Ever wonder about EMVCo’s role in the development and implementation of its technical specifications? Take a listen to Bastien LaJay, EMVCo’s director of technology and Glenbrook’s George Peabody as they discuss EMVCo’s standard for QR code-based transaction initiation in the card system. While developed card markets are shifting to contactless cards and NFC-using mobile phone wallets to kick off payments, the QR code offers a flexible, very low cost alternative. There’s a lot to learn here.

Most of us are familiar with QR codes to retrieve product information from websites or print media, or perhaps when authenticating a mobile device to a web page.

In payments, many of the caffeine-reliant among us use the Starbucks app with its 2D barcode to initiate the transaction. It makes it so easy to know when we have enough gold stars to ask the barista for a drink on the house.

Some merchant apps use a QR code for the consumer to present when initiating a payment transaction that calls on card on file payment credentials. Walmart Pay for example.

In China – and really throughout Asia – providers like Alipay and WeChat Pay have been hugely successful with QR code-using payment apps.

In Japan, the proliferation of closed loop QR code-based payment tools, each encoding data differently, has created a cacophony of incompatible approaches. A new industry collaboration effort is attempting to lower the technical noise level by using a common technology provider. 

The card industry, named because of those 85.60 mm × 53.98 mm (​3 3/8 × ​2 1/8 inches) pieces of plastic we carry around, is, of course, far more than the cards it uses to initiative a transaction. Their rules and global networks are unparalleled in reach and sophistication.

But at the edge of those networks, the card is becoming unnecessary (think mobile wallets) and useless in those markets lacking a terminal infrastructure. To make sure card network transactions can take hold in card-less regions, the card brands put their technical specification organization to work, EMVCo.

In 2017, EMVCo released its QR code specification, designed to encode and represent the card message structure in QR code format.

A major hallmark of the EMV specification in cards is the generation of dynamic data, of a cryptogram unique to that transaction, that prevents replay attacks. The QR code spec supports such dynamic data as well as the issuer tokenization framework also codified by EMVCo. Even the payment account reference number (PAR) is accommodated here.

To accelerate use of QR code EMVCo recently built self-assessment tools for both merchant- and consumer-presented that validate the QR format. Certification to individual networks and acquirers is not supported by the EMVCo tools.

Payments on Fire® usually focuses on a single topic, typically a fintech company and the business or personal challenges it addresses. In this episode, we take another direction by bringing together three fintech leaders to talk about their company offerings, how they connect up to payments, and some of the obstacles they’ve faced.

George talks with the leadership of three companies working in very different areas: remittances, small business logistics payments, and healthcare.

• Mike Gaburo, CEO of Brightwell Payments, a company delivering a mobile payments app to global workers for their payroll distribution, enabling card-based purchasing as well as remittance services
• Robin Gregg, CEO of RoadSync, a business software provider that enables electronic payments to SMBs in the logistics sector; and
• Alan Nalle Chief Strategy Officer of Patientco, a payments platform with intuitive, mobile-friendly tools for Health Systems to enable patients to pay their healthcare bills.

This conversation illustrates the breadth of payments and the focus required to solve the specific payments needs of each industry segment.

Robin, Mike, and Alan will join Glenbrook partner Beth Horowitz Steel on her panel called Innovative Solutions – Solving Difficult Payment Needs at the Fintech South conference, held April 22 and 23 in Atlanta.

Five years on from Apple Pay’s release, contactless payment cards are just getting off the ground here in the U.S. but in much of the rest of the card world, contactless payments of both kinds are common practice. In London, half of the card transactions are contactless. The same is true in Canada. While it’s true that the vast majority of these are card-based, not via mobile wallets like Apple Pay and Google Pay, even the mobile wallets are gaining momentum.

To expand contactless usage, Mobeewave has developed software tools for financial institutions to integrate into their merchant app that turn the merchant’s smartphone into a contactless acceptance device. No added hardware: software only.

We’re talking with Maxime de Nanclas, Mobeewave’s co-CEO and co-founder. A firm based in Montreal, Mobeewave has worked to turn smartphones into general purpose contactless payment terminals.

This is cool tech and, as Maxime tells it, a great journey for the company. Take a listen as he describes what their software does, how they built it, and their experience navigating the complexities of device certification.

The U.K. and the EU take a very different approach to payments industry evolution than here in the States; the former directed by government mandate, the latter by marketplace dynamics and the lighter touch of regulators. But both are responding, at different speeds, to the need of fintechs and enterprises for access to bank-based data and services.

The Payment Services Directive 2, PSD2, written in 2015 and in effect since January of 2018, addresses a range of concerns including a ban on surcharging on card payments and limiting consumer fraud liability exposure from 150 to 50 euros. But its major impact is its enablement of Open Banking through the granting of access to payment rails and payment data managed, up until PSD2, only by banks. Banks are required to open up programmatic access, via APIs, to that data.

