycles come together, the combination of social, business and technical drivers for cashlessness are finally reinforcing. We have the technology to get rid of cash — the mobile phone. We have the business models to make stakeholders want to do it — “big data” and “small data”. We have the social pressures for it to happen soon — a European public fed up with tax evasion, crime and corruption. At last.

In our history as a species, we’ve survived longer without cash than with it. Physical currency has only been around for a couple thousand years. We would, in effect, be returning to a cashless society.
[From The Less-Cash Society | Snarketing 2.0]

I find myself going into London for the day with no cash in my pocket and not caring any more. Does this mean anything? Whether we are creating a cashless society or returning to one, the point is that there are signs that the inflexion point is near. Isn’t it?

But like forecasts of flying cars, predictions of a cashless future have a history of failure.
[From BBC News – Killing off cash: Could new tech mean the end of money?]

Indeed they do, and it might be interesting to learn why, so I’ve invited Professor Bernado Batiz-Lazo, Professor of Business History and Bank Management at the Bangor Business School to come along to this year’s Tomorrow’s Transactions Forum in London on the 13th and 14th March to give a talk based on his paper on the “Paleofuture of Cashlessness” which covers just this ground. If you want a preview, you can listen to the podcast that I recorded with Bernado after reading his excellent paper last year.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Social-ism

27th February 2013by Consult Hyperion1 Comment

[Dave Birch] Someone asked me the other day what the big trends are in identity, so I told them the same that everyone else is telling them. We all know what the deal is here…

But four megatrends are ripping that reality apart – cloud, social, mobile and big data. The world looks very different today than it did even five years ago.
[From 4 Megatrends That Will Transform Online Identity – Forbes]

I had these trends at the back of my mind yesterday when I had the honour to chair the GSMA’s session on “Mobile Identity: Opportunities and Challenges for Service Providers” at the Mobile World Congress in Barcelona. I had the great good fortune to have a first-class set of speakers, each putting forward a different perspective:

Harm Arendshorst who is Head of ID Services, EMEA from Verizon Business Services.
Sabine Mcintosh, Director, Managed Identity Business in EMEA for Global Transaction Services.
Doug Daberius from NokiaSiemensNetworks.
Patrick Fischer, who I mentioned in a previous post when he was at Deutsche Telekom.
Daniel Gurrola from Orange.

The discussion that followed, driven by questions tweeted in to me live during the session, was pretty wide-ranging. A couple of points stood out and I wanted to flag them up before I move on to my main point.

First, and I will come back to this on the blog, was the issue of security. Once again, the first set of questions that I saw pop up on my iPad were about mobile devices being lost or stolen. The panel agreed with me that actually this should be a strength for the mobile proposition, not a weakness, but the proposition needs to be refined and communicated with this in mind. Secondly, there was a fascinating discussion about M2M security (or, more properly, lack thereof) which I think has important implications for the development of the sector. And finally, Sabine made some points about the distribution of liabilities which while they might be familiar to people who spend their lives in the identity space are new to mobile stakeholders and deserve amplification and investigation.

The main point that I was left thinking about, though, came from Daniel Gurrola. This is a telecoms-centric event, so Daniel’s warning to his fellow operators that they risked giving the identity opportunity away to the “over-the-top” (OTT) players went to the heart of their strategic concerns in this area. The risk, essentially, is that OTTs such as Facebook will become the consumer’s preferred means of identifying and authenticating themselves for mobile services and bypass the operators.

There was a presentation by Denis Joannides from “Innovation District” on the use of these social networking identities at Identity.Next in The Hague. They showed a slide from Gartner which predicted that within a decade we would be using our social network identities for corporate, consumer and government log in. Can this really be true? The audience in the The Hague seemed sceptical but the strategic implications ought to form part of the discussion in any organisation planning for the medium term. In its December 2012 research briefing “Where Social Networks, Payments and Banking Intersect“, the Federal Reserve Bank of Kansas City’s Payment System Research Department rightly caution that “just as social networks create opportunities for commerce, they may also unintentionally introduce risks such as breaches of privacy, fraud and even money laundering”.

