Episode 69 is all about how the PCI Security Standards Council is responding to changes in security technology and how it is expanding its role and technology coverage across important new geographies. If payment security is on your screen, join Glenbrook’s George Peabody, partner and host of Payments on Fire, and Troy Leach, CTO for the PCI Security Standards Council as they discuss standards under development like PIN Entry on COTS, other new tools to mitigate data breach risk, and the Council’s work in Latin America, Asia, and India.

A little background...

We don’t need any more evidence for how difficult data security is. In payments alone the number of system components is so high that hardening them all has been functionally impossible. But we’re are making progress. There’s EMV. Data devaluation through encryption and two forms of tokenization - security tokens and payment tokens - reduces the amount of hack-worthy information available.

Guiding, steering, nudging, and corralling the payment card ecosystem toward stronger security is the PCI Security Standards Council. The PCI SSC has developed a 12 step standards program for the secure treatment of payment card data that goes well beyond data devaluation. Various enterprises looking to protect their own data assets, not just card data, use PCI DSS to guide their security program.

The Council’s activity is expanding along with the threats we face. As technologies emerge that benefit security, the Council considers how to employ and deploy them. For example, the Council has a certification program for the token service provider function that handles payment token vaulting and other life cycle management tasks.

Another example is its soon to be released PIN Entry on COTS standard. Commercial Off the Shelf (COTS) devices include the smartphone that’s by your elbow or in your hand right now. The standard makes clear that, with the right card acceptance hardware, PIN entry via a software-driven screen, rather than a physical encrypting PIN pad, is secure.

 

As you'll hear on the podcast, this is an exciting time in payments security development. Broad deployment of many important tools will take many years. That's the real news. As they come online, however, there's already reason for optimism. We just have to use what we have and get others to do the same.

Direct download: EP69_PCI_mixdown.mp3
Category:Payments on Fire -- posted at: 11:52am EST

Digital identity is a crisp sounding term that belies a complex layer of concepts. There is identity proofing. Identify verification. Identity assurance. Each addresses one element of the many questioned raised by digital identity.

  • How does a bank really know the digital presence at its banking portal is associated with the accountholder?
  • How can you, as an individual, release only the amount of data necessary to satisfy the parties to the transaction? We share more than we need to. I still get carded at a bar to prove I’m over 21 (what a waste of time!). When I show my license, the barkeep also sees my address, license number, and more. Definitely a case of oversharing.
  • If parties such as utilities, government, and financial institutions vouch for that digital presence, should any of them be responsible for proving that digital presence is right and true?
  • Simplifying complex problems for multiple stakeholders should be a formula for success. SecureKey is a long time player in the identity ecosystem, having built a federated identity platform linking Canadian citizens to government resources using bank-issued credentials.

SecureKey has evolved its system to make use of a mobile app as well as a blockchain-based database that securely points to data stored by banks, utilities, and government entities, all in a zero liability arrangement.

This conversation between Glenbrook’s George Peabody and SecureKey’s chief identity officer Andre Boysen dives into identity concepts, how SecureKey’s Verified Me system works, and its use of blockchain.

For more on digital identity concepts, look at NIST’s excellent set of Digital Identity Guidelines.

 

Direct download: EP68_SK_mixdown.mp3
Category:general -- posted at: 5:20pm EST

Voice is the natural user interface and the robots are coming to take it on. Enabled by high volume consumer devices like Amazon Echo, Google Home, Apple’s Siri and powered by artificial intelligence engines like Amazon’s Alexa, Google Assistant, and Apple’s Siri, we are headed toward making voice-enabled commerce and payments a common experience.

Russ Jones is Glenbrook’s “tech whisperer,” an expert observer of tech evolution and how it applies to payments. Join Russ and George as they discuss the development of the voice ecosystem, Amazon’s leadership, the intersection of voice and IoT, and where voice-enabled payments may flourish.

Direct download: EP67_PoF_voice.mp3
Category:general -- posted at: 12:21pm EST

Payment innovation runs at multiple speeds. Changes in how a payment is initiated happen almost every day. Payments infrastructure change is a lot slower. But it’s happening. Nudged forward by the Federal Reserve’s Faster Payment Task Force, we are seeing the launch of the first entirely new payment system in decades. Called Real Time Payments (RTP) the new system switched its first real-time payment on November 13, 2017.

Built entirely around the rich payment messaging standard ISO 20022, we have a system that can carry both payment instructions and meta-data about the payment. Data rich, essentially instant, bank-fased account to account push transactions could be a game changer.

Join George and Steve Ledford, Senior Vice President, Product and Strategy, at The Clearing House (TCH) as they discuss the spread of real-time payment systems around the world and take a deep dive into RTP’s operation, rules, and use cases.