In this Payments on Fire® episode, we dive into the U.K. and EU experience with the PSD2 a year after it going into effect. We take a look at its impact on Open Banking, the opening up of payment rails to these fintechs and other non-bank players.

To do that, Myles Stephenson, CEO of B2B payments firm Modulr, discusses his firm’s experience as an Electronic Money Institution, an organization chartered by the U.K.’s Financial Conduct Authority (FCA) under PSD2 rules. Under its provisions, Modulr gains, or will gain, the ability to initiate payments on behalf of its customers as well as access customer data.

While incumbent financial institutions are hardly thrilled at the prospect of opening up their systems to fintech competitors and the cost of doing so, the operational improvements for customers and increase in competitive activity are expected to generate many benefits.

Cross-border B2B payments are frustrating, time consuming, and expensive, especially for small and medium businesses. To dig into why and what’s being done to overcome those concerns, join George and Marwan Forzley, CEO of Veem, for an explanation.

SMB B2B payments, particularly cross-border payments, have always been time consuming to accomplish and expensive to do.

They are time consuming because sending an international “wire” payment was historically slow with uncertain delivery timing and with uncertain, and high, costs to both the sender and the receiver. For the sender, the process of initiating a cross-border payment has always taken no little time compared, for example, to writing a check.

Cost is a second concern because cross-border payment economics are not always transparent. At least a few times a year, when Glenbrook gets paid by one of our international clients, the funds we receive are less than what we invoiced. While our client sends us the correct amount at the prevailing exchange rate, intermediaries along the way may take “bene deduct fees” – beneficiary deductions – from the funds in transit in order to compensate themselves for their services. I prefer the more accurate term of “lifting fees”.

This uncertainty of timing and cost affects millions of small businesses participating in the global supply chain.

Companies like Veem, Western Union, TransferWise, PayPal and many others compete on speed, predictability, low cost, and global reach. Super helpful integration into business accounting and AR/AP functions is a big plus.

Veem’s story is compelling as it began using the bitcoin blockchain to send money between its operations in multiple countries. Since then, the company has added other partners and its own in-country account balances to fund transactions. Veem’s SMB customers can send money to 90 countries and receive funds in 25. The company has served over 100,000 SMB customers.

If blockchain, cross-border, B2B, small business and fintech are terms that interest you, take a listen to George and Marwan as they catch up on the company, SMB pain points, and the impact of Chinese tariffs on Veem customers.

If you’re in Atlanta in April, check out the Fintech South Conference. Glenbrook partners Elizabeth McQuerry and Beth Horowitz Steel will be there. Get in touch!

The digital marketplace model brings together buyers and sellers and, frequently, handles the money and payouts to the sellers.

As my guest today has determined, digital infrastructure, eCommerce usage, competition, and workforce characteristics influence a country’s ability to establish a flourishing marketplace component to the economy.

This marketplace economic model is a useful one enabling, among other use cases, the gig economy. Adopted in countries like China, the U.S., Canada, the U.K., Australia, and other established markets, this episode’s guest, Tomas Likar, Head of Business Development and Strategy at Hyperwallet, has done a lot of thinking about its role in these and other countries.

This podcast was prompted by Hyperwallet’s February 2019 release of its Marketplace Expansion Index report, the MEI, that evaluated the marketplace readiness of some 36 countries.

A surprise is the early stage of marketplace adoption in a number of otherwise highly developed countries.

The application of the marketplace model to human labor is, of course, not without controversy and concern. Steady employment with guaranteed benefits is no longer an attribute of employment in many countries, replaced by the uncertainties of the gig economy. That’s the downside concern. On the other hand, these marketplace services provide access to otherwise unavailable work and that is good news for individual and, by extension, domestic economic well being.

Take a listen to this conversation with George and Tomas Likar of Hyperwallet for an overview of marketplace adoption and the variables affecting its uptake.

The business of merchant services continues to undergo two forms of transformation. First, the merchant services businesses, either as acquiring banks or via non-bank acquirers, has undergone massive consolidation over the last five years and more. Fiserv’s takeover of First Data, announced on January 16, is just the latest example.

The second sea change is the expansion of products and services these entities deliver. What was a fairly innovation-averse industry has become, under the competitive pressure of companies like PayPal and Square, far more committed to delivering value that helps customers run their business, not just accept card payments.

At the POS, Square changed the merchant services game by delivering a great deal more business value to the small merchant than the traditional ISO or agent focused on placing stand-beside terminals next to dumb cash registers. For the price of payment processing, Square has given those merchants inventory, time and attendance, sales and marketing focused reporting, and more.

As a result, the giants in this game have been forced to respond. In 2013, First Data acquired Clover to reach small retailers and restaurant customers. Others, like Global Payments’ Heartland unit, have invested heavily in serving the mid-tier and larger restaurant industry.