Denis was talking about the “Gini” platform, which takes the mechanisms of social networking identities (OpenIDConnect, OAuth and multiple identities) and wraps them with some other stuff to turn them into “trusted” (put to one side what that means for a moment) identities that can be useful to financial services organisations. The system went live last September for the Aegon life insurance company in the Netherlands.

While the security guys in audience didn’t think much of PIN codes and mailing activation codes in the post and such like (and I’m not sure about these either), I understand exactly the point that Innovation District and Aegon were making: if you add some strength to the social networking identity, then it could well become a trusted identity in some way. But is this wise?

As people tie their social networking identities more closely with their in-real-life personas, the idea of cross-referencing social identity data to authenticate users on the Web and in the enterprise continues to gain steam. The Secretary of State in Washington offered a prime example of this drive earlier this month by unveiling a new voter registration Facebook app developed by Microsoft that cross-references Facebook identity data with state information to confirm potential voters are who they claim to be before entering them in the voter rolls.
[From Security Snags Loom Over Social Login – Dark Reading]

I’m uncomfortable with this. Even if you completely trust Facebook and LinkedIn and Google and Twitter do you really want them to know everything you are logging in to? Surely we need to use the same underlying mechanisms as them but use them to deliver a different kind of identity. These mechanisms already exist — we don’t need mobile operators to invent them — but they haven’t become pervasive yet. Perhaps the role of the operators is to implement this stuff in a better (ie, both more convenient and more secure) way.

It is already four years ago that Google announced that all Googlers could use their account as OpenID to login to (an)other website(s). Supported by major providers such as FaceBook, Google, Microsoft and PayPal, OpenID was intended to become the worldwide standard to set the consumer free from his or her massive number of passwords. Now, in 2012, all consumers are still using many different passwords on different website(s).
[From How is your OpenID doing? | Papierloos informatie over digitale identiteit elektronische handtekening en betrouwbare uitwisseling]

I’d really like to have a handful of identities — perhaps my personal (ie, Passport) identity, my work identity, my family identity and my play identity — that I could use to log in everywhere. If web sites want to track my play identity around different games, then fine. I don’t care, so long as they cannot connect that play identity to my personal identity except with my explicit permission. My mobile phone is the obvious mechanism for me to manage those identities, authentications and permissions. If the operators don’t enable this, other people will. There may be some challenges, but I’d prefer the mobile operators to focus on the opportunities and get moving: there are many stakeholders who could benefit from

Fighting technology with technology seems most promising—by replacing ID cards with phones.
[From Fake ID cards: Identity crisis | The Economist]

One final point about mobile. Long ago, we said that the disruption in mobile payment would come because of the acquire side, because cashlessness is about universal terminals. Similarly, the disruption on the mobile identity side will come about because mobile phones can check identities, so let’s not forget about that side of the mobile operator business model.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Prepaid and social payments make a genuine win-win

25th February 2013by Consult Hyperion1 Comment

[Dave Birch] I’ve been reading an excellent new publication from the think tank Demos. It’s called “The Power of Prepaid” by Claudia Wood and Jo Salter. In essence their well-researched and interesting report recommends that the UK government extend the use of prepaid cards at both central government and local government levels to deliver social benefits more efficiently and more effectively. I wholeheartedly agree.

The heart of their argument is that prepaid card-based systems deliver more information to all of the stakeholders than cash does. Both the cardholder and the organisation managing the cards are able to view balance information on past transactions online. Spending can be monitored in real-time online which is important safeguarding benefits. The data coming back from cards on what and where people spend could be shooting valuable in a range of fields, and was certainly help researchers to better understand the “poverty premium” and the limited access to retail financial services mugs low income families.

But most importantly, Amex finally finally finally frames prepaid for what it should be, a checking account replacement, instead of a glorified gift-card.
[From Bluebird vs Greendot. Prepaid wins. – Forbes]

I couldn’t agree more. Prepaid cards have moved on a lot in recent years. Technology means that they can be given standing order and direct debit-like layers forming a sort of “bank account lite”. But we need still more functionality. There are a particular set of problems to do with subsidiary, companion and delegated cards which need to be addressed to overcome real problems in services for excluded groups. Quite often temporary fixes are found by adding companion cards (for carers, or dependents for example) but I think more generalised solutions, which would have to be connected in some way with some form of identity infrastructure, are what is really needed.

