2020 has been an active period for payments innovation. COVID-19 has been a forcing function for digital payments across multiple payment domains. “Touchless” and “contactless” payments are now common themes of retailer advertising.

And, of course, many other trends have accelerated this year. Fintechs, mobile wallets, the expansion of open banking initiatives, and point of sale lending are trends with impacts spreading across the market. 2020 has also seen the increased legitimacy of blockchain-based payments as demonstrated by central banks around the world consider and even pilot digital fiat currencies.

These are the topics Russ Jones and Yvette Bohanan will present in Glenbrook’s Innovation in Payments Insight Workshop coming up December 8th and 9th. If keeping up with the changes in our industry and developing real insight into the key trends is important, you won’t find better guides than Russ and Yvette.

Take a listen. Check out the agenda.

COVID is a forcing function for digital channel growth across the world as consumers and businesses reduce their reliance on physical interactions. We’ve seen usage shifts in how bank accountholders in Peru transact – from branch to digital – as well as big shift in payment behavior.

We outlined a lot of this in our own COVID series on Payments Views.

Many merchants have turned to online as a matter of survival. Many restaurants, for example, have added order ahead and curbside pickup as standard offerings just to stay in business.

Our assessment is that, even with an effective vaccine and adequate immunization rates, we’re never going to return to the same point. E-commerce transactions have increased, yet again, permanently. How much volume returns to the physical point of sale domain once COVID is behind us is unknown. But it’s not going to go back to previous levels.

That shift is an opportunity for many in the payments industry, including fraudsters, those unwelcome stakeholders. They are taking advantage of merchants who weren’t prepared for their new or increased online payment volumes.

We’ve spoken with a number of fraud management firms on Payments on Fire®. In this episode we speak with Eyal Raab, VP of Sales, at fraud management company Riskified about his firm’s expanding approach to fraud management for merchants whose goal is to maximize authorization rates.

Fraud management is complex. Merchant needs vary considerably. And what the fraudsters are up to constantly changes. Payment fraud management and fraud are both growth industries.

You’d have to be aggressively disinterested in the payments industry not to be aware of its attraction to investors. The COVID-19 pandemic has done nothing to dampen the interest, if not outright enthusiasm, for the payments industry among investors of all stripes.
Actually, the pandemic has lit a fire under key industry segments like the e-commerce domain, digital banking, and disbursements.

The dynamics of change pushing the payments industry ahead are only increasing.

Incumbent Consolidation

The payments industry has been dominated by networks and processors. While networks have remained largely independent, the processing industry has undergone tremendous consolidation over the last decade, accelerated recently by the giant acquisition of First Data by Fiserv. Scale really matters in processing.

But that scale comes at the cost of agility because the incumbents must rely on the systems they already have and the ones they’ve acquired. Consolidation onto just a few platforms is hard. And that means incumbents don’t benefit as clearly from newer technologies based on cloud computing and APIs.

Start-ups Abound

While investor interest in what are typically public companies remains strong, it is interest in start-ups and young companies demonstrating early success that drives early investors. These companies need cash to grow and equity financing is a primary source. It could be an individual with cash looking for a higher return on a portion of her portfolio. Family and friends as well as wealthy individuals are typical of “angel” investing.

Venture capital is another source that often fuels the shift from proof of concept to the first minimum viable product and, often beyond, through multiple rounds of raising venture capital.

Fueling the Next Incumbents

Fueling the growth from business teenager-hood to young adult are growth equity firms that bulk up the business’s overall capabilities. While a cool technical idea can form the core of a new business, it takes business infrastructure like a global salesforce, enterprise-grade financial controls, and more to build a company that can execute on its potential.

In this Payments on Fire® podcast, George talks with Steve Sarracino, Founder and Partner of Activant Capital, a growth equity firm based in Greenwich, CT. Steve’s firm is an investor in Finix and Bolt, companies that precisely fit his investment criteria. And he loves the payments industry for its past and, of course, for its potential.

(Listen to Payments on Fire® Episode 106 with FInix’s Richie Serna)

Like those of us at Glenbrook, Steve sees lots of change ahead for the payments industry. And, like us at Glenbrook, he wants his company to influence and prosper from its evolution.

This Payments on Fire® podcast is a joint production of Citibank and Glenbrook. Tony McLaughlin of Citibank interviewed our partner Erin McCune about the U.S. payments market and business transactions in particular.

