Category: Payments

 

 [Jane Adams]As a marketing person I am supposed to be interested in what customers want but working in B2B that tends not to involve listening to consumers. In fact it isn’t unheard of for consultants in the payments space to say that we shouldn’t listen to consumers because what do they know? As Henry Ford once said, if he’d listened to customers, he would have built a better horse drawn carriage. It’s hard in fact for non-industry ‘civilians’ to know what they want from a technology they barely understand. Furthermore, payments is boring – consumers don’t want to think about it.

You can imagine how all this goes down with consumer marketers

So it’s not altogether surprising that when Dave Birch, Consult Hyperion’s Global Amabassador,  recently spoke at a consumer intelligence forum about innovation organised by Stylus, his presentation on ‘why we shouldn’t listen to consumers’ was retitled ‘why we should listen to consumers’ by the organisers who clearly felt they’d picked up an unfortunate typo.

“What are you doing going to that?” was the general reaction in the office when we admitted that not only Dave was speaking but I’d be attending too. Indeed, surrounded by media hipsters with either interesting facial hair or interesting shoes, depending on gender, and followed by speakers on luxury retail interiors and happening female vocalists on MTV we did feel a bit out of place.

Nonetheless, it was actually rather interesting and it turns out that although they may not know that they know, consumers do in fact know what they want from payments, even when they think they are thinking about Italian furniture and yoga pants.

Here are the innovation trends highlighted at the Forum and how they map onto payments.

• Teens are becoming more and more important. In fact the irritating little twerps are so busy founding million dollar start ups that they barely have time to wash. Marketing needs to reflect their growing significance. True – one of the biggest opportunities in cash replacement is in payment methods for teens and children.
• Everyone (except teenagers presumably) is now into the new spirituality and simplicity, meaning stuff like yoga rooms at airports. True – for new payments methods to succeed they need to be simple. No filling in 2 page forms and going through KYC to get a prepaid card.
• Family structures are increasingly diverse. True and that means there’s a need for a range of payments methods to suit everyone, from Granny who doesn’t like PINs to those teens again who may well enjoy having an O2 Money companion card.
• Eat and tweet – foodies can’t help using their mobiles to tweet pictures of their gastronomic adventures. True – then they can use the self same mobiles to pay for the food – the MyCheck app for example.
• Outrospective thinking is bringing about positive change. True – text donations are a vital method of fundraising, according to Comic Relief. Now, if only there were a way of doing Gift Aid by text.
• Furniture is becoming more quiet, simple and pared back. OK, this one was difficult but a tweet about how we know nothing about furniture but we do know how you’ll be paying for it led us to get a furniture designer as a Twitter follower. Moving swiftly on…
• 3D printing, hacking and open source design is changing the way goods (including furniture) is getting to consumers. Absolutely and P2P payments like PingIt are a great way of paying for them.
• And finally ‘brand of me’ – the modern consumer is ‘always on’ and puts digital first. It stands to reason then that they will want to put digital first in payments terms too – mobile payments rather than cash.

So you see. The consumer does know what they want from payments – exactly what they want from everything else. Doesn’t that seem logical?

[Dave Birch] The Nobel prize-winning economist Paul Krugman mentioned Bitcoin in his blog over at the New York Times, prompting the all-too-familiar religious-style flame wars in the comments that followed. The reason for this is that he said (about Bitcoin) that

One thing I haven’t seen emphasized, however, is the extent to which the whole concept of having to “mine” Bitcoins by expending real resources amounts to a drastic retrogression

[From Adam Smith Hates Bitcoin – NYTimes.com]

As several commenters pointed out, the work that goes into the mining is really the work that needs to be done to maintain the transaction ledgers, the “blockchain”, and this will continue even after all of the bitcoins have been mined and this work will have to be paid for in transaction fees if it is no longer rewarded in bitcoins. But that’s by the by. In the piece, Krugman quotes Adam Smith, who very famously said (in “An Inquiry into the Nature and Causes of the Weatlh of Nations“) that

The gold and silver money which circulates in any country may very properly be compared to a highway, which, while it circulates and carries to market all the grass and corn of the country produces itself not a single pile either.

I’m partial to the money as highway metaphor. This has stability as an essential component: you know where roads are and where they go. You can rely on them and you can build facilities around them. I have in front of me an article from Discover magazine from 1998 (“The Fiscal Frontier” in the October issue) in which Mr. Krugman, while Professor of Economics at MIT, said with remarkable prescience that

One can imagine that a system of purely virtual money might be subject to severe instabilty.

He goes to make two well-informed and sound comments about the future of electronic money that I think are wrong (as if he cares, I can hear you thinking…). He says that

1. There will be a distinction between electronic cash and electronic money because of the need for small transactions where neither the buyer nor seller want the buyer’s creditworthiness to be an issue. I used to think that this was true, but I don’t any more. For the reasons discussed before, specifically the falling costs of computers and communications, the connection between the transactional environment and the social graph, transactions will be between identities and their credentials and reputation obviate the need to avoid trust by assaying the medium of exchange.
2. What everyone wants is an anonymous, reliable means of exchange; given a chance, they will always prefer one backed by a government. It’s not at all clear to me that “everyone” wants an anonymous means of exchange, and nor is it clear that — even if they would prefer a store of value backed by a government — they care whether the means of exchange is backed by the government or not.

By the way, he also made a prediction that I strongly agree with. He said that

There will not be a universal currency for a long time. There is a big advantage to separate currencies providing price stability in different parts of the world.

How true. This is just the kind of point made in the discussions around the Long Finance report on finance in 2050, where the notion of community is extended to both mundane and virtual groups, each of which might prefer its own currency, thus providing stability within the community. There won’t be a single world currency (whether the Dollar or the Remibi) and there won’t be a single virtual currency (whether Bitcoin or MintChip). There will be lots of currencies and we will all be better off because of it.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

[Dave Birch] Remember last year when the founder of Netscape, Marc Andreessen, said at a Wired conference that

“We should have built payments in the browser,”

The statement was made in response to an audience question about magazines’ future as an industry. Chris Anderson, Wired‘s editor-in-chief, held up his iPad. “The tablet has been the first media platform that came with an ecommerce engine attached. The big problem with the web is that we couldn’t take payments,” he said.