But back to the report. There’s no need for me to repeat all of the findings, as sure you want to read them for yourself, but I do want to highlight one or two things from the report, which makes some very sensible and reasoned recommendations that I suspect more than one of our clients will be able to respond to with new prepaid products and associated services.

The starting point for the report is that, excluding savings accounts which are not transactional in the sense that you cannot link them to a debit or credit card or pay benefits into them, the number of people without a current or basic account stands at more than 2.5 million in the UK today. (This excludes people who have bank account but for whom prepaid might be a better alternative). Therefore, the report recommends that the government address the problem of the unbanked by adopting fully functional chip and PIN prepaid cards. These cards can then be used for welfare and benefit payments of all kinds, and not only for the unbanked. The report says that the public sector should avoid the temptation to use simpler and less functional alternatives. They note that less functional cards keep the unbanked in a cash-based economy and that maintaining cash-based withdrawal systems using “one-dimensional” cards, the unbanked will not be to make the savings associated with shopping online, or pay bills direct debits, and so have a limited impact encouraging claimants into mainstream financial habits.

The authors say that people who were already using a prepaid card for social care direct payments spoke very positively about them when interviewed and they give a number of detailed case studies of existing schemes that I found very useful. I particularly liked the case of the Utah State card, delivered by JP Morgan Chase, which holds up to five separate pots of money on one card. This “jam jarring” of funds is a critical kind of functionality needed for the systems and not found in current implementations. When I interviewed Claudia for the podcast in our Tomorrow’s Transaction series I didn’t want to be a bore her with nerd interjections about this, but from reading the report I wasn’t sure if the authors were aware that it’s part of the EMV specification to allow multiple payment applications on the same card. The terminals have to implement this functionality there is no reason why a single card couldn’t be issued with say three or four payment applications on board each one storing a different pot of money. Thus, when the benefit recipient presents the card at a point-of-sale (POS) terminal they would be asked to select between different pots. As is discussed later in the report this will make it possible to have some pots restricted by merchant category code (MCC), or by time, or by terminal ID, or by velocity, or by maximum amount or whatever, and have other parts that are unrestricted. As an aside, one of the other learnings from the systems already in place was that councils experienced a high frequency of lost cards and/or lost PINs.

A particularly important thread in the report is the once concerning this issue of monitoring and control of card spending. The authors note that there might be benefits to using prepaid cards to deliver financial services to vulnerable groups and that we should begin a debate on balancing the complexities and ethics of safeguarding spending balanced against “nanny state” interference. (It was interesting to note the focus group participants tended to support the idea of other people having their benefits monitored, but not themselves.) Restrictions in the USA, like in the UK, are currently implemented by some blocking specific MCCs which identify types of shops. Since the card companies have no access to the level III POS data, nor would the retailers want them to, I don’t really see MCC blocking as a viable way forward, and as I’ve written before I’m sure it would have negative consequences as “legitimate goods” were traded away a discount for “illegitimate goods”.

I found some of their ideas about managing and restricting spending pots for rent purposes quite interesting — I would prefer a more radical solution, making it illegal to pay rents in cash at all — but there you go. Incidentally, and I don’t want to touch on politics of UK welfare payments, which are not the subject of this post, but the authors note in passing that when they interviewed people about the new universal credit shift to paying housing benefit to recipients rather than landlords, not a single person interviewed could see the benefit of doing so. Yet one of the reasons why the report is so timely is that the UK is about to undergo this transformation in the way that welfare benefits are paid.

The welfare system in the UK is switching to a new “universal credit” system where all benefits will be unified and paid monthly in arrears.

claimants will receive just one monthly payment, paid into a bank account in the same way as a monthly salary
[From Universal Credit – DWP]

If you’re wondering why our clients care about this, it’s because it represents a money flow of around £2 billion per month that is up for grabs.
[From Who wants low-cost bank accounts?]

They authors also recommend that the government create a targeted savings encouragement scheme. Our experiences down in Kenya would seem to support this conclusion. Simple savings products offered to the unbanked have tremendous social benefits, but that’s a subject for another post sometime.

