Payments On Fire

Latest Podcasts

Episode 88 – Digital Marketplaces Go Global – Tomas Likar, Hyperwallet

The digital marketplace model brings together buyers and sellers and, frequently, handles the money and payouts to the sellers.

As my guest today has determined, digital infrastructure, eCommerce usage, competition, and workforce characteristics influence a country’s ability to establish a flourishing marketplace component to the economy.

This marketplace economic model is a useful one enabling, among other use cases, the gig economy. Adopted in countries like China, the U.S., Canada, the U.K., Australia, and other established markets, this episode’s guest, Tomas Likar, Head of Business Development and Strategy at Hyperwallet, has done a lot of thinking about its role in these and other countries.

This podcast was prompted by Hyperwallet’s February 2019 release of its Marketplace Expansion Index report, the MEI, that evaluated the marketplace readiness of some 36 countries.

A surprise is the early stage of marketplace adoption in a number of otherwise highly developed countries.

The application of the marketplace model to human labor is, of course, not without controversy and concern. Steady employment with guaranteed benefits is no longer an attribute of employment in many countries, replaced by the uncertainties of the gig economy. That’s the downside concern. On the other hand, these marketplace services provide access to otherwise unavailable work and that is good news for individual and, by extension, domestic economic well being.

Take a listen to this conversation with George and Tomas Likar of Hyperwallet for an overview of marketplace adoption and the variables affecting its uptake.

Episode 87 – On Launching an SMB POS Product Line – Gavin Rosenberg, TSYS

The business of merchant services continues to undergo two forms of transformation. First, the merchant services businesses, either as acquiring banks or via non-bank acquirers, has undergone massive consolidation over the last five years and more. Fiserv’s takeover of First Data, announced on January 16, is just the latest example.

The second sea change is the expansion of products and services these entities deliver. What was a fairly innovation-averse industry has become, under the competitive pressure of companies like PayPal and Square, far more committed to delivering value that helps customers run their business, not just accept card payments.

At the POS, Square changed the merchant services game by delivering a great deal more business value to the small merchant than the traditional ISO or agent focused on placing stand-beside terminals next to dumb cash registers. For the price of payment processing, Square has given those merchants inventory, time and attendance, sales and marketing focused reporting, and more.

As a result, the giants in this game have been forced to respond. In 2013, First Data acquired Clover to reach small retailers and restaurant customers. Others, like Global Payments’ Heartland unit, have invested heavily in serving the mid-tier and larger restaurant industry.

To deliver similarly broad services, TSYS recently came out with three new merchant offerings targeted at micro merchants, single shop operations, and larger merchants. The new line is called Vital, at vitalpos.com and its solutions are called Vital Mobile, Vital Plus, and Vital Select.

Along with the new Vital hardware, we can expect the offering, taking advantage of cloud delivery, to expand its software and services line-up in the future – a trick that the old POS terminal model never could pull off.

Take a listen to this episode’s discussion with Gavin Rosenberg, vice president of product marketing, at TSYS. It’s a revealing conversation about the decision making and product strategy of a major provider of merchant services.

Episode 86 – Fraud Management and the E-Tailer – Rafael Lourenco, ClearSale

This Stuff is Hard

As the remote payments domain (think in-app and browser-based payment transactions) continues to grow at around 15% a year, that growing number means the size and scale of fraud losses are going to increase. And they have – in both absolute terms and as a percentage of overall transaction volume. That also means rising chargeback rates for many merchants.

Rising fraud in the online world is also a result of better security technology in the physical world. While EMV chip cards have dropped counterfeit losses way down, the fraudsters still have their own bills to pay. They’ve just shifted more aggressively to the card not present channel.

A Delicate Balance

All e-tailers face a delicate balance in managing fraud. If they err too far on the side of fraud minimization by tightening approval standards too far, they leave good sales on the table and insult customers with unnecessary declines (the “insult rate”). Of course, those customers promptly go to another site to make their purchase.

The e-tailer’s sales and marketing team, then, tells the fraud manager that she’s killing sales.

If the approval standards are too loose, on the other hand, the e-tailer risks the twin threats of higher fraud and chargeback costs and, if the chargeback rate exceeds 1%, placement on a watch list if that rate stays over 1%. Not a good list to be on because the the merchant could lose card acceptance privileges if the problem is not addressed.