[From Netscape Founder: We Should Have Built Payments in the Browser]

Well, not for much longer, apparently.

Mozilla is hoping to streamline payments for web apps by adding a new API into its forthcoming Firefox OS that makes the process easier and more secure. It announced the first draft of a new payment system API which will be integrated into Firefox OS with the aim of making payment processing simpler and provide better security and control for users.

[From Mozilla tests out web payment API for Firefox OS | ZDNet]

Right now, app developers have to call different functions depending on the OS (e.g., the IOS in-app billing API) so this should make life easier for them but it won’t cause an instant revolution. The idea is to add a standard “pay” function in the browser, but all that function will do is send you to the payment mechanisms that are configured into the OS. These will, in the first instance, be payments cards and (for some mobile OS) carrier billing. How the online retailers are to connect with the payment providers is not yet specified as part of the API but may be in the future.

Browser micro payments were one of the very first areas for what are now called emerging payment technologies. I can remember looking at all sorts of possibilities for a variety of different clients back in the early days of the web. It was assumed (and I thought it was the case) that if anyone could get a simple micropayment system working then it would transform the web. I remember writing an article for a now long-extinct Microsoft magazine called something like “The Red Button” putting forward this case and I subsequently wrote a piece for the Guardian about it. What if, I was wondering, there was a red button on your keyboard that would pay the operator of whichever website you were looking t 10p when you pressed it. How would that change the dynamics of content?

Suppose that every PC, personal digital assistant, mobile phone, interactive television and other information appliance came with a red button on it marked “pay the guy”.

[From When red could be Orange | Technology | The Guardian]

We never found out. Lots of people tried to build such systems, but they never got traction. Who remembers Hashcash? Millicent? Cybercoin? Beenz? DigiCash? Barclaycoin? (I do, obviously!) So why didn’t they take off? Surely the economic pressure to come up with suitable micropayment solution would be so great as to align interests. Not for all content (the revealed preference of consumers for music and movies is for uncapped subscriptions) but certainly as a platform for new kinds of commerce.

“It was essentially impossible to do,” Andreessen replied. “We tried. We talked to credit card companies, banks, we weren’t able to do it. Microsoft wasn’t able to do it.”

[From Netscape Founder: We Should Have Built Payments in the Browser]

I loved Millicent, for example: the cursor changed to a $ sign went you pointed at a paid link, and when you clicked on the link the service provider was paid automatically. Great idea. And fifteen years ago, when Compaq bought Digital (who had developed Millicent) they thought so to.

Compaq is planning to use Digital’s Millicent micropayment technology to offer incentives for perusing its site’s ads. 44 Browsers can receive small digital payments each time they visited a new advertiser’s site. These in turn can be used to pay for services on other partner sights.

[From Micropayments and the Future of the Web]

Well, Millicent went the way of all flesh and i still can’t buy an old magazine article or a bit of shareware but just clicking on it. Yet I remain convinced that there may be a way forward on this and perhaps the Mozilla API will stimulate more thought and perhaps make for a sea change in web economics. Four years ago, I wrote in the Journal of E-Finance & Payments Law and Policy (Volume 3, Number 2, February 2009, pages 11-13) that

the technological determinist in me is drawn to another much simpler and more straightforward explanation: people won’t pay $1 for stuff on the Internet because they can’t, whereas they will spend $1 for a ringtone on their phone because they can.

I think this dynamic is now clear. Give people an easy way to pay for something (e.g., iTunes) and by and large they will. Is the new Mozilla payment API that easy way to pay? No, it isn’t. But it might be a simple way to use that easy way pay once we’ve found it.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

[Dave Birch] In March, the Chancellor of the Exchequer (for foreign readers: this is our Finance Minister) gave a major speech on banking reform which included some remarks about the UK’s payments infrastructure (which, as Banking Technology magazine put it, were “at odds with reality”) and went on to say that “there are no incentives on the big banks to deliver new and better services for users” and gave the example of “saving the cheque” as one of these new and better services. He also announced a further consultation process on a “competition-focused regulatory regime”. I’ve written before that I genuinely don’t understand how government “consultation” works. For example: Her Majesty’s Treasury put out a consultation document on the proposed new regime for regulating UK payments last year. As I wrote at the time,

I think it is fair to observe that the roots of this consultation lay in the so-called “cheque debacle” of 2011.

[From It would be great to have a payments strategy]

When the Chancellor of the Exchequer talked specifically about the payments system, I presumed he meant that he would be acting on that consultation process when he said that

“The system isn’t working for customers, so we will change it. I can announce today that the Government will bring forward detailed proposals to open up the payment systems.

[From Faster transfers on the way in banking reform plan – Telegraph]

Now, I’ve argued before that we need a proper National Payments Plan (NPP) with real goals in it. And I’ve also argued that more competition should be seen as the default mechanism for achieving those real goals. The heart of the reform should be to separate payments from banking and allow invention and innovation room to grow.

What regulators ought to be doing is allowing more competition in the payments sector, not trying to work out what interchange fees should be (since neither they, nor anyone else, knows what the correct answer should be).

[From Which payments should be surcharged and, more importantly, why]

Now the Treasury have published their proposals for the consultation process that the Chancellor referred to. They say, in essence, that the government’s favoured option was to create a Payment Strategy Board (PSB) with wider stakeholder representation. They also say that the majority of the responses supported the same outcome. As, broadly, did I.

If the government wants a PSB that will include a variety of stakeholders and develop a genuine long-term strategy for payments then I’m in favour of it

[From It would be great to have a payments strategy]

So what happened? With that clear mandate, you would imagine that the Treasury would be ordering the new paint and scouring lists of the great and good for an appropriate PSB chair, cursing their poor timing now that Christine Farnish has been snaffled by the Peer-to-Peer Finance Association (P2PFA). But in fact..