Finally, I want to highlight that when the authors were talking about their areas for concern, the areas where the existing prepaid card infrastructure would ideally need to be improved to provide better solutions to the specific problems, I couldn’t help thinking that they were describing a kind of “Holvi for social care”: that is, a white-label payment institution that provides very specific and targeted functionality. Just as Holvi provides group accounts and the functionality that goes with them, you could imagine a similar system providing care accounts and the functionality that goes with them. I would have thought this might be a very fruitful area of investigation for the government and other stakeholder groups.

I thought the report’s conclusions and recommendations were excellent and make complete sense and I would only add additional recommendations around the use of communication channels — specifically mobile phones and digital television — to deliver budgeting and value-added management services around the prepaid cards. I think this is where we really could use new technology to make a difference. A prepaid account managed by mobile phone has greater utility and is far more powerful than a prepaid account managed just through a card.

Demos recommends that the government reviews its financial inclusion and digital inclusion activities and creates greater synergies between the two. I was very happy to read this, because we have been of a similar mind for some time. One or two of the projects that Consult Hyperion has been working on, including the current Technology Strategy Board project on using mobile and digital television to deliver financial services to socially excluded groups, have indicated precisely the same.

All in all, an excellent report and props to MasterCard for sponsoring it. In fact I was so interested in all of this that I have invited Claudia along to our Tomorrow’s Transactions Forum in March where she will present alongside the Department of Work and Pensions (DWP) in a session designed to explore some of these issues in more detail. This is precisely the kind of area where some innovative use of new technology a little bit of out-of-the-box thinking about new services can intersect to bring about radical improvement, forming a genuine win-win for the government, the payments industry, taxpayers and benefit recipients.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Disruption is not about everyone having cards, it’s about everyone having terminals

22nd February 2013by Consult Hyperion1 Comment

[Dave Birch] This time last year I was very flattered to be invited by the GSMA to moderate the session on Delivering Innovative Mobile Payment Services at the Mobile World Congress 2012. For those of you who haven’t been, MWC is the mobile industry’s gigantic annual trade fair in Barcelona with something 60,000 attendees. (The whole jamboree gets underway again next week, by the way, where I am again flattered to have been asked by the GSMA to chair a session, this time on Mobile Identity, Opportunities and Challenges.)

The payment session last year had an amazing line up: Bill Gadja (Global Head of Mobile, Visa), Osama Bedier (VP Payments, Google), Olivier Piou (CEO, Gemalto), Rodger Desai (CEO, Payfone) and David Marcus of PayPal. David was then the VP Mobile, but was about to become the head of the company. So a year on, have we seen any innovative services? At the time I remember thinking that I heard more about barriers to delivering innovative services at MWC than I did hear about innovative services — because of the emerging realisation of co-ordination costs and complexities between bank, handset, SIM, SE, TSM etc). Since that time however, mobile payments has continued to evolve as a sector, but it is on the acquiring side that we’ve seen real impact, real business change. And David and his team at PayPal have been at the forefront of this.

Pizza Express is to pilot the pioneering experiment in its 370 outlets this week, in partnership with online payment company Paypal… Customers will be able to settle their bill with just a few taps on their iPhone, meaning they can leave the restaurant whenever they like.
[From Pizza Express diners can use their iPhones to pay the bill and walk out | Mail Online]

You have been able to use PayPal at POS for some time. I think one of the first places was Home Depot. It’s certainly interesting that you can pay in a shop using PayPal (I’ve done this) but is it revolutionary? Not really. This from our friends at Glenbrook this time last year, for example.

It had and was not too surprising — other than seeing that Home Depot was passing line-item data about what I bought to PayPal. I would normally say passing line item data is a HUGE deal — in an offer targeting way, not a privacy paranoia way — except I can’t ever imagine PayPal being able to interpret what I bought from the line-item descriptions. The descriptions just weren’t that useful.
[From PayPal @ POS: My Field Trip Report — Payments Views from Glenbrook Partners]

Since then, PayPal has continued to evolve physical POS solutions, with some fascinating services and, I’m sure, a great deal of learning. They also launched their mobile acquiring solution “PayPal Here” in the US last March and in May went live with the “PayPal Local” solution. The competition between PayPal, Square, Intuit and others in the US has driven tremendous innovation in mobile POS (m-POS) over the last year. In the UK, we’ve been looking on jealously, held back by what we might call the “Chip and PIN innovation problem”. The problem is that while chip and PIN is much more secure than chip and signature, that security comes at a price. Making “PIN Entry Devices” (PEDs) that will meet the security standards for PCI-PTS and obtain the necessary scheme certifications is expensive.

