EMV is at the heart of global payment card processing. As a specification it governs the processing of billions of transactions globally, with the vast majority of those flowing through the international payment schemes. As a technology it has been incredibly successful, reducing fraud levels everywhere it’s been introduced and its extension into contactless payments is now the fastest growing area of face-to-face payments. The idea that EMV might soon be obsolescent seems far-fetched, to put it mildly, but there are reasons to believe that its hegemony is under threat.
So, you want to be a card issuer?
Card issuing seems to be hot right now. Despite the rise of alternatives to card payments, many Fintech’s appear intent on adding payment cards to their product portfolios. And it is not just the “me too” start-up banks.
For example, some international remittance services are adding payment cards to their offerings. This allows customers to spend the money they receive directly but also means that customers do not withdraw funds immediately upon receipt. This extends the customer relationship adding value to both the customer and the Fintech.
How Could Digital Currency Work?
The Bank of England and the UK Treasury have announced a Central Bank Digital Currency (CBDC) Taskforce to coordinate the exploration of a potential British CBDC. But how could a digital Pound actually work? As it happens, this is something that Consult Hyperion knows rather a lot about. Apart from our work on the first British central bank digital currency (Mondex) back in the 1990s, our work on the first population-scale mobile money scheme (M-PESA) in the 2000s and our work on the most transformational contactless payment roll-out (Transport for London) in the 2010s, our practical experience across implementation platforms means that we understand the architectural options better than anyone.
Will Brexit make stealing bank cards attractive again?
A couple of weeks ago I wrote a piece for our friends at Smartex; ‘Brexit and the UK Finance’s proposed £100 contactless limit’. Perhaps a title more worthy of grabbing readers would be ‘Will Brexit make stealing bank cards attractive again?’
The pandemic has accelerated consumer behaviour that has been teetering for the last decade. The desire for contact-free (and therefore contactless) transactions, has meant a significant trend in consumers becoming comfortable with tapping their cards and perhaps more interestingly, their phones (devices/wearables). We’ve seen merchants switch from hand scribbled ‘cash only’ signs, to ‘please use cards (devices etc) wherever possible’. Some stores have completely rejected cash altogether.
Travel Broke and Broken
The ongoing COVID-19 crisis has been ruthlessly exposing fragile business models and weak balance sheets across a whole range of industries but perhaps never more so than in the travel business. In fairness, no one could have anticipated a global, government dictated total shutdown and no business models could ever be flexible enough to support such an improbable scenario. Still, it’s become clear that many travel industry companies are effectively broke and that the payments model they rely on is broken. Going forward we need a better and more sustainable approach to payments in the industry.
Most travel industry payments rely on payments cards so it’s worth starting by recapping on how most card payment models work. When a cardholder makes a payment to a merchant – either in store or, increasingly, on-line, this is routed to the merchant’s card acquirer. The acquirer has a direct relationship with the merchant in the same way that a card issuer has a direct relationship with cardholders and the acquirer will route the payment request to the relevant issuer – usually by sending the request to a payment scheme who uses the card number to identify the correct issuer. If the issuer approves the transaction then the response is routed back through the same path and the purchase completed. This is no different from any other card payment, although there are hidden complexities where the merchant is an online travel agent sourcing flights, hotels, etc from multiple underlying vendors. However, that’s a detail.
Cards vs non-cards or cards and non-cards?
A payment scheme isn’t just a data switch that connects consumers, banks, merchants and retailers. If it was, there wouldn’t be any, because we’d all just use the internet instead. There are rules that need to be in place to make a scheme work in the mass market, to protect the participants and to fairly distribute liabilities. Hence when I saw this interesting comment about the opening up of the European payments marketplace under PSD2, in a discussion about Google wallet at the recent Google I/O conference, I did think that it perhaps underestimates what it takes to create a new consumer payment scheme:
For now, the service is linked to a user’s credit card, but not for long (at least for European users), Daniel Döderlein, CEO for payments systems provider Auka, told Bank Innovation. “Once Google’s able to go to direct to account they will cut out the cards companies and to some extent, the bank,”
From Would You Like to Set Google As Your Default Financial Institution? | Bank Innovation
This resonated with a story that I heard last year and mentioned to a few of our clients in seminars and workshops. A friend of mine was on a study tour of the US during which he visited a number of different technology companies as well as a number of different technology users in a group of related industries. He told me that the whole time he was in the US, the only people who had asked him about PSD2 came from Facebook and Google. Not from banks, not from retailers, not from payment processors and not from card issuers. Yet, as I think comes over in our recent webinar on threats and opportunities, PSD2 is a fundamental driver for all of their strategies for the foreseeable future.