Our understanding is that the Treasury feels that the responses (56 in total) gave the wrong answer. Which considering the construct of the consultation (it was extremely clear what answer the Treasury was seeking) would seem a rather clear conclusion – few people are both interested enough to respond and believe that there is a need for fundamental change. Yet the Treasury has taken this as further indications that the system is broken, and announced yesterday during the Budget (an annual statement of the Governments’ policies and priorities for the coming year) that a consultation on a PayCom will go ahead shortly.

[From Celent Banking Blog » Thoughts on the Move to Regulate UK Payments]

So given it was what the government said they wanted, want the respondents said they wanted and, most importantly, what I said that I wanted… the government has decided to choose an alternative path and it now says it will create a new payment regulator (known by one and all as PayCom) that will probably be part of the new Financial Conduct Authority (FCA). This, as Heather McKenzie points out in the March issue of Banking Technology (“Clear Thinking”, page 9) is 12 years after the Cruickshank report suggested just such a regulator and a new governance structure for payments. I remain unclear about the principles that this regulator will be following though.

You cannot set a strategy that minimises everyone’s private costs so you will have to make trade offs and I would like to know what the principles using to inform the trade off decisions will be. Those principles are what should then guide the strategy.

[From It would be great to have a payments strategy]

I don’t really understand what the Chancellor’s goals are, except for keeping cheques, and I don’t think I’m the only one. The Independent Commission on Banking did not find that access to the payment system was a barrier to entry and nor did it recommend a regulator, so these ideas must originate from inside the Treasury somewhere.

PayCom cannot ever succeed unless it is clear what it is trying to achieve, why it seeks to achieve those goals, and what the measures of success are.

[From Celent Banking Blog » Thoughts on the Move to Regulate UK Payments]

I agree whole-heartedly with our friends at Celent on this one. Look, the Chancellors decision to go down this route clearly re-frames payments as a utility. I am not against this at all, and have written repeatedly that this will mean different regulatory structures.

This seems to me to imply that the payments utility should be regulated for what the telco guys would label Grade of Service (GoS) and Quality of Service (QoS) and anyone able to meet those requirements should be able to provide the cables, switches and sockets. The crucial economic functions of savings, loans, risk management and information provision should be provided by banks and, further away from the utility, the investment functions should be provided by investment banks (the casinos).

[From On the grid]

Will PayCom work? It’s impossible to say, since I don’t know what it is supposed to do. Reduce the total social cost of payments? Reduce private costs to a defined sets of stakeholders? Other than getting cheques cleared in three days instead of four, I’m really none the wiser as to what the new payment regulator’s goals will be.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

[Dave Birch] I had an interesting afternoon working with a client on some mobile wallet-related propositions, which are the focus for quite a few people in this business right now. It wouldn’t be appropriate to comment on the specifics of the propositions, of course, but I’m sure it will be OK to make a general point. These propositions should be more radical, and asking the public what they want from mobile wallets is a waste of time.

Smartphone penetration in the UK may be 60% and rising but 2013 is unlikely to be the year of the mobile wallet, according to ICM Research.
A survey of 2015 Brits shows that a third would definitely or probably use their mobile as a wallet to make payments, collect vouchers, to use as event tickets and on public transport.

[From Finextra: 2013 unlikely to be UK’s year of the mobile wallet – ICM]

Oh well, only a third. Perhaps it’s something to do with security. Polls that say that mobile wallets are not going to catch on often cite consumer concerns about security as one of the main reasons for that. 

A survey has found that French consumers are more interested in the idea of using their fingerprint to identify themselves when making a payment than in using a mobile phone for the purpose.

[From French consumers prefer fingerprints to NFC • NFC World]

Well, mass-market biometrics are on course for mobile phones this year anyway and I am sure they will improve the perception of phone security whether they have any impact on the actual levels of security or not. But let’s go back to the survey.

A survey of 2015 Brits shows that a third [overall – it’s half for smartphone users] would definitely or probably use their mobile as a wallet to make payments, collect vouchers, to use as event tickets and on public transport.

[From Finextra: 2013 unlikely to be UK’s year of the mobile wallet – ICM]

Now, to be fair, I don’t really pay any attention to what the public say about anything, but I am curious as to why a story that says that half of all smartphone users would use their phones for payments, ticketing and loyalty then headlines the mobile wallet as “unlikely”? Perhaps it is because the public don’t really know what a mobile wallet is or what it might do (other than act as an expensive an inconvenient replica of the wallets they already have).

This was a point that I made when I was invited by Total Payments (my favourite people right now because they said I was the most influential emerging payments expert in Europe – thanks guys) to give a “pecha kucha” talk. A pecha kucha is a presentation format of 20 slides that are displayed for 20 seconds each, which gives you 400 seconds (six minutes and 40 seconds) to make a point. I can’t say I was entirely successful (I ended up skipping a couple of slides) and I can’t say it’s really the format for me, because I like to engage with people and explore issues so that I learn too, but it was fun. You can judge whether it was effective or not for yourself here.

So irrespective of what people say, I am sure that they will be using mobile wallets, with two provisos: one is that we make mobile wallets hyper-wallets rather than virtual wallets, as I’ve written before, and the other is that we do deal with that security issue. And that, I think, might be relatively easy.

Your credit card is a data string, not a physical piece of plastic: why not enclose that data—and the privileges and responsibilities it unlocks—in a remotely accessible mobile container with an extensive system of checks and balances that has a much healthier respect for that data?

[From How A Stolen Wallet Made Me A Mobile-Payments Enthusiast | paidContent]

That isn’t to say that security isn’t a huge problem. It is, but for a different reason, which is the cost and complexity of the infrastructure that it demands. The Atlanta Fed highlighted this (as did a great many other people).

