Thu, 24 September 2020
This Payments on Fire® podcast is a joint production of Citibank and Glenbrook. Tony McLaughlin of Citibank interviewed our partner Erin McCune about the U.S. payments market and business transactions in particular.
The U.S. payments landscape is in the midst of unprecedented change -- triggered by the COVID-19 pandemic, new faster payment infrastructure, open banking and an overall acceleration of digitization. Business payments are particularly ripe for change.
The pandemic has exposed businesses’ reliance on manual processes and motivating digitization and cloud migration. Although businesses have talked about pursuing electronic payments and treasury modernization efforts for some time the pandemic reveals the risk associated with manual processes dependent upon being in an office and reliant on the mail for delivery of invoices, checks, and other business documents. All of a sudden back office digitization is a c-suite concern.
The emergence of faster payments has also catalyzed change in the business payments space. Real time infrastructures were purpose built for business transactions. Not because they are fast -- suppliers grant their buyers payment terms, it’s not about speed. The new infrastructures have robust data capabilities that are very important to business-to-business payments.
Small businesses write and receive the majority of B2B checks and faster payment has tremendous potential to erode their reliance on manual invoicing and payment processes. Request-to-pay (R2P) capabilities associated with new real time rails are effectively electronic invoices, with the added value of a round trip payment logically associated with the invoice. For many smaller businesses, this could be the key to eliminating checks. For larger organizations where a single payment is associated with a number of invoices, and there is a need to provide more complex explanations of what a payment is for ISO 20022 remit messages (separate from the payment transaction itself) prove useful.
Additionally, there’s an enormous potential associated with API integrations between business back office solutions, bank partners, and payment infrastructure. Even relatively small businesses have an array of financial providers: multiple bank accounts, a credit facility, an ERP or accounting system, a CRM, a billing/invoicing solution, and other additional enterprise software tools. Knitting information together across systems and using these different solutions to embed and automate processes associated with sending, receiving, and applying payments provides significant value to businesses.
Speaking of data sharing, it’s useful to note that open banking in the U.S. is market-led, rather than the result of a mandate. But that doesn’t mean it isn’t happening -- there’s a great deal of momentum. Security concerns and the advent of new faster payments rails are pushing financial institutions to innovate and collaborate. Nacha’s Phixius and Afinis solutions and FDX are examples of cooperation between industry players. The card networks are also making acquisitions in this space, with Visa acquiring Plaid and Mastercard acquiring Finicity.
To add to everything else that’s happening, there’s a lot of buzz around CBDC at the moment. It’s a global phenomenon. The United States has a strong interest in the concept because of our desire to maintain the dollar’s position as a dominant currency for international trade. However, it’s still too early to know what a CBDC would look like in the U.S. and how consumers and businesses would interact with a new type of government-issued coin.
Tony asked Erin how the global pandemic has impacted Glenbrook. She observes that our focus at Glenbrook hasn’t changed dramatically as a result of the pandemic (although we’re not traveling like we used to!): we were working with clients across the value chain to digitize payments and related business processes before the COVID-19 and continue to do so today. Demand has intensified, but it hasn’t really shifted focus.
But in the midst of societal upheaval as a result of the pandemic, at Glenbrook we are also thinking deeply about how we can employ our expertise to help businesses and consumers at risk. We do a lot of work on financial inclusion in the developing world. How can we apply that thinking here at home, to help businesses and consumers weather uncertainty, bolster the economic recovery, and build an equitable foundation for financial health and sustainable businesses on a longer term basis? We don’t quite know yet, but we are excited to explore new avenues for our consulting practice.
Tue, 25 August 2020
NACHA’s Phixius is a new service for the exchange of the information about a payment between the sender and receiver. Take a listen to Payments on Fire® host George Peabody as he discusses Phixius with NACHA Advisor Peter Tapling. He helps us understand Phixius, how it works and where it applies. It’s a compelling idea.
One of the long standing shortcomings in payments systems has been the degree to which the data about a payment can be shared. If we can share the data about the payment, to have it run alongside the payment instructions, then we can do things like:
One of the advantages of check payments is that, when physically mailed, the letter can contain the check as well as an explanation of what that check is paying for, perhaps including copies of all the invoices. That data is hugely important to the supplier.
This payments metadata, the data that describes what a payment is for and all of the conditions around a transaction, is hugely valuable. Both the sender and receiver need it. It is used by every accounts payable and receivable department. Sure, it’s great to get paid. But without the metadata, it can be difficult to know the account to credit or to know which invoice, or invoices, the payment applies to.