When my friend came back from California with his tale of PSD2 indifference, I remember thinking at the time that it might be an indication that not all of the participants in the payment marketplace had fully evolved their open banking strategies. Hence I explained to him that as PSD2 was going to completely change the way in which consumer data is managed by banks, it was natural that banks had no strategy for dealing with it whereas people who sell consumer data for a living (e.g., Facebook and Google) would undoubtedly have already created and explored a number of different scenarios and set a strategy to exploit the changes.
Is that rather dramatic Google I/O comment justified though? Is it right that once the banks are required to open up their APIs and are forced to allow third parties to obtain account information, instruct payments and obtain confirmation of available funds, will those third parties cut out the “card companies”? In other words, is open access bad news for, to choose the obvious examples, Visa and MasterCard? Well, that depends. I remember answering this question a couple of years ago at a conference by saying that if the people that Consult Hyperion were working for at Visa and MasterCard were stupid, then it was a threat. But since the people that we were working for at Visa and MasterCard were not at all stupid, and could read the newspapers just as well as we could, I thought that on balance the new infrastructure would present an opportunity. At the time, of course, I couldn’t have foreseen that MasterCard would step up to the plate and pay $1 billion for VocaLink so quickly, thus ratifying my conclusion!
“Somehow this takeover didn’t make the news headlines, but mark my words it was one of the most significant events in the evolution of the UK payments industry since Reg Varney got a tenner out of that first ATM in Enfield half a century ago. It’s a significant milestone on the road to #cardmaggedon, and it’s not only me who thinks this.”
via MasterCard and VocaLink is a big deal | Consult Hyperion
The reasoning behind our general advice to clients at that time was that the network itself, the technological component of a scheme (the interfaces and switches and connections) is easily replicated, but the non-technological components (the “3Rs” of rules, rights and relationships) are much harder to create and manage. This where Visa and MasterCard have half a century on the competition. I saw this view echoed in a recent magazine article.
It is felt that as the distinction between cards and other forms of payments (e.g. credit transfers) breaks down, the management experience of card schemes positions them well to extend into these other payment methods rather than being replaced by them.
European domestic payment schemes shifting focus to new digital payments services – Payments Cards & Mobile
What it comes down to is that sending money from account to account over instant payment rails is ultimately cheaper, quicker and simpler than messing around with 16-digit PANs, authorisation networks and settlement files. As many industry observers have pointed out, in the long run the “push” payments will win. However, sending the money around is only a very small part of a real-world, mass-market, effective payment infrastructure. The rules, rights and relationships may well be simpler than in the world of the 16-digit PAN but they still have to be there. Someone still has to set the messaging standards, define the format of the associated data, draw up merchant agreements and so on. At the excellent Merchant Payment Ecosystems conference in Berlin earlier this year, I chaired a terrific panel session that touched on this issue.
The key concept that came out of this discussion, that the traditional merchant acquirer will transmute into a Merchant Service Provider (MSP), fits within this narrative. I can see that merchants want value-added services, a great many of which depend on collecting and analysing large quantities of data, rather than just “cost plus” payment processing. What’s more, as the cost of payments heads toward zero, nodes in the value chain will have to provide those value-added services or be bypassed.
So, will Visa and MasterCard be bypassed by open banking? If they do nothing, then yes. Facebook, Google, Amazon, Alipay and others will simply go direct to consumer payment accounts via APIs and payments will begin to drift away from the 8583 rails put in place over many years. But they won’t do nothing.
A way to embrace “over the counter” mobile money transactions
As one of the pioneers of mobile money (cutting my teeth on the initial service proposition and business model for M-PESA, way back in 2004, three years before commercial launch), I’m always naturally inclined to see its potential in a positive light. But I’m starting to wonder if maybe we need to give it a bit of a nudge – realign it, if you will.
One of the more interesting phenomena we’ve seen in recent years is the rise of Over The Counter (OTC) transactions – those transactions carried out by agents on a customer’s behalf, in many cases without any link to the real people relating to a transaction. We’ve seen cases where agents maintain four or five mobile money accounts, on different phones, so that they can spread their customers’ transactions across accounts and so avoid transaction limits.