Direct download: EP66_RTP.mp3
Category:general -- posted at: 4:48pm EST

Once upon a time, text messaging systems didn't interoperate. But when they did, usage skyrocketed. Many of the world's mobile money payment systems still operate within that old "walled garden" model, limiting the ability of citizens in areas like Southern Africa to send money home to family, pay utility bills, and, most important, enjoy the benefits of an national economy that is payments enabled.

The Bill & Melinda Gates Foundation sees today's limited interconnection of payment systems as a high barrier to the poor's participation in that payment enabled economy. Fortunately, those barriers are beginning to come down.

In this Payments on Fire podcast, Kosta Peric, Deputy Director of Financial Services for the Poor at Bill & Melinda Gates Foundation joins George in discussing Mojaloop, the foundation's open source software initiative that provides interconnection capability between disparate payment systems. Informed by the foundation's Level One Project, the goal is to encourage a lower cost deployment of this critical payments infrastructure as well as the active collaboration among the operators of mobile money services, financial institutions, each country's central bank, and national regulators.

Listen for a view into how payments systems can improve the health and well being of millions of people as well as the nation's they inhabit. This is very cool and important work.

 

Direct download: EP_65_-_Mojaloop_mixdown.mp3
Category:general -- posted at: 4:12pm EST

The intersection of new tech, faster payments capabilities, and forward looking regulation is enabling significant innovation in B2B, and consumer, payment services in the UK and EU. Join Glenbrook’s George Peabody and Myles Stephenson, CEO of business payments platform provider Modulr, as they discuss how modern tech and updated rules have created opportunities for fintech service providers. The challenges to incumbent banks are only getting bigger.

Direct download: modulr_mixdown.mp3
Category:general -- posted at: 10:18pm EST

Payments standards typically operate deep within a payment system, invisible to most of us. But before long a new standard for web browsers will touch us all. Known as the Payment Request API, it is one of the newer projects of the Word Wide Web Consortium (W3C). Supported by browser builders Mozilla, Apple, Google, Microsoft, and more, this new API should simplify web payments for consumers and merchants alike.

Join the W3C project leader Ian Jacobs and Glenbrook’s George Peabody as they discuss the effort’s goals, transaction flow, and status. It’s coming very soon.

Direct download: w3c_mixdown.mp3
Category:general -- posted at: 5:19pm EST

If you’re planning on attending Money/2020 in October, the Glenbrook team will be there in force. This short, not entirely serious, podcast previews the sessions we are leading there on two of the hottest topics around: B2B payments and the faster or real-time payments systems coming to the U.S.

Direct download: M2020_mixdown.mp3
Category:general -- posted at: 8:36pm EST

We all know that the evolution of payments systems in the U.S. is accelerating. That’s why Glenbrook has just published the third edition of our book, Payments Systems in the U.S. - Third Edition: A Guide for the Payments Professional, the definitive guide to the how and, in particular, the why of our multiple payments systems.

The third edition addresses that evolution through updated examples and, unique to this edition, a focus on payments innovation in all three payments phases: initiation, funding, and settlement.

Join Payments on Fire host George Peabody and Glenbrook’s Russ Jones as they talk about the new edition, what it covers, and the book’s relationship to Glenbrook’s Payments Boot Camp. Payments Systems in the U.S. – Third Edition is available on Amazon.com in paperback and Kindle format. 

Direct download: PSUS_mixdown.mp3
Category:general -- posted at: 6:51pm EST

Interchange is fundamental to open look card system economics and a mystery to many, especially to merchants who must pay it but don’t perceive any benefit from it. It’s a non-optional component of what the merchant pays to accept cards. It’s one element of the merchant discount fee. Despite the stubborn fact of it, there are ways for some merchants to make sure they pay as low a rate as possible.

Join Angelo Grecco of CardConnect (now a part of First Data) and Glenbrook’s George Peabody for a conversation about interchange optimization, an approach that certain B2B merchants can employ to lower their acceptance costs.

In this episode of Payments on Fire we decode the payments industry terms:

  • Merchant discount fee
  • Interchange
  • Bundled pricing
  • Interchange plus pricing
  • Level II/III data

If you’re new to payments or just need a refresher on interchange, take a listen!

Direct download: InterchangeOptimization_mixdown.mp3
Category:general -- posted at: 1:49pm EST

B2B payments are huge. Taken together, these supply chain payments exceed the gross domestic product. But supply chain payments remain an imperfect art. While consumers pay for one purchase at a time, a B2B payment may cover multiple invoices, each with different commercial terms. Given the amount of data about the payment that’s necessary to crisply communicate between a buyer’s accounts payable department and a seller’s receivables group, it’s no wonder paper checks are still in broad use.