Communication of payment metadata has been a bear. Some payment rails, wires for instance, have little or no ability to carry data beyond what’s needed for the payment itself. The card rails have only limited descriptive capability. ACH messages have some data carrying capability but usage has been limited.
Many of today’s realtime system like the UK’s Faster Payments and the RTP Network in the US use the rich encoding capability of ISO 20022 to represent the metadata. That’s a big improvement on how to represent payment metadata.
Another reason communicating this information has been difficult is the reality that today, when this data is shared, it happens as a result of a bilateral connection via API. A service provider attempting to bridge this data gap would have to have dozens and dozens of these bilateral API relationships, if not hundreds, to reach all participants in a major industry segment such as automobile or aircraft manufacturing. That’s impossible.
NACHA, rule making body of the US ACH system, has a role to play here because the ACH carries 62% of payment volume, excluding wires of course, and 66% of supplier payment volumes.
Recognizing that role, NACHA has made an out-of-model move with the introduction of its Phixius services. NACHA is now the operator of a system that carries payment metadata regardless of which payment system actually moves the money. Phixius could be useful in wires, RTP Network, Zelle, ACH, and even cards.
Phixius sits in between financial institutions, payments services providers, and others that provide payment services, to serve as a hub for the sharing of payment information. Each party connects to Phixius just once, eliminating the need for one-to-one integrations. Phixius refers to these stakeholders as credentialed service providers.
Phixius is defining operating rules and data requirements for individual uses cases.
Phixius uses distributed ledger technology to build trust among its participants in the data shared over the system. Phixius itself does not store the data nor does the distributed ledger contain the data about the transaction. It only contains a unalterable mathematical representation of the fact that the sending and receiving parties vouch for the data and agree on how it is used. The ledger can be audited by Phixius and the two parties involved in the transaction. But another node on the network could not interrogate the ledger to determine who is trading with whom.
So, it’s refreshing to see an instance of blockchain technology doing useful work, at scale, that has nothing to do with cryptocurrencies.
NACHA designed Phixius. It recruited important users of the system. Phixius is live in pilot and a broader rollout is scheduled in Q4 or Q1 of 2021.
NACHA is not a well heeled organization with tons of money to market the Phixius brand to the fintech and financial institution communities. The idea is compelling but, as a network build, faces an adoption curve that will be climbed on the strength of that idea.
Tue, 11 August 2020
In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.
It’s a huge issue. Many of us are concerned as individuals with how our personal data - our personally identifiable information or PII - is shared by social media and throughout today’s massive data ecosystem without our knowledge or without our case by case granting of permission.
As a result of those concerns, various jurisdictions around the work have enacted privacy-focused legislation that has teeth. The EU’s General Data Privacy Regulation (GDPR) focuses on data protection and privacy where consent for PII is required. It also addresses data domicility, where the data about an EU system must reside. GDPR applies to entities doing business in Europe - i.e. it applies to thousands of US companies.
In the US, one of the leading regulatory steps is on the ballot this year in California. Its proposed data privacy regulation, the California Consumer Privacy Act (CCPA), would provide for:
* The right to know about the personal information a business collects about them and how it is used and shared;
Any business doing business in CA will be affected by the CCPA, including data brokers.
These regulations are an attempt to return a measure of control to individuals over the sea of personal data that makes it possible, for instance, for an entity to correlate the data of a handful of payment transactions to identify an individual with high confidence.
The ramifications of these regulations are many. In this podcast, we hear of how a Midwest bank, that does not business itself in the EU, became subject to GDPR regulations because of the activities of one of its clients.
We are living in a world where the social implications of wide data sharing are obvious.
What’s not so clear are the business ramifications of privacy regulations and the data custodianship they demand.
In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.
We are at the beginning of a decades long evolution of how privacy is supported and data is managed. Shaping that path will be regulations, the decisions reached through multiple lawsuits, and the response by technology and data providers.
Fri, 17 July 2020
In this episode, George speaks with Rafael Lourenco, EVP and Partner of fraud management provider ClearSale. Rafael returns to Payments on Fire® to address COVID’s impact including new online threats and the consumer behavior changes that challenge the customer checkout experience and fraud detection.
COVID-19 has contorted how merchants do business into new shapes. COVID-19 is forcing some merchants, often inexperienced with the online world, to make a swift digital transformation with all of its benefits and downside fraud risk.