What’s more, whereas is it acceptable to sign for a transaction using the screen of someone else’s smartphone or tablet (see below) it is not acceptable to do the same thing with PINs. I would never put my PIN into some random stranger’s phone down the market. Until we get trusted environments in the handsets, the handsets cannot meet the scheme requirements for PEDs.

Hence for chip and PIN a different model is emerging. Instead of plugging a dongle into the phone or tablet and then using that phone or table for the cardholder authentication mechanism, in Europe we are seeing PED devices linked to the phone or tablet by Bluetooth. So when you buy something down the market, the market trader hands you the Bluetooth PED device and you put your card into it and punch in the PIN. You never take the trader’s phone and the trader never takes your card.

In the UK in the last couple of days we’ve seen two important announcements using this model. First, iZettle launched their chip and PIN solution and today PayPal have launched the chip and PIN version of PayPal Here.

This is excellent news. These are both great offerings and I think they will grow card acceptance and card usage. Between them they could easily bring a couple of hundred thousand new SME and micro merchants into the card world over the coming year. Naturally we took a few calls from journalists on this! I told them that as far as I could see both PayPal and iZettle would be successful. They look similar, but they’re not quite.

Dave Birch, director at IT consultancy Consult Hyperion, said although PayPal and iZettle’s offerings appeared similar, they were pitched at different parts of the market.
[From PayPal enters UK mobile payments race – FT.com]

The iZettle solution will appeal to independent traders and micro-enterprises who want to get up and running quickly with card acceptance. I think PayPal’s is a slightly different play, which is more about ecosystem. PayPal’s special sauce is their API. They have a developer community that will build on their platform and integrate chip and PIN into value-added offerings (I expect to see a variety of offerings for specific verticals emerging over the next few months). I also expect that PayPal’s entry (because of their brand and existing merchant base) will grow the market for everyone, not only for PayPal themselves. GfK research by Ryan Garner would seem to indicate that PayPal’s brand will help to bring new groups (e.g., teenagers) on board.

For example my teenagers use and trust Paypal for making payments more than they do a traditional bank or credit card company. This was echoed in the GfK research which noted “PayPal, whose experience in delivering remote mobile payment services to consumers places it in a strong position in both financial and mobile spheres. As a brand it boasts high levels of trust and consideration. But, most interestingly, it has the highest brand preference of all those tested in this research”.
[From Mobile payments brand preference — Athenic]

So are we finally seeing some disruptive innovation in mobile payments? I think we are, and it’s not all because of PayPal. We’ve always said that the disruption will begin on the acquiring side. Getting rid of cash doesn’t mean everyone having cards, but everyone having terminals. And Square, iZettle, Stripe, Intuit, PayPal m-Powa, Adyen and many others are making this a reality.

In this rapidly evolving market even relatively young firms run the risk of being outpaced themselves by fresh and even more disruptive innovations. One such very new firm is Stripe, which has attracted investment from some of the original founders of PayPal and is trying to muscle in on PayPal’s online market.
[From Mobile payments: A wealth of wallets | The Economist]

I commented on this at a client meeting a while ago and I hope they won’t mind me repeating it here. When I go to a banking conference, PayPal are spoken of as an upstart, a revolutionary interloper. When I go to a technology conference, PayPal are seen by the teenage entrepreneurs as sclerotic, lumbering incumbents no different from Bank of America or MasterCard! I think the truth is that they are now a payments incumbent and their entry into the UK m-POS market will legitimise and grow the sector. But the real impact of their product will come from the integration of m-POS into the PayPal ecosystem, which is where there approach is more innovative, and here I expect to see genuinely new services introduced over the coming year.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Don’t bank on identity