The U.S. payments landscape is in the midst of unprecedented change — triggered by the COVID-19 pandemic, new faster payment infrastructure, open banking and an overall acceleration of digitization. Business payments are particularly ripe for change.

The pandemic has exposed businesses’ reliance on manual processes and motivating digitization and cloud migration. Although businesses have talked about pursuing electronic payments and treasury modernization efforts for some time the pandemic reveals the risk associated with manual processes dependent upon being in an office and reliant on the mail for delivery of invoices, checks, and other business documents. All of a sudden back office digitization is a c-suite concern.

The emergence of faster payments has also catalyzed change in the business payments space. Real time infrastructures were purpose built for business transactions. Not because they are fast — suppliers grant their buyers payment terms, it’s not about speed. The new infrastructures have robust data capabilities that are very important to business-to-business payments.

Small businesses write and receive the majority of B2B checks and faster payment has tremendous potential to erode their reliance on manual invoicing and payment processes. Request-to-pay (R2P) capabilities associated with new real time rails are effectively electronic invoices, with the added value of a round trip payment logically associated with the invoice. For many smaller businesses, this could be the key to eliminating checks. For larger organizations where a single payment is associated with a number of invoices, and there is a need to provide more complex explanations of what a payment is for ISO 20022 remit messages (separate from the payment transaction itself) prove useful. 

Additionally, there’s an enormous potential associated with API integrations between business back office solutions, bank partners, and payment infrastructure. Even relatively small businesses have an array of financial providers: multiple bank accounts, a credit facility, an ERP or accounting system, a CRM, a billing/invoicing solution, and other additional enterprise software tools. Knitting information together across systems and using these different solutions to embed and automate processes associated with sending, receiving, and applying payments provides significant value to businesses.

Speaking of data sharing, it’s useful to note that open banking in the U.S. is market-led, rather than the result of a mandate. But that doesn’t mean it isn’t happening — there’s a great deal of momentum. Security concerns and the advent of new faster payments rails are pushing financial institutions to innovate and collaborate. Nacha’s Phixius and Afinis solutions and FDX are examples of cooperation between industry players. The card networks are also making acquisitions in this space, with Visa acquiring Plaid and Mastercard acquiring Finicity.

To add to everything else that’s happening, there’s a lot of buzz around CBDC at the moment. It’s a global phenomenon. The United States has a strong interest in the concept because of our desire to maintain the dollar’s position as a dominant currency for international trade. However, it’s still too early to know what a CBDC would look like in the U.S. and how consumers and businesses would interact with a new type of government-issued coin.

Tony asked Erin how the global pandemic has impacted Glenbrook. She observes that our focus at Glenbrook hasn’t changed dramatically as a result of the pandemic (although we’re not traveling like we used to!): we were working with clients across the value chain to digitize payments and related business processes before the COVID-19 and continue to do so today. Demand has intensified, but it hasn’t really shifted focus.

But in the midst of societal upheaval as a result of the pandemic, at Glenbrook we are also thinking deeply about how we can employ our expertise to help businesses and consumers at risk. We do a lot of work on financial inclusion in the developing world. How can we apply that thinking here at home, to help businesses and consumers weather uncertainty, bolster the economic recovery, and build an equitable foundation for financial health and sustainable businesses on a longer term basis? We don’t quite know yet, but we are excited to explore new avenues for our consulting practice.

NACHA’s Phixius is a new service for the exchange of the information about a payment between the sender and receiver. Take a listen to Payments on Fire® host George Peabody as he discusses Phixius with NACHA Advisor Peter Tapling. He helps us understand Phixius, how it works and where it applies. It’s a compelling idea.

One of the long standing shortcomings in payments systems has been the degree to which the data about a payment can be shared. If we can share the data about the payment, to have it run alongside the payment instructions, then we can do things like:

• Streamline bill payment
• Streamline supply chain payments
• We are able to get away from sharing bank account information
• We can check the status of accounts, regardless of financial institution

One of the advantages of check payments is that, when physically mailed, the letter can contain the check as well as an explanation of what that check is paying for, perhaps including copies of all the invoices. That data is hugely important to the supplier.

This payments metadata, the data that describes what a payment is for and all of the conditions around a transaction, is hugely valuable. Both the sender and receiver need it. It is used by every accounts payable and receivable department. Sure, it’s great to get paid. But without the metadata, it can be difficult to know the account to credit or to know which invoice, or invoices, the payment applies to.

