Payment Innovation Moves to the Core

When we conduct our Glenbrook Payments Boot Camp, our first graphic illustrates the three essential steps in every transaction – initiation, funding, and completion. When looked at through the lens of of the past decade most innovation has been in initiation. Consider: Apple Pay, Google Pay, Venmo, QR codes. The list is long of ways to kick off a transaction.

Funding is all about where the money comes from. Usually a bank account, often a wallet holding money. Some innovation there but not a great deal. There are only so many ways to store funds.

Completion, the last step, is the most important to many participants as it’s when the transaction completes with the final movement of money.

Five years ago, in those boot camps, I said that completion, also called settlement, is the innovation-resistant phase of a transaction. Today, everything has changed.

In the U.S., we have new services such as Zelle and Venmo that appear to the end parties to deliver instant settlement. They may use card rails or bank rails like ACH to complete the transaction.

Two Forms of Settlement

In this discussion with Glenbrook’s Carol Coye Benson, we look at two forms of settlement: end party settlement – for example, an employer paying an employee – and then Carol focuses on the nuanced world of interbank settlement.

If you’ve heard the terms net settlement, gross settlement, or RTGS and wondered what they mean, take a listen.

Faster Payments and Settlement

We also talk about the phenomenon of faster payments and the settlement techniques these systems employ. 40 countries around the world are in one stage or another of deploying faster payment systems that push money from bank account to bank account. It’s already in the US via the Real Time Payments Network from The Clearing House and, perhaps, a competing service from the Federal Reserve. (To get an update on the Real Time Payment Network, listen to Episode 81 of Payments on Fire).

These faster payment systems vary in their capabilities. Speed and data carrying capacity are just two variables. But we have seen that when a new payment system enters a market innovative offerings can flourish, provided access to that system is encouraged by rule, regulation, or both. However, that level of openness is not guaranteed. As Glenbrook have seen in our work around the world, some systems are essentially closed by market power or operating rules. These constraints limit the network effect’s benefits of ubiquity, convenience and, often, cost.

This is an ongoing challenge. In this age of fintech, banks are under pressure to innovate. As owners or participants in new systems, some may choose to limit access to their fancy new rails in an attempt to forestall competitive market entrants. Others will be “encouraged” by regulators to open up. Of course, end party choices will play a big role, provided there’s a choice available.

The New Game

Settlement has traditionally been led by major commercial banks or the central bank of each country. That model still holds. In some markets, including the U.S., we expect a push and pull for control between those two entities. Christine Lagarde, Managing Director of the International Monetary Fund, suggests such tensions may justify  the issuance by a nation’s central bank of a fiat digital currency as a counterweight to the alternative control over payments by a concentrated set of banks and processors.

Settlement innovation has created a competitive environment that did not exist before. It will be the interplay of rules, regulations, technical capabilities, end party value proposition, and market power that will determine the evolution of each country’s settlement platform. In some, regulators will shape the outcome. In others, system access for fintechs and the “open banking” model will be a determinant. For all, cost effective access for end parties is critical.

So much for thoughts of a static payments ecosystem.

If you think of yourself as a payments geek or just want to get under the hood of how money really moves, Carol is a terrific guide.

Restaurant payments is a complex area especially for those companies serving the mid-sized and large restaurant operator. They have different needs that extend well beyond payment acceptance but even that is a highly variable concern.

Ever notice that we pay differently depending upon the type of restaurant we’re in? It’s always been walk up and pay the central server at McDonalds. Applebees uses Presto table top devices to speed table turns, upset desserts (“that lava cake sure looks good”) and take payments. At most sit-down establishments, especially those in the fine dining segment, we still hand over our cards and the server walks away to authorize the transaction (later that night, the manual tip adjustment process determine the final clearing amount.)

For certain segments, order ahead is a priority. Order ahead dominates how pizza shop operate. Initially, that capability took market share from mom and pop pizza shops because only the largest operators in the “Big Pizza” segment could afford the necessary IT expertise. Now, mom and pop have multiple order ahead services to choose from.

But consider the complexities of integrating the order into the kitchen or at the barista’s station. Business process automation is a differentiator.

This podcast with Tim McKenna, VP of Sales, at Heartland Payment Systems, is both a deep dive into restaurant operator concerns and a revealing look into how a major payments provider has shifted its business model to serve mid-tier and larger restaurant operators.

Like Square, Heartland has realized the revenue benefits of expanded commerce services above and beyond the traditional payments revenue stream. By cross selling multiple services, Heartland expects to see 60% of its revenues coming from payments coupled with value-added services that automate the business of their customers.

If you’re interested in how the payments industry is evolving to market demands or how larger restaurant operators think about payments, Tim’s observations are well worth your time. Take a listen.