While, as noted in our 2011 mobile industry position paper, firms engaged in rolling out new mobile payments services have agreed that successful near-term adoption will rely on common standards for security and interoperability, free market dynamics dictate that all players in this new mobile ecosystem will not necessarily work together, motivated instead by a responsibility to create shareholder value

[From Portals and Rails]

This is why if you are, say, Visa and Citi and Vodafone, then there is a long and complex path to a wallet and handset and SIM and secure element combination that can deliver security appropriate to mass-market, population-scale payments. The combination of security and interoperability that the industry chose was the EMV, Secure Element (SE), Single Wire Protocol (SWP) and SIM-based model.  Sorry to sound like a broken record, but security is a problem partly because of that chosen model, not because of mobile payments in general. As we have long maintained, mobile payments will be more secure than card payments. As Cindy Merrit from the Atlanta Fed said succinctly:

the mobile phone will be a much more secure payment device than the plastic cards we use today

[From Portals and Rails]

I agree wholeheartedly. Consult Hyperion’s position has always been that the future “something present” transaction (SP) will more secure than either card present (CP) or card-not-present (CNP) transactions are now, and that translates to a cost differential.

In fact the bottom line is that the fraud figures have been improving, and I expect them to improve further still over the next couple of years as we begin the integration of cards and mobiles.

[From Digital Money: The fraud trajectory]

Now, the general public have never heard of SEs or Supplementary Security Domains (SSDs) or Trusted Execution Environments (TEEs) and wouldn’t understand what they are even if you told them. So if we can find a way to overcome the security infrastructure problem, then it’s not going to overcome the security problem for consumers.

The results of a survey released today reveals that people would prefer to lose the contents of their wallets than their mobile phones. The study asked what people would most fear losing from their back pocket – 37% said their ‘personal phone’; 20% their ‘company phone’; 25% said ‘£50’; with just 18% citing ‘credit cards’.

[From New Media Knowledge – Survey finds people stress more about losing their phone than their wallet]

Surely it’s also about people understanding their rights under relevant national laws? The reason I couldn’t care less about losing a credit card is that it’s not my problem. I ring up the bank and they send me another one. I doesn’t cost me anything and while I’m waiting for it come, I just use another one instead. If I lose my phone, it’s a pain in the arse for a couple of days until the replacement shows up and I have to pay for the lost-or-stolen insurance if I don’t want to have to buy another phone. Hence my suggestion yesterday for where it might be fruitful to focus on building a strong wallet proposition: the lost-and-stolen issue. If the industry can turn this from being a concern into being a selling point, we are definitely on to something.

Hence: maybe the USP of the hyper-wallet is recovery. If I lose my wallet, it takes days, weeks or perhaps even months to reconstitute. If I lose my hyper-wallet, I go to the phone shop and get another phone, turn it on, enter my PIN / fingerprint / voiceprint and ID and hey presto five minutes later my Visa card, my Starbucks app and my Safeway loyalty card are all up and running again. This is the “Marks & Spencer” theory. If we make consumer absolutely confident that when something goes wrong they will be taken care of, then they won’t focus on the things that could go wrong, if you see what I mean.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

[Dave Birch] At the Westminster e-Forum, one of the journalists asked me “are mobiles more or less secure than cards?”. It is very difficult to answer this kind of what seems to (but isn’t) a straightforward question. Someone else asked me”are mobile NFC payments secure?”. Well, we are experts in the field and have carried out risk analysis on a number of different systems, so we can only answer “compared to what?”. Anyone who claims that any system is 100% secure hasn’t done their homework, but no-one developing a new payment system would start out with that goal (for the obvious reason that it would be too expensive). What should we compare mobile NFC payments to? I suppose the journalist was right in current circumstances and the benchmark should be plastic cards. In which case, I think the answer is clear.

If the level of fraud around plastic cards is at a some level considered tolerable, then we should aim to make mobile NFC payments more secure than that. This was in the back of my mind while reading an article on the topic that had been sent to me by a journalist asking for comment. The threats set out in this article (and my take on them) are:

1. The threat of having your smartphone stolen, and then used to purchase goods

This is the same as the threat of having your credit card stolen and then used to purchase goods except that people don’t notice when their credit card is stolen, but they do notice when their phone is stolen.

2. The threat of a criminal placing an NFC receptor in close proximity to your smartphone in order to steal your funds. For example, a criminal placing a receptor near your phone while it is in your pocket and you are in a crowded elevator or subway.

This is a wholly non-threat. Even if I could sneak my phone to your back pocket, all it would read would be the same card number and expiry date that you show everyone when you use your card anyway.

3. The threat of intercepting the NFC signal by eavesdropping while you are undertaking a transaction and then altering the signal so that the funds are transferred elsewhere.

This is an non-issue. The digital signature attached to contactless card transactions stops merchants (or anyone else) from altering (or replaying) transactions.

4. Malware on the smartphone.

This is a genuine threat to transaction systems based on mobile phones, but is nothing to do with NFC.

[From How secure is NFC? « Dave Waterson on Security]

My overall take on all this? Mobile NFC payments are safer than than payment cards. Davey Winder was kind enough to quote me making a similar point in an interesting article about the security of contactless payments.

Birch insists that while current contactless payment cards are just as secure as other card payment technologies, contactless mobile phone payments have the potential to be “significantly more secure, since there are a number of characteristics of mobile that make it much harder to defraud people”,

[From Infosecurity – How Secure Are Contactless Payments?]

It’s hard to say definitively that “mobile” is more secure than “cards” because obviously there are lots of different kinds of mobile payments and lots of different types of card (well, two, really, stripe and chip). There was a recent report from the Boston Fed looking at these security issues and comparing the different mobile payment technologies to contrast the vulnerabilities of each.

This report examines in detail how near field communication (NFC) and cloud technologies address security for mobile payments at the retail point-of-sale (POS).   It also provides a brief overview of security for two other mobile technology platforms, QR code, and direct carrier billing (DCB). Each technology manages and processes information uniquely; hence security practices and issues will vary with the technology deployed by each payments platform provider.

[From Mobile Phone Technology: “Smarter Than We Thought” – Boston Fed]

The report makes an interesting distinction between a mobile wallet, where the payment credentials are stored on the mobile device, and a digital wallet, where the payment credentials are stored in the cloud. I think these connect with the final point above about malware and the distinction is important, especially as we are moving from a world of mobile payments to a world of mobile wallets, with lots of software running in the handset.

