This Payments on Fire® podcast is a joint production of Citibank and Glenbrook. Tony McLaughlin of Citibank interviewed our partner Erin McCune about the U.S. payments market and business transactions in particular.

The U.S. payments landscape is in the midst of unprecedented change -- triggered by the COVID-19 pandemic, new faster payment infrastructure, open banking and an overall acceleration of digitization. Business payments are particularly ripe for change.

The pandemic has exposed businesses’ reliance on manual processes and motivating digitization and cloud migration. Although businesses have talked about pursuing electronic payments and treasury modernization efforts for some time the pandemic reveals the risk associated with manual processes dependent upon being in an office and reliant on the mail for delivery of invoices, checks, and other business documents. All of a sudden back office digitization is a c-suite concern.

The emergence of faster payments has also catalyzed change in the business payments space. Real time infrastructures were purpose built for business transactions. Not because they are fast -- suppliers grant their buyers payment terms, it’s not about speed. The new infrastructures have robust data capabilities that are very important to business-to-business payments.

Small businesses write and receive the majority of B2B checks and faster payment has tremendous potential to erode their reliance on manual invoicing and payment processes. Request-to-pay (R2P) capabilities associated with new real time rails are effectively electronic invoices, with the added value of a round trip payment logically associated with the invoice. For many smaller businesses, this could be the key to eliminating checks. For larger organizations where a single payment is associated with a number of invoices, and there is a need to provide more complex explanations of what a payment is for ISO 20022 remit messages (separate from the payment transaction itself) prove useful. 

Additionally, there’s an enormous potential associated with API integrations between business back office solutions, bank partners, and payment infrastructure. Even relatively small businesses have an array of financial providers: multiple bank accounts, a credit facility, an ERP or accounting system, a CRM, a billing/invoicing solution, and other additional enterprise software tools. Knitting information together across systems and using these different solutions to embed and automate processes associated with sending, receiving, and applying payments provides significant value to businesses.

Speaking of data sharing, it’s useful to note that open banking in the U.S. is market-led, rather than the result of a mandate. But that doesn’t mean it isn’t happening -- there’s a great deal of momentum. Security concerns and the advent of new faster payments rails are pushing financial institutions to innovate and collaborate. Nacha’s Phixius and Afinis solutions and FDX are examples of cooperation between industry players. The card networks are also making acquisitions in this space, with Visa acquiring Plaid and Mastercard acquiring Finicity.

To add to everything else that’s happening, there’s a lot of buzz around CBDC at the moment. It’s a global phenomenon. The United States has a strong interest in the concept because of our desire to maintain the dollar’s position as a dominant currency for international trade. However, it’s still too early to know what a CBDC would look like in the U.S. and how consumers and businesses would interact with a new type of government-issued coin.

Tony asked Erin how the global pandemic has impacted Glenbrook. She observes that our focus at Glenbrook hasn’t changed dramatically as a result of the pandemic (although we’re not traveling like we used to!): we were working with clients across the value chain to digitize payments and related business processes before the COVID-19 and continue to do so today. Demand has intensified, but it hasn’t really shifted focus.

But in the midst of societal upheaval as a result of the pandemic, at Glenbrook we are also thinking deeply about how we can employ our expertise to help businesses and consumers at risk. We do a lot of work on financial inclusion in the developing world. How can we apply that thinking here at home, to help businesses and consumers weather uncertainty, bolster the economic recovery, and build an equitable foundation for financial health and sustainable businesses on a longer term basis? We don’t quite know yet, but we are excited to explore new avenues for our consulting practice.

 

Direct download: EP132_ErinonCiti.mp3
Category:general -- posted at: 9:30pm EDT

NACHA’s Phixius is a new service for the exchange of the information about a payment between the sender and receiver. Take a listen to Payments on Fire® host George Peabody as he discusses Phixius with NACHA Advisor Peter Tapling. He helps us understand Phixius, how it works and where it applies. It’s a compelling idea.

One of the long standing shortcomings in payments systems has been the degree to which the data about a payment can be shared. If we can share the data about the payment, to have it run alongside the payment instructions, then we can do things like:

  • Streamline bill payment
  • Streamline supply chain payments
  • We are able to get away from sharing bank account information
  • We can check the status of accounts, regardless of financial institution

One of the advantages of check payments is that, when physically mailed, the letter can contain the check as well as an explanation of what that check is paying for, perhaps including copies of all the invoices. That data is hugely important to the supplier.

This payments metadata, the data that describes what a payment is for and all of the conditions around a transaction, is hugely valuable. Both the sender and receiver need it. It is used by every accounts payable and receivable department. Sure, it’s great to get paid. But without the metadata, it can be difficult to know the account to credit or to know which invoice, or invoices, the payment applies to.

Communication of payment metadata has been a bear. Some payment rails, wires for instance, have little or no ability to carry data beyond what’s needed for the payment itself. The card rails have only limited descriptive capability. ACH messages have some data carrying capability but usage has been limited.

Many of today’s realtime system like the UK’s Faster Payments and the RTP Network in the US use the rich encoding capability of ISO 20022 to represent the metadata. That’s a big improvement on how to represent payment metadata.

Another reason communicating this information has been difficult is the reality that today, when this data is shared, it happens as a result of a bilateral connection via API. A service provider attempting to bridge this data gap would have to have dozens and dozens of these bilateral API relationships, if not hundreds, to reach all participants in a major industry segment such as automobile or aircraft manufacturing. That’s impossible.

NACHA, rule making body of the US ACH system, has a role to play here because the ACH carries 62% of payment volume, excluding wires of course, and 66% of supplier payment volumes.

Recognizing that role, NACHA has made an out-of-model move with the introduction of its Phixius services. NACHA is now the operator of a system that carries payment metadata regardless of which payment system actually moves the money. Phixius could be useful in wires, RTP Network, Zelle, ACH, and even cards.

Phixius sits in between financial institutions, payments services providers, and others that provide payment services, to serve as a hub for the sharing of payment information. Each party connects to Phixius just once, eliminating the need for one-to-one integrations. Phixius refers to these stakeholders as credentialed service providers.

Phixius is defining operating rules and data requirements for individual uses cases.