Communication of payment metadata has been a bear. Some payment rails, wires for instance, have little or no ability to carry data beyond what’s needed for the payment itself. The card rails have only limited descriptive capability. ACH messages have some data carrying capability but usage has been limited.

Many of today’s realtime system like the UK’s Faster Payments and the RTP Network in the US use the rich encoding capability of ISO 20022 to represent the metadata. That’s a big improvement on how to represent payment metadata.

Another reason communicating this information has been difficult is the reality that today, when this data is shared, it happens as a result of a bilateral connection via API. A service provider attempting to bridge this data gap would have to have dozens and dozens of these bilateral API relationships, if not hundreds, to reach all participants in a major industry segment such as automobile or aircraft manufacturing. That’s impossible.

NACHA, rule making body of the US ACH system, has a role to play here because the ACH carries 62% of payment volume, excluding wires of course, and 66% of supplier payment volumes.

Recognizing that role, NACHA has made an out-of-model move with the introduction of its Phixius services. NACHA is now the operator of a system that carries payment metadata regardless of which payment system actually moves the money. Phixius could be useful in wires, RTP Network, Zelle, ACH, and even cards.

Phixius sits in between financial institutions, payments services providers, and others that provide payment services, to serve as a hub for the sharing of payment information. Each party connects to Phixius just once, eliminating the need for one-to-one integrations. Phixius refers to these stakeholders as credentialed service providers.

Phixius is defining operating rules and data requirements for individual uses cases.

Phixius uses distributed ledger technology to build trust among its participants in the data shared over the system. Phixius itself does not store the data nor does the distributed ledger contain the data about the transaction. It only contains a unalterable mathematical representation of the fact that the sending and receiving parties vouch for the data and agree on how it is used. The ledger can be audited by Phixius and the two parties involved in the transaction. But another node on the network could not interrogate the ledger to determine who is trading with whom.

So, it’s refreshing to see an instance of blockchain technology doing useful work, at scale, that has nothing to do with cryptocurrencies.

NACHA designed Phixius. It recruited important users of the system. Phixius is live in pilot and a broader rollout is scheduled in Q4 or Q1 of 2021.

NACHA is not a venture funded startup with tons of money to market the Phixius brand to the fintech and financial institution communities. The idea is compelling. Building a network is always difficult, and Phixius faces a significant adoption curve. Their success will lie in the strength of the underlying ideas of Phixius and the commitment of their Early Adopter partners.

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.

Privacy.

It’s a huge issue. Many of us are concerned as individuals with how our personal data – our personally identifiable information or PII – is shared by social media and throughout today’s massive data ecosystem without our knowledge or without our case by case granting of permission.

As a result of those concerns, various jurisdictions around the work have enacted privacy-focused legislation that has teeth. The EU’s General Data Privacy Regulation (GDPR) focuses on data protection and privacy where consent for PII is required. It also addresses data domicility, where the data about an EU system must reside. GDPR applies to entities doing business in Europe – i.e. it applies to thousands of US companies.

In the US, one of the leading regulatory steps is on the ballot this year in California. Its proposed data privacy regulation, the California Consumer Privacy Act (CCPA), would provide for:

* The right to know about the personal information a business collects about them and how it is used and shared;
* The right to delete personal information collected from them (with some exceptions);
* The right to opt-out of the sale of their personal information; and
* The right to non-discrimination for exercising their CCPA rights.

Any business doing business in CA will be affected by the CCPA, including data brokers.

These regulations are an attempt to return a measure of control to individuals over the sea of personal data that makes it possible, for instance, for an entity to correlate the data of a handful of payment transactions to identify an individual with high confidence.

The ramifications of these regulations are many. In this podcast, we hear of how a Midwest bank, that does not business itself in the EU, became subject to GDPR regulations because of the activities of one of its clients.

We are living in a world where the social implications of wide data sharing are obvious.

What’s not so clear are the business ramifications of privacy regulations and the data custodianship they demand.

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.

We are at the beginning of a decades long evolution of how privacy is supported and data is managed. Shaping that path will be regulations, the decisions reached through multiple lawsuits, and the response by technology and data providers.