The Smaller E-Tailer is Challenged

While Amazon continues to gobble up half of the growth in US commerce volume, it still means that there is room for smaller online merchants to prosper. It also means they face growing fraud losses. Unlike their larger competitors who can afford internal fraud management teams and technology, small and mid-tier e-tailers have limited time, budget, and skills to meet those needs.

Fraud management is a non-trivial problem even for the largest enterprises. They deploy a layered set of technologies, ranging from table stakes tools like address verification system (AVS) to device and behavioral fingerprinting and on to rules engines, AI, and machine learning controls.

That level of sophistication is beyond what the mid-tier e-tailer can handle. Some enterprise customers don’t want to deal with that complex task either.

The Outsourced Option

That’s where the wholly outsourced proposition comes in. The third-party fraud management service provider assembles the necessary technology, makes the right integrations with shopping carts and other software providers, puts an analyst team in place to decide on questionable transactions, and offers its services for a fee.

ClearSale (www.clear.sale) is a provider in this space. Take a listen to Rafael Lourenco, its EVP, and George as they discuss fraud management in this segment, how the ClearSale service is deployed, and some merchant best practices. Rafael breaks down this topic very clearly. Definitely worth your time.

Episode 85 – It’s Hard to Communicate about Chargebacks – Keith Briscoe, Ethoca

eCommerce fraud rates are rising and that means more cardholders are seeing unauthorized charges on their accounts.

The cardholder remedy is to call either the merchant or the issuer to flag the problem. If the cardholder turns to the issuer to resolve the problem, the remedy is often an expensive chargeback for the merchant and a generally lousy experience for everyone.

eCommerce Merchant Pain

eCommerce merchants have invested heavily in fraud detection tools because in the remote payment domain liability rules make them responsible for fraud losses. eCommerce merchants employ sophisticated fraud management processes and tools to detect fraud in realtime to stop authorization (best in class fraud rates are 25 bps – 35 bps).

On top of that, they must eat the direct costs associated with stolen goods and services. These include a chargeback processing fee from the acquirer as well as the merchant’s internal costs to manage the chargeback process. If the merchant fights the chargeback, the merchant has to gather the supporting evidence (the receipt or copy of the order) and submit it to the acquirer.

Disputes and chargebacks re initiated by cardholders for a range of reasons including fraud, authorization, various processing errors, and consumer-specific disputes. Examples of consumer dispute codes include products or services not as described, counterfeit, misrepresentation, and failure to process a credit.
https://www.worldpay.com/global/support/support-articles/what-are-chargeback-reason-codes-visa-and-mastercard

Issuer Pain

For issuers, disputes and chargebacks are painful, too. In the POS domain, issuers hold the liability for fraud losses. If a counterfeit card is used and the issuer authorizes the payment, the issuer owns that liability. Issuers also bear the customer servicing and communications costs as chargebacks initiate with the cardholder’s call to the issuer.

Consumers Game the System

Zero liability rules have taught U.S. cardholders that they don’t have to worry about fraud and that they have broad powers to dispute a transaction.

Knowing that, too many cardholders are taking advantage of these rules. Digital merchants, in particular, are suffering from friendly fraud (not exactly an accurate term) that occurs when a cardholder, for example, disputes the charges made by another family member. For some digital merchant, over half of their chargebacks are friendly fraud, purchases for which the cardholder is truly responsible but able to renounce (“It wasn’t me!”) because of the rules.

Such high chargeback rates carry other risks for these merchants. Once a merchant’s chargeback rate exceeds 1% of its transactions, that merchant is put on a watch list, a remediation plan, and faces the possibility of losing card acceptance privileges. High chargeback rates also increase authorization declines for the merchant, losing even more good transactions.

Card Network Remediation

On the face of it, there’s an asymmetry when it comes to liability. Merchants shoulder a large burden. With that in mind, both Visa and Mastercard updated their chargeback rules in 2018.

In a chargeback mitigating move, Mastercard recently announced an end to the automatic renewal of free trial subscriptions.

Timely Data Sharing

In other words, chargebacks are a pain. Steps to reduce chargeback cost and frequency are a Good Thing.

One approach is to speed up data sharing. For example, once an issuer determines that a transaction is fraudulent, a timely message to the merchant could halt a product shipment. While the rules would still make an eCommerce merchant liable for the chargeback costs, the merchant wouldn’t lose the cost of order handling, shipping, and the item itself.

Similarly, if merchants can share their cardholder fraud experience back to the issuer then that financial institution can adjust its fraud detection models and algorithms.

Such data sharing is the proposition of Ethoca, a firm that federates bank fraud signals from hundreds of major global issuers and connects to thousands of merchants in the developed world in order to share alerts and chargeback messages.

In this conversation with Keith Briscoe, CMO at Ethoca, we talk about the chargeback problem, hear some truly astounding chargeback stories (hackers aren’t the only fraudsters), and discuss Ethoca’s role in this space.

Episode 84 – Diving into the Deep Data Pool – Feedzai’s Saurabh Bajaj and Nick Stanchenko

Fraud prevention today is about how quickly we can separate good customers from questionable ones and, for those doubtful transactions, use the right set of tools and data sources to optimize speed, costs, and fraud losses.

When it comes to fraud prevention, it turns out that data is key. No revelation there, but how we manipulate it, gather it, and assure its provenance is undergoing major change. What would be a revelation to fraud managers of a decade ago is the unbelievable amount of data and the wide variety of sources that we have today. It’s a flood.

The only means we have to make sense of this data deluge is through algorithmic examination. Rules engines and neural networks are staple approaches. In recent years, application of artificial intelligence and the newer incarnation of machine learning (“let the computer figure it out based on all the data it sees”) has become a hot, and effective, area for fraud prevention. Only machines can find correlations among all that data in order to identify potential fraud.

A number of firms focused on the fraud prevention problem employ techniques that gather data and then analyze it in order to provide their customers like eCommerce merchants or financial institutions with a risk score. Companies specializing in device fingerprinting, for example, gather the relevant data (think IP address, mobile IMSI number, device type, OS version, browser software version, etc.) to create a profile or “fingerprint” of that device in order to generate a history of its behavior. Threat Metrix, owned by LexisNexis Risk Solutions, is an example.

Behavioral biometric companies may take that data and layer on how the owner actually uses their device, often by looking for keystroke patterns, screen tap rhythms, the angle that the phone is held, and more, in order to build a more nuanced profile that includes how the owner interacts with the device. That richer data then feeds into analysis and risk scoring. Mastercard’s NuData Security acquisition uses this approach.

Subsequent bidirectional data sharing can provide these firms with insight into the results of their decisioning.

As these firms gain customers, they see more and more devices and develop clearer visibility into the outcome of their work. As a result, it becomes a natural step to pool or federate the data they see from all of their customers. There’s an expectation that a card account, for example, will be seen at multiple merchant clients of the fraud solution provider. These repeat interactions will improve fraud detection for all when the cardholder is a bad actor, or speed the transaction of a trusted one.

Data consortia where multiple financial institutions and merchants pool their fraud and chargeback data also exist. Ethoca is a prime example.

The deeper the data pool the better, provided, of course, there’s the ability to analyze it all.

Massive analytical capability is the foundation for artificial intelligence and machine learning. In the fraud prevention space, Feedzai is a firm that applies its analytics power to data sourced from multiple providers and techniques. Feedzai, like others providers who have attained a critical mass of customers, has also invested in federation of their data to improve, for everyone, its fraud prevention results.

In an earlier episode, we spoke with Feedzai CEO Nuno Sebastiao to get us grounded in how AI and ML apply to fraud prevention. In this discussion with Saurabh Bajaj, Feedzai’s Head of Product and Nick Stanchenko, product manager for Feedzai’s Risk Ledger, its data federation program, we go further. Saurabh catches us up on Feedzai’s growth and then takes a look at how Feedzai works and at the data sources it uses. Nick addresses federation, its value, and the light integration required.

 

Episode 83 – Settlement Systems in Detail – Carol Coye Benson, Glenbrook

Payment Innovation Moves to the Core

When we conduct our Glenbrook Payments Boot Camp, our first graphic illustrates the three essential steps in every transaction – initiation, funding, and completion. When looked at through the lens of of the past decade most innovation has been in initiation. Consider: Apple Pay, Google Pay, Venmo, QR codes. The list is long of ways to kick off a transaction.

Funding is all about where the money comes from. Usually a bank account, often a wallet holding money. Some innovation there but not a great deal. There are only so many ways to store funds.

Completion, the last step, is the most important to many participants as it’s when the transaction completes with the final movement of money.

Five years ago, in those boot camps, I said that completion, also called settlement, is the innovation-resistant phase of a transaction. Today, everything has changed.

In the U.S., we have new services such as Zelle and Venmo that appear to the end parties to deliver instant settlement. They may use card rails or bank rails like ACH to complete the transaction.

Two Forms of Settlement

In this discussion with Glenbrook’s Carol Coye Benson, we look at two forms of settlement: end party settlement – for example, an employer paying an employee – and then Carol focuses on the nuanced world of interbank settlement.

If you’ve heard the terms net settlement, gross settlement, or RTGS and wondered what they mean, take a listen.

Faster Payments and Settlement

We also talk about the phenomenon of faster payments and the settlement techniques these systems employ. 40 countries around the world are in one stage or another of deploying faster payment systems that push money from bank account to bank account. It’s already in the US via the Real Time Payments Network from The Clearing House and, perhaps, a competing service from the Federal Reserve. (To get an update on the Real Time Payment Network, listen to Episode 81 of Payments on Fire).

These faster payment systems vary in their capabilities. Speed and data carrying capacity are just two variables. But we have seen that when a new payment system enters a market innovative offerings can flourish, provided access to that system is encouraged by rule, regulation, or both. However, that level of openness is not guaranteed. As Glenbrook have seen in our work around the world, some systems are essentially closed by market power or operating rules. These constraints limit the network effect’s benefits of ubiquity, convenience and, often, cost.

This is an ongoing challenge. In this age of fintech, banks are under pressure to innovate. As owners or participants in new systems, some may choose to limit access to their fancy new rails in an attempt to forestall competitive market entrants. Others will be “encouraged” by regulators to open up. Of course, end party choices will play a big role, provided there’s a choice available.

The New Game

Settlement has traditionally been led by major commercial banks or the central bank of each country. That model still holds. In some markets, including the U.S., we expect a push and pull for control between those two entities. Christine Lagarde, Managing Director of the International Monetary Fund, suggests such tensions may justify  the issuance by a nation’s central bank of a fiat digital currency as a counterweight to the alternative control over payments by a concentrated set of banks and processors.

Settlement innovation has created a competitive environment that did not exist before. It will be the interplay of rules, regulations, technical capabilities, end party value proposition, and market power that will determine the evolution of each country’s settlement platform. In some, regulators will shape the outcome. In others, system access for fintechs and the “open banking” model will be a determinant. For all, cost effective access for end parties is critical.

So much for thoughts of a static payments ecosystem.

If you think of yourself as a payments geek or just want to get under the hood of how money really moves, Carol is a terrific guide.

Episode 82 – Restaurant Payments Deep Dive – Tim McKenna, Heartland Payment Systems

Restaurant payments is a complex area especially for those companies serving the mid-sized and large restaurant operator. They have different needs that extend well beyond payment acceptance but even that is a highly variable concern.

Ever notice that we pay differently depending upon the type of restaurant we’re in? It’s always been walk up and pay the central server at McDonalds. Applebees uses Presto table top devices to speed table turns, upset desserts (“that lava cake sure looks good”) and take payments. At most sit-down establishments, especially those in the fine dining segment, we still hand over our cards and the server walks away to authorize the transaction (later that night, the manual tip adjustment process determine the final clearing amount.)

For certain segments, order ahead is a priority. Order ahead dominates how pizza shop operate. Initially, that capability took market share from mom and pop pizza shops because only the largest operators in the “Big Pizza” segment could afford the necessary IT expertise. Now, mom and pop have multiple order ahead services to choose from.

But consider the complexities of integrating the order into the kitchen or at the barista’s station. Business process automation is a differentiator.

This podcast with Tim McKenna, VP of Sales, at Heartland Payment Systems, is both a deep dive into restaurant operator concerns and a revealing look into how a major payments provider has shifted its business model to serve mid-tier and larger restaurant operators.

Like Square, Heartland has realized the revenue benefits of expanded commerce services above and beyond the traditional payments revenue stream. By cross selling multiple services, Heartland expects to see 60% of its revenues coming from payments coupled with value-added services that automate the business of their customers.

If you’re interested in how the payments industry is evolving to market demands or how larger restaurant operators think about payments, Tim’s observations are well worth your time. Take a listen.


Episode 81 – Real-Time Payments Network Update – Steve Ledford, TCH

For those of you who didn’t make it to Money20/20 and want to hear the latest on The Clearing House’s Real-Time Payments Network (RTP), take a listen to this update conversation with Steve Ledford, SVP at The Clearing House for the RTP Network.
A year ago, The Clearing House got out of the gate with its Real-Time Payments Network, a wholly new payments system based on the push payment model.
A lot has changed – more banks have integrated into the system and many more are in process. By the end of June 2019, over 3,000 FIs are expected to connect to RTP, most via their bank processor. B2B payments are taking place over RTP between known parties.

RTP Characteristics

Not All Things

TCH is not attempting to provide everything necessary for a ubiquitous push payment system. It relies on its FI participants and their processors to expose RTP capabilities to their customers. RTP hopesto have bank-friendly fintech partners use its rails through the traditional model that gives the new provider access to bank rails via a sponsor bank.
Thus far, TCH has also steered clear of a native directory service, a necessary feature for broad use in P2P and C2B payments. Given the partial ownership overlap with Zelle’s Early Warning Services parent banks and The Clearing House, no one will be shocked if Zelle becomes RTP’s lead P2P directory provider. For that matter, few will be surprised when Zelle shifts to RTP for settlement. Of course, at least one business-facing directories will be needed for bill payments to take off.

It’s Taking a Lot of Work

Connecting up a financial institution to the RTP Network requires deep integration into the FI’s core system, the software responsible for managing debits and credits. Connecting bank ledgers to any payment system is non-trivial, a fact that impacts how fast banks implement new payment rails like RTP.

Tell Me All About the Payment

A feature of the RTP network that holds enormous promise is its native use of the ISO 20022 messaging format. The standard’s flexible and structured qualities–not an oxymoron–provide a major leap in data carrying capability. By representing the payment meta data, for example, ISO 20022 can support invoice information, letters of credit, and other business documents. Accounts receivable and accounts payable systems from multiple vendors will be able to communicate directly, reducing manual data input and data entry errors.

The RTP Push

In the U.S., we are accustomed to pull payment systems. We think nothing of giving our bank account information when we hand over a check or our card data when we hand our card to a merchant. We’re telling the payees where to go get their money so it can be pulled into their account.
RTP and Zelle are both push payment systems. Such systems are characterized by near instant funds availability to the recipient, messaging to send and receiver, and irrevocable payments. That last is very different from the chargeback protections U.S. cardholders, in particular, enjoy. While Reg E applies to the sender’s transaction account, accountholder protections will also be prescribed by the FI.
To emulate some push payment attributes, RTP and most other immediate funds transfer systems offer a Request for Payment message type that essentially sends an instant invoice to the payer. The customer may press a Pay Now button that uses the Request for Payment Message on her screen. She then uses bank account credentials to authorize the payment. There may even be a redirect to the bank site. It’s a flexible solution applicable to multiple use cases and payment initiation methods like embedded links and QR codes.

Instant Clearing and Settlement

The RTP switch runs software built by Mastercard’s Vocalink unit, builder of the now 10 year old Faster Payments system in the U.K. The RTP code base, however, is a new version, with native ISO 20022 messaging and an instant clearing and settlement system. That system uses a single, pre-funded account at the Federal Reserve common to all participating financial institutions. A separate ledger operated by TCH is the single source of truth, keeping track of the transfer of ownership of those pre-funded monies. Separate accounts, for each FI at the settlement bank, aren’t necessary. So, instant clearing, no batch-based settlement. Lower risk, simpler management.

Competition?

If you’ve attended a Glenbrook Payments Boot Camp in the last couple of years, you know RTP and Zelle have some overlapping capabilities. Zelle, however, is targeted at P2P and C2B uses cases. RTP is a set of payment rails open to whatever use cases come along. In the short term, think B2B and payroll but there’s no inherent limit to where it can go. Just don’t expect it to take over POS payments any time soon. The U.K.’s Faster Payments rails have operated for a decade and have barely touched merchant POS payments.
Another fact Payments Boot Camp attendees know is that there are two ACH operators in the U.S.: The Clearing House and the Fed. The Fed is now floating the idea of operating an RTP analog of its own. Smaller Fish may be glad to see the Fed operate an alternate system. We’ll touch on that more later but the Fed will have a lot of selling to do because, at the very least, adding a new set of rails requires a lot of integration effort by financial institutions and their processors.
And I thought the U.S. payments landscape was settling down. Hah!

 

Episode 80 – Talking Tokenization – Glenbrook’s Russ Jones

The payment industry’s responses to ongoing payment security concerns are many. We have procedural approaches and technical ones. For example, we are requiring merchants to attest to their compliance with PCI security standards that themselves include procedural requirements.

Technical solutions are also called out by PCI and are, of course, being applied across the ecosystem. Encryption of payment data in flight is one approach. In the physical POS world, semi-integrated POS terminals connect directly to the acquirer’s front end instead of passing card transaction data back through the merchant’s workstation and enterprise system.

An important technique, and the topic of this discussion, is tokenization.

Tokenization is an ancient security technique. In the broadest sense, a token is just a dummy representation of something of higher value.

In cards, that means the replacement of a PAN with a number or even an alphanumeric value that represents the underlying PAN. The mapping between the two is stored in a vault with the owner restricting access to that vault. If a hacker gets ahold of a token value, it’s useless. It’s a value that, to the payments ecosystem, is gibberish.

Tokenization is used in pull payment systems where payment credentials are given to the payee by the payer so that the payee has the information necessary to go get the money. Think card numbers or the routing and account numbers on a check.

In card payments, there are two forms of tokenization: merchant and issuer tokenization. Merchant tokenization has been around for more than a decade. A response to PCI, merchants generally outsource that token vault to a third party so they no longer store PANs themselves. When the merchant needs to do a lookup or initiate another payment, the merchant sends the token to the upstream service provider who then looks up the PAN and sends it off for authorization by the acquirer.

That’s been around for awhile.

The newer innovation is what we call issuer tokens – token values that are at the heart of Apple Pay, Google Pay, Samsung Pay and more. These token values are real card numbers, issued by your bank, but unlike a PAN that can be used to initiate a payment everywhere, issuer tokens are expected to come, for example, from specific devices or merchants.

Every card in your Apple Pay wallet is represented by an issuer token and whenever that token is presented for authorization, data about where it’s coming from is sent along too. If the token is sent from another device, for example the one the hacker has, authorization will fail.

This approach is totally compatible with the current card payment system. No changes are needed at the merchant or the acquirer and minimal ones at the issuer.

Glenbrook will be conducting an Insight Webinar on December 13 called Tokenization Fundamentals. Russ Jones will conduct that webinar.

In this Payments on Fire podcast, George talks with Russ about issuer tokenization, its role in the Pays (Apple Pay, Google Pay, Samsung Pay), in eCommerce, and the need for new entities in the payments ecosystem to support tokenization. This gets complicated. There’s now the need for token gateways.

Take a listen to the podcast and then sign-up for the webinar. Use the code POF80 to take 10% off the registration price.

Episode 79 – The Last Mile: Domestic Connectivity in eCommerce – Steve Villegas, PPRO

In the U.S., there’s the automatic assumption that payment cards and perhaps PayPal are the way to pay online. But if you’re an eCommerce merchant trying to sell in the Netherlands, you’d better support the domestic system known as iDeal.

Connectivity into domestic payment systems is an important and complex issue. There are over 150 such systems across dozens of countries around the world. While not all are important to a given merchant, most are important to the acquirers and payment service providers serving eCommerce merchants.

Join George and Steve Villegas, VP Partner Management and Head of U.S. Office, of London-based PPRO Group, a company that provides white label connectivity to these domestic systems by serving acquirers and PSPs alike.