21st February 2013by Consult Hyperion7 Comments

[Dave Birch] More than one correspondent has asked me why no banks are on the initial list of approved identity providers (IDPs) for the British government identity assurance (IDA) framework. I belong to the IDA working group on privacy and security and, as you might imagine, Consult Hyperion has provided (and is providing) paid professional services to a number of organisations in the private and public sectors who are developing identity-based products and services. So I think I have a reasonable and well-informed perspective. Unfortunately, it also means that I have to be very careful about what I say, as you might also imagine. But speaking generally, and without reference to any specific clients or projects, I’d say there are three main reasons:

I had an e-mail from a bank person (not Barclays) who said that they had looked at starting an identity business but as it would only generate net revenue of $200m/annum after five years, it wasn’t worth pursuing. In other words, it’s classic Christenson disruptive innovation – the new opportunity is too small compared to core business.
It’s a cross-silo and cross-sector opportunity covering both cost reductions and new businesses so it doesn’t fit corporate structure very well. If some form of identity infrastructure is to address both of these opportunities then it is going to cut across the whole sector, let alone individual banks and there isn’t much appetite for this at the moment.
The business units don’t understand the underlying technology, and I’m afraid it’s one of those areas where you can’t brainstorm the products and services that might be delivered without some rudimentary understanding of federation, digital signatures and such like.

I’m a Barclays Premier customer and I’ve had an account there since 1977. Barclays know absolutely everything about me and my finances and they’ve given me a dongle to authenticate myself to them (which works fine) but I can’t use that dongle to log in to Barclaycard, let alone HSBC. What’s more, under the government-mandated expensive (heading toward a billion quid) and pointless account switching system that will go live in a year or two, despite my 36 years with Barclays, if I walk into Lloyds to open an account they’ll treat me as if I’ve just got off the boat and demand that I go home and come back with some high-security documentation (e.g., a photocopy of an old gas bill).

Identity Fraud accounts for over 50% of all frauds recorded in 2012… The takeover of customer accounts increased by 53% from 2011, meaning that data driven identity crimes now constitute the vast majority of all fraud in the UK.
[From Fraud increase driven exclusively by identity crime, says CIFAS | 18 January 2013 | Stock Market Wire]

Identity fraud is out of control in the US as well, albeit for slightly different reasons, one of the key ones being the use of Social Security Numbers as “identity”. Although, rather hilariously, it seems that the criminals principal source of social security numbers isn’t dedicated teams of Eastern European super-hackers working under their direction but…

The most common method used for stealing identities appeared to be data breach notification letters. Approximately one in four recipients of these kinds of messages ended up being a victim.
[From Javelin: Identity fraud reports increased by more than a million last year | ZDNet]

This is the Law of Unexpected Consequences on stilts, isn’t it? No. Actually, it is the Law of Expected Consequences, since it is exactly as predicted at the time of the great HMRC CD debacle in the UK. I can remember saying, one more than one occasion, that the stupid decision to send out breach notification letters to every household in the UK — a letter that included the full name, address and national insurance number (doh!) of the recipients — would undoubtedly lead to more identity fraud being perpetrated than the loss of the CDs (if they ever existed, which, to be honest, I doubt).

We all need much better security around account access but to make it affordable we need standard, federated solutions operating inside cross-sector frameworks. We need to stop building bank-specific, or even banking-specific, solutions. And we need to make security into an essential element of the customer proposition, part of the business, not part of the back room technology infrastructure.

Here’s one idea of what could happen. When you open a bank account, you should be given a UK financial services identifier (your “money name”), just like you get a Facebook name or a Twitter name. Let’s say it’s £Barclays_Dave. The bank should provide 2FA against that money name. When I go to Lloyds to open an account, I should be able use my money name to open an account on the spot with no messing around with old gas bills. Alternatively, I should be able to open an account with old gas bills and get a new money name (e.g., £Lloyds_Dave) if I prefer.

It wouldn’t cost anything at all, or at least not very much. Banks could fund the system by having the Payments Council auction the “vanity” money names to the highest bidder. I’m sure Richard Branson would pay a million for £Virgin and Roger Moore another million for £007. It’s about time banks had some innovation in the identity space before they simply give the business away to organisations with a better understanding of the technology and it’s possibilities.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers

Is the nature of m-POS competition changing?