RTP Characteristics

Not All Things

It’s Taking a Lot of Work

Connecting up a financial institution to the RTP Network requires deep integration into the FI’s core system, the software responsible for managing debits and credits. Connecting bank ledgers to any payment system is non-trivial, a fact that impacts how fast banks implement new payment rails like RTP.

Tell Me All About the Payment

The RTP Push

Instant Clearing and Settlement

Competition?

The payment industry’s responses to ongoing payment security concerns are many. We have procedural approaches and technical ones. For example, we are requiring merchants to attest to their compliance with PCI security standards that themselves include procedural requirements.

Technical solutions are also called out by PCI and are, of course, being applied across the ecosystem. Encryption of payment data in flight is one approach. In the physical POS world, semi-integrated POS terminals connect directly to the acquirer’s front end instead of passing card transaction data back through the merchant’s workstation and enterprise system.

An important technique, and the topic of this discussion, is tokenization.

Tokenization is an ancient security technique. In the broadest sense, a token is just a dummy representation of something of higher value.

In cards, that means the replacement of a PAN with a number or even an alphanumeric value that represents the underlying PAN. The mapping between the two is stored in a vault with the owner restricting access to that vault. If a hacker gets ahold of a token value, it’s useless. It’s a value that, to the payments ecosystem, is gibberish.

Tokenization is used in pull payment systems where payment credentials are given to the payee by the payer so that the payee has the information necessary to go get the money. Think card numbers or the routing and account numbers on a check.

In card payments, there are two forms of tokenization: merchant and issuer tokenization. Merchant tokenization has been around for more than a decade. A response to PCI, merchants generally outsource that token vault to a third party so they no longer store PANs themselves. When the merchant needs to do a lookup or initiate another payment, the merchant sends the token to the upstream service provider who then looks up the PAN and sends it off for authorization by the acquirer.

That’s been around for awhile.

The newer innovation is what we call issuer tokens – token values that are at the heart of Apple Pay, Google Pay, Samsung Pay and more. These token values are real card numbers, issued by your bank, but unlike a PAN that can be used to initiate a payment everywhere, issuer tokens are expected to come, for example, from specific devices or merchants.

Every card in your Apple Pay wallet is represented by an issuer token and whenever that token is presented for authorization, data about where it’s coming from is sent along too. If the token is sent from another device, for example the one the hacker has, authorization will fail.

This approach is totally compatible with the current card payment system. No changes are needed at the merchant or the acquirer and minimal ones at the issuer.

Glenbrook will be conducting an Insight Webinar on December 13 called Tokenization Fundamentals. Russ Jones will conduct that webinar.

In this Payments on Fire podcast, George talks with Russ about issuer tokenization, its role in the Pays (Apple Pay, Google Pay, Samsung Pay), in eCommerce, and the need for new entities in the payments ecosystem to support tokenization. This gets complicated. There’s now the need for token gateways.

Take a listen to the podcast and then sign-up for the webinar. Use the code POF80 to take 10% off the registration price.

In the U.S., there’s the automatic assumption that payment cards and perhaps PayPal are the way to pay online. But if you’re an eCommerce merchant trying to sell in the Netherlands, you’d better support the domestic system known as iDeal.

Connectivity into domestic payment systems is an important and complex issue. There are over 150 such systems across dozens of countries around the world. While not all are important to a given merchant, most are important to the acquirers and payment service providers serving eCommerce merchants.

Join George and Steve Villegas, VP Partner Management and Head of U.S. Office, of London-based PPRO Group, a company that provides white label connectivity to these domestic systems by serving acquirers and PSPs alike.

Knowing who you’re dealing with online is critical if you’re taking transaction risk. Digital identity is tough. To address that challenge – and it is a challenge – relying parties, those who take on risk, employ two broad categories of technology: active tools that require user interaction and passive network-based approaches.

When the user is required to explicitly provide identifying information, we use the interactive approach. The merchant or lender or website owner asks for user IDs, passwords, perhaps data generated by multi-factor authentication techniques such as biometrics, or one time passwords generated by an app or a hardware key.

If you’re an eCommerce merchant or an entity trying to sell something online – lenders included – you don’t want to ask the customer to do more than absolutely necessary to complete a good sale. Transactional friction is deadly to revenues and a main cause of shopping cart abandonment.

So, you use passive approaches that examine whatever data the customer’s device can provide. Device fingerprinting, behavioral analytics, rules engines, machine learning, and the past behavior of card numbers are among the portfolio of decisioning tools that do not interfere with the user experience.

Data is the foundation of the passive approach. In this podcast, George speaks with Ajay Andrews, Senior Director, Product, at Whitepages Pro, a data provider and analytics firm about identity verification and how the linkage of key data items influences decisioning. It turns out that particular pairs are strong indicators of potential fraud.