The reasons for OTC can be various, but certainly include illiteracy, lack of appropriate language support on mobile handsets, and – fairly commonly – liability (after all, if things are going to go wrong, you want someone else to blame, don’t you?). But the obvious potential for money laundering means that this situation can be a financial regulator’s nightmare.
Of course, it doesn’t have to be this way, and there are examples of it being done properly, with even in some cases biometric authentication of all parties to an OTC transaction. Worldwide, however, this is rare.
But I digress. What I really wanted to talk about was the somewhat self-congratulatory attitude we in the industry are all guilty of at some time – after all, an industry that has grown from nothing to something more than 270 services in over 90 countries in only fifteen years is undeniably impressive. But I do wonder if we’re all kidding ourselves sometimes. I mean, sure, for the middle classes, and for many of the employed poor, it has been an amazing opportunity, and has transformed access to financial services. But there are gaps – possibly some big gaps.
As an example, I’d like to relate a recent experience. First, you have to understand that I believe you can’t develop anything new without spending time with the people who are going to be using it; so I like to go out to the field, and see what people are actually doing, not what the research tells me. Just sit and watch, and ask the occasional question. It can be very educational.
So we were working with this mobile money operator (MMO), who has a deal with an MFI for the delivery of MFI services through MM. On paper, it all looks very good, plenty of transactions, lots of people receiving loans and making repayments, all through MM. I was very keen to go to a group meeting and find out what the customers thought, how they used it, what else they did – the usual.
We turned up at the meeting, and the first thing that was happening was training from the field officer. Great. But there was a surprise in store; the training included the following advice about security: “Always keep your PIN secret. Never tell anybody. EXCEPT the Agent – you should whisper it quietly into his ear” – uh oh. The alarm bells started to ring.
And then the Agent turned up. At this point the field officer started to gather repayments, in the traditional way for group lending – laboriously entering everyone’s name into a list, checking that they have the cash to make the repayment, noting down the repayment amount, all at a glacial pace (now this is one area where investment in IT could make an immediate impact) – and then the mobile money part started. Each person making a repayment took their phone and their cash, one by one, to the Agent – who took their phone, ‘deposited’ the cash for them, then forwarded the repayment to the MFI.
There were also three loan disbursements that day, and the process was much the same: hand your phone to the Agent, whisper your PIN to him, walk away with a wad of cash.
All of these people at the group meeting are in the MMO’s books as active mobile money subscribers. So I have to ask: in what way are these people mobile money subscribers? How is this empowerment? All that I can see is that the MFI has outsourced their cash management problems to the Agent, who walks the streets with a bag full of cash. Glad that’s not me.
So there are clearly a large number of people, down towards the bottom of the pyramid, for whom the step from a pure cash environment to being asked to use a mobile money wallet or account to manage their finances is just too big. Expecting people who’ve never had a bank account to make the conceptual leap from paper cash to mobile finance in one step is asking too much. Without help many of them will never do it.
Maybe the way forward is to make the steps a little more manageable. Introduce an intermediate step. And I think the way to do that is to embrace OTC, but to do it in a way that formalises it and addresses the concerns of the regulatory authorities: give this section of customers a card, which identifies their account. Maybe secure it with biometrics, if you want. Let them visit an agent, and get the agent to do the transactions for them, but now with all transactions linked to the card/the account. Link it to their mobile phone, so that the more adventurous can see their balance via the MM service. Make sure they’re comfortable with this, and make sure there’s a migration path that leads to the full MM service over time.
After all, this is the long term migration path we’ve seen in Europe over the course of decades; the move from cash, to bank accounts, to debit and credit cards, to Internet banking and mobile payments has happened, of course; but with each step taking years or even decades. Expecting people immersed in a world of cash to make the leap in a matter of days or weeks is just unrealistic. Why should they be any different?
Footnote: Yes, the author is well aware of Safaricom’s moves to issue a companion card for the use of M-PESA for retail transactions. That’s somewhat different to the case described here, though in itself interesting.
1966 and all that
Ah, 1966. Back to a time when Bobby Moore lifted the World Cup and the Mini Cooper and Mini Skirt were the vanguard of a new pop culture. The French were in the Common Market and we weren’t. Remember that week when “Paperback Writer” by The Beatles was no.1 in the charts? When the French left NATO (#Frexit) and when US planes started bombing Hanoi? No? Well, you should do, because it was the week that Barclaycard launched in the UK.
This is the first ever advertisement for a payment card on British television. It was for British Linen Bank’s Barclaycard.
On 29th June 1966, an old boot factory in Northampton became the epicentre of the payment revolution when Barclays Bank launched the Barclaycard.
The card scheme was approved by the board without any market research or pilot, or adequate in-house computer system, and in the face of not inconsiderable internal and external suspicion, even hostility. It was recognised that profitability would be long-term, since the set-up costs were so high and credit controls strict.
From Barclaycard: 50 years of plastic money – Archives Hub Blog
Yes, the Great British credit card is 50 today! Well, I say British, but it was actually a licensed version of the BankAmericard product and it wasn’t actually a credit card because until the Bank of England permitted them to offer credit in November 1967, Barclaycard balances had to be paid in full when the bill arrived, but you get the general picture. It wasn’t an overnight success, of course. It took more than five years for Barclaycard to reach 1.5m cardholders and 75,000 merchants and finally turn in a profit, but when it did the profit was sufficient to stimulate the other big banks (National Westminster, Midland and Lloyds) to get their act together and launch the rival Access card in 1972.
Access didn’t hit on their “flexible friend” meme until the 1980s.
Half a century. It’s not such a long time in the great scheme of things, and I can’t help but wonder whether the payment card will still be around in another half a century. I’m sure many of us remember our first credit card. Mine was indeed a Barclaycard and I got it when I first opened a bank account when I went to university. My life of credit-induced bondage as a serf on the plantations of the financial services industry began at that point and I have never looked back. But the provision of that credit is banking business and payments really are not, so I can’t see that this will be the way that future generations will enslave themselves. Credit will be around in 50 years I am certain (if Bitcoin is the only currency left by then, I’ll still need to borrow them to pay for my holiday), but credit cards will not. And it’s not just nerdy techno-utopians obsessed with finding new problems for our solutions who think this.
Anthony Jenkins, when head of Barclaycard, rather famously (to me) said that mobile phones would get rid of cards before they got rid of cash.
From The dawn of the cardholder-present transaction (Salford edition) | Consult Hyperion
In fact, what Anthony said was that “In 50 or maybe even 10 years’ time, we will still be using cash but I don’t think we’ll have plastic. It is comparable to the move from CDs to MP3 music files… If I had said 10 years ago that you couldn’t pay with a cheque at the supermarket, you wouldn’t have believed me. That is now the reality, and we see plastic cards going the same way.”
The Barclaycard that I have in my wallet right now (well, actually it’s loaded into my iPhone, the actual card is at home in a drawer somewhere) bundles together all sorts of disparate things: the payment itself, the payment guarantee to the merchant, the identity and authentication of the customer, consumer protection, loyalty schemes and so on. But it is not clear to me at all why these should remain bundled in this way. New technology means that we can have specialist providers of each of these services and have the services integrated seamlessly in our phones, in the cloud and on the blockchain too I shouldn’t wonder. Will we see a 100th birthday for the plastic card and a telegram from Queen Kate? I don’t think so, to be honest.
Who is in charge of chip and PIN in the US?
Life must be very confusing for our American cousins at the moment. Well, confusing for our American cousins who pay any attention to the cards that show up in their mail, that is. My colleague Howard Hall just showed me the three most recent credit cards that US banks have sent to him in the quarter. They are all completely, and inexplicably, different.
I don’t know if you can see from the picture but the three cards are
- A chip and pin card that arrived as a replacement for the existing stripe card, but as yet no PIN seems to have arrived, so my colleague continues to use it as a signature card.
- A contactless card that doesn’t have a contact interface but does have a stripe and signature panel on the back.
- A signature card with no chip or contactless interface.
I don’t know, and I’d be curious to hear your opinions, but I would think that the average American consumer would be utterly confused by all of this and rather than read any of the paper that the bank sends in the mailers (which I’m sure they just toss straight in the bin) they will simply carry on using the cards as stripe and signature cards. Now, on the one hand this is a good thing because it means that they will carry on spending money and merchants will carry on selling things to them and life will continue much the same. But on the other hand, it doesn’t suggest that the use of chip and PIN in the American market will be on a hockey stick curve any time soon.
According to our survey:
- As of April 2015, only 18 percent of retailers in the U.S. have already implemented EMV payment technology
- 45 percent are poised to miss the October 2015 deadline
The survey reports in more detail on the retailers who are not doing anything about the deadline. There seems to be something of a lack of understanding about the liability shift and the technology.
- 25 percent do not understand the new rules
- 17 percent have never even heard (my italics) of EMV or chip-and-PIN
- 18 percent do not want to deal with the hassle or cost of switching payments hardware
Actually, I bet that plenty of the retailers who have already implemented EMV don’t understand the new rules either. Interestingly, the report on this survey goes on to say that:
As regulations shift toward a new kind of credit card, payment technology that gets rid of cards all together (Apple Pay, Samsung Pay and Android Pay) is also taking hold of the industry.
This rather reinforces my train of thought and idle speculation which, as I mentioned last week, forces me to at least question the long-term role of EMV in the US. It also leads me, in turn, to wonder if this confusion might actually stimulate the transition to mobile since consumers will find the proposition from Apple, Google, Samsung and others far simpler: use your phone and your data will be secure, use your card in one of a number of mysterious and baffling ways and your data may or may not be at risk.
Maybe I’m not seeing things accurately as an occasional visitor, but there does seem to be a lack of co-ordination around migration in the USA. Perhaps someone could come into the comment section and let me know who is in charge of the chip and PIN migration there so that I can drop them an email with a few questions.
Apple Pay is cool and great and fun, but it isn’t disruptive
I saw a lot of comment on an article in Harvard Business Review that discussed Apple Pay and concluded that it is not a disruptive play.
By launching Apple Pay as a reseller instead of as a disruptor, Apple is helping to perpetuate a credit card payment system that is obsolete, overly expensive, and absolutely unnecessary in the present day.
[From Apple Pay Is Just a Big Giveaway to Credit Card Companies – HBR]
Well, that’s a little harsh and I’m not sure I’d agree that credit cards are obsolete, but you cannot help but agree with the core point about Apple Pay not being a disruptive technology. I’m hardly the only the person that thinks this and it’s not a new perspective. ApplePay is not disruptive because it cements in place the existing rails for retail payments. And there are good reasons for doing that (apart from anything else, they work) and it means that the service has immediate access to a mass market.
But truly disruptive new services don’t just digitize the familiar. They do away with it.
[From What Amazon, iTunes, and Uber teach us about Apple Pay – O’Reilly Radar]
This is a fair point. Apple Pay is certainly digitising the familiar rather than doing away with it.
In each of these cases, my payment information is simply a stored credential that is already associated with my identity. And that identity is increasingly recognized by means other than an explicit payment process.
[From What Amazon, iTunes, and Uber teach us about Apple Pay – O’Reilly Radar]
The point is, of course, that in time services like Uber will use Apple Pay, because they will want to switch from using stored payment card credentials under “card on file” rules and rates and instead use “cardholder present” rules and rates. This will turn all payments into push payments (which is a good thing) and greatly benefit retailers and consumers alike. What will vanish is the idea of a “point of sale”, since even in-store all payments will be made in-app, just like Uber.
Apple Pay optimizes for how the world does work. The real winner in payments will build for how the world should work.
[From What Amazon, iTunes, and Uber teach us about Apple Pay – O’Reilly Radar]
So how should payments work? Well, that depends on who you are. But if you are a merchant, for example, you want the money to come directly from the customer’s bank and into your bank (forget about what “bank” might mean for the moment) with no-one else in the loop.
Banks don’t orchestrate commerce… they are a dumb pipe payment service that cost far more than the value they provide. The greater they work to control the existing pipes, the greater the business case is for going around them, or regulating them into submission.
Tom’s typically robust approach may aggravate some but there’s no denying that he has an informed perspective. Unless banks find some added value (spoiler alert: I have a feeling that this may be something to do with identity) then they won’t get anything out of this either. Time to start developing a strategic response to falling net interest income, transaction fees asymptotic to zero, flat trading income future. Right now, only 7% of European bank revenues are “other”, so it’s time to grow this piece of the pie…
European Bank Revenues 2014 (Source: Deutsche Bank, March 2015).
If we’re being disruptive, then we don’t start with Apple Pay, we start with thinking about how payments should work. Broadly speaking, wow payments should work is how Bill Gates said they should work in his closing address to SIBOS 2014. He said:
What should the marginal cost of a transaction be, if the identities are properly established, it is extremely low.
Not my words: Bill Gates’. This is a perspective that suggests a very positive model for disruption around a new role for banks in the wider economy. The banks role is to reduce the marginal cost of everyone else’s transactions as well as their own by delivering the trusted identification with strong authentication that the new economy demands. This means more transactions, more commerce, more prosperity and a decent line of business for the banks themselves.