To deliver similarly broad services, TSYS recently came out with three new merchant offerings targeted at micro merchants, single shop operations, and larger merchants. The new line is called Vital, at vitalpos.com and its solutions are called Vital Mobile, Vital Plus, and Vital Select.

Along with the new Vital hardware, we can expect the offering, taking advantage of cloud delivery, to expand its software and services line-up in the future – a trick that the old POS terminal model never could pull off.

Take a listen to this episode’s discussion with Gavin Rosenberg, vice president of product marketing, at TSYS. It’s a revealing conversation about the decision making and product strategy of a major provider of merchant services.

This Stuff is Hard

As the remote payments domain (think in-app and browser-based payment transactions) continues to grow at around 15% a year, that growing number means the size and scale of fraud losses are going to increase. And they have – in both absolute terms and as a percentage of overall transaction volume. That also means rising chargeback rates for many merchants.

Rising fraud in the online world is also a result of better security technology in the physical world. While EMV chip cards have dropped counterfeit losses way down, the fraudsters still have their own bills to pay. They’ve just shifted more aggressively to the card not present channel.

A Delicate Balance

All e-tailers face a delicate balance in managing fraud. If they err too far on the side of fraud minimization by tightening approval standards too far, they leave good sales on the table and insult customers with unnecessary declines (the “insult rate”). Of course, those customers promptly go to another site to make their purchase.

The e-tailer’s sales and marketing team, then, tells the fraud manager that she’s killing sales.

If the approval standards are too loose, on the other hand, the e-tailer risks the twin threats of higher fraud and chargeback costs and, if the chargeback rate exceeds 1%, placement on a watch list if that rate stays over 1%. Not a good list to be on because the the merchant could lose card acceptance privileges if the problem is not addressed.

The Smaller E-Tailer is Challenged

While Amazon continues to gobble up half of the growth in US commerce volume, it still means that there is room for smaller online merchants to prosper. It also means they face growing fraud losses. Unlike their larger competitors who can afford internal fraud management teams and technology, small and mid-tier e-tailers have limited time, budget, and skills to meet those needs.

Fraud management is a non-trivial problem even for the largest enterprises. They deploy a layered set of technologies, ranging from table stakes tools like address verification system (AVS) to device and behavioral fingerprinting and on to rules engines, AI, and machine learning controls.

That level of sophistication is beyond what the mid-tier e-tailer can handle. Some enterprise customers don’t want to deal with that complex task either.

The Outsourced Option

That’s where the wholly outsourced proposition comes in. The third-party fraud management service provider assembles the necessary technology, makes the right integrations with shopping carts and other software providers, puts an analyst team in place to decide on questionable transactions, and offers its services for a fee.

ClearSale (www.clear.sale) is a provider in this space. Take a listen to Rafael Lourenco, its EVP, and George as they discuss fraud management in this segment, how the ClearSale service is deployed, and some merchant best practices. Rafael breaks down this topic very clearly. Definitely worth your time.

eCommerce fraud rates are rising and that means more cardholders are seeing unauthorized charges on their accounts.

The cardholder remedy is to call either the merchant or the issuer to flag the problem. If the cardholder turns to the issuer to resolve the problem, the remedy is often an expensive chargeback for the merchant and a generally lousy experience for everyone.

eCommerce Merchant Pain

eCommerce merchants have invested heavily in fraud detection tools because in the remote payment domain liability rules make them responsible for fraud losses. eCommerce merchants employ sophisticated fraud management processes and tools to detect fraud in realtime to stop authorization (best in class fraud rates are 25 bps – 35 bps).

On top of that, they must eat the direct costs associated with stolen goods and services. These include a chargeback processing fee from the acquirer as well as the merchant’s internal costs to manage the chargeback process. If the merchant fights the chargeback, the merchant has to gather the supporting evidence (the receipt or copy of the order) and submit it to the acquirer.

Disputes and chargebacks re initiated by cardholders for a range of reasons including fraud, authorization, various processing errors, and consumer-specific disputes. Examples of consumer dispute codes include products or services not as described, counterfeit, misrepresentation, and failure to process a credit.
https://www.worldpay.com/global/support/support-articles/what-are-chargeback-reason-codes-visa-and-mastercard

Issuer Pain

For issuers, disputes and chargebacks are painful, too. In the POS domain, issuers hold the liability for fraud losses. If a counterfeit card is used and the issuer authorizes the payment, the issuer owns that liability. Issuers also bear the customer servicing and communications costs as chargebacks initiate with the cardholder’s call to the issuer.

Consumers Game the System

Zero liability rules have taught U.S. cardholders that they don’t have to worry about fraud and that they have broad powers to dispute a transaction.