In the cloud, on the other hand, the threat of mobile malware is strong enough that wallet providers will need to make absolute certain that they understand the nuts and bolts of each mobile platform and operating system for the phones that will carry the wallet.

[From The Issue of Security and Fraud Risk in the Cloud vs. Contactless Mobile Wallet Debate – PaymentsJournal]

There is another way. Suppose the phone just stores the keys to the payment credentials in the cloud? Then the problem resolves to the more manageable (and well-understood) issue of managing keys. Since the keys are small, relative to the data, they can be stored in a Secure Element (SE) or Trusted Execution Environment (TEE) on a mobile handset and then we can ignore all of the nodes and links between the counterparties to a transaction and move to end-to-end security. I think we’re on that track: so not only are mobile phones already more secure than plastic cards, the gap is going to widen.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

[Dave Birch] The Smartex Christmas meetings are always fun, partly because people turn up in a good mood to begin with and partly because there’s a slap up Christmas dinner at the end of it. This year’s, the 20th, kicked off with a pair of talks from old friends: Roy Vella talking about the trends in mobile payments and Adrian Cannon talking about the options for legacy payment providers in the face of competition from the alternative payment boys. There was obvious thread running through these two super sessions, which was that the mobile provides a platform for alternative payments and new entrants that simply did not exist when the old Smart Card Club got off the ground and that this platform changes the rules of competition in the world of payments.

Roy made some excellent points about how all businesses, not only payments businesses, should stop regarding mobile as a channel and start regarding it as the fundamental technology at the business-consumer nexus. As he pointed out, the next phase of mobile powered money (he used the example of the Royal Canadian Mint’s Mintchip experiment) will be very different. I agree with this: the next “kind” of money will be as unimaginable to us as Bank of England notes would be to Shakespeare. Ultimately, though, Roy’s point was that the market dynamics are shifting so that the data associated with payments is becoming more valuable than the fees associated with payments, so the next phase of competition in the retail electric transactions world will be about that data (which, broadly speaking, means that the wallet was about to break out).

Adrian took a different perspective, agreeing with Roy about the value of the data, but arguing that the collection and commoditisation of data will drive down the value of that data, turning it into a high-volume low margin business again (i.e., much like payments) that will favour the incumbents (e.g., banks). I didn’t want to disrupt the debate by arguing with Adrian (enjoyable and educational though that always is) but I suspect he is slightly too conservative in his analysis, because I feel that payments is beginning to shift away from banking and that there are others (e.g., telcos) who can manage big data just as well. He had some figures from an Edgar Dunn survey which showed that 39% of payments providers thought the regulation was the most significant issue facing them over the medium term (by comparison only 28% said technology, and only 18% said competition). I think that regulation is already heading in the right direction here, where the regulation of non-banks coming into payments is under PI and ELMI rules and not banking rules (which never worked anyway). I’ll blog more about this soon (Brett King just did so) but the idea of a portfolio of near bank products as the “account” is close.

I won’t cover the talk from MoLo Rewards here as I’m going to cover them another time. Jeremy Acklam finished off the pre-lunch seminar when he gave an excellent talk about transport and mobility, pointing out that information and payment systems are a critical aspect of transport systems and key to their take up. He also made a point about the extent to which the mobile phone is gradually subsuming other functions, and there’s no reason to think that ticketing will escape the mobile event horizon. I thought he illustrated this is rather a fun way: he’d brought along a carrier bag of the stuff that his phone has replaced! Here he is with, amongst other things, an original Sinclair Cambridge calculator.

After dinner the Smartex guys invited me to give an after-dinner talk so I used the opportunity to make three predictions for 2013 and I’ll happily stand up and be counted for them this time next year! What I said was

1. We haven’t yet seen the impact of retailer exploitation of the new transaction technologies but I think we will over the coming year. It will be retailers who determine the next phase of evolution in payments.
2. Several retailers have already said that they won’t be buying any more conventional point-of-sale terminals. It is inevitable that the device formerly known as the mobile phone, in one form or another, will begin to change the nature of in-store payments. I’m afraid that POS terminals are inside the handset event horizon and is even now being pulled apart by mobile gravity.
3. Not only because of Apple’s acquisition of Authentec, but for a variety of other reasons to do with convenience, I expect to see biometrics play more of a role in mass-market retail electronic transactions by the end of next year as I blogged recently.

I’m already looking forward to the SmartEx 2013 Christmas party, where I will be subject to robust examination on the topics of retailers, POS terminals and biometrics and look forward to seeing you all there!

P. S. Roy was kind enough to refer to my arbitrary and capricious definitions of the eras of money, which I greatly appreciated. I guess I should break redraw that diagram now to reflect the fact that whereas I see “bits about bits” continuing to coexist with “bits”, I really don’t see the “atoms” continuing. However secure it may seem right now, cash’s days are numbered.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

[Dave Birch] It is certainly a paradox as to why any of us pay any attention to anything in the newspapers at all. Whenever you read about something you know about, the newspapers always get it wrong. Yet we believe them on all the other stuff they write about. “Stop talking in sweeping generalisations” you say? “Give specific examples so that we can judge” you say? OK. This is from The Daily Mail, talking about chip and PIN fraud.

If your card has been stolen or cloned and a crook has either got hold of — or deduced — your pin, your world can turn upside down in an instant.

[From SAM DUNN: Chip and pin is not foolproof yet banks blame customers | Mail Online]

Well, this is certainly true. (Although chip and PIN cards can’t be cloned – the magnetic stripes on the back of them can be counterfeited, but this has always been true). But I particularly liked this take on the banks’ response:

It also turns a blind eye to a pin having been illegally read — most likely by high-tech software undetectable by the ordinary human eye.

[From SAM DUNN: Chip and pin is not foolproof yet banks blame customers | Mail Online]

Most high-tech software is, presumably, detectable by the ordinary human eye. I hadn’t realised that you needed an extraordinary human eye to detect some of it though, so I can see why criminals might employ this devious tactic and I share the Mail’s shock at this turn of events.