Phixius uses distributed ledger technology to build trust among its participants in the data shared over the system. Phixius itself does not store the data nor does the distributed ledger contain the data about the transaction. It only contains a unalterable mathematical representation of the fact that the sending and receiving parties vouch for the data and agree on how it is used. The ledger can be audited by Phixius and the two parties involved in the transaction. But another node on the network could not interrogate the ledger to determine who is trading with whom.

So, it’s refreshing to see an instance of blockchain technology doing useful work, at scale, that has nothing to do with cryptocurrencies.

NACHA designed Phixius. It recruited important users of the system. Phixius is live in pilot and a broader rollout is scheduled in Q4 or Q1 of 2021.

NACHA is not a well heeled organization with tons of money to market the Phixius brand to the fintech and financial institution communities. The idea is compelling but, as a network build, faces an adoption curve that will be climbed on the strength of that idea.

Direct download: EP131_Phixius.mp3
Category:general -- posted at: 5:43pm EDT

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.

 

Privacy.

It’s a huge issue. Many of us are concerned as individuals with how our personal data - our personally identifiable information or PII - is shared by social media and throughout today’s massive data ecosystem without our knowledge or without our case by case granting of permission.

As a result of those concerns, various jurisdictions around the work have enacted privacy-focused legislation that has teeth. The EU’s General Data Privacy Regulation (GDPR) focuses on data protection and privacy where consent for PII is required. It also addresses data domicility, where the data about an EU system must reside. GDPR applies to entities doing business in Europe - i.e. it applies to thousands of US companies.

In the US, one of the leading regulatory steps is on the ballot this year in California. Its proposed data privacy regulation, the California Consumer Privacy Act (CCPA), would provide for:

* The right to know about the personal information a business collects about them and how it is used and shared;
* The right to delete personal information collected from them (with some exceptions);
* The right to opt-out of the sale of their personal information; and
* The right to non-discrimination for exercising their CCPA rights.

Any business doing business in CA will be affected by the CCPA, including data brokers.

These regulations are an attempt to return a measure of control to individuals over the sea of personal data that makes it possible, for instance, for an entity to correlate the data of a handful of payment transactions to identify an individual with high confidence.

The ramifications of these regulations are many. In this podcast, we hear of how a Midwest bank, that does not business itself in the EU, became subject to GDPR regulations because of the activities of one of its clients.

We are living in a world where the social implications of wide data sharing are obvious.

What’s not so clear are the business ramifications of privacy regulations and the data custodianship they demand.

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.

We are at the beginning of a decades long evolution of how privacy is supported and data is managed. Shaping that path will be regulations, the decisions reached through multiple lawsuits, and the response by technology and data providers.

Direct download: EP130_Spirion.mp3
Category:general -- posted at: 2:18pm EDT

In this episode, George speaks with Rafael Lourenco, EVP and Partner of fraud management provider ClearSale. Rafael returns to Payments on Fire® to address COVID’s impact including new online threats and the consumer behavior changes that challenge the customer checkout experience and fraud detection.

 

COVID-19 has contorted how merchants do business into new shapes. COVID-19 is forcing some merchants, often inexperienced with the online world, to make a swift digital transformation with all of its benefits and downside fraud risk.

For example, numerous brick-and-mortar merchants have rushed to embrace online commerce as they attempt to fill the revenue hole in their business. Others, as we’ll hear in this Payments on Fire® podcast, have suddenly found new demand for what they offer.

Even fraud management companies have found themselves dealing with unexpected shifts, including new behaviors of good customers.

* Consumers new to the online channel have suddenly appeared. Their checkout and payments behavior maybe confused and uneven.
* Prior customers may decide to become quarantine refugees and move in with friends and family at a different address. The new shipping addresses raises a red flag at the merchant’s fraud detection system.

As we’ve seen countless times after natural disasters, fraudsters see opportunity in the misfortune of others. The pandemic is no different. It’s also encouraged fraudsters who formerly operated in the physical world to attack the online channel. After all, they need to make a living, too.

Rafael takes us through these scenarios, what ClearSale has observed since very early in the COVID-19 outbreak, and some of the adjustments ClearSale’s full outsourced fraud management service has had to make.

He also discusses the role of machine learning and artificial intelligence (ML/AI) in fraud management. ML/AI has dropped ClearSale’s need for manual review from 30% of orders 10 years ago to 5% today.

ClearSale differentiates its service partly based on the extent fraud analysts examine the case before a questionable transation is declined. Rafael points out that, unlike an individual merchant who must maintain the same staffing level despite volume fluctuations (think Cyber Monday and mid-July), ClearSale’s fraud analyst team works across multiple merchant categories. That means, when one segments is busy another is less so. The result is “staffing in the cloud.”

For more on how COVID-19 has affected payment flows and the payments industry, read Glenbrook’s COVID Impact series. 

Direct download: EP129_ClearSale.mp3
Category:general -- posted at: 4:17pm EDT

Take a listen to Rapyd's Eric Rosenthal and Glenbrook’s George Peabody as they discuss Rapyd’s swift global expansion, its ability to quickly build new capabilities, and the firm’s cloud-based tech stack. It uses its “white label PayPal” model to payment-enable a wide range of companies and use cases.

Programming Payments Has Been Hard

Among the many evolutions in the payments industry over the last decade, and only accelerating today, is the programmability of payments. Prior to that, a portion of payments providers - gateways, processors, and even networks - provided access to their services via direct integration to whatever interface they cared to expose. The API is the layer now employed for that purpose.

A single interface to core services is, of course, the basic stock in trade of a gateway, an outfit that exposes a single interface to its customers with the promise, among many, of reaching a broad swatch of acquirers out the other side. Networks like American Express and Mastercard have long provided access of their own.

But this approach, for the many merchants and businesses shifting to digital payments, had a number of shortcomings.

First, none of these integrations were truly comprehensive. One gateway could get you to the UK, but others were necessary to reach the rest of Europe, often on a country by country basis because payments are local and domestic. To sell in a country, you have to connect to the methods its citizens use. Cards along won’t do it. So, global reach through a minimum set of providers was a challenge.

A second concern was the effort required to connect to so many providers. A merchant would have to carefully assess the ROI for each development effort in order to sell, say, in Austria or Thailand. Or to take advantage of the fraud services of American Express. Implementing and maintaining so may interfaces - and the contracts or partnerships that exist alongside the technical effort - is a lot of work.

Things Have Improved - A Lot

The way over these barriers is now broadly available. A number of providers have applied a common insight - that merchants, enterprises, and sellers will flock to a provider that offers a single, straightforward API that abstracts the complexity of payments so that they can focus more on their commercial goals.

Multiple providers now offer a single integration through which merchant can reach a global audience and the global range of payment methods.

That’s one of the insights that inspired firms like Braintree, Stripe, Adyen, and others, including the firm Rapyd, the subject of this Payments on Fire® episode.

Built on the Cloud

Rapyd is a young company building out its capability to global scale in a very short period of time. In this discussion with Rapyd’s Eric Rosenthal we hear how the firm’s use of Amazon Web Services has allowed the company to scale operations around the world in a reliable and, critically, compliant manner with respect to data privacy and domicility.

Eric illustrates the company’s model - a white label PayPal as he calls it - through an example of Rapyd supporting a cash collection supply chain challenge for a global CPG manufacturer.

Flexibility and Speed

In our payments consulting work on behalf of merchants and billers, when we support their choice of payments provider, we increasingly see one or more firms like Rapyd competing against incumbents like First Data and Chase. We expect to see them more often in the future.

Incumbents using legacy infrastructure lack the flexibility to be responsive. We frequently hear about the years long implantation projects some legacy providers require. While a single firm may have built, at one time or another, every possible bit of functionality a merchant may want, the reality is that such breadth is not available on a single platform. Hence those long integration timelines.

The ability of these newer entrants to address incremental use cases is impressive. Of course, some of their components lack the functional depth achieved by incumbent competitors. But that gap will narrow with time and faster than in prior years.

By outsourcing the core plumbing to cloud providers like AWS or Microsoft’s Azure, firms like Rapyd are able to put more wood behind the arrow aimed at their customer’s business goals. Freed of much of the operational burden of running the plumbing, they can deploy their talents where the impact is greatest. And that changes the game.

Direct download: EP128_Rapyd.mp3
Category:general -- posted at: 1:41pm EDT

The transition away from paper to an all digital payments world has been underway for decades. But in the last few years the pace has accelerated. Global tech availability and focused development talent is letting software eat the payments world. Other enablers include business models such as payments facilitation and the focus on commerce, not just payments, for merchants.

COVID-19 has simply added fuel to the fire. In May, for the first time, Mastercard reported that over 50% of its volume was card not present, transactions all in the digital payment space. The pandemic is yet another forcing function pushing digital payments deeper into our lives, across the key payment use cases employed by individuals, merchants, enterprises, and government.

Keeping up with all this is what we do at Glenbrook. In this Payments on Fire® episode, Glenbrook's Russ Jones and George talk about what’s hot and how that gets examined in our upcoming Digital Payments Insight Workshop. It will be held online June 24 and 25th. For more on the workshop, check it out here.

Russ and George talk about the online training experience and how interactivity is supported by the tools we use and the flow we establish. So, take a quick listen to get a taste of what’s hot. If you like it, we look forward to seeing you at the workshop. No trains, planes, or automobiles needed.

Direct download: EP127_Digital_Payments.mp3
Category:general -- posted at: 8:22pm EDT

Take a listen to Craig McDonald, Chief Business Officer of Trustly and George as they discuss how Trustly makes its proposition possible. While Trustly is ramping up its U.S. presence, it does have timing on its side. In this pandemic-constrained age, merchants will be looking for lower cost payments and certainty. Trustly appears to have attributes to meet those concerns.

 

In our payments education and payments consulting work, we frequently discuss payments “rails” - the networks and systems that move money either between banks in the open lop payments model or within a single operator’s closed loop network. Think cards, wires, and ACH when you hear “open loop.” Think PayPal when you hear “closed loop.”

Each set of rails connects to an account of some kind. And has to present itself to the end user to make payment initiation easy.

We know how to write a check and understand how a wire is initiated. We all know how to initiate a card transaction at both the physical point of sale and online. There’s another important system that most of use all the time if we’re employed. If we actually use it to send a payment, we might know what it’s really called. That, of course, is the automated clearing house, the ACH system.

The ACH has incredible attributes. Almost every financial institution connects to it so the network effect is huge. And, for the financial institutions that use it, it’s very inexpensive. It can be used to both credit or debit an account.

But it has some big shortcomings, too. It runs in batch, overnight and a couple of times during the day. It is not a real time payment. There is no authorization. And when a debit transaction is initiated, the system has no way of knowing if there are funds in the account to be debited.

A number of companies have come and gone over the years who have tried to take advantage of its cost and ubiquity but have been unable to overcome competition from cards, especially debit cards, or the challenges of fraud and security.

But more modern tools are available today from both the technology and the rules/regulations angles that make the ability to pay a merchant from one’s own bank account, certain for both parties, possible.

That’s the topic of this Payments on Fire® episode. Trustly has combined broad connectivity into the ACH system with machine learning to effectively guarantee payments to merchants at a lower cost than debit cards. It’s a fascinating example of how new tech can broaden the utility of a system that is decades old.

Take a listen to Craig McDonald, Chief Business Officer of Trustly and George as they discuss how Trustly makes its proposition possible. While Trustly is ramping up its U.S. presence, it does have timing on its side. In this pandemic-constrained age, merchants will be looking for lower cost payments and certainty. Trustly appears to have attributes to meet those concerns.

 

Direct download: EP126_Trustly.mp3
Category:general -- posted at: 11:07pm EDT

This illuminating Payments on Fire® episode takes a deep look at a very new Brazilian payments platform called Conta Zap (Zap Account in English) and how a group of community minded people came together with Conta Zap to provide basic income to economically displaced Brazilians during the COVID-19 outbreak.

The story illustrates how the combination of entrepreneurial thinking, technology, and right-thinking regulation can make a real impact on even those living at the edge.  

The Situation

This story is about how that wallet was put into the field to serve a particular community in real need. That community is made up of mostly fishermen, like the one pictured below, living in the Vergel do Lago neighborhood in the northeastern city of Maceio. Most residents are fisherman who sell their catch to restaurants, a transaction shut down due to COVID-19 restaurant closures.

Already living on the edge, that shutdown put enormous pressure on the 20,000 fishermen working in the area.

How It Started

Conta Zap is a digital wallet that simplifies moving money for P2P, bill payment, and other consumer-based transactions. Under Brazilian bank regulations, Conta Zap is also a “payment institution” able to handle payment transactions on behalf of its user but not to be a lender itself.

When word of the fishermen’s plight reached Conta Zap leadership the idea of using its wallet to get emergency funds to the fishermen was born. The Zap do Bem (roughly translated as Zap for Good) service came to be, based on the Conta Zap wallet. A group of corporate funders donated the funds for the fisherman with each fisherman receiving the equivalent of $35 USD, a meaningful figure to these impoverished workers.

The idea of Zap do Bem started in mid-March before it was clear that the federal government was going to provide an emergency stipend to poor Brazilians. To get those stipends to the millions of unbanked Brazilians, the government took advantage of recent Brazilian Central Bank regulations that allow for easy opening of low value accounts. These so-called CAIXA Tem digital accounts are offered by the government owned CAIXA Econômica banks. Remarkably, more than 40 million accounts are expected to be opened by individuals who previously did not have an account.

As with Conta Zap, this has allowed Brazil to disburse funds relatively easily and safely to millions of people. Of course, this hasn’t stopped people from lining up to take money out as cash but it is a very big, important first step in creating a digital ecosystem.

Multiple Layers of Tech, Regulatory Foresight, and Good Will

The story is a digital one. The Zap do Bem was not about helping speed cash distribution. Stakeholders combined technology from multiple parties, the generosity of donors, and these important regulatory guardrails to create a valuable service. Here are the ingredients to Zap do Bem’s layer cake:

  1. The Fishermen. The fishermen needed digital accounts and the means to spend their money.
  2. The Merchants. Conta Zap enrolled merchants to accept payments from the Conta Zap wallet.
  3. The Donors. A collection of corporate and individual donors agreed to provide the funds to help the fishermen get through the pandemic.
  4. Conta Zap provided the digital wallet, enrolling the invited fishermen participants via text message. A Brazilian celebrity sent a message to recipients assuring them that the offer was legitimate.
  5. Oi, one of the country’s leading telcos, enabled Conta Zap to verify customer identity using Oi’s geolocation capability for address verification and to help validate the fishermen’s income level by looking at purchase records for prepaid airtime. Oi also helped identify merchants in the neighborhood. That allowed Conta Zap to get those merchants enrolled so the fishermen could begin to spend the donated funds.
  6. WhatsApp, by virtue of exposing its capabilities programmatically, Conta Zap, was made available to beneficiaries entirely on WhatsApp using an AI interface as seen in the screen shot below. This approach allows Zap to provide its digital wallet service at very low cost.
  7. Regulators. The enabling regulation allows accounts with low balances and modest activity to be opened with minimal personal identification requirements, i.e. your name, national ID number, and birthday.

Screenshot and translation of Zap do Bem:

Hello! I’m the virtual assistant for Conta Zap and my name is Zapelino.

Here you can pay your bills, top up services and much more.

Type the option the you want to do now:

1 – Open my Conta Zap

2 – Create a Login

3 – How to open my account

4 – How Zap works

5 – Zap card

We’ll plan to follow up on these developments in the future. Listen in now as Elizabeth McQuerry interviews Roberto Marinho, CEO of Conta Zap, and César Souto, a Member of the Board of Directors. If you would like to become a donor, click here and scroll to the bottom of the page for instructions.

 

 

 

 

Direct download: EP125_ZAP.mp3
Category:general -- posted at: 8:22pm EDT

There’s no clearer indicator of COVID-19’s economic impact than payment metrics. In this Payments on Fire® episode, we speak with Bryan Derman, Glenbrook’s managing partner, and Glynn Frechette, SVP of PSCU’s Advisors Plus division, in a discussion of PSCU’s payment trends analysis. Glynn provides an exceptionally detailed view into the pain, and some real gains, that the pandemic has brought to U.S. payments activity.

PSCU’s analysis points to both the depth of transaction volume declines for a number of segments, especially travel and fuel. And since so many restaurants are shut down (another segment hammered by the pandemic), the data shows how supermarkets and groceries have benefited.

There’s plenty of detail in this podcast so take a careful listen. To keep up to date on what PSCU is seeing across the country, go to its Resource page. For more, check out PSCU's infographic for the week ending May 3rd.

 

 

Direct download: EP124_PSCU.mp3
Category:general -- posted at: 6:20pm EDT

It is super instructive to hear about payments evolution. So, it’s time to take a trip. In this Payments on Fire® episode we speak with Charles Ifedi, one of the founders of Interswitch, one of the leading digital payments providers in Nigeria, and founder of customer engagement platform company eBanqo.

We hear a lot - and deservedly so - about innovative fintech companies but we hear very little about the advanced and highly competitive payment system already in place in Nigeria. Take a listen as Glenbrook partner Elizabeth McQuerry, partner in charge of Glenbrook’s Global payments consulting practice, talks with Charles about the Nigerian payments ecosystem, his role in developing one of the leading payments providers there and and his new venture in improving the front end of financial services with conversational AI .

Payments in Nigeria are huge in every way. Its large population – some 200 million – allows digital payments to thrive even as the banked population remains stubbornly low at just under 40% of the adult population. Unlike the eastern Africa experience of telco-led companies like M-PESA, Nigerian telcos are not allowed to serve as payments providers. They aren’t banks but their agent networks serve an essential role in last mile service delivery. That said, recent regulatory changes are allowing partner companies of these telcos to apply for the country’s payments services bank license.

Nigerians have been able to take advantage of instant or real-time payments for a decade. You can’t say that for Americans. It’s quite common to see people making instant payments transfers from their mobile devices via the simple USSD menu interface on feature phones. Those with smartphones take full advantage of app-based interfaces.

These instant payments are often used to buy things in retail shops as well as to make business or personal transfers.  Payment by debit and credit card is also quite common and Nigeria is home to Verve, the pan-African card brand.

Listen in as Charles, who was Verve’s first CEO, reflects on developing the Interswitch brand and discusses how Nigerians are making payments at small and large merchants during the Covid-19 lockdown, the successes of ATMs and their challenges to growth, the failure of biometrics, and about the Nigerian payments ecosystem overall.

 

Direct download: EP123_Ifedi.mp3
Category:general -- posted at: 7:10pm EDT

Payment authorization rates are a theme we return to regularly on Payments on Fire® because they matter so much to merchants, issues, and the payment providers in between. If a big issuer declines more transactions than its peers, the merchant and the issuer, in fact, leave money on the table. The merchant loses sales. The issuer loses interchange revenue.

In this episode, we speak with Stripe’s Jeanne DeWitt, head of revenue and growth for the Americas, for a deep look into how her company maximizes AUTH rates for itself and its hundreds of thousands of sellers. We discuss COVID-19’s impact and some of the creative responses to it. We also address Stripe’s maturation into an enterprise provider, at enterprise orgnization, and wrap with a look ahead at the future shape of the payments industry.

 

Direct download: EP122_Stripe.mp3
Category:general -- posted at: 10:25am EDT

In Glenbrook's Payments Boot Camp® and in our payments consulting work, we use our Domains of Payments framework to subdivide the major use cases and payment contexts into a half dozen categories or domains. The Remote Domain contains cross-border e-commerce, a particularly challenging use case where the buyer and seller are separated by distance and, in the case of cards, credentials are presented without the cardholder present. This is card on file (COF), card not present (CNP) transactions live. Just add cross-border complexity.

If you sell via e-commerce in the EU, Middle East and to the global market, you’re crossing borders. That means regulatory compliance. It also means you want your customers to pay you in the manner to which they’ve become accustomed. Germans and Belgians like SOFORT and PayPal. The Dutch prefer the domestic iDEAL system. The UK is card-centric.

To reach customers in those countries and beyond, you need a payment services provider with reliable connectivity into those domestic systems, access to global card systems, and the ability to maximize authorization rates.

Credorax is a PSP founded in Israel with a strong technology focus that has also become a Malta-based bank in order to expand its EU presence as an acquiring bank.

In this Payments on Fire® episode, George and Credorax COO Moshe Selfin discuss the initial impact of the novel coronavirus on the travel segment and then move on to authorization optimization.

The podcast includes the Credorax creation story. While technical capabilities were the core of its start-up phase, it was the EU’s PSD2 regulation that created its market strategy and steered its business evolution. While many in the payments industry complain about regulation, it’s true that mandates move markets and, as Credorax saw, create opportunity.

Take a listen to how a this not-yet-quite-global company positions itself in an increasingly crowded market and its approach to delivering value.

Direct download: EP121_Credorax.mp3
Category:general -- posted at: 3:55pm EDT

In this special episode of Payments on Fire®, Glenbrook partner Elizabeth McQuerry, partner in charge of Glenbrook’s Global payments consulting practice, leads a conversation on the development and adoption of realtime payments in developing markets.

Joining Elizabeth are Miller Abel, Deputy Director, Principal Technologist at Bill & Melinda Gates Foundation and Gene Neyer, Executive Advisor to Icon Solutions, board member at the US Faster Payments Council, who has supported Gates-funded projects in Pakistan and Tanzania.  

This discussion was originally scheduled to take place at the 2020 Payments Canada Summit.

If the development of faster payment, instant funds transfer systems is important to you, take a listen to this episode on the development of these instant push payment systems in developing markets. Many of the issues and concepts discussed apply to developed market concerns and you will gain important insight into the multiple paths governments and leading tech firms take in system and ecosystem development.

Anchoring the discussion is the set of principles for financial inclusion codified in The Level One Project Guide, a work product of the Bill & Melinda Gates Foundation.

An essential principle is the role of real-time payments as an economic development tool. Digital payments have to have the immediacy of cash to be transformative. No one can afford to wait for a payment to wander for a few days through an antiquated banking system when they have to buy fuel in 20 minutes.

Digital payments also have to solve for specific use cases which quickly leads to the need for an API layer to embed payments into purpose-built apps. The discussion addresses these principles and illustrates them with examples like the agriculture-focused version Uber for tractors.

To address the necessary transaction switching and connectivity infrastructure, the Gates Foundation has built the Mojaloop
platform, an open source initiative to ease development for  governments and commercial entities alike. Miller takes us through its genesis and applications.

Elizabeth, Gene, and Miller discuss the extraordinary and growing penetration of inexpensive smart and surprisingly capable feature phones in markets like Nigeria and Myanmar.

They also discuss the “stack” of rules, rails, account providers, and apps that enables innovation, a model that applies to both developed and developing markets.

This is a comprehensive discussion that touches on the roles of government and commercial stakeholders and how they differ across countries, payment economics, and the multiple paths to broad deployment of real-time payments. Take a listen.

Direct download: EP120_FasterPaymentsDevelopingMarkets.mp3
Category:general -- posted at: 3:09pm EDT

The “supermarket” days of financial institutions providing all of our financial services and holding all of our accounts are long over. Brokerages, insurance companies, and the expanding array of fintechs compete to hold, manage, or organize our assets.

With so many custodians of our financial data, it can be difficult for an individual to generate a complete picture of her finances. That’s been a longstanding problem that was addressed over two decades ago by data aggregators like personal financial management app Mint.

Individuals found this single portal approach quite useful. All we had to do was provide the aggregator with the login credentials to each of our online accounts. The aggregator would then log into that account on our behalf, “read” our data off of the web page, and display all of that data in a single consistent fashion (this is “screen scraping”, the method of data gathering that started it all).

This single view capability has been a compelling proposition that dozens and dozens of firms have emulated in the years since.

Further, use cases have proliferated where a fintech, for example, simply needs access to one or two accounts in order to fulfill its goals. The mobile app model has just accelerated the expansion of apps needing access to user account data.

Yodlee and Plaid, now a Visa company acquired in a whopping big transaction, are examples of companies selling access to user account data either through screen scraping or, in a more modern approach, direct integration to individual financial institutions.

Direct integration to each bank or credit union’s data is, of course, inefficient because each banks exposes its own interface. The syntax and functions of each vary making everyone’s development and maintenance tasks more difficult..

Evolution of a Standard

Into this gap is the Financial Data Exchange organization. With over 100 members https://financialdataexchange.org/pages/members
from a wide range of companies - Chase, Plaid, FS-ISAC, Intuit, PNC, Fannie Mae, Truist, Cashflow Solutions - its goal is to standardize the domain of permissioned at a sharing through an API layer in operates in front of financial institution data.

FDX is a true standards organization. Its members pay dues, yes, but their more important contribution is time and effort. Working groups take on particular technical and usage aspects, develop them, and generate draft standards for the entire membership to ratify.

One of its working groups focuses, for example, on the user experience, on the use cases that benefit from data sharing and how to make that process transparent and secure for end users.

In this Payments on Fire® episode, George and FDX Managing Director Don Cardinal discuss the API, its many reasons for being, and the standards development process.

They also discuss Akoya, Fidelity’s former data sharing unit that is now owned and operated by The Clearing House and 11 member banks. Akoya serves as a central integration provider making it easier for a fintech app to connect its users to the banks subscribing to the Akoya service.

So take a listen. FDX is important to the fintech and financial services community. It’s important to end users. And it’s a great example of how comprehensive standards can be developed swiftly.

 

Direct download: EP119_FDX.mp3
Category:general -- posted at: 1:15pm EDT

Welcome to Payments on Fire® and to our third, now annual, discussion with Steve Ledford, SVP Products and Strategy at The Clearing House, and the leader of his company’s Real Time Payment Network initiative.

As in prior conversations, Steve and George discuss the growth of the RTP Network both in terms of transactions and dollar volume as well as an important metric, the growth in the number of financial institutions and FI processors who are already or in process of connecting to the network.

The evolving set of use cases supported by a new payment system is often surprising. Few expected Zelle’s leading use case to be rent payments. While the RTP Network is in its infancy, Steve shares a number of use cases already in flight.

Changes to the network’s rules also position it for expanded use. For example, the network’s recent increase in transaction size limit to $100,000 positions it far better for B2B transactions.

Like all bank services, strong user authentication is critical and firmly out of scope for the new network. Banks will have to improve their authentication processes because account takeover is a real risk.

As Steve says in this discussion, banks can also reduce the risk of accountholders sending money to bad actors simply by well-timed messaging. Financial institutions can adopt best practices that have evolved in the UK and other markets with similar systems in place. For example, the bank should ask the accountholder if they personally know the recipient of the funds and if they have been pressured to make the payment within a certain timeframe. Both questions are meant to caution the accountholder before pressing Send.

Steve also addresses the announcement of FedNow and its ripple effects on the RTP Network.

New national payment rails are a once in a generation event. New rails, better data representation techniques, and mobile devices make for an innovator’s playground. Take a listen.

Direct download: EP118_RTP.mp3
Category:general -- posted at: 4:38pm EDT

Be Safe. Be Well. Help Out.

This is our era’s unprecedented event. I hope you’re staying safe, your family is all well, and you’ve got what you need for what looks to be a pretty long time. On the upside, I’ve seen and experienced people helping one another like never before. That gives me confidence we’ll be able to mitigate COVID-19’s impact on our healthcare system - and on all of us. The downside is obvious. The weight of the pandemic is going to come down heaviest on those with the fewest resources. Helping out is our best response.

Among the Exploiters of The Pandemic

There are characters out there, however, who are bent on taking advantage of this global challenge because the corona virus has only added gasoline to the growth of e-commerce and online fraud of all kinds.

While e-commerce volume skyrockets as so many hunker down, online credit applications are rising at traditional lenders, challenger banks, and fintechs. Responding to the pandemic, some fintechs are making it easier than ever for sole proprietors to get loans in the hopes of having their business survive the pandemic. For similar reasons, others are encouraging government action in support of their SMB customers.

These laudable efforts will attract fraudsters in droves. What could be better than overburdened systems (Robinhood anyone?) and modified onboarding and underwriting processes?

Socure is an identity management company serving financial institutions old and new, fintechs, and marketplaces that extend credit via online applications. Socure’s service operates right at their front door, at “day zero,” when the applicant first appears at the provider’s digital door. The company promises to reduce fraud, reduce the manual review of questionable applications, and onboard more customers through its KYC services.

In this Payments on Fire® episode, George speaks with Rivka Gewirtz Little, SVP Marketing & Strategy at Socure on a range of topics, from the what and how of Socure’s service to the larger concerns of fraud rates, model governance, and the definition of identity.

Socure’s Own Digital ID

Socure is working on its own version of a digital identity, essentially taking all that it knows about each individual and creating a profile that is updated based on the individual’s behavior, system changes, etc. This “Socure Identity” then can be used beyond the Day Zero identity proofing step but for subsequent authentication when the individual returns to Socure’s customer’s website or app.

FI Internal Collaborate on Identity

An encouraging evolution in enterprise organization is the growing collaboration of the produce line leadership within traditional financial institutions in the areas of risk management and marketing, teams with traditionally conflicting goals. Marketing wants as little friction as possible; Risk wants to keep the bad actor out. In the past, each product line fought its own battles and chosen its own solutions. Now that the digital channel is firmly established even among incumbent and with more flexible tech available, coordination and alignment is taking place.

Data Minimization

“Data minimization” has achieved buzzword status. And its meaning varies depending on who you are. Essentially, it means a provider should hold only that data that’s necessary and no more. For a Socure that lives on massive data resources, data minimization is meaningless. Socure has to be an exceptional custodian of all of that data.

George and Rivka discuss another connotation for that term, the ability of the accountholder or user to release only the data that’s relevant to the transaction. Showing a driver’s license to prove you’re over 21 is a classic case of over-sharing.

So, take a listen. Stay safe.

For more on digital identity and synthetic identity in particular, check out Episode 115 – Finding the Phantoms – Synthetic Identity and the Issuer – with Naftali Harris of SentiLink.

 

Direct download: EP117_Socure.mp3
Category:general -- posted at: 11:55am EDT

Sometimes events delay things. Other times, they hasten them. At Glenbrook, the corona virus has sped us along a path we’ve been traveling for some time. The path is digital delivery of the Glenbrook Payments Boot Camp®.

In this Payments on Fire® episode, Russ Jones, partner in charge of Glenbrook’s education team, talks with George about two major changes in our payments education program.

1. Digital Delivery - what it looks like, how it works, and when we will launch it for our public participants
2. Curriculum Update - how Glenbrook maintains the currency of our training and some of the major updates made recently

As you’ll hear Russ say, we’re excited by the capabilities of today’s teleconferencing capabilities, how we can use them to inject a high level of interactivity into each session, and the challenge of bringing the Glenbrook Payments Boot Camp® magic to the digital medium.

Join us April 7-9 for the Glenbrook Payments Boot Camp® digital edition. No travel required!

All of us at Glenbrook wish you the very best of experience and outcome as each and all of us navigates the corona virus threat. Be calm, carry on, and keep your social distance.

Direct download: EP116_Digital_Ed.mp3
Category:general -- posted at: 10:38am EDT

Fraudster innovation is a constant. As the defenders of payment transactions thwart one fraud vector, these innovators, playing offense, switch tactics.

Today, the problem of knowing who you are, that you are who you say you are, in the digital domain demands stronger authentication techniques. Many of those rely on the attributes, the data, provided by the user or by the applicants in the case of credit extension.

In turns out that even the data supplied by applicants can be both entirely bogus and sufficient to convince a credit issuer to onboard the applicant and extend credit. This is the problem of synthetic identity.

To explore the synthetic identity challenge, take a listen to this conversation with Naftali Harris, CEO of SentiLink, a company focusing on detecting synthetic identities. Coming from years at Affirm, Naftali and the SentiLink team serve credit issuers struggling with this new fraud vector.

 

First, let’s define synthetic identity using the Fed’s Synthetic Identity Fraud in the U.S. Payment System Payments Fraud Insight white paper as the source:

“The generally agreed-upon definition of synthetic identity fraud is a crime in which perpetrators combine fictitious and sometimes real information, such as SSNs and names, to create new identities to defraud financial institutions, government agencies or individuals.”

Now we’re looking for phantoms. Uh-oh.

There are terabytes of personally identifiable information for fraudsters to use because of data breaches and our own over-sharing of our personally identifiable information. Knowledge-based authentication based on static data like SSNs, birthdays, and the name of our hometown isn’t hard to break. Nor is this static data generally protected by tokenization or encryption in any way.

The fraudsters know what we know. Uh-oh.

And because the real data presented by the fraudster creating a virtual identity is often that of a child or an elder or even the deceased, well, it’s super hard to detect. That comes from my Glenbrook colleague Yvette Bohanan who has years of risk management experience at Amazon, Google, eBay, BofA and others.

Of course, the fraudster’s goal in making up a new identity is to open a credit line in order to subsequently defraud the issuer, perhaps by carefully using a credit line carefully for years to build up a high credit limit before busting out with a lot of spending and then disappearing to a beach somewhere.

Multiple Types of Synthetic Identities

A startling aspect of some synthetic identity fraud is that it doesn’t take advantage of purloined PII. All of the data used by the credit application is made up out of whole cloth and thin air. The proper format of a social security is well known so why not generate a random one? After all, the federal government doesn’t operate a central SSN repository with realtime validation. A variant approach relies on real and fake data, combining, for example real names with made-up SSNs.

To explore the synthetic identity challenge, take a listen to this conversation with Naftali Harris, CEO of SentiLink, a company focusing on detecting synthetic identities. Coming from years at Affirm, Naftali and the SentiLink team serve credit issuers struggling with this new fraud vector.

Direct download: EP115_Sentilink.mp3
Category:general -- posted at: 3:00pm EDT

On Payments on Fire® we’ve talked with gateway operators, processors, tokenization specialists, fraud management firms, and others - all providers who help payment acceptors handle their payments.

The range of services and business value they deliver varies a lot. Some providers do everything. Others, like Spreedly, the subject of this Payments on Fire® podcast, focus on a narrower set of functions and business outcomes.

Payment Flow and the Payment Service Provider (PSP)

When we talk about merchant acquiring in the Glenbrook Payments Boot Camp, we highlight the following transaction flow:

  1. The merchant or its ISV, perhaps running as an PayFac, accepts the customer’s payment
  2. They connect to a gateway or a processor
  3. The gateway routes the transaction to an acquiring bank or its processor OR the merchant connects directly to one of these entities
  4. The transaction is routed by the acquirer or processor into the payment network and on to the accountholders’s financial institution

That picture oversimplifies the tasks at hand. Depending on what kind of merchant you are, the set of payment-based services you need can vary substantially.

If you answer yes to any of the following, there are payment service providers ready to help you with specific tools:

  • Are you an e-commerce merchant
  • Is omnichannel commerce important?
  • Are you strictly a bricks-and-mortar operation?
  • Are you a biller or a heavy user of invoicing?
  • Do you operate unattended devices like vending machines and kiosks?
  • Are you global or have global aspirations?
  • Are you an SMB or enterprise-class payment acceptor?

Some payment service providers (PSPs) are owned or captives of larger upstream entities. Their role is to capture an ever widening stream of transactions to flow on to their parent company. CyberSource, owned by Visa, may not care a lot about who the acquirer is but the company's transaction handling drives revenue for Visa.

Other independent PSPs like NMI and, in today's podcast, Spreedly, focus more on the needs of the merchant. NMI anchors it many other talents around its core gateway. Spreedly might be considered is a gateway to gateways. It connects to processors and has developed a broad set of connections into domestic systems around the world. Spreedly is a also payments tokenization provider.

Given that range, Spreedly refers to itself as a merchant-facing payments infrastructure provider. More casually, Spreedly is a layer of glue between the payment acceptor's operations and the payment systems that the acceptor needs to support. Payment orchestration is another in vogue term to describe what Spreedly, and others, do.

This is an evolving story and marketplace. Definitely worth a listen to Justin Benson, CEO of Spreedly, as we talk about what his company does and a range of industry topics including tokenization, risk, and more.

Direct download: EP114_Spreedly.mp3
Category:general -- posted at: 3:10pm EDT

In this Payments on Fire® podcast, we examine the role of a payment service offered through a commerce solution targeted at the small and medium business (SMB) market. To do that, we talk with Nan Siler, Head of Payments Strategy and Operations, at Kabbage.

The small and medium business market is important to both the national and local economies. It’s big. According to the U.S. Small Business Administration, over 40% of GDP is generated by this segment. Over the last decade and more, SMBs have come to face new competition (Amazon and the high concentration of Big Retail) and a less willing lender community of traditional financial institutions. Kabbage has stepped into that environment.

Kabbage has loaned over $9B since its inception to some 220,000 customers and last fall added a new service, Kabbage Payments, to ease payment and invoicing for its SMB customers.

SMBs live and die on cash flow. If a big customer’s payment doesn’t come in on time, the business owner can end up paying her employees but not herself.

Kabbage has built sophisticated onboarding and lending models around the needs and realities small businesses. Cash flow management includes, of course, timely access to money, via lending, to fill funding gaps or help expand the operation.

Nan takes us through how Kabbage’s Payments solution complements Kabbage Funding, its lending operation, and how the two come together to provide better insight on the business’s cash needs. With better insight, the goal is to help the small business borrow less money for shorter periods of time when funding the day-to-day with the expectation that Kabbage can provide larger sums to meet the capital requirements of business expansion.

Many independent software vendors (ISVs) bring payments capabilities to their merchant customers to meet functional expectations as well as enjoy payment related revenues. Indeed, the ISV is now the channel through which many SMBs acquire payments acceptance capabilities. The payment-focused PSP group, and especially the Independent Sales Organization (ISO), no longer control that channel.

Kabbage, while not an ISV, has built its payment service to help merchants get paid faster. Every SMB wants that. So, take a listen to Nan as she discusses both the lending capabilities of her firm and how the new payment service complements that funding function.

Direct download: EP113_Kabbage.mp3
Category:general -- posted at: 5:21pm EDT

As our lives shift online, our providers needs strong digital representations of each of us in order to make authentication and authorization decisions. Besides payment transactions, there are the diverse risks they must manage when, for example, we establish new credit relationships, add new payees to our online accounts, and move money in new ways. The providers of these capabilities—and often a single party offers multiple services—must be concerned with the associated risks each poses.

This is the special domain of risk and fraud management companies. In this conversation with Payfone’s CEO Rodger Desai, we focus on digital identity services and the role of the mobile ecosystem in particular. Take a listen.

Many risk and fraud vendors base their services on different data types, such as the email address, SSN, or phone number.

In Payfone’s case, it is the combination of the mobile number, the device it is connected to, and the mobile network serving it that have powerful attributes to measure against. Relevant data attributes include:

1. Tenure. How long the mobile subscriber has had the phone number tells a lot about the subscriber itself.
2. Phone’s Aren’t Free. Unlike email addresses which are cost-less, almost anything to do with a phone costs money, i.e. the service and device costs. Therefore, phone-based frauds, for the fraudster, cost money. Such hacks don’t scale as well as a card data breach. But when there is a phone-based hack, the impact on the victim can be particularly severe.
3. Lots of Activity to Examine. With 50% of American eleven year olds having phones, we generate a rich history using our phones. For billing purposes alone, that activity is tracked by the mobile network ecosystem and, given appropriate privacy controls, can be used to support risk decisioning.
4. Even More Data. Biometric unlocking of devices, behavioral fingerprinting—how we actually interact with the device user interface—and device fingerprinting—the digital portrait developed from such rich data—expand the data available for risk assessment.

The union of all this data paints a crisp digital identity once algorithmic power has been applied to it.

In this episode of Payments on Fire® we discuss the risk assessment capabilities the mobile ecosystem provides with Payfone’ CEO Rodger Desai. His long experience in mobile “phone intelligence” informs this discussion. He explains how some very large clients are using Payfone’s scoring capabilities to assess transactional and account risk while addressing the challenge of improving the user experience. Risk and convenience are often at odds. Payfone’s services are designed to mitigate that conflict.

Today’s digital identification capabilities are powerful. But fraudsters are fast moving and well funded. For the relying parties—those enterprises that take on the risk—the role of defense is a tough one. Priorities, cost, business goals, even awareness vary. Each and every party’s approach to risk assessment is unique. Risk tolerance for the same transaction will differ from bank to bank, from enterprise to enterprise.

In other words, individual enterprises can assemble strong risk assessment and mitigation capabilities while, from a systemic view, there will always be gaps to be exploited. The best we can hope in today’s environment is for each enterprise to raise its security game.

Direct download: EP112_Payfone.mp3
Category:general -- posted at: 7:57pm EDT

The U.S. has just come off a record setting holiday shopping season with e-commerce sales rising over 18%. While the numbers aren’t in yet, there’s no doubt the fraudsters also had a record year. There are so many ways to defraud consumers, merchants, and financial institutions.

At Glenbrook, we are optimistic about our longer term ability to deter, prevent, and detect fraud. Our kit is getting better. The combination of tech and rule making will payoff: strong authentication enabled by standards-based smartphone-enabled biometrics; regulations requiring strong authentication as put forward in the EU through its SCA rules; and our expanding ability to detect new attacks using tools that operate within the transaction flow.

It is this last area that is the topic of this Payments on Fire® episode. Fraud detection tools operated by or on behalf of merchants that examine transactions are today’s major line of defense against payment, loyalty, and coupon fraud. In this conversation with Colin Sims, COO of fraud prevention company Forter, the development, deployment, and maintenance of a modern fraud management platform is the topic.

Colin and George discuss how fraud management and prevention technologies continue to evolve, Forter’s own approach, the role and impact of PSD2 and SCA regulations in the EU, and how fraud continues to adapt. While machine learning is a central technology, Colin makes clear that human effort and insight is what makes the difference.

Direct download: EP111_Forter.mp3
Category:general -- posted at: 2:50pm EDT

1