Knowing that, too many cardholders are taking advantage of these rules. Digital merchants, in particular, are suffering from friendly fraud (not exactly an accurate term) that occurs when a cardholder, for example, disputes the charges made by another family member. For some digital merchant, over half of their chargebacks are friendly fraud, purchases for which the cardholder is truly responsible but able to renounce (“It wasn’t me!”) because of the rules.

Such high chargeback rates carry other risks for these merchants. Once a merchant’s chargeback rate exceeds 1% of its transactions, that merchant is put on a watch list, a remediation plan, and faces the possibility of losing card acceptance privileges. High chargeback rates also increase authorization declines for the merchant, losing even more good transactions.

Card Network Remediation

On the face of it, there’s an asymmetry when it comes to liability. Merchants shoulder a large burden. With that in mind, both Visa and Mastercard updated their chargeback rules in 2018.

In a chargeback mitigating move, Mastercard recently announced an end to the automatic renewal of free trial subscriptions.

Timely Data Sharing

In other words, chargebacks are a pain. Steps to reduce chargeback cost and frequency are a Good Thing.

One approach is to speed up data sharing. For example, once an issuer determines that a transaction is fraudulent, a timely message to the merchant could halt a product shipment. While the rules would still make an eCommerce merchant liable for the chargeback costs, the merchant wouldn’t lose the cost of order handling, shipping, and the item itself.

Similarly, if merchants can share their cardholder fraud experience back to the issuer then that financial institution can adjust its fraud detection models and algorithms.

Such data sharing is the proposition of Ethoca, a firm that federates bank fraud signals from hundreds of major global issuers and connects to thousands of merchants in the developed world in order to share alerts and chargeback messages.

In this conversation with Keith Briscoe, CMO at Ethoca, we talk about the chargeback problem, hear some truly astounding chargeback stories (hackers aren’t the only fraudsters), and discuss Ethoca’s role in this space.

Fraud prevention today is about how quickly we can separate good customers from questionable ones and, for those doubtful transactions, use the right set of tools and data sources to optimize speed, costs, and fraud losses.

When it comes to fraud prevention, it turns out that data is key. No revelation there, but how we manipulate it, gather it, and assure its provenance is undergoing major change. What would be a revelation to fraud managers of a decade ago is the unbelievable amount of data and the wide variety of sources that we have today. It’s a flood.

The only means we have to make sense of this data deluge is through algorithmic examination. Rules engines and neural networks are staple approaches. In recent years, application of artificial intelligence and the newer incarnation of machine learning (“let the computer figure it out based on all the data it sees”) has become a hot, and effective, area for fraud prevention. Only machines can find correlations among all that data in order to identify potential fraud.

A number of firms focused on the fraud prevention problem employ techniques that gather data and then analyze it in order to provide their customers like eCommerce merchants or financial institutions with a risk score. Companies specializing in device fingerprinting, for example, gather the relevant data (think IP address, mobile IMSI number, device type, OS version, browser software version, etc.) to create a profile or “fingerprint” of that device in order to generate a history of its behavior. Threat Metrix, owned by LexisNexis Risk Solutions, is an example.

Behavioral biometric companies may take that data and layer on how the owner actually uses their device, often by looking for keystroke patterns, screen tap rhythms, the angle that the phone is held, and more, in order to build a more nuanced profile that includes how the owner interacts with the device. That richer data then feeds into analysis and risk scoring. Mastercard’s NuData Security acquisition uses this approach.

Subsequent bidirectional data sharing can provide these firms with insight into the results of their decisioning.

As these firms gain customers, they see more and more devices and develop clearer visibility into the outcome of their work. As a result, it becomes a natural step to pool or federate the data they see from all of their customers. There’s an expectation that a card account, for example, will be seen at multiple merchant clients of the fraud solution provider. These repeat interactions will improve fraud detection for all when the cardholder is a bad actor, or speed the transaction of a trusted one.

Data consortia where multiple financial institutions and merchants pool their fraud and chargeback data also exist. Ethoca is a prime example.

The deeper the data pool the better, provided, of course, there’s the ability to analyze it all.

Massive analytical capability is the foundation for artificial intelligence and machine learning. In the fraud prevention space, Feedzai is a firm that applies its analytics power to data sourced from multiple providers and techniques. Feedzai, like others providers who have attained a critical mass of customers, has also invested in federation of their data to improve, for everyone, its fraud prevention results.

In an earlier episode, we spoke with Feedzai CEO Nuno Sebastiao to get us grounded in how AI and ML apply to fraud prevention. In this discussion with Saurabh Bajaj, Feedzai’s Head of Product and Nick Stanchenko, product manager for Feedzai’s Risk Ledger, its data federation program, we go further. Saurabh catches us up on Feedzai’s growth and then takes a look at how Feedzai works and at the data sources it uses. Nick addresses federation, its value, and the light integration required.