This is all, of course, nonsense. I might sneak my high-tech software into the POS terminal at your local supermarket, and that might help me to get your card number and PIN, but those details are insufficient to create a counterfeit card (or at least they should be for issuers who have set the chip ICVV correctly). If your card is stolen and the thief has your PIN, and you genuinely didn’t have it written on the back of the card, then it’s a pound to a penny that they got the PIN by looking over your shoulder in the Co-op or by having a camera at an ATM and then reproducing the magnetic stripe of for use somewhere that doesn’t support chip transactions (e.g., America).

The sophistication of criminals with respect to ATMs, by the way, is particularly impressive. When I last nipped in to the “banking lobby” at my local branch, so that I could use an ATM in the warm rather than in the Siberian Winter Bringing Britain to its Knees (© any British newspaper), I noticed something new: there was a sticker on the ATM telling me that the machine had been “fitted with a device to prevent card fraud”. This led me to wonder why they didn’t send me a sticker to put on my debit card telling me that the card had been “fitted with a device to encourage card fraud” (viz, a magnetic stripe).

I have no idea why my debit card has either a magnetic stripe or embossing either, and it’s not clear to me why it has my name and bank account number on it as well, and I don’t know why it has a signature strip on the back when I don’t want to use it for signature transactions under any circumstances. (Rather oddly, I also notice that the EMV configuration of my splendid payments watch says that it is configured to allow signature transactions, even though there is nowhere on the watch to put a signature strip.)

Let’s not panic. Whatever you think about chip and PIN, it works. In chip and PIN markets, like the UK, card present fraud is going down. The criminals aren’t giving up, naturally. The fraud is being transferred to card-not-present (CNP) and magnetic stripe fraud, particularly in the USA. I notice that Australia is on a similar trajectory

But fraud shot up on Australian-issued cards, from $12.9 million in 2010 to $16.4 million in 2011, the highest figure since APCA began publishing statistics six years ago.

[From Massive Payment Card Upgrade Has Mixed Results in Australia | PCWorld Business Center]

I know nothing about the Australian payment card issuing systems, but I’ll bet the rise in fraud is because stripe data is being used online and in the US, not because someone has figured out a way to counterfeit domestic EMV cards.

The U.S. currently accounts for 47% of global credit and debit card fraud even though it generates only 27% of the total volume of purchases and cash

[From U.S. Leads the World in Credit Card Fraud, states The Nilson Report | Business Wire]

Criminals from around the world are shipping card data to the US to make counterfeit magnetic stripe cards and then using them ti withdraw money from ATMs or hit retail stores. Amazingly, domestic American criminals can be rather conservative in comparison to these enterprising world fraudsters. In the US…

Criminals still target checks more than other types of payments.

[From Payments Fraud Remains High]

So why carry on using them? But that’s another point entirely. Card fraud is an industry and like any other industry subject to the disciplines of specialisation and mass production and these will inevitably push more and more card fraud beyond the borders of chip and PIN.

The gang was split into different cells, with certain groups responsible for stealing or modifying terminals, while others made large withdrawals from ATMs. Yet another group specialised in the installation of cloning devices and cameras on banking terminal overlays.

[From Finextra: Mounties bust C$100m card fraud ring]

Incidentally, the US isn’t the only country with a serious card fraud problem.

According to the Aite Group poll of 5223 people – around 300 for each country – Mexicans are the most likely to fall victim to fraudsters, with 44% hit in the last five years.

Chip and PIN-less America comes second, on 42%, followed by India on 37%. The UK ranks sixth on 34%, well above its European neighbours, Germany (13%) and the Netherlands and Sweden (both 12%).

[From Finextra: Global card fraud continues to rise – survey]

I have no idea why this should be, but I suspect that it may be because no-one in Germany or the Netherlands or Sweden writes cheques, uses credit card numbers online or uses magnetic stripe and signature cards very much.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

[Dave Birch] Right now there is a growing divide, particularly, in the USA I think, between those who think that NFC is the future of retail payments and those who think that it is being bypassed for a variety of reasons, not all of them technological. At the same time, there is a growing divide between those who think that the evolution of existing retail e-payment schemes is the right way forward (broadly speaking, the incumbents) and those who want a new generation of payment options that exploit new technologies (broadly speaking, everyone else, including retailers). Who is right?

Life is rarely black and white.

in other words, suppose they are all correct? To my mind, this is the most likely situation a generation from now. I think we can see a plausible set of routes through the social, business and technology roadmaps and these routes will have a couple of waypoints that are just about distinguishable now.

1. NFC is used for payments, using the existing EMV infrastructure, but in time this becomes a niche application. Shops will have an EMV terminal just as they have a zip-zap machine now but schemes based on identity infrastructure will be the mainstream. Since NFC will be the most convenient interface for most people, it has a decent future.
2. Decoupled debit becomes the dominant retail e-payment mechanism, taking us into the grey area of the “something present” (SP) transaction beyond the current black-and-white-again Card Present (CP) and Card Not Present (CNP) world. Just as cards replaced cheques, yet cheques still exist, so tokens (such as, obviously, mobile phones) will replace cards. Not instantly (after all, I still have a chequebook at home somewhere, even though I don’t remember where it is and only write about two cheques per annum) but in time. But the token serves only to identify you, not the payment system.

Going via these waypoints, then, we arrive at a plausible vision for retail payments: you tell the retailer who you are, the retailer ask for money, your payment provider sends it to them and then obtains the money from you via whichever mechanism has been negotiated between you. But, crucially, how you pay and how the merchant gets paid are now entirely separate. If this sounds like an extreme prediction to you, then I’d suggestion a William Gibson-style review of the unevenly-distributed innovation going on in that space right now. Take, for example, the pressure from retailers to do just this, because they want to go straight to your bank account and not bother dealing with acquirers, processors, schemes, interchange or anything else.

Fast Forward is a breakthrough new way to pay for your groceries and gas without having to carry any cash, checks or cards with you. Simply add* Fast Forward to your Safeway Club Card and you’ll be able to save and pay in one simple step at checkout.
[From Safeway – Fast Forward]

Fast Forward, I’m pretty sure, adds weight to my arguments about the centre of gravity in the payment space shifting more toward retailers. And it’s a perfect illustration of the “identity is the new money” meme. Safeway’s loyalty card and PIN combination is there to identify you. Once they know who you are, payment is easy. And I think I’m on pretty safe ground with the strategic inclination toward decoupled debit that I’ve shared here before, especially if the rampant rumours about Google’s plastic card version of the virtual debit cards in the Google wallet turn out to be true.

