As our lives shift online, our providers needs strong digital representations of each of us in order to make authentication and authorization decisions. Besides payment transactions, there are the diverse risks they must manage when, for example, we establish new credit relationships, add new payees to our online accounts, and move money in new ways. The providers of these capabilities—and often a single party offers multiple services—must be concerned with the associated risks each poses.

This is the special domain of risk and fraud management companies. In this conversation with Payfone‘s CEO Rodger Desai, we focus on digital identity services and the role of the mobile ecosystem in particular. Take a listen.

Many risk and fraud vendors base their services on different data types, such as the email address, SSN, or phone number.

In Payfone’s case, it is the combination of the mobile number, the device it is connected to, and the mobile network serving it that have powerful attributes to measure against. Relevant data attributes include:

1. Tenure. How long the mobile subscriber has had the phone number tells a lot about the subscriber itself.
2. Phone’s Aren’t Free. Unlike email addresses which are cost-less, almost anything to do with a phone costs money, i.e. the service and device costs. Therefore, phone-based frauds, for the fraudster, cost money. Such hacks don’t scale as well as a card data breach. But when there is a phone-based hack, the impact on the victim can be particularly severe.
3. Lots of Activity to Examine. With 50% of American eleven year olds having phones, we generate a rich history using our phones. For billing purposes alone, that activity is tracked by the mobile network ecosystem and, given appropriate privacy controls, can be used to support risk decisioning.
4. Even More Data. Biometric unlocking of devices, behavioral fingerprinting—how we actually interact with the device user interface—and device fingerprinting—the digital portrait developed from such rich data—expand the data available for risk assessment.

The union of all this data paints a crisp digital identity once algorithmic power has been applied to it.

In this episode of Payments on Fire® we discuss the risk assessment capabilities the mobile ecosystem provides with Payfone’ CEO Rodger Desai. His long experience in mobile “phone intelligence” informs this discussion. He explains how some very large clients are using Payfone’s scoring capabilities to assess transactional and account risk while addressing the challenge of improving the user experience. Risk and convenience are often at odds. Payfone’s services are designed to mitigate that conflict.

Today’s digital identification capabilities are powerful. But fraudsters are fast moving and well funded. For the relying parties—those enterprises that take on the risk—the role of defense is a tough one. Priorities, cost, business goals, even awareness vary. Each and every party’s approach to risk assessment is unique. Risk tolerance for the same transaction will differ from bank to bank, from enterprise to enterprise.

In other words, individual enterprises can assemble strong risk assessment and mitigation capabilities while, from a systemic view, there will always be gaps to be exploited. The best we can hope in today’s environment is for each enterprise to raise its security game.

The U.S. has just come off a record setting holiday shopping season with e-commerce sales rising over 18%. While the numbers aren’t in yet, there’s no doubt the fraudsters also had a record year. There are so many ways to defraud consumers, merchants, and financial institutions.

At Glenbrook, we are optimistic about our longer term ability to deter, prevent, and detect fraud. Our kit is getting better. The combination of tech and rule making will payoff: strong authentication enabled by standards-based smartphone-enabled biometrics; regulations requiring strong authentication as put forward in the EU through its SCA rules; and our expanding ability to detect new attacks using tools that operate within the transaction flow.

It is this last area that is the topic of this Payments on Fire® episode. Fraud detection tools operated by or on behalf of merchants that examine transactions are today’s major line of defense against payment, loyalty, and coupon fraud. In this conversation with Colin Sims, COO of fraud prevention company Forter, the development, deployment, and maintenance of a modern fraud management platform is the topic.

Colin and George discuss how fraud management and prevention technologies continue to evolve, Forter’s own approach, the role and impact of PSD2 and SCA regulations in the EU, and how fraud continues to adapt. While machine learning is a central technology, Colin makes clear that human effort and insight is what makes the difference.

Deployment of “clean sheet of paper” payment systems is a once in a generation event. In over 50 countries, new account-to-account push payment systems are either in full scale operation, implementation, or fully committed planning stages. The U.S., for example, has the RTP Network in operation and, in a few years, the FedNow system will be online.

This is hard, serious work. Technology decisions need to be paired with equally rigorous rules making. One of the major concerns for these systems is what to do when a transaction is sent in error or initiated by a fraudster. In contrast to card systems, dispute resolution capability is not a standard feature. These choices should reflect clear agreement and follow through by the system’s key participants.

In this Payments on Fire® podcast, Glenbrook’s Elizabeth McQuerry talks with builders of dispute resolution, complex messaging, and connectivity capabilities developed around Australia’s New Payments Platform (NPP).

Joining Elizabeth are Jack Baldwin, Chairman of BHMI, a U.S.-based developer of bank-grade settlement and reconciliation systems, and Nathan Churchward, Head of Product, Emerging Services at Australia’s Cuscal Limited. Cuscal is a developer of payments capabilities that include card issuing and acquiring, mobile payments, fraud prevention, switching and settlement.

There’s a lot to be gained by learning from someone else’s experience. Nathan and Jack address the dispute resolution process, ISO 20022 messaging, and the significant effort needed to build out systemically important payment infrastructure. Take a listen and you’ll gain a deep appreciation of the interplay of rules, regulations, technology, and effort.

Glenbrook Partners is working with the U.S. Faster Payments Council to help shape rules in the U.S. and address significant concerns around system interoperability, directory services, and dispute management. Take a look at the Faster Payments Barometer based on our industry survey. And visit the U.S Faster Payments Council site for more.

If you thought bitcoin was dead as a payments system, take a listen to George and Jimmy Nguyen, founding president of the Bitcoin Association, as they discuss Bitcoin SV, a new version of bitcoin that is a significant upgrade to the performance and capabilities of the original bitcoin protocol put into the world a decade ago.

From a payments perspective, bitcoin has failed. While successful as an albeit volatile store of value, its failings include:

• It is slow, only able to handle 2 or 3 transactions per second with a peak rate of 7. Visa handles 50K at peak holiday times with aplomb.
• While transactions are irrevocable, they are not immediately written to the blockchain. Core design specifies that that happens every 10 minutes but when the network is under load it has taken hours.
• Processing cost is too high, measured in dimes and dollars, and also volatile
• As the processors, known as miners, are rewarded with fewer bitcoins for their work, they’ll have to rely on processing revenues, transaction fees, to stay viable. Costs are already too high
• There’s the high power usage of the network that’s needed to maintain consensus, essentially trust in the network.

If you thought bitcoin was dead as a payments system, take a listen to George and Jimmy Nguyen, founding president of the Bitcoin Association, as they discuss Bitcoin SV, a new version of bitcoin that is a significant upgrade to the performance and capabilities of the original bitcoin protocol put into the world a decade ago.

Jimmy brings a refreshing view on cryptocurrencies and payments. Jimmy provides a great review of how bitcoin works and why both its performance and its economics are broken. He explains the advantages of the Bitcoin SV fork and why it was necessary. Suffice it to say, bitcoin’s evolution is subject to the often fractious politics of that community where competing interests inhibit long term thinking.

Bitcoin SV has intriguing potential. Micropayments, sub $1 transactions, have never found a home in electronic payments. BSV could apply there.

BSV is also designed to use enormous blocks in order to keep processing costs low and provide the ability to store massive amounts of data about the payment.

Join Jeff Brown, president of VPay, a firm specializing in insurance claims payments, and George Peabody of Glenbrook Partners in this deep dive discussion of how the work of claims processing is done and how he approaches B2B payments, compliance, and the value-added services needed by the company’s customers.

The B2B Domain

We’re all familiar with the card present POS domain, card not present Remote domain, P2P payments, and the Bill Pay domain. A phone tap here, a card swipe there, a bill payment to the utility company. On a day to day basis, our personal experience with payments is these areas.

The B2B and B2C payment domains are very different. There is a wide range of industries with very specific payment needs. (Listen to episode 92  to hear how customized payments can become. Roadsync’s Robin Gregg talks about the special paper check type built just to serve independent long haul truckers.)

Insurance is Huge

One of the biggest industries is insurance. Premium payments in the U.S. alone are over $1.2 trillion. Payouts by stakeholders, such as healthcare systems and property & casualty insurers, and made to individuals claimants and service providers amount to trillions more.

Insurance is definitely big enough to be a very attractive vertical to a payments service provider.

Knowing Your Customer’s Business

If you are a PSP serving a particular vertical market in the B2B space, you have to know at least as much about the vertical you serve as you do about payments operations and services. For example, if you’re making healthcare payments, you have to comply with the strict data privacy requirements specified by HIPAA regulations. You may have to support specific data formats. And you should help your business customers deliver useful features to their own customers.

If you want a great explanation of how payments fits into a vertical market, you can’t do better than listening to this episode of Payments on Fire®.

Digital disruption and financial inclusion are focus areas throughout the developing world and the topics are white hot in Colombia. Listen in as Hernando Rubio, CEO of Moviired, speaks with Elizabeth McQuerry and George Peabody about Movii and payment / financial inclusion ecosystem in Colombia.

Financial Inclusion in Colombia

Although one of the first countries in Latin America to make a big policy push for financial inclusion, those efforts focused a “banking correspondents” or agents in local stores carrying out basic financial services on behalf of banks. While these correspondents greatly improved access to financial services, they have not fully produced the desired results. According to the World Bank, fewer than half of all adults have a bank account and only a handful (less than 5%) have a transaction account from a telco led service. Very few Colombians use those accounts to pay bills or buy something on the internet. Cash is still preferred.

Enter the SEDPEs

In 2015 regulators in Colombia created a new category of licensed financial institutions called a   special company for electronic deposits and payments, or SEDPE by the Spanish language initials. While a bank can also pursue this type license to focus financial inclusion efforts, the main conceptualization of SEDPEs are fintechs that gain authorization to take deposits and make payments – the two most basic (and still lacking) aspects of financial inclusion. SEDPEs are not allowed to make loans but can partner with others to make small credits available.

Movii

Rubio’s Movii was the first SEDPE to be authorized by regulators. Movii is a classic digital service that offers a wallet for storing funds, access to a reloadable debit card from Mastercard for buying in stores and on the internet, bill payment, mobile top ups and transfers to other Movii users. Movii also recently connected to the new national real-time payment service (Transferencias Ya) in order to be able to reach all account holders in Colombia. Movii builds off the company’s experience managing Moviired, an extensive network of physical agents in stores and bank correspondents throughout Colombia, that people use for those basic payments. Hear how a company disrupts itself as it lays the foundation for the next generation of financial services.

The merchant acquiring industry continues its large scale shift from a payments-led to an operations-led purchasing decision for the merchants it serves. Historically based on independent sales organizations (ISOs) and non-bank acquirers, the party that increasingly provides payment acceptance is the independent software vendor (ISV).

This makes sense for a number of reasons:

• Software is Vertical. Today, the first IT choice more merchants make is the software they use to run their business. This makes sense. Tools that improve overall business operations have a greater impact on success than the comparatively minor differences among payment providers. Auto parts stores need inventory management. Salons need scheduling. Ice cream and coffee shops need quick order entry. Daycare providers need security controls.
• Payments are Horizontal. Every merchant, regardless of its segment, needs to take payments. While many segments have particular requirements for payments, payment acceptance alone is a commoditized service.
• The ISV is the First Point of Contact. Given its primary role, the ISV has moved into an excellent position to sell and profit from payment acceptance.
• Taking a Back Seat in Selling, Payments is Infrastructure. The payments industry has multiple ways of enabling ISVs to sell payments. The ISV may use a gateway to reach multiple acquirers with the gateway itself selling value-added capabilities in areas like fraud management. The ISV may use the payfac model for fast onboarding of new merchants. The ISV may, itself, become an ISO. Multiple forms of business relationship all provide some measure of revenue sharing with the ISV.

Differentiation in Payments Via New Paths

Differentiation based on value-added services drive revenue in payments. For that reason, we have seen non-bank acquirers and ISOs focus on particular vertical market segments to drive and secure long term revenues. A decade and more ago, Heartland Payment Systems (acquired by Global Payments) doubled down on the restaurant vertical by developing special services for restaurant operators as well as acquiring restaurant-focused ISVs. That lesson has been learned by many since.

Over the last few years, differentiation has also stemmed from how well the payments provider serves the ISV and its developers. Integration of payment services both into the ISVs code and within the provider’s own code base is important. A single API that exposes all of a provider’s services is preferable to integration work requiring knowledge of an API tied to each function. Micro-services based capability is also welcome.

Payment Facilitation as Enabler

While not, in and of itself, a new approach, the payment facilitation model is a major enabler of payment service delivery via ISVs. The payfac model is based on network rules that allows an intermediary to act as the merchant of record in order to provide payment system access to smaller merchants. PayPal did this first for ecommerce merchants. Stripe is another card not present example. Square used the payfac model to offer sellers in the physical world access to card acceptance.

ISVs who become payfacs assume responsibility for the activity of their small merchant customers. So, choosing to become a payfac has its complexities and risks. A number of providers, including Finix, bring expertise in the payments facilitation model to help ISVs make that decision.

In this Payments on Fire®, take a listen to Glenbrook’s Nicole Pinto, Drew Edmond, and Finix CEO and founder Richie Serna as they discuss the payfac phenomenon and the larger shift to the ISV as payments provider. This is a cool conversation about a sea change event in the merchant services industry.

Take a listen as George and Nick Starai, Chief Strategy Officer of NMI discuss the role of the independent payments gateway and its evolution as a technology and business enabler for today’s providers of payment acceptance: ISOs, ISVs, and merchants.

A key technology and business partner for merchants and the first-line providers of payment services (think ISVs and ISOs) is the payment gateway.

At their simplest, gateways provide a single interface to their users that, once built, lets the party using it switch between acquirers with relative ease in order to get better performance, service levels, and/or pricing.

For independent software vendors (ISVs) selling line of business software this flexibility allows their customers to choose their acquirer of choice from the range of acquirers supported by the gateway. Many such relationships are in place long before the ISV relationship is established. ISVs can’t insist that their potential customers change acquiring banks in order to use their software. That’s one use case for a gateway.

Another is the Independent Sales Organizations (ISOs) that also realizes the necessity of using gateway technology in order to reach their increasingly demanding merchant customers. Placing stand-beside payment terminals next to a cash register is no longer nearly enough. Integration of payments into the overall business process of even a smaller merchant is now table stakes. Gateways can help make integration of more advanced capabilities happen.

Independence Means Acquirer Neutrality
Many formerly independent gateways have been acquired by processors. What processor wouldn’t want to move all the transactions managed by the gateway onto its own systems? It’s all about volume, after all.

But for independent software vendors, independent sales organizations selling to ISVs and merchants, and for many merchants themselves, an important virtue of the gateway function is its processor and acquirer independence.

Value-added Services
Gateway operators generally charge flat fees for each transaction handled so they have every incentive to expand the volume of transactions they manage as well as to provide value-added services that increase revenue on each transaction handled.

To increase volume, gateways make it as easy as possible for a customer to integrate to the gateway. They make their APIs simple and robust so it’s easy to add new services. The gateway provider builds software developer kits (SDK) to support in-app payments and makes sure their code runs on every important operating system.

Gateways often specialize on a particular payment domain such as large ecommerce merchants or in-store systems. Others offer a broader set of services. NMI, the subject of this Payments on Fire® podcast, supports both EMV terminals and the card not present environment.

Payment Facilitation
The payment facilitation business model has broadened card payment acceptance to the wide base of small merchants who would otherwise not qualify for a traditional merchant account.

The greatest impact of this payfac model is how it streamlines the onboarding process. Instead of the days-long underwriting process traditionally needed, sellers working through a payment facilitator (PayPal, Square, and Stripe all employ that model) can start to take payments within minutes of creating an account.

Because of that swift onboarding, the payment facilitation model reduces sales friction for ISVs. Their customers can install the ISVs line of business software and start taking payments at the same time.

For the ISV, there’s also the opportunity to earn revenue from their customer’s payment transaction flow. We’ve seen multiple merchant companies selling software services earn substantial revenue from the payments side of their business. NMI provides essential infrastructure services for the payfac business model including onboarding, sub-merchant account creation, KYC, and other reporting services.

The NMI Story
Nick relates NMI’s growth and service expansion. It’s a cool story that speaks to the industry’s evolution as well as the company’s own growth. By the end of the podcast, you’ll understand how enabling technology and new business models have shifted, yet again, the payments ecosystem. The gateway and payment facilitation services offered by NMI help move ISVs and tech-forward ISOs into a first position over traditional providers of merchant services.

Take a listen to Ian Drysdale of Zelis Payments and George as they discuss how complex the payments process is in the healthcare industry.

Near the peak of payments complexity and specificity is the healthcare industry. If you’ve ever looked at an explanation of benefits letter from a healthcare insurer, you’ve had a glimpse into the complexity of these payments. Multiple parties are paid a lot of money, before you may be required to ante up a co-payment yourself.

Regulation, compliance, the huge range of services delivered, and the scale of the healthcare ecosystem—from giant healthcare insurers to the local dentist—make healthcare payments a challenging, and attractive, market to serve. It is an enormous business-to-business market. Americans spent $3.5T, over $10K per person, in 2017. We spend something like 1 in 6 of our dollars on healthcare.

Simply getting the payment to the right party is complicated. Consider the imaging clinic that operates within a big regional hospital. It has its own back accounts, its own P&L, its own accounts receivable. Getting payments routed into the right account isn’t easy.

Checks still dominate in this industry because the development and maintenance of databases to track bank accounts is a major headache for a payer like an insurance company. Dropping a check in the mail, along with invoice information, at least communicates what’s necessary despite slow speed and high cost.

That’s where Zelis Payments and Ian Drysdale, its president and guest on this Payments on Fire® podcast, come in. Zelis Payments specializes in shifting healthcare payments from check rails to ACH rails. Using the service, providers get paid within a two or three days instead of two weeks. That speed has a huge impact on cash flow, a business metric of particular importance to smaller providers.

Zelis Payments also enables an EDI message format that communicates what’s being paid for in a manner consumable by the accounts receivable software in almost every healthcare provider’s office. Matching up the ACH deposit to what it covers is automated. While neither ACH or EDI are considered modern technologies, pairing them tightly produces real efficiencies.

Another area of complexity Ian discusses is healthcare fraud. Unfortunately, no small number of providers enter fraudulent claims into the system. They add up to huge numbers.

Zelis Payments adds value specific to the healthcare industry around the general functionality of EDI and ACH rails. If you’re a dentist getting paid 10 days faster than before, that added value is a very good thing.

Need an early warning system for what payment system hackers are about to do? Then knowing what’s happening on the dark net is imperative.

In this episode of Payments on Fire®, George speaks with Aamna Zia, VP of Finance and Growth at Flare Systems, and David Hetu, its Chief Science Officer. Based in Montreal, Flare Systems operates a dark net monitoring system that brings intelligence to the InfoSec and fraud management teams at banks.

The dark net is a mysterious place for most of us. It exists on something called Tor, an internet overlay that is designed for anonymity. Using a purpose-built browser, users can access websites, chat rooms, and the like, similar services to those we use on the open internet. The anonymity feature makes performance slow but it also works.

And that’s why it is the hub that marketers of stolen card numbers, user IDs and passwords, personally identifiable information, and hacking tools use to buy and sell. It’s this activity and the discussions around it that Flare Systems monitors and reports on.

Among the findings of Flare’s analytics is the fact that the vast majority of card data sellers probably have to live with their parents to get by. There’s not a lot of money in that particularly tired approach.

Obviously, there’s plenty of money to be made in payment fraud, though. Account takeover (ATO) fraud is growing quickly as recent losses on the UK’s Faster Payments system demonstrate. Synthetic identity fraud is fueled by the kind of data sold on the dark web.

Take a listen as Aamna Zia and David Hetu as they describe how Flare Systems works and what the hackers are up too. Then, if you’re on a bank’s infosec or security team, try to get some sleep.