For example, numerous brick-and-mortar merchants have rushed to embrace online commerce as they attempt to fill the revenue hole in their business. Others, as we’ll hear in this Payments on Fire® podcast, have suddenly found new demand for what they offer.
Even fraud management companies have found themselves dealing with unexpected shifts, including new behaviors of good customers.
* Consumers new to the online channel have suddenly appeared. Their checkout and payments behavior maybe confused and uneven.
As we’ve seen countless times after natural disasters, fraudsters see opportunity in the misfortune of others. The pandemic is no different. It’s also encouraged fraudsters who formerly operated in the physical world to attack the online channel. After all, they need to make a living, too.
Rafael takes us through these scenarios, what ClearSale has observed since very early in the COVID-19 outbreak, and some of the adjustments ClearSale’s full outsourced fraud management service has had to make.
He also discusses the role of machine learning and artificial intelligence (ML/AI) in fraud management. ML/AI has dropped ClearSale’s need for manual review from 30% of orders 10 years ago to 5% today.
ClearSale differentiates its service partly based on the extent fraud analysts examine the case before a questionable transation is declined. Rafael points out that, unlike an individual merchant who must maintain the same staffing level despite volume fluctuations (think Cyber Monday and mid-July), ClearSale’s fraud analyst team works across multiple merchant categories. That means, when one segments is busy another is less so. The result is “staffing in the cloud.”
For more on how COVID-19 has affected payment flows and the payments industry, read Glenbrook’s COVID Impact series.
Thu, 18 June 2020
Take a listen to Rapyd's Eric Rosenthal and Glenbrook’s George Peabody as they discuss Rapyd’s swift global expansion, its ability to quickly build new capabilities, and the firm’s cloud-based tech stack. It uses its “white label PayPal” model to payment-enable a wide range of companies and use cases.
Programming Payments Has Been Hard
Among the many evolutions in the payments industry over the last decade, and only accelerating today, is the programmability of payments. Prior to that, a portion of payments providers - gateways, processors, and even networks - provided access to their services via direct integration to whatever interface they cared to expose. The API is the layer now employed for that purpose.
A single interface to core services is, of course, the basic stock in trade of a gateway, an outfit that exposes a single interface to its customers with the promise, among many, of reaching a broad swatch of acquirers out the other side. Networks like American Express and Mastercard have long provided access of their own.
But this approach, for the many merchants and businesses shifting to digital payments, had a number of shortcomings.
First, none of these integrations were truly comprehensive. One gateway could get you to the UK, but others were necessary to reach the rest of Europe, often on a country by country basis because payments are local and domestic. To sell in a country, you have to connect to the methods its citizens use. Cards along won’t do it. So, global reach through a minimum set of providers was a challenge.
A second concern was the effort required to connect to so many providers. A merchant would have to carefully assess the ROI for each development effort in order to sell, say, in Austria or Thailand. Or to take advantage of the fraud services of American Express. Implementing and maintaining so may interfaces - and the contracts or partnerships that exist alongside the technical effort - is a lot of work.
Things Have Improved - A Lot
The way over these barriers is now broadly available. A number of providers have applied a common insight - that merchants, enterprises, and sellers will flock to a provider that offers a single, straightforward API that abstracts the complexity of payments so that they can focus more on their commercial goals.
Multiple providers now offer a single integration through which merchant can reach a global audience and the global range of payment methods.
That’s one of the insights that inspired firms like Braintree, Stripe, Adyen, and others, including the firm Rapyd, the subject of this Payments on Fire® episode.
Built on the Cloud
Rapyd is a young company building out its capability to global scale in a very short period of time. In this discussion with Rapyd’s Eric Rosenthal we hear how the firm’s use of Amazon Web Services has allowed the company to scale operations around the world in a reliable and, critically, compliant manner with respect to data privacy and domicility.
Eric illustrates the company’s model - a white label PayPal as he calls it - through an example of Rapyd supporting a cash collection supply chain challenge for a global CPG manufacturer.
Flexibility and Speed
In our payments consulting work on behalf of merchants and billers, when we support their choice of payments provider, we increasingly see one or more firms like Rapyd competing against incumbents like First Data and Chase. We expect to see them more often in the future.
Incumbents using legacy infrastructure lack the flexibility to be responsive. We frequently hear about the years long implantation projects some legacy providers require. While a single firm may have built, at one time or another, every possible bit of functionality a merchant may want, the reality is that such breadth is not available on a single platform. Hence those long integration timelines.