We discuss where the data linkage approach fits in the overall portfolio, what drives merchants to adopt, and how the tool is integrated into automated decisioning and case management.

Alexa. Siri. Cortana. We’re talking to or at our machines. I walk into my office and say “Hey Google, what’s the weather?” or “Hey Google, when’s my first appointment?” When I’m driving in a strange town, it’s “hey Google, navigate to the [fill in the blank] hotel.”

This kind of hands-free access to information is hugely helpful and hugely popular. But there’s a long way to go toward a general purpose voice interface for every task we want to accomplish.

That said, we’re getting there. In this conversation with Central 1’s Alex Chan, we discuss the process of voice-enabling access to the high volume queries that credit union members make, i.e. balance inquiries, balance transfers, etc.

We cover what it takes to build an Alexa skill, the code that links Alexa’s natural language processing to the underlying application that executes the action.

Voice design, the process of imagining and codifying how the user interaction proceeds, is at the heart of a successful voice-enablement project. Alex takes us through that process. It sounds like fun.

While payments are a tiny fraction of today’s voice-based interactions, they’re coming along, too. Better design and broader participation is needed. As a recent (failed) demo proved, Siri can’t send me money if I’m not an Apple Pay Cash user.

Take a listen and get in touch if you’ve questions or comments. We’d love to hear from you!

During the Glenbrook Payments Boot Camp we make clear that national payments systems are domestic by definition. Each country has its own set of systems to effect payments. We point out that national payment systems differ in many of their details. Regulation, operating rules, governance, ownership, technology, and more are highly variable.

At the same time, we also point out that major components are generally similar. An overnight, batch-based system for low-cost, low-value retail payments and an instant, irrevocable wire system for high-value transfers are typical of most countries.

Across the planet, countries are planning, designing, trialing or enjoying fully deployed immediate funds transfer systems, new ones that instantly transfer lower value payments. The UK’s Faster Payments system and The Clearing House’s Real Time Payments (RTP) are two examples of this system type.

Beside increased speed of payment, a second push for changes to national payment systems is the need for a richer representation of the data surrounding the payment transfer itself. Remittance data, for example, communicates what the payment is for, which invoices a payment may be covering, and what trade terms were taken by the payor. ISO 20022 is the internationally recognized method for representing this information and support for it has become a new priority not just for system operators but for financial institutions and enterprise customers.

Generally, major upgrades, never mind deployment of an entirely new system, are performed in a step-wise manner because of the critical nature of these systems, the cost, and the difficulty of herding system stakeholders through the many stages needed to achieve broad support and usage.

Undeterred by those realities, Canada is taking on a comprehensive upgrade to multiple systems over the next few years, including its overnight settlement and wire systems while simultaneously planning for its own immediate funds transfer system, codenamed Real Time Rails. Significantly, each system upgrade will include support for ISO 20022.

Payments Canada is the non-profit organization mandated by the federal government to manage, operate, and upgrade these systems.

In this Payments on Fire episode Glenbrook’s George Peabody speaks with Justin Ferrabee, Payment Canada’s COO about his organization’s work, how its systems differ from those in the U.S., and what’s ahead. It’s a great conversation between payments geeks.

In this second discussion with First Data execs, George and Scott MacKay, Vice President, Strategic Solutions talk digital commerce in the automative space, both at the fuel pump and in the Connected Car.

The importance of full stack security, whether it’s sole sourced or the result of an integration effort, to successful deployment of mobile commerce is a theme here.

Enabling the mobile experience at the fuel pump is complex. Petro sellers have a lot of legacy gear and the cost of upgrading that equipment is very high, a fact that has, at least, inhibited the pace of the EMV upgrade.

The richness of the mobile device’s data such as device fingerprinting and back end intelligence makes it conceivable that a fuel retailer could skip EMV altogether. Maybe.

Scott also shares a look at payments and the Connected Car through the company’s discussions with automobile manufacturers.

In this, the first of a two-part podcast series with First Data executives, Ajay Guru, VP of Merchant Fraud Solutions at First Data and George discuss the impact of fraud on the merchant, what the merchant has to do to manage it, and the classes of tools and techniques available to mitigate fraud.

Ajay addresses machine learning technology’s remarkable ability to identify anomalies and makes candid remarks on the necessity of human analysis to determine whether these anomalies are indeed fraud.

Other topics discussed include behavioral analysis (how we enter our user ID and password into the browser) as well as the sophistication of today’s manual and automated attacks. There is still a lot of CNP fraud taking place over the phone.

There’s good detail on the technology and what fraudsters are up to. Take a listen.