Still, it is hard to see the real benefit of adding a plastic card to Google Wallet.

[From Google Wallet Turning to Plastic? – PaymentsJournal]

I disagree. Merchants will be happy to accept the debit product, which will cost them a Durbin-mandated minimum amount and Google will be happy to pay the difference on the back-end card transaction because Google will know where you are and what you are buying and your card issuer won’t. The link with Durbin is complex. There were initial thoughts that the Durbin cap would render decoupled debit propositions uneconomic.

Banks, though former critics of decoupled debit, were quick to decry Tempo’s exit as the latest casualty of the Durbin Amendment. A recent article in American Banker began, “First it was free checking. Then it was spending rewards. Are decoupled-debit cards the next casualty of the Durbin amendment?”

[From Will Decoupled Debit Cards Go the Way of Rewards Checking?]

In time, though, opinion has shifted. I suspect that this is because the value of the data was underestimated in the original modelling. You can continue the thought experiment a little further along these lines. If the data really is valuable then the retailers will then do a deal with Google to get access to this data as part of the bundle of services that Google delivers to them.

Merchants may soon begin to impose a surcharge each time a customer pays with credit card, a practice Visa Inc. and MasterCard Inc. currently prohibit…. [But provision will likely go away as part of impending settlement].

The “accept all cards” rule is likely to undergo a huge change, with implications for Visa/MA earnings, new retailer led payment networks, mobile wallets, issuer loyalty programs, EMV reissue, and “new products” (ex. Instant credit, pre-paid, decoupled debit, …).

[From Retailers Discourage Credit Cards « FinVentures]

Debit is already the dominant non-cash tender at retail POS and with retailers incentivising the use of products such as Google’s (because they want access to the data) there will be real pressure on legacy schemes. And note that retailers aren’t the only people going down this route. Look at the “mpass” payment scheme that O2 has launched in Germany to see how mobile operators can deliver the SP transaction.

Customers have two options as to how to settle the amount later. Users can either have the amounts debited conveniently from their current account by direct debit, or they can top up credit via bank transfer to the mpass account which is opened on registering.

[From Telefónica uses MasterCardPayPass: contactless payment via mpass]

Incidentally, the idea of a sort-of-debit-card that chooses the means by which you pay is not new or confined to Google.

Wallaby is a cloud-based digital wallet that stores the information about all of your credit cards and automatically picks the best card to charge in each transaction, based on your preferences.

[From App Combines Credit Cards And Picks The Best One To Use For Purchases – StumbleUpon]

When I read about this I thought it was quite interesting, because we worked on a feasibility study for a similar product for a UK financial services company back in 2007. They decided not to go ahead with it for commercial reasons that were none of our business, although as far as I recall the technical architecture that we came up with was plausible. I bring this example up here because it shows again how a combination of mobile wallet and decoupling can bring into the market wildly different products, way different from the current credit and debit card products.

The transition to SP is an inevitable consequence of this trend and it seems to me that there is a growing recognition among our clients that digital identity is at the heart of the SP transaction. Which means, of course, that the organisations who to provide SP infrastructure must have an identity management strategy. This is, I think, actually quite difficult for them. As I’ve noted before, there is at least one important difference between identity strategy in the financial services sector (and the payment strategies that they have historically been party to) in that identity strategy sits inside cross-sector national and international identity management frameworks. The financial sector has to develop within these frameworks and not develop its own special-purpose or proprietary solutions. We are not far away from the first NSTIC (in the USA) or IDA (in the UK) payment scheme.

Incidentally, and with the usual IANAL caveat, it looks to me as if someone else has spotted the decoupled debit strange attractor in the currently chaotic world of mobile wallets and done something more about it than putting it in the executive summary of client reports and, later on, witless e-scribbling on blogs:

The patent is United States Patent Number 8,205,791, titled “Payment System and Methods”. The patent contains 28 claims, including various independent claims for a consumer to fund a mobile wallet via an ACH payment method for the holder of a United States checking account with a financial institution to accomplish a purchase at a retail site. Some examples of a payment token useable by consumers include a smart phone, a cellular device, and a wireless device.

[From NPCA nabs patent for decoupled debit on mobile]

I suppose this means that in the future we will generically classify these as “lawyer present” rather than “something present” transactions.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

[Dave Birch] Earlier this year we began see to a strategic refocus away from mobile payments as the basic element of competition in the sector and towards the mobile wallet. I notice today that the UK operator consortium "weve" (formerly known as Project Oscar) has decided to follow this path. 

NFC payments are to play second fiddle to mobile advertising in the business model drawn up by the Project Oscar consortium of UK wireless operators, who have rebranded their combined platform as Weve.

[From Finextra: NFC plays second fiddle to advertising in UK mobile consortium plans]

This is for a variety of well-known reasons that we don't not need to rehearse here. It is worth noting here, though, just how quickly mobile payments are growing in any case, whether part of a wider mobile wallet proposition or not.

PayPal’s evidence on the appetite for mobile payments is compelling. It has several applications for the iPhone, Android phones and BlackBerry that allow users to send and receive money directly into their accounts.

In 2008, PayPal’s various mobile applications processed $25m in payments. In 2009, that figure was $141m. Last year, the number grew to $750m, and this year the company expects $1.5bn.

[From FT.com / Reports – Smartphone wallet a step closer to reality]

PayPal are only one of the players, of course, but their evolving roadmap is worth studying. The opening of the API, the idea of the "Commerce Identity" and the strategic shift to mobile are all tactics that will be emulated by a great many other players. So how will the competition shape up? Forrester say that there are three main factors that will are relevant:

Hardware-agnostic mobile digital wallets face fewer hurdles than NFC-based wallets and will have faster adoption.

Digital wallets will be a wedge between card issuers and consumers, and the wallet operators will charge them for the privilege.