The ability of these newer entrants to address incremental use cases is impressive. Of course, some of their components lack the functional depth achieved by incumbent competitors. But that gap will narrow with time and faster than in prior years.
By outsourcing the core plumbing to cloud providers like AWS or Microsoft’s Azure, firms like Rapyd are able to put more wood behind the arrow aimed at their customer’s business goals. Freed of much of the operational burden of running the plumbing, they can deploy their talents where the impact is greatest. And that changes the game.
Wed, 10 June 2020
The transition away from paper to an all digital payments world has been underway for decades. But in the last few years the pace has accelerated. Global tech availability and focused development talent is letting software eat the payments world. Other enablers include business models such as payments facilitation and the focus on commerce, not just payments, for merchants.
COVID-19 has simply added fuel to the fire. In May, for the first time, Mastercard reported that over 50% of its volume was card not present, transactions all in the digital payment space. The pandemic is yet another forcing function pushing digital payments deeper into our lives, across the key payment use cases employed by individuals, merchants, enterprises, and government.
Keeping up with all this is what we do at Glenbrook. In this Payments on Fire® episode, Glenbrook's Russ Jones and George talk about what’s hot and how that gets examined in our upcoming Digital Payments Insight Workshop. It will be held online June 24 and 25th. For more on the workshop, check it out here.
Russ and George talk about the online training experience and how interactivity is supported by the tools we use and the flow we establish. So, take a quick listen to get a taste of what’s hot. If you like it, we look forward to seeing you at the workshop. No trains, planes, or automobiles needed.
Tue, 2 June 2020
Take a listen to Craig McDonald, Chief Business Officer of Trustly and George as they discuss how Trustly makes its proposition possible. While Trustly is ramping up its U.S. presence, it does have timing on its side. In this pandemic-constrained age, merchants will be looking for lower cost payments and certainty. Trustly appears to have attributes to meet those concerns.
In our payments education and payments consulting work, we frequently discuss payments “rails” - the networks and systems that move money either between banks in the open lop payments model or within a single operator’s closed loop network. Think cards, wires, and ACH when you hear “open loop.” Think PayPal when you hear “closed loop.”
Each set of rails connects to an account of some kind. And has to present itself to the end user to make payment initiation easy.
We know how to write a check and understand how a wire is initiated. We all know how to initiate a card transaction at both the physical point of sale and online. There’s another important system that most of use all the time if we’re employed. If we actually use it to send a payment, we might know what it’s really called. That, of course, is the automated clearing house, the ACH system.
The ACH has incredible attributes. Almost every financial institution connects to it so the network effect is huge. And, for the financial institutions that use it, it’s very inexpensive. It can be used to both credit or debit an account.
But it has some big shortcomings, too. It runs in batch, overnight and a couple of times during the day. It is not a real time payment. There is no authorization. And when a debit transaction is initiated, the system has no way of knowing if there are funds in the account to be debited.
A number of companies have come and gone over the years who have tried to take advantage of its cost and ubiquity but have been unable to overcome competition from cards, especially debit cards, or the challenges of fraud and security.
But more modern tools are available today from both the technology and the rules/regulations angles that make the ability to pay a merchant from one’s own bank account, certain for both parties, possible.
That’s the topic of this Payments on Fire® episode. Trustly has combined broad connectivity into the ACH system with machine learning to effectively guarantee payments to merchants at a lower cost than debit cards. It’s a fascinating example of how new tech can broaden the utility of a system that is decades old.
Take a listen to Craig McDonald, Chief Business Officer of Trustly and George as they discuss how Trustly makes its proposition possible. While Trustly is ramping up its U.S. presence, it does have timing on its side. In this pandemic-constrained age, merchants will be looking for lower cost payments and certainty. Trustly appears to have attributes to meet those concerns.
Tue, 26 May 2020
Episode 125 - COVID-19 Relief: Collaboration, Regulation, and Tech Do Good - Roberto Marinho, CEO, César Souto, Conta Zap, Brazil
This illuminating Payments on Fire® episode takes a deep look at a very new Brazilian payments platform called Conta Zap (Zap Account in English) and how a group of community minded people came together with Conta Zap to provide basic income to economically displaced Brazilians during the COVID-19 outbreak.
The story illustrates how the combination of entrepreneurial thinking, technology, and right-thinking regulation can make a real impact on even those living at the edge.