In this episode, George speaks with Rafael Lourenco, EVP and Partner of fraud management provider ClearSale. Rafael returns to Payments on Fire® to address COVID’s impact including new online threats and the consumer behavior changes that challenge the customer checkout experience and fraud detection.

COVID-19 has contorted how merchants do business into new shapes. COVID-19 is forcing some merchants, often inexperienced with the online world, to make a swift digital transformation with all of its benefits and downside fraud risk.

For example, numerous brick-and-mortar merchants have rushed to embrace online commerce as they attempt to fill the revenue hole in their business. Others, as we’ll hear in this Payments on Fire® podcast, have suddenly found new demand for what they offer.

Even fraud management companies have found themselves dealing with unexpected shifts, including new behaviors of good customers.

* Consumers new to the online channel have suddenly appeared. Their checkout and payments behavior maybe confused and uneven.
* Prior customers may decide to become quarantine refugees and move in with friends and family at a different address. The new shipping addresses raises a red flag at the merchant’s fraud detection system.

As we’ve seen countless times after natural disasters, fraudsters see opportunity in the misfortune of others. The pandemic is no different. It’s also encouraged fraudsters who formerly operated in the physical world to attack the online channel. After all, they need to make a living, too.

Rafael takes us through these scenarios, what ClearSale has observed since very early in the COVID-19 outbreak, and some of the adjustments ClearSale’s full outsourced fraud management service has had to make.

He also discusses the role of machine learning and artificial intelligence (ML/AI) in fraud management. ML/AI has dropped ClearSale’s need for manual review from 30% of orders 10 years ago to 5% today.

ClearSale differentiates its service partly based on the extent fraud analysts examine the case before a questionable transation is declined. Rafael points out that, unlike an individual merchant who must maintain the same staffing level despite volume fluctuations (think Cyber Monday and mid-July), ClearSale’s fraud analyst team works across multiple merchant categories. That means, when one segments is busy another is less so. The result is “staffing in the cloud.”

For more on how COVID-19 has affected payment flows and the payments industry, read Glenbrook’s COVID Impact series. 

Take a listen to Rapyd‘s Eric Rosenthal and Glenbrook‘s George Peabody as they discuss Rapyd’s swift global expansion, its ability to quickly build new capabilities, and the firm’s cloud-based tech stack. It uses its “white label PayPal” model to payment-enable a wide range of companies and use cases.

Programming Payments Has Been Hard

Among the many evolutions in the payments industry over the last decade, and only accelerating today, is the programmability of payments. Prior to that, a portion of payments providers – gateways, processors, and even networks – provided access to their services via direct integration to whatever interface they cared to expose. The API is the layer now employed for that purpose.

A single interface to core services is, of course, the basic stock in trade of a gateway, an outfit that exposes a single interface to its customers with the promise, among many, of reaching a broad swatch of acquirers out the other side. Networks like American Express and Mastercard have long provided access of their own.

But this approach, for the many merchants and businesses shifting to digital payments, had a number of shortcomings.

First, none of these integrations were truly comprehensive. One gateway could get you to the UK, but others were necessary to reach the rest of Europe, often on a country by country basis because payments are local and domestic. To sell in a country, you have to connect to the methods its citizens use. Cards along won’t do it. So, global reach through a minimum set of providers was a challenge.

A second concern was the effort required to connect to so many providers. A merchant would have to carefully assess the ROI for each development effort in order to sell, say, in Austria or Thailand. Or to take advantage of the fraud services of American Express. Implementing and maintaining so may interfaces – and the contracts or partnerships that exist alongside the technical effort – is a lot of work.

Things Have Improved – A Lot

The way over these barriers is now broadly available. A number of providers have applied a common insight – that merchants, enterprises, and sellers will flock to a provider that offers a single, straightforward API that abstracts the complexity of payments so that they can focus more on their commercial goals.

Multiple providers now offer a single integration through which merchant can reach a global audience and the global range of payment methods.

That’s one of the insights that inspired firms like Braintree, Stripe, Adyen, and others, including the firm Rapyd, the subject of this Payments on Fire® episode.

Built on the Cloud

Rapyd is a young company building out its capability to global scale in a very short period of time. In this discussion with Rapyd’s Eric Rosenthal we hear how the firm’s use of Amazon Web Services has allowed the company to scale operations around the world in a reliable and, critically, compliant manner with respect to data privacy and domicility.