Winning wallets will be convenient to use, contextually relevant, with a compelling experience.

[From The Digital Wallets Wars Are the Next Phase of the Payments Industry Transformation – Forbes]

Let's look at these factors.

1. Well if you need hardware, the argument goes, it's going to be more costly and complex to deploy. True. But look at Square and M-PESA for counter-examples. Sometimes, hardware makes the overall consumer proposition better. The Square dongle and the M-PESA SIM made the consumer proposition simpler and made the system as a whole work more effectively. The assumption that software-only solutions are always going to be better, quicker to market, cheaper etc needs challenging. Therefore, in my version of the evolving roadmap, I assume that wallets that need some form of tamper-resistant hardware will provide a more secure platform than software-only alternatives.
2. It's certainly true that wallets will sit between card issuers and consumers, but that's not the same a driving a wedge between them. On the contrary, a wallet might well facilitate continuous and relevant communication between issuers and consumers. Remember me talking about following my debit card on Twitter?
3. Yes wallets have to be easy to use, but the issue of relevance is, to my mind, key. This is why I suspect that retailers have the upper hand. I'm not sure that I would call my Starbucks app "compelling" but I don't see how a telco or bank could make a more compelling experience in Starbucks than Starbucks can. At the Money2020 discussion panel on the Merchant Customer Exchange (MCX), Mike Cook from Walmart said that the idea was to build a great mobile commerce experience and then add payments.

MCX is, of course, some way from putting products into the marketplace, whereas the competitors are up and running. Visa, for example, is steaming ahead with its "V.Me" web-based wallet.

The service will be made available through Visa’s member banks and will initially be accessed through the internet browser on a PC, laptop, tablet or smartphone.

[From Visa Europe confirms V.me digital wallet launch date]

This has already launched with the first couple of banks in the USA and Europe, as has the ISIS mobile wallet from the US operator consortium.

ISIS, the joint mobile payment venture that is backed by AT&T (T), T-Mobile and Verizon (VZ), announced on Monday the official launch of its Mobile Wallet service in Austin, Texas and Salt Lake City, Utah.

[From ISIS mobile wallet service launch: Austin and Salt Lake City | BGR]

An important observation to make, though, is that so far these initiatives are about using mobile to exploit the legacy infrastructure as the banks, schemes and mobile operators find ways to work together that maintain, perhaps even lock-in, existing products, services and relationships. But there are people who think that this cannot be the long term impact of the shift to mobile – surely the technology will disrupt?

Apple, Google, Facebook and Amazon are locked in a tech-driven cage match to win in the greater innovation arena.

And one of the biggest battles is off to a heated–if not always clean–start: controlling the mobile pay market. The reasons why the Big Four are grappling so, can be understood by looking at a single number: By 2016, mobile payments could be a trillion-dollar industry all its own.

[From The Great Tech War Of 2012: On The Mobile Pay Front [Updated] | Fast Company]

I couldn't help noticing that this well-worth reading Fast Company piece didn't say anything about Citi, Visa or PayPal in the lead-off paragraph. The implicit message seems to be that these payment dinosaurs are doomed now that the mobile meteor has hit. Yet one of the new mammals, Google, has been actively developing and enhancing its own wallet proposition, although not without a controversy that (I suspect) adumbrates discussions in what would once have been smoke-filled rooms between MCX and the schemes over some form of decoupled debit proposition as part of the MCX framework (although more likely than not to be ACH-based). 

But not only Visa is said to be unhappy with the new cloud-based approach by Google for its wallet. American Express and other big issuers do not like it either, because they lose their direct connection with their customers, say observers. AmEx also has an acceptance brand to protect. [Google] collects the transaction data related to the purchase, which it then plans to use to create targeted promotions to consumers. Google believes that that will more than cover for its loss on interchange of roughly 1% of each Google Wallet transaction and its potentially greater losses from liability for fraudulent Google Wallet transactions.

[From Google to Make Wallet Announcement; Deals with Opposition from Visa, Big Banks, to Cloud Model | NFC Times – Near Field Communication and all contactless technology.]

What is going to shape the path through the evolving roadmap mentioned above? Is it all about collecting data for marketing? At the Smart Payment Forum in October, Alex Reid (the head of Mobile Wallet Services at Vodafone UK) put up a slide showing that the highest added-value would come from downstream identity management and access control services rather than from the immediate opportunities in loyalty and coupling and I'm pretty sure he's right about this. As the preceding paragraphs presage, we're entering a period of confusion… and opportunity.

In addition to the newly announced Merchants Customers Exchange, the other big names in mobile payments include Google and Isis. A wide-open field poses a dilemma for consumers, since nobody wants to get stuck with the mobile-wallet version of Betamax.

[From Do You Need a Mobile Wallet? – Real-Time Advice – SmartMoney]

Well, yes, but… if all of these wallets stick to standard interfaces (e.g., NFC for proximity payments) then there's no problem. After all, I can use a credit and a debit card in the the same terminal, even if they come from different issuers (indeed, different industries). If Alex is right, and it's all about identity, then a simple interface that exchanges identity data at the point of purchase will suffice, since everything else can be pushed off to the cloud somewhere.

Today we’re releasing a new, cloud-based version of the Google Wallet app that supports all credit and debit cards from Visa, MasterCard, American Express, and Discover. Now, you can use any card when you shop in-store or online with Google Wallet.

[From Use any credit or debit card with Google Wallet]

These are the sort of issues sure to be discussed at M for Mobile's Mobile Wallet Summit in London on November 28th and 29th 2012. The wonderful people there have given us a delegate place worth an astonishing ONE THOUSAND FOUR HUNDRED AND NINETY FIVE of your British Pounds to give away as a prize on the blog. So if you are going to be in London on those days and want to come along and meet a variety of experts (and me), then enter the competition! All you have to do is make a non-spam comment on this post on the Tomorrow Transactions blog (don't e-mail me – that doesn't count). A week from today, we will close off comments and then make a genuinely random draw amongst commentators and the winner will receive the delegate place! Good luck and see you there.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers