Living abroad, with tokens

digital wallet app on smartphone

Living abroad, with tokens.

I have just completed a three-month stint building our business in Australia, and expect to return for a similar period in the near future. How were payments, for me? The first thing to note (to coin a phrase) is that I used no cash whatsoever and don’t recall seeing anyone else either. All retail payments, including transport payments (don’t knock commuting if you’ve never travelled to work on the Manly ferry), were via my Apple Watch, so no PINs, either. (Australia is online PIN, so if you do use an old-fashioned card, you’re unlikely to ever have to insert it into a reader.)

Of course, virtual cards, as wielded by (for example) Apple Pay and Google Pay, present tokens (Device PANs) as an alias for the Primary Account Number (PAN). This ensures that the issuer is able to block fraudulent transactions that could present the Device PAN from somewhere other than the relevant wallet (for example, during a standard e-commerce checkout).

Living and working abroad for three months requires payments for things beyond the usual touristic or business travel items—for example, rent and utility bills. Credit cards are not particularly well suited to many of these payments, with the requirement for recurring (and, sometimes, variable) payments, returnable deposits and so forth. Further, in Australia, it is standard practice for credit card payments for these kind of transactions to attract hefty surcharges. And, of course, forex charges and spreads apply.

What would have been better, would have been to have an Australian bank account and use all the domestic money transfer facilities. The trouble was, I didn’t have much idea of eligibility criteria (such as long-term residency) or how long KYC checks would take (especially without an Australian Tax File Number or driving licence, etc). Fortunately, there is a partial solution.

A number of fintechs (I used Wise) enable you to set up an account in your home country and then create (or have created, automatically) linked accounts in many other countries. Thus, I acquired an Australian BSB (Bank-State-Branch, equivalent to UK Sort Code or US/CAN Routing Number) and Account Number, exactly as any long-term resident.

In essence, the BSB/Account Number combination is a token representing my (UK-based) relationship with Wise. Just like a Device PAN, it enables a class of transactions, using a convenient digital representation; and also limits the scope of transactions; e.g. preventing anyone misusing the token from raiding my Sterling or US dollar funds.

One current limitation is that I cannot use the Australian bank details to set up a further level of indirection, that is, to use an Australian PayID, which would enable me to use a convenient handle, such as my mobile number, in place of hard-to-remember bank details (and, in fact, enable account portability). As well as providing more convenience, like other forms of token, this improves security, by making it less likely that someone impersonating me, and requesting payment, can pass off bank details which they control.

It would be nice to go one further step, which would be to use PayTo, the service set up by Australian Payments Plus, using the New Payments Platform (NPP), to manage payment relationships via mobile apps provided by banks and fintechs. I hope Wise (and others) are working on that. Then, a digital nomad could truly fit in!

Finally, a related grouch: I was frustrated, on a number of occasions, by useful apps not being available to people, demonstrably present in the relevant country, with an Apple ID associated with a different country. One example was my mobile provider; the obvious way to top up an account would be via their app, on a phone carrying their SIM, one would have thought. It was not to be, unfortunately. The same issue occurred with a government app and a newspaper app. Conceivably, I could have created an additional Apple ID or temporarily changed my residence details on the existing Apple ID. You’ve got to me braver than me to do that!

Will 2022 start to drive the future of Interoperability and Inclusion?

close up shot of a calendar

Our overriding theme of this year’s Live5 is interoperability which will lead to inclusion. Whether this is in payments or transit, identity or as a generalised trend what we’re seeing is a collapsing of the barriers between silos. In some areas this is happening more quickly than in others.

Defending secure applications against Jedi mind tricks

man people woman connection

Here at Consult Hyperion, we are often involved in design implementation and testing of secure systems on devices such as smart cards and mobile phones for payments, banking and other applications where security is critical.

Payments are hard. That’s why the world’s leading payment organisations come to us.

How can we reshape retail without reshaping payments?

Well, the circus came to town again. Barcelona. It’s 100,000 people and non-stop meetings and basically no fun whatsoever. But it’s in Barcelona. The calendar is jammed from first thing in the morning until the evening, and then it’s out for dinner and drinks with customers and suppliers. Man, that Catalan pasta was delicious. It’s absolutely exhausting. My feet are killing me by coffee time and I’m not in heels. Loved that lemon beer though, never had that before. The communist traitors down the metro are on strike so we have to queue for buses. It’s lovely and sunny here. Eight halls!  Still, let’s take a deep breath and get on with it.

I’ve been interested in mobile payments for 20 years. A decade ago, Consult Hyperion was lucky enough to be chosen by Vodafone to carry out the feasibility study on M-PESA. I can remember seeing the first Nokia with a contactless chip (Mastercard) embedded in it and being blown away by the convenience. I am the archetype for the stereotype in mobile futurists presentations, the person who often leaves the house with a phone but no wallet. Last year at MWC I gave a presentation about the impending shift to in-app payments. So, you can imagine how downhearted I was to see this vista before me on arriving in the host city.

BCN ATM MWC

Yep. Twenty years of mobile payments, twenty years of presentations about mobile payments at MWC, twenty years of pilots and trials and tests and MoUs, twenty years of arguing about SIM vs. embedded vs. SE, twenty years of closed-loop and open-loop and three-party and four-party, and there’s a queue a mile long for the ATM because you can’t use your phone to by a metro ticket or ride the bus into town. Where did it all go wrong?

Why aren’t there mobile payments everywhere? In a sane world, as we landed in Barcelona our phones would automatically fire up a Barcelona app that we could use to pay for the trains and taxis, restaurants and hotels. How long would it take for your bank to issue a four day, Barcelona merchant-only token to the handset? Five seconds? Why can’t I pay in-app for my hotel? Karen Webster wrote about this too.

…when it comes to commerce and payments, well, we’re still very much making our way to first base. And that’s more than two decades after the launch of the commercial Internet and nearly a decade after the introduction of the iPhone…

From Mobile Is Everything, But Where’s The Progress? | PYMNTS.com

Karen points to the role of the carriers as a fundamental problem, and she is certainly right to note that their attempts to be toll collectors for the superhighway have been a boat anchor on progress in mobile commerce just as it will be for IoT commerce, but I wonder if there’s something more fundamental going on. What if the attempts to shoehorn the existing infrastructure (of PANs and acquirers and networks and schemes and issuers and authorisation and all the rest of it) are themselves responsible for the drag? What if we should have started again? What if we should have just said that the mobile phone gives us a mechanism to establish (and verify) the identity of everyone and once you know who the counterparts are, payments are easy. What if we should have started with mobile ID instead of taking 60+ year old way of doing a payment?

 MWC16 Digital ID Connect Societies

I was lucky enough to be asked to chair the MWC conference session on “Digital Identity for Connected Societies”. During this discussion, it became very clear to me (and, I hope, the rest of the audience) that we already have all of the building blocks that we need to create a strong identity infrastructure based on the mobile phone. If we take that architecture as a given, then what “payments layer” should be put on top of it? You know where my sympathies lie: in the “push to push”. Karen correctly, in my opinion, talks about the reshaping of retailing.

Mobile and online – together — is creatively destroying the retail model that’s been in place for millennia – a model that used to rely only on consumers and merchants coming together face-to-face to do business.

From Mobile Is Everything, But Where’s The Progress? | PYMNTS.com

Why do we think that we can reshape retail without reshaping payments? Here’s just one example: why do you give card details to the merchant? It makes no sense: it’s because you used to hand your card to merchants in shops. Surely it would make more sense to send the _invoice_ to the bank, have the bank pay it and send back the _paid invoice_ to the merchant. Why should the merchant ever seen your card, tokenised or otherwise? Since merchants are installing BLE anyway, why not just transmit the invoice over BLE to your phone and have your phone send it to the bank for payment? I’m just giving a random example, but you see my point.

Here’s what’s gone wrong: we took amazing new technologies (smart cards, mobile phones, biometrics) and used them to emulate some cardboard hack from 1949. Time to scrub off the whiteboard and start again. I make this vow here and how: if you cannot use your phone to pay the airport bus in Barcelona at Mobile World Congress 2017, then I will never go again.

When is an acceptance mark not a mark of acceptance?

As a consumer interested in obtaining goods or services, it is important to understand what the provider is prepared to accept in exchange.  It is a safe bet that (with the odd exception) cash will be one of your available options.  Other than cash, though, how can you find out which of the myriad methods of payment will be accepted without question?

Well, you could talk to someone, of course.  But this isn’t always possible, for instance due to language barriers.  Neither is it always practical to wait until you have filled your shopping basket only to find that you have no accepted method of payment.

bitcoin_accepted_in_Swindon

The solution, of course, is to display a recognised standard symbol, indicating to the consumer that they may use MasterCard, Visa, Amex, Discover, PayPal, bitcoin, or whatever other payment methods are on display.  The additional display of the EMVCo contactless symbol indicates that contactless payments should be possible with the payment card brands displayed alongside.

I say ‘should be possible’ because, unfortunately, this is not always the case.  For legacy reasons that we won’t go into here, it is not uncommon to find retailers who accept Amex payments, and contactless payments, but not Amex contactless payments.  Still – whilst not as convenient, the payment can still be completed via Chip & PIN.

But now adding to the mix we have a brand new acceptance mark for Apple Pay.  On the face of it, this seems a sensible decision.  After all, if you want to use Apple Pay then it’s good to know where you can use it.  But then again, you already do know where you can use it – everywhere that displays the EMVCo contactless symbol.  Apple Pay, after all, is not a payment scheme in its own right, but rather uses the existing card schemes’ contactless card payment infrastructure to perform NFC transactions.

apple_pay_at_tfl

What the Apple Pay decal does not tell me is whether or not the payment card loaded into Passbook is accepted at this retailer; for that I still look for that card scheme’s mark.  It also doesn’t tell me if that retailer who does accept my card scheme is able to perform that particular contactless transaction.  For instance, those retailers who accept Amex, but can’t yet perform Amex contactless transactions, will not be able to accept Amex Apple Pay transactions either, as the BBC’s Rory Cellan-Jones discovered on the morning of the UK launch when he was out and about in London. (Indeed, Apple Pay featured on the main evening news in the UK, as shown here!)

rorycj_at_pret

But more importantly for an aspiring acceptance mark, a retailer advertising their acceptance of Apple Pay may not actually accept the cards loaded into it at all.  Amex and Discover/Diners do not enjoy the same level of acceptance as MasterCard or Visa, but their cards are (or will be) available to be loaded into Apple Pay.  Should a consumer not expect that a retailer who advertises their acceptance of Apple Pay will actually accept Apple Pay, regardless of what they have loaded into it?

Incidentally, whilst the focus is currently on what “Apple Pay acceptance” actually means, there are similar potential implications for ‘four party payment card schemes’ (i.e. MasterCard and Visa) as a result of the recent EU Regulation 2015/751 on interchange fees.  As well as the headline-grabbing cap on the fees themselves, Article 10 of this regulation is concerned with the schemes’ “Honour All Cards” rules, which currently require merchants to accept any card from the accepted scheme.  This Article provides that:

Payment card schemes and payment service providers shall not apply any rule that obliges payees accepting a card-based payment instrument issued by one issuer also to accept other card-based payment instruments issued within the framework of the same payment card scheme.

In other words, payees (merchants) can choose which MasterCard or Visa cards they want to accept.  Merchants may, for instance, choose to accept only debit cards and not credit.  Or they may choose to accept everything except higher-fee rewards cards.  “Honour All Cards” will instead become “Honour All Issuers,” meaning that merchants cannot refuse to accept a card based only on the issuer of that card.

To achieve this, the cards will need to be both electronically and visibly identifiable, as long as the card is issued within the EU.  In deference to the second law of thermodynamics, merchants will be required to advertise which cards they do not accept, alongside the acceptance information.  It is not yet clear how a non EU-issued card would be treated by a merchant who is depending on being able to identify a card product; the expectation of a non-EU cardholder will be that they can use their card at a merchant displaying the appropriate symbol.

So, when is an acceptance mark not a mark of acceptance?  Well, when it cannot be relied upon to signify that the indicated payment method will actually be acceptable.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.