While B2B payments have been resistant to “electronification,” the cloud, the mobile user interface, a new data standard (ISO 20022), and APIs into banks and payment schemes are enabling a renewed effort to streamline B2B payment transactions. B2B payments are hot.

Join Erin McCune, partner in charge of Glenbrook’s B2B practice, as she discusses:

  • How B2B payments are different from consumer payments
  • Why B2B is “hot” once again
  • What market forces are pushing B2B forward
  • Why Faster Payments in the U.S. and around the world could have a major impact on supply chain payments
Direct download: B2B1_mixdown.mp3
Category:general -- posted at: 1:28pm EST

The Faster Payments Task Force has brought together a broad constituency with the payments industry thoroughly represented. And thanks to participation by organizations like Consumers Union, the people who bring us Consumer Reports, the voice of the consumer has been well represented in determining important evaluation criteria.

Christina Tetreault, staff attorney at Consumers Union, joins Glenbrook’s George Peabody for this podcast discussion on faster payments, the consumer benefits these new approaches could offer, and what to hope for from their deployment in the U.S.





Direct download: CU_mixdown.mp3
Category:general -- posted at: 9:27am EST

Merchant adoption of EMV capability isn’t a done deal in the U.S. Glenbrook’s own estimates show that we’re only halfway there. Few people have as much insight into merchant payment acceptance and the technology that enables it as Larry Godfrey of Global PaymentsHeartland Payments business.

Take a listen to George and Larry’s discussion as they cover:

  • The EMV terminal transition
  • The chargebacks that many merchants have encountered (looking at you, LA)
  • Contactless payments
  • Security and encryption
  • Payment acceptance

 

Direct download: HPY57_mixdown.mp3
Category:general -- posted at: 11:18am EST

Consumer billing payments get complicated in the healthcare space. Co-payments are bigger than ever as are the medical bills. Consumers need prompting to pay and even incentives to get those big bill onto a payment plan. With higher co-payments, smaller insurance payments, and so many patients having to deal with large medical bills, providers need services to take on the revenue management task.
 
Join Glenbrook’s George Peabody and David Yohe of the billing specialist BillingTree as they discuss the rising importance of consumer payments in healthcare and the challenges of changing property management payments. You’ll hear how an ISO addresses payment industry change. Listen closely and you’ll hear that the ISO’s job isn’t easy.
Direct download: BT_mixdown.mp3
Category:general -- posted at: 3:12pm EST

The Internet of Things may be a hot topic but its security isn’t hot at all. Up until recently, IoT device manufacturers and buyers haven’t cared much about security, a disinterest that’s led to over one hundred thousand surveillance cameras being hijacked by Mirai botnet malware. While cameras aren’t making or accepting payments (yet) it’s easy to imagine automobiles paying for tolls and fuel directly. If it’s not my Roku box, maybe it’s Alexa or Google Home that makes payments on my behalf over the IoT. The payments industry is working to get out in front of this potential trouble. 
 
EMVCo tokenization, now expressed in services like Apple Pay and Android Pay, is a leading tool in the payments security kit. 3D Secure. 2.0 services, when used in combination with other security layers, should have a role in IoT payments security, too. Join Tim Sherwin, Co-Founder and CEO of Visa’s CardinalCommerce unit and Glenbrook’s George Peabody in this deep dive into 3DS 2.0, where it works, who pays for it, and its expected role in the IoT.
Direct download: Cardinal_mixdown.mp3
Category:general -- posted at: 3:36pm EST

The Internet of Things (IoT) will bring us a tsunami of network-enabled devices, for consumer use as well as yet to be imagined industrial and commercial applications. Many of these devices will be payment enabled, many using card payment rails. Securing those billions of IoT devices is going to require techniques deployed by the mobile industry, the card industry, and other sectors. Cryptographic hardware will be part of the solution.

The answers, of course, will include multiple methods and modes, all chosen based on risk and cost. Join Gemalto’s Jack Jania and Glenbrook’s George Peabody for a discussion on the broad world of IoT device security and how payments intersects with this new and enormous category of devices. 

Direct download: Jack_Jania_Gemalto_mixdown.mp3
Category:general -- posted at: 5:55pm EST

Bringing electronic payment capability to small merchants is a major hurdle for multiple developing economies. In this Payments on Fire podcast with Glenbrook co-founder Allen Weinberg and George Peabody, we discuss merchant enablement in markets reliant on 2G wireless and feature phones. We take a deeper look at India’s payment evolution in particular. Allen’s observations come from his recent work in India and the insights into payment system success factors he’s developed. Take a listen!

Direct download: India_with_Allen_mixdown.mp3
Category:general -- posted at: 7:16pm EST

Bringing payments and financial services to those of us with a tenuous connection to the banking system is the goal of the Center for Financial Services Innovation. FinLab, a joint effort by the CFSI and JPMorgan Chase, is a five year effort, now in its third year, that’s using a competition for funding and business support to broaden American financial services options.

When nearly half of Americans don’t have $400 ready money, better financial management tools can help. Join FinLab’s Managing Director, Ryan Falvey and Glenbrook’s George Peabody as they discuss the FinLab mission, its process, successes, and what Ryan hopes to see next.

Direct download: FinLab.mp3
Category:general -- posted at: 9:03pm EST

Payments transactions generate plenty of useful data for merchants. But wrangling that data into informative shape gets challenging, especially when multiple acquirers, gateways, processors, or other service providers are used. Each one has a different approach to reporting and some are (much) better than others. Developing a consolidated view and, as important, reconciling financials from different sources is a time consuming task for staff who need timely data on multiple concerns. 
 
Addressing this data hairball is payments analytics company Pazien. Take a listen to  Pazien CEO and co-founder Jason Pavona and George as they discuss what the company does as well as reliability strategies for website operators.  
Direct download: Pazien_mixdown.mp3
Category:general -- posted at: 5:17pm EST

The term identity gets used a lot whenever internet payments and security are discussed. Knowing who we transact with is still the knotty problem. Strong authentication is required. Identity verification is required, too. A means of sharing the fruits of that work among the parties involved, especially those taking on risk, could save everyone a lot of cost and effort. That’s the notion behind federated identity and other means of securely sharing identity attributes without undermining privacy.

That tall order is the subject of this podcast with Andre Boysen, Chief Identity Officer of SecureKey. Join George and Andre as they talk about trust on the internet, SecureKey’s approach, and the company’s use of blockchain technology via a partnership with IBM.

Direct download: SecureKey_mixdown.mp3
Category:general -- posted at: 10:23am EST

Want to know what it takes to to stay smart in payments? Take a listen to Russ Jones, the Partner in Charge of Glenbrook’s Payments Boot Camp program. Russ gives a look behind the scenes, talks over the boot camp’s evolution, and how it stays forward looking in what’s become a fast changing industry. Over 13,000 payments professionals have experienced the Payments Boot Camp Russ talks about in this Payments on Fire podcast. 

Direct download: PBC_mixdown.mp3
Category:general -- posted at: 6:56am EST

Sometimes a change in direction is the way forward. Network aspirant Dwolla has recently pivoted its work toward the product and development teams inside financial institutions. Instead of being a system operator, Dwolla now offers a broad set of APIs designed for those FIs to take advantage of the ACH’s overnight and Same Day ACH services. Dwolla’s shift also comes as the company and the US anticipates the impact of new immediate funds transfer systems Zelle, The Clearing House, and likely others.

Take a listen to this conversation with Jordan Lampe, Dwolla’s Director of Communications and Policy Affairs, and Glenbrook's George Peabody as they discuss the Federal Reserve Faster Payments Payments Task Force Steering Committee, use cases for Same Day ACH, and more.

Direct download: EP_48__Dwolla_mixdown.mp3
Category:general -- posted at: 6:01pm EST

Turning money movement into a core capability of the internet is the guiding principle of Circle Internet Financial. Not an easy task. While technical issues abound, regulatory and business hurdles pose larger challenges.

Join Payments on Fire host George Peabody and Circle’s co-founders Jeremy Allaire and Sean Neville for this discussion on Circle’s geographic expansion, its recent shift in bitcoin support, and its development of Spark, a blockchain-based open source smart contract platform optimized to share and store payments meta-data including exchange rates, KYC details, identity, etc.

Direct download: Circle_Session_mixdown.mp3
Category:general -- posted at: 11:31am EST

One of last year's most anticipated advances in fraud management was the final release of EMVCo’s 3D Secure 2.0 protocol specification. Designed to take a risk-based approach to authorization and lower the checkout friction of its predecessor, 3DS2 will be a new tool in the growing anti-fraud arsenal.

One of its supporters and a service provider that’s been closely tied to 3D Secure is CardinalCommerce. Cardinal, now a new addition to Visa’s arsenal with its recent acquisition, has been working with the risk-based approach for quite awhile. Take a listen to Visa’s Mark Nelson and Mike Keresman and Tim Sherwin of CardinalCommerce in this discussion about 3DS2, card network mandates, Cardinal’s acquisition by Visa, and when the market will see 3DS2 solutions.

Direct download: V_and_C_session_mixdown.mp3
Category:general -- posted at: 6:06pm EST

1