Eric illustrates the company’s model – a white label PayPal as he calls it – through an example of Rapyd supporting a cash collection supply chain challenge for a global CPG manufacturer.

Flexibility and Speed

In our payments consulting work on behalf of merchants and billers, when we support their choice of payments provider, we increasingly see one or more firms like Rapyd competing against incumbents like First Data and Chase. We expect to see them more often in the future.

Incumbents using legacy infrastructure lack the flexibility to be responsive. We frequently hear about the years long implantation projects some legacy providers require. While a single firm may have built, at one time or another, every possible bit of functionality a merchant may want, the reality is that such breadth is not available on a single platform. Hence those long integration timelines.

The ability of these newer entrants to address incremental use cases is impressive. Of course, some of their components lack the functional depth achieved by incumbent competitors. But that gap will narrow with time and faster than in prior years.

By outsourcing the core plumbing to cloud providers like AWS or Microsoft’s Azure, firms like Rapyd are able to put more wood behind the arrow aimed at their customer’s business goals. Freed of much of the operational burden of running the plumbing, they can deploy their talents where the impact is greatest. And that changes the game.

The transition away from paper to an all digital payments world has been underway for decades. But in the last few years the pace has accelerated. Global tech availability and focused development talent is letting software eat the payments world. Other enablers include business models such as payments facilitation and the focus on commerce, not just payments, for merchants.

COVID-19 has simply added fuel to the fire. In May, for the first time, Mastercard reported that over 50% of its volume was card not present, transactions all in the digital payment space. The pandemic is yet another forcing function pushing digital payments deeper into our lives, across the key payment use cases employed by individuals, merchants, enterprises, and government.

Keeping up with all this is what we do at Glenbrook. In this Payments on Fire® episode, Glenbrook’s Russ Jones and George talk about what’s hot and how that gets examined in our upcoming Digital Payments Insight Workshop. It will be held online June 24 and 25th. For more on the workshop, check it out here.

Russ and George talk about the online training experience and how interactivity is supported by the tools we use and the flow we establish. So, take a quick listen to get a taste of what’s hot. If you like it, we look forward to seeing you at the workshop. No trains, planes, or automobiles needed.

Take a listen to Craig McDonald, Chief Business Officer of Trustly and George as they discuss how Trustly makes its proposition possible. While Trustly is ramping up its U.S. presence, it does have timing on its side. In this pandemic-constrained age, merchants will be looking for lower cost payments and certainty. Trustly appears to have attributes to meet those concerns.

In our payments education and payments consulting work, we frequently discuss payments “rails” – the networks and systems that move money either between banks in the open lop payments model or within a single operator’s closed loop network. Think cards, wires, and ACH when you hear “open loop.” Think PayPal when you hear “closed loop.”

Each set of rails connects to an account of some kind. And has to present itself to the end user to make payment initiation easy.

We know how to write a check and understand how a wire is initiated. We all know how to initiate a card transaction at both the physical point of sale and online. There’s another important system that most of use all the time if we’re employed. If we actually use it to send a payment, we might know what it’s really called. That, of course, is the automated clearing house, the ACH system.

The ACH has incredible attributes. Almost every financial institution connects to it so the network effect is huge. And, for the financial institutions that use it, it’s very inexpensive. It can be used to both credit or debit an account.

But it has some big shortcomings, too. It runs in batch, overnight and a couple of times during the day. It is not a real time payment. There is no authorization. And when a debit transaction is initiated, the system has no way of knowing if there are funds in the account to be debited.

A number of companies have come and gone over the years who have tried to take advantage of its cost and ubiquity but have been unable to overcome competition from cards, especially debit cards, or the challenges of fraud and security.

But more modern tools are available today from both the technology and the rules/regulations angles that make the ability to pay a merchant from one’s own bank account, certain for both parties, possible.

That’s the topic of this Payments on Fire® episode. Trustly has combined broad connectivity into the ACH system with machine learning to effectively guarantee payments to merchants at a lower cost than debit cards. It’s a fascinating example of how new tech can broaden the utility of a system that is decades old.

Take a listen to Craig McDonald, Chief Business Officer of Trustly and George as they discuss how Trustly makes its proposition possible. While Trustly is ramping up its U.S. presence, it does have timing on its side. In this pandemic-constrained age, merchants will be looking for lower cost payments and certainty. Trustly appears to have attributes to meet those concerns.