20th February 2013by Consult HyperionLeave a comment

[Gary Munro] I noted earlier this year that 2013 looked like being an important milestone in the establishment of mobile POS in the UK, enabling the micro-merchant community to accept card transactions, and that things were hotting up. Well today things just got hotter.

Stewart Roberts, UK Managing Director of iZettle, popped round to CHYP End this morning for a quick chat and to show off the new iZettle Chip & PIN reader which launched today in Europe. The new device is a fully secure and certified Miura chip and PIN reader, also used by Adyen and PayLeven in their recent mobile POS launches.

iZettle is not replacing the Chip & Signature device, rather they are providing both options for the merchant to decide which best suits their needs. The Chip & Signature reader is “free” (£20 upfront with rebates over time) while the Chip & PIN device is £49 + VAT. Transaction fees are the same for both at 2.75%. We expect that only merchants with very low transaction volumes will continue with Chip & Signature and that Chip & PIN will become the primary device.

The big questions though are whether the mobile POS acquiring (m-POS) market is big enough to support all of these entrants (and there are more to come, by the way) and what the competition will mean for existing acquirers.

There are currently around 1.3 million card acceptance devices in the UK market. Some players in the US say that they have bought their last traditional POS terminal, and in the future mobile variants will be the route forward. However the bulk of the existing market is not the target for m-POS, or at least not today. In the UK, the “micro merchant” and “new to card” acceptance space is anticipated to be around 1 million new merchants such as: photographers; market traders; home sellers; charities; plumbers; seasonal holiday lets; farm shops – farmers markets; basically the merchant and mobile merchant for whom the traditional POS device does not make sense.

So how does it all work and how will the merchant chose between iZettle; PayLeven; Adyen; Intuit and new players such as mPowa all looking to provide mobile POS card acceptance, and how will the merchant choose which service to go for?

To some extent the players are positioning themselves based on the services they provide, subdividing the market:

Adyen are looking to provide a combined offer with m-POS complimenting e-commerce and traditional face to face payments, providing an enhanced purchasing experience in higher end retailers;
Intuit are offering the potential of linking mobile POS solution to their Quickbooks software;
mPowa want to provide infrastructure solutions to the major customers such as FNB & Portugal Telecom, with customers such as these targeting the micro merchant estate directly.

The micro merchant can therefore look for the m-POS provider who has the service which best meets their needs. Stewart said that customer service and the payment experience will decide who a merchant signs up to. So it is reasonable for iZettle to see the system and experience that they have behind them as they enter the chip and PIN space as a real advantage. They’ve worked hard on the customer experience (we used this last week, as we decided to use iZettle to accept payments at the London Barcampbank 6 unconference). The online portal is where a new merchant signs up for iZettle, and they reckon the whole onboarding process will take only three or four minutes (this was our experience) including 40 seconds for AML & KYC checks! No waiting for a week for approvals, the aim is to enable the merchant to take payments as soon as their reader arrives. The merchant can sign up as a business (enabling VAT functionality) or an individual private account. The interface is simple and functional, allowing the merchant to create product lists for photo driven menus, view various reports, add additional cashiers, view transactions, send duplicate receipts, most of the things a small merchant would want in a card payment system.

The iZettle app is available for both iOS and Android, though as Stewart admits the Apple version is more feature rich, with plans that the Android version will catch up. The reader connects to the smartphone by Bluetooth, and I was surprised how simple it was to get started. The iZettle system uses over-the-air provisioning to allow the merchant to use any phone/reader combination, ensuring that product lists are consistent.

For sales the merchant can enter amounts directly, select products from a list, offer discounts, accept cash or card and send receipts either by e-mail or to wireless printers. The receipts detail the transaction, show where it took place, what was purchased and for how much.

Existing acquirers who have yet to enter the micro merchant market must be concerned that these m-POS solutions may cannibalise the lower end of their merchant base, or indeed their traditional mobile POS estates. There are interesting times ahead in the low volume end of the market as there seems to be a shift in the nature of the competition. These new solutions offer simplicity, functionality and service as key to success, rather than the lowest price.

These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers