Payments On Fire
Payments On Fire® podcast series
is where payment issues are reviewed, dissected,
and batted around with industry leaders.
In other words, a good conversation
between payments geeks.

Latest Podcasts

Episode 140 – Finding Fraudsters at the Front Door – Robert Capps, NuData Security – Payments on Fire® Risk Series

In a crisp explanation of account takeover and authentication risks, George and Robert Capps, Vice President, Market Innovation, at NuData Security. They discuss the findings of a recent NuData report and its experience with the sophistication of online fraudsters. NuData’s techniques are all about foiling cybercriminals as they bang at the front door of financial institutions, merchants, streaming services, and more.

Payments on Fire® listeners know that we’ve been taking a steady look at fraud issues over the past few years. Fraudsters have been pouncing on every opportunity, taking advantage of pandemic relief payments as well as the shift from card present to card not present, remote commerce transactions. If this topic didn’t matter, we wouldn’t be talking about it.

Measuring and detecting what the fraudsters are up to and their impact is critical. To better understand what’s going on, we speak with Robert Capps, Vice President, Market Innovation, at NuData Security, a company that specializes in behavioral biometrics.

NuData published in Q3/2020 its e report on cybersecurity trends. And the findings are really interesting.

What They Found

The current scourge is account takeover. ATO is a concern for financial institutions, for retailers, streaming media companies, and more.

Attack method sophistication goes well beyond reuse of stolen user IDs and brute force password guessing.

It is an arms race of increasingly complex and sophisticated attack and detection techniques.

NuData and others have expertise in behavioral analytics, tools that detect, among other things, bots that are build to emulate human interactions at the account login page. The use of CAPTCHA is one technique to deter these attacks. But the fraudsters have responded, going so far as to establish call center-scale operations with staff endlessly filling in CAPTCHA forms to add the human touch and smarts in what are otherwise highly automated ATO attacks. This is human farming to get around CAPTCHA and other rudimentary defenses.

Financial institutions and retailers aren’t the only targets. In this age of stay at home orders, streaming services have become targets of opportunity. Parasitic use of streaming service accounts has risen as the fraudsters sell streaming service account credentials.

The Defender’s Balancing Act

There are dedicated professionals working on both sides. But the defenders have the harder job. Besides having to protect every door and window, they also have to keep it simple for good users to transact. Adding friction to a transaction flow increases the shopping cart abandonment rate. That’s bad for the ecommerce merchant and insults the customer. It’s a tough balancing act.

Part of that balance is handled by “step up” authentication based on the level of risk. A bank might let a session proceed to a balance inquiry without asking for further customer input. But if a new payee is added to the account, the bank might insist on sending a one time code to the customer via email or SMS.

Getting to Good ASAP

Providers of authentication services see activity from a lot of devices. Building profiles based on these devices and the many variables surrounding each transaction, they use the profiles to efficiently track the behavior of each in order to separate the known good profile from the questionable.

A technique to “get to good” faster is to pool that profiling information in anonymized form from across all of the clients who agree to participate.

COVID Impact

Robert discusses the shifts in fraud given the pandemic. As a percentage of transactions, fraud increased substantially in the travel segment. And for those retailers operating in the physical world the shift to e-commerce was sometimes overwhelming. That’s a story we’ve heard a lot at Glenbrook. Check out our COVID Series book.

Podcast transcript

Episode 139 – Building Digital Infrastructure for Small Business – Barry McCarthy, Deluxe

Take a listen as George and Deluxe’s President and CEO Barry McCarthy discuss how the company continues to adapt to and prosper in the digital age. Barry talks about the journey the company has taken, in recent times shifting from a conglomerate model grown via acquisition to today’s streamlined and focused small business focused organization.

The Journey from Paper to Digital Services

In Glenbrook’s Payments Boot Camps® we make the point that fintechs rarely invent new functions out of whole cloth. What they do excel at is reimagining and reengineering the processes that incumbent players have been locked into for years.

It’s the incumbent’s inability to adapt that puts them at a competitive disadvantage.

As Charles Darwin put it:

“The species that survives is the one that is able best to adapt and adjust to the changing environment in which it finds itself.”

We make this point in our training. Incumbent firms, no matter what the industry, survive and succeed over decades only if they have the ability to adapt to change in their environment. You only have to glance at the moves Visa and Mastercard have made over the last five years – the acquisitions of Plaid and Vocalink (among many) come to mind – and it’s obvious adaptation is at the core of their respective strategies.

In this episode, we speak with a company that has over 100 years of adaptation behind it. Starting with the invention of the checkbook a century ago Deluxe Corporation has expanded and adapted its offerings to the digital needs of its customers.

Take a listen as George and Deluxe’s President and CEO Barry McCarthy discuss how the company continues to adapt to and prosper in the digital age. Barry talks about the journey the company has taken, in recent times shifting from a conglomerate model growing by acquisition to today’s more streamlined and focused organization.

Episode 138 – Open banking, Recurring Payments, and a Global Debit Network – Duncan Barrigan, GoCardless

Open banking. It’s a term we started to hear about at the end of 2016 and since 2019 interest has remained high. That’s according to Google Trends. Along with those searches, the related hot topics were PSD2 and APIs.

Regulation and technology is opening up access to bank accounts for payers, billers, and service providers. But the state of that openness varies by region and country with important consequences for billers, merchants, and their payment providers.

In this wide ranging discussion, George and Duncan Barrigan, Chief Product Officer at GoCardless, cover a range of topics, all through the lens of the company’s primary value proposition, the use of direct debit from bank accounts to enable recurring and one-off payments across 30 different countries.

As you’ll appreciate, stitching together a network capable of using the domestic low cost rails (think ACH and BACS) in 30 different countries to provide both domestic and cross-border recurring payments is no easy task.

Topics discussed include:

  • The definition of open banking
  • What the impact of open baking has been
  • Where open banking is taking off, and where it isn’t
  • Recurring payments defined and use cases
  • APIs and integration
  • How a biller or merchant can move customers from one payment method to another
  • Cross-border direct debit
  • And, of course, the GoCardless value proposition, something its financial backers believe in given its recent $95 million raise.

Episode 137 – Ecosystem Enablement for Financial Inclusion of the Poor – Kosta Peric and Paula Hunter on Mojaloop

Financial inclusion for the poor is a global challenge. In this episode, we dive into the story of Mojaloop, a platform that enables interoperability and transaction routing between mobile money system operators, banks, and other providers. It’s a fascinating, and evolving, story. Take a listen.

= = = = = =

Individual Benefits, Nation Building Impact

Financial inclusion for the poor is a global challenge. Over two billion adults lack access to financial services. While that number is declining – and in no small part because of the work done by this episode’s guests – that level of digital disenfranchisement and cash dependence suppresses well being at multiple levels:

  • Individuals must spend significant time to pay bills when they must travel to the biller or its agent, never mind travel to acquire cash. Carrying cash, of course, comes with its own set of risks
  • Families suffer as time away from work and home reduces family income
  • Entrepreneurs and small businesses face the same time penalty, high transaction costs, and uncertain credit access
  • Entire countries experience diminished GDP because of productivity losses and transactional friction. Cash-based transactions also fuel the shadow economy, making audits and taxation very difficult

While Kenya’s M-Pesa is the most well known exemplar, there are hundreds of systems around the world offering digital payments, bill pay, savings accounts, microlending, and other services to their accountholders.

Not Without Concerns

Financial inclusion efforts are not without downsides as some credit extension services, riding the e-money rails laid down by the provider, charge usurious rates. Gambling services are similarly problematic.

With success, e-money systems become systemically important to a country and, therefore, pose a level of systemic risk should the operator go offline for technical or security reasons.

And as with every digital activity that touches money, there is the problem of fraud.

But these are not insurmountable challenges. Some are candidates for regulation-based cures. Others can be addressed by providers themselves.

The Network Effect Matters

Another challenge to the growth and health of mobile money systems is interoperability among those systems. In many countries, multiple e-money systems compete for accountholders but do not interoperate. A user on one system cannot send money to a user on another. That condition adds friction, reducing the e-money value proposition for all stakeholders.

The challenge becomes even more acute, and costs rise, when the sender and receiver are in different countries.

Ecosystem Enablement

A thriving digital ecosystem and economy requires the right conditions:

  • Regulation that encourages innovation while also protecting the end user
  • Low cost enabling infrastructure, and
  • User-focused services that meet real needs

The Bill & Melinda Gates Foundation has taken on financial inclusion for the poor in multiple ways, through support of:

  • Development of guiding principles for the delivery of financial inclusion through the Level One Project
  • Creation of guidance for regulators to speed accountholder onboarding while limiting fraud and risks concerns
  • Support for the development of open loop software designed to speed system interoperability. Called Mojaloop, this open source effort’s goals include the development of a reference platform

In this episode, we dive into the Mojaloop story with two leaders of the work:

It’s a fascinating, and evolving, story. Take a listen. And, if financial inclusion for the poor in developing markets is important to you, get involved with Mojaloop. It’s quite a team.

Episode 136 – Global Payments and the Fintech Innovations Changing the Industry – Carol Coye Benson, Glenbrook

For a front row seat on payment innovation you have plenty of choices. Yes, Stripe and Square are based in the tech hotbed of the Bay Area and it’s tempting to stare at their success. But a look around the world reveals the evolutionary breadth of how payments are made, regulated, and brought to market. India and China alone reveal how remarkably different approaches can scale to enormous dimensions.

There’s no better guide to what’s happening in payments around the world than Glenbrook’s own Carol Coye Benson. In this episode, Carol and George discuss her new book Global Payments and the Fintech Innovations Changing the Industry.

Carol spent much of the last decade traveling throughout the world consulting to organizations on the impact of technology and business models on national payment infrastructure. The book is informed by the scores of discussions she’s had with tech executives, the leadership of development banks, government agencies, and fintech start-ups.

Take a listen to why she wrote the book, some of what she found, and her take on some of the big questions still to be answered.

VIDEO: here’s how Carol introduces the book:

 

Listen to the Payments on Fire® podcast:

Episode 135 – Innovation in Payments – Russ Jones, Glenbrook

2020 has been an active period for payments innovation. COVID-19 has been a forcing function for digital payments across multiple payment domains. “Touchless” and “contactless” payments are now common themes of retailer advertising.

And, of course, many other trends have accelerated this year. Fintechs, mobile wallets, the expansion of open banking initiatives, and point of sale lending are trends with impacts spreading across the market. 2020 has also seen the increased legitimacy of blockchain-based payments as demonstrated by central banks around the world consider and even pilot digital fiat currencies.

These are the topics Russ Jones and Yvette Bohanan will present in Glenbrook’s Innovation in Payments Insight Workshop coming up December 8th and 9th. If keeping up with the changes in our industry and developing real insight into the key trends is important, you won’t find better guides than Russ and Yvette.

Take a listen. Check out the agenda.

Episode 134 – Ecommerce Fraud in the Time of COVID – Eyal Raab, Riskified

COVID is a forcing function for digital channel growth across the world as consumers and businesses reduce their reliance on physical interactions. We’ve seen usage shifts in how bank accountholders in Peru transact – from branch to digital – as well as big shift in payment behavior.

We outlined a lot of this in our own COVID series on Payments Views.

Many merchants have turned to online as a matter of survival. Many restaurants, for example, have added order ahead and curbside pickup as standard offerings just to stay in business.

Our assessment is that, even with an effective vaccine and adequate immunization rates, we’re never going to return to the same point. E-commerce transactions have increased, yet again, permanently. How much volume returns to the physical point of sale domain once COVID is behind us is unknown. But it’s not going to go back to previous levels.

That shift is an opportunity for many in the payments industry, including fraudsters, those unwelcome stakeholders. They are taking advantage of merchants who weren’t prepared for their new or increased online payment volumes.

We’ve spoken with a number of fraud management firms on Payments on Fire®. In this episode we speak with Eyal Raab, VP of Sales, at fraud management company Riskified about his firm’s expanding approach to fraud management for merchants whose goal is to maximize authorization rates.

Fraud management is complex. Merchant needs vary considerably. And what the fraudsters are up to constantly changes. Payment fraud management and fraud are both growth industries.

 

Episode 133 – Payments are (still) on Fire – Steve Sarracino, Founder, Activant Capital

You’d have to be aggressively disinterested in the payments industry not to be aware of its attraction to investors. The COVID-19 pandemic has done nothing to dampen the interest, if not outright enthusiasm, for the payments industry among investors of all stripes.
Actually, the pandemic has lit a fire under key industry segments like the e-commerce domain, digital banking, and disbursements.

The dynamics of change pushing the payments industry ahead are only increasing.

Incumbent Consolidation

The payments industry has been dominated by networks and processors. While networks have remained largely independent, the processing industry has undergone tremendous consolidation over the last decade, accelerated recently by the giant acquisition of First Data by Fiserv. Scale really matters in processing.

But that scale comes at the cost of agility because the incumbents must rely on the systems they already have and the ones they’ve acquired. Consolidation onto just a few platforms is hard. And that means incumbents don’t benefit as clearly from newer technologies based on cloud computing and APIs.

Start-ups Abound

While investor interest in what are typically public companies remains strong, it is interest in start-ups and young companies demonstrating early success that drives early investors. These companies need cash to grow and equity financing is a primary source. It could be an individual with cash looking for a higher return on a portion of her portfolio. Family and friends as well as wealthy individuals are typical of “angel” investing.

Venture capital is another source that often fuels the shift from proof of concept to the first minimum viable product and, often beyond, through multiple rounds of raising venture capital.

Fueling the Next Incumbents

Fueling the growth from business teenager-hood to young adult are growth equity firms that bulk up the business’s overall capabilities. While a cool technical idea can form the core of a new business, it takes business infrastructure like a global salesforce, enterprise-grade financial controls, and more to build a company that can execute on its potential.

In this Payments on Fire® podcast, George talks with Steve Sarracino, Founder and Partner of Activant Capital, a growth equity firm based in Greenwich, CT. Steve’s firm is an investor in Finix and Bolt, companies that precisely fit his investment criteria. And he loves the payments industry for its past and, of course, for its potential.

(Listen to Payments on Fire® Episode 106 with FInix’s Richie Serna)

Like those of us at Glenbrook, Steve sees lots of change ahead for the payments industry. And, like us at Glenbrook, he wants his company to influence and prosper from its evolution.

Episode 132 – Glenbrook’s Erin McCune Talks B2B with Cit’s Tony McLaughlin

This Payments on Fire® podcast is a joint production of Citibank and Glenbrook. Tony McLaughlin of Citibank interviewed our partner Erin McCune about the U.S. payments market and business transactions in particular.


The U.S. payments landscape is in the midst of unprecedented change — triggered by the COVID-19 pandemic, new faster payment infrastructure, open banking and an overall acceleration of digitization. Business payments are particularly ripe for change.

 

The pandemic has exposed businesses’ reliance on manual processes and motivating digitization and cloud migration. Although businesses have talked about pursuing electronic payments and treasury modernization efforts for some time the pandemic reveals the risk associated with manual processes dependent upon being in an office and reliant on the mail for delivery of invoices, checks, and other business documents. All of a sudden back office digitization is a c-suite concern.

The emergence of faster payments has also catalyzed change in the business payments space. Real time infrastructures were purpose built for business transactions. Not because they are fast — suppliers grant their buyers payment terms, it’s not about speed. The new infrastructures have robust data capabilities that are very important to business-to-business payments.

Small businesses write and receive the majority of B2B checks and faster payment has tremendous potential to erode their reliance on manual invoicing and payment processes. Request-to-pay (R2P) capabilities associated with new real time rails are effectively electronic invoices, with the added value of a round trip payment logically associated with the invoice. For many smaller businesses, this could be the key to eliminating checks. For larger organizations where a single payment is associated with a number of invoices, and there is a need to provide more complex explanations of what a payment is for ISO 20022 remit messages (separate from the payment transaction itself) prove useful. 

Additionally, there’s an enormous potential associated with API integrations between business back office solutions, bank partners, and payment infrastructure. Even relatively small businesses have an array of financial providers: multiple bank accounts, a credit facility, an ERP or accounting system, a CRM, a billing/invoicing solution, and other additional enterprise software tools. Knitting information together across systems and using these different solutions to embed and automate processes associated with sending, receiving, and applying payments provides significant value to businesses.

Speaking of data sharing, it’s useful to note that open banking in the U.S. is market-led, rather than the result of a mandate. But that doesn’t mean it isn’t happening — there’s a great deal of momentum. Security concerns and the advent of new faster payments rails are pushing financial institutions to innovate and collaborate. Nacha’s Phixius and Afinis solutions and FDX are examples of cooperation between industry players. The card networks are also making acquisitions in this space, with Visa acquiring Plaid and Mastercard acquiring Finicity.

To add to everything else that’s happening, there’s a lot of buzz around CBDC at the moment. It’s a global phenomenon. The United States has a strong interest in the concept because of our desire to maintain the dollar’s position as a dominant currency for international trade. However, it’s still too early to know what a CBDC would look like in the U.S. and how consumers and businesses would interact with a new type of government-issued coin.

Tony asked Erin how the global pandemic has impacted Glenbrook. She observes that our focus at Glenbrook hasn’t changed dramatically as a result of the pandemic (although we’re not traveling like we used to!): we were working with clients across the value chain to digitize payments and related business processes before the COVID-19 and continue to do so today. Demand has intensified, but it hasn’t really shifted focus.

But in the midst of societal upheaval as a result of the pandemic, at Glenbrook we are also thinking deeply about how we can employ our expertise to help businesses and consumers at risk. We do a lot of work on financial inclusion in the developing world. How can we apply that thinking here at home, to help businesses and consumers weather uncertainty, bolster the economic recovery, and build an equitable foundation for financial health and sustainable businesses on a longer term basis? We don’t quite know yet, but we are excited to explore new avenues for our consulting practice.

 

Episode 131 – Bridging the Payment Information Gap with Phixius – Peter Tapling

NACHA’s Phixius is a new service for the exchange of the information about a payment between the sender and receiver. Take a listen to Payments on Fire® host George Peabody as he discusses Phixius with NACHA Advisor Peter Tapling. He helps us understand Phixius, how it works and where it applies. It’s a compelling idea.

One of the long standing shortcomings in payments systems has been the degree to which the data about a payment can be shared. If we can share the data about the payment, to have it run alongside the payment instructions, then we can do things like:

  • Streamline bill payment
  • Streamline supply chain payments
  • We are able to get away from sharing bank account information
  • We can check the status of accounts, regardless of financial institution

One of the advantages of check payments is that, when physically mailed, the letter can contain the check as well as an explanation of what that check is paying for, perhaps including copies of all the invoices. That data is hugely important to the supplier.

This payments metadata, the data that describes what a payment is for and all of the conditions around a transaction, is hugely valuable. Both the sender and receiver need it. It is used by every accounts payable and receivable department. Sure, it’s great to get paid. But without the metadata, it can be difficult to know the account to credit or to know which invoice, or invoices, the payment applies to.

Communication of payment metadata has been a bear. Some payment rails, wires for instance, have little or no ability to carry data beyond what’s needed for the payment itself. The card rails have only limited descriptive capability. ACH messages have some data carrying capability but usage has been limited.

Many of today’s realtime system like the UK’s Faster Payments and the RTP Network in the US use the rich encoding capability of ISO 20022 to represent the metadata. That’s a big improvement on how to represent payment metadata.

Another reason communicating this information has been difficult is the reality that today, when this data is shared, it happens as a result of a bilateral connection via API. A service provider attempting to bridge this data gap would have to have dozens and dozens of these bilateral API relationships, if not hundreds, to reach all participants in a major industry segment such as automobile or aircraft manufacturing. That’s impossible.

NACHA, rule making body of the US ACH system, has a role to play here because the ACH carries 62% of payment volume, excluding wires of course, and 66% of supplier payment volumes.

Recognizing that role, NACHA has made an out-of-model move with the introduction of its Phixius services. NACHA is now the operator of a system that carries payment metadata regardless of which payment system actually moves the money. Phixius could be useful in wires, RTP Network, Zelle, ACH, and even cards.

Phixius sits in between financial institutions, payments services providers, and others that provide payment services, to serve as a hub for the sharing of payment information. Each party connects to Phixius just once, eliminating the need for one-to-one integrations. Phixius refers to these stakeholders as credentialed service providers.

Phixius is defining operating rules and data requirements for individual uses cases.

Phixius uses distributed ledger technology to build trust among its participants in the data shared over the system. Phixius itself does not store the data nor does the distributed ledger contain the data about the transaction. It only contains a unalterable mathematical representation of the fact that the sending and receiving parties vouch for the data and agree on how it is used. The ledger can be audited by Phixius and the two parties involved in the transaction. But another node on the network could not interrogate the ledger to determine who is trading with whom.

So, it’s refreshing to see an instance of blockchain technology doing useful work, at scale, that has nothing to do with cryptocurrencies.

NACHA designed Phixius. It recruited important users of the system. Phixius is live in pilot and a broader rollout is scheduled in Q4 or Q1 of 2021.

NACHA is not a venture funded startup with tons of money to market the Phixius brand to the fintech and financial institution communities. The idea is compelling. Building a network is always difficult, and Phixius faces a significant adoption curve. Their success will lie in the strength of the underlying ideas of Phixius and the commitment of their Early Adopter partners.