This story is about how that wallet was put into the field to serve a particular community in real need. That community is made up of mostly fishermen, like the one pictured below, living in the Vergel do Lago neighborhood in the northeastern city of Maceio. Most residents are fisherman who sell their catch to restaurants, a transaction shut down due to COVID-19 restaurant closures.
Already living on the edge, that shutdown put enormous pressure on the 20,000 fishermen working in the area.
How It Started
Conta Zap is a digital wallet that simplifies moving money for P2P, bill payment, and other consumer-based transactions. Under Brazilian bank regulations, Conta Zap is also a “payment institution” able to handle payment transactions on behalf of its user but not to be a lender itself.
When word of the fishermen’s plight reached Conta Zap leadership the idea of using its wallet to get emergency funds to the fishermen was born. The Zap do Bem (roughly translated as Zap for Good) service came to be, based on the Conta Zap wallet. A group of corporate funders donated the funds for the fisherman with each fisherman receiving the equivalent of $35 USD, a meaningful figure to these impoverished workers.
The idea of Zap do Bem started in mid-March before it was clear that the federal government was going to provide an emergency stipend to poor Brazilians. To get those stipends to the millions of unbanked Brazilians, the government took advantage of recent Brazilian Central Bank regulations that allow for easy opening of low value accounts. These so-called CAIXA Tem digital accounts are offered by the government owned CAIXA Econômica banks. Remarkably, more than 40 million accounts are expected to be opened by individuals who previously did not have an account.
As with Conta Zap, this has allowed Brazil to disburse funds relatively easily and safely to millions of people. Of course, this hasn’t stopped people from lining up to take money out as cash but it is a very big, important first step in creating a digital ecosystem.
Multiple Layers of Tech, Regulatory Foresight, and Good Will
The story is a digital one. The Zap do Bem was not about helping speed cash distribution. Stakeholders combined technology from multiple parties, the generosity of donors, and these important regulatory guardrails to create a valuable service. Here are the ingredients to Zap do Bem’s layer cake:
Screenshot and translation of Zap do Bem:
We’ll plan to follow up on these developments in the future. Listen in now as Elizabeth McQuerry interviews Roberto Marinho, CEO of Conta Zap, and César Souto, a Member of the Board of Directors. If you would like to become a donor, click here and scroll to the bottom of the page for instructions.
Tue, 19 May 2020
There’s no clearer indicator of COVID-19’s economic impact than payment metrics. In this Payments on Fire® episode, we speak with Bryan Derman, Glenbrook’s managing partner, and Glynn Frechette, SVP of PSCU’s Advisors Plus division, in a discussion of PSCU’s payment trends analysis. Glynn provides an exceptionally detailed view into the pain, and some real gains, that the pandemic has brought to U.S. payments activity.
PSCU’s analysis points to both the depth of transaction volume declines for a number of segments, especially travel and fuel. And since so many restaurants are shut down (another segment hammered by the pandemic), the data shows how supermarkets and groceries have benefited.
There’s plenty of detail in this podcast so take a careful listen. To keep up to date on what PSCU is seeing across the country, go to its Resource page. For more, check out PSCU's infographic for the week ending May 3rd.
Tue, 12 May 2020
It is super instructive to hear about payments evolution. So, it’s time to take a trip. In this Payments on Fire® episode we speak with Charles Ifedi, one of the founders of Interswitch, one of the leading digital payments providers in Nigeria, and founder of customer engagement platform company eBanqo.
We hear a lot - and deservedly so - about innovative fintech companies but we hear very little about the advanced and highly competitive payment system already in place in Nigeria. Take a listen as Glenbrook partner Elizabeth McQuerry, partner in charge of Glenbrook’s Global payments consulting practice, talks with Charles about the Nigerian payments ecosystem, his role in developing one of the leading payments providers there and and his new venture in improving the front end of financial services with conversational AI .
Payments in Nigeria are huge in every way. Its large population – some 200 million – allows digital payments to thrive even as the banked population remains stubbornly low at just under 40% of the adult population. Unlike the eastern Africa experience of telco-led companies like M-PESA, Nigerian telcos are not allowed to serve as payments providers. They aren’t banks but their agent networks serve an essential role in last mile service delivery. That said, recent regulatory changes are allowing partner companies of these telcos to apply for the country’s payments services bank license.
Nigerians have been able to take advantage of instant or real-time payments for a decade. You can’t say that for Americans. It’s quite common to see people making instant payments transfers from their mobile devices via the simple USSD menu interface on feature phones. Those with smartphones take full advantage of app-based interfaces.
These instant payments are often used to buy things in retail shops as well as to make business or personal transfers. Payment by debit and credit card is also quite common and Nigeria is home to Verve, the pan-African card brand.
Listen in as Charles, who was Verve’s first CEO, reflects on developing the Interswitch brand and discusses how Nigerians are making payments at small and large merchants during the Covid-19 lockdown, the successes of ATMs and their challenges to growth, the failure of biometrics, and about the Nigerian payments ecosystem overall.
Tue, 5 May 2020
Payment authorization rates are a theme we return to regularly on Payments on Fire® because they matter so much to merchants, issues, and the payment providers in between. If a big issuer declines more transactions than its peers, the merchant and the issuer, in fact, leave money on the table. The merchant loses sales. The issuer loses interchange revenue.
In this episode, we speak with Stripe’s Jeanne DeWitt, head of revenue and growth for the Americas, for a deep look into how her company maximizes AUTH rates for itself and its hundreds of thousands of sellers. We discuss COVID-19’s impact and some of the creative responses to it. We also address Stripe’s maturation into an enterprise provider, at enterprise orgnization, and wrap with a look ahead at the future shape of the payments industry.
Tue, 28 April 2020
In Glenbrook's Payments Boot Camp® and in our payments consulting work, we use our Domains of Payments framework to subdivide the major use cases and payment contexts into a half dozen categories or domains. The Remote Domain contains cross-border e-commerce, a particularly challenging use case where the buyer and seller are separated by distance and, in the case of cards, credentials are presented without the cardholder present. This is card on file (COF), card not present (CNP) transactions live. Just add cross-border complexity.
If you sell via e-commerce in the EU, Middle East and to the global market, you’re crossing borders. That means regulatory compliance. It also means you want your customers to pay you in the manner to which they’ve become accustomed. Germans and Belgians like SOFORT and PayPal. The Dutch prefer the domestic iDEAL system. The UK is card-centric.
To reach customers in those countries and beyond, you need a payment services provider with reliable connectivity into those domestic systems, access to global card systems, and the ability to maximize authorization rates.
Credorax is a PSP founded in Israel with a strong technology focus that has also become a Malta-based bank in order to expand its EU presence as an acquiring bank.
In this Payments on Fire® episode, George and Credorax COO Moshe Selfin discuss the initial impact of the novel coronavirus on the travel segment and then move on to authorization optimization.
The podcast includes the Credorax creation story. While technical capabilities were the core of its start-up phase, it was the EU’s PSD2 regulation that created its market strategy and steered its business evolution. While many in the payments industry complain about regulation, it’s true that mandates move markets and, as Credorax saw, create opportunity.
Take a listen to how a this not-yet-quite-global company positions itself in an increasingly crowded market and its approach to delivering value.
Tue, 21 April 2020
Episode 120 - Deep Dive into Real-time Payments in Developing Markets - Elizabeth McQuerry, Glenbrook Partners
In this special episode of Payments on Fire®, Glenbrook partner Elizabeth McQuerry, partner in charge of Glenbrook’s Global payments consulting practice, leads a conversation on the development and adoption of realtime payments in developing markets.
If the development of faster payment, instant funds transfer systems is important to you, take a listen to this episode on the development of these instant push payment systems in developing markets. Many of the issues and concepts discussed apply to developed market concerns and you will gain important insight into the multiple paths governments and leading tech firms take in system and ecosystem development.
An essential principle is the role of real-time payments as an economic development tool. Digital payments have to have the immediacy of cash to be transformative. No one can afford to wait for a payment to wander for a few days through an antiquated banking system when they have to buy fuel in 20 minutes.
This is a comprehensive discussion that touches on the roles of government and commercial stakeholders and how they differ across countries, payment economics, and the multiple paths to broad deployment of real-time payments. Take a listen.
Tue, 14 April 2020
Episode 119 - The API to Streamline and Secure Account Access - Don Cardinal, GM, Financial Data Exchange
The “supermarket” days of financial institutions providing all of our financial services and holding all of our accounts are long over. Brokerages, insurance companies, and the expanding array of fintechs compete to hold, manage, or organize our assets.
With so many custodians of our financial data, it can be difficult for an individual to generate a complete picture of her finances. That’s been a longstanding problem that was addressed over two decades ago by data aggregators like personal financial management app Mint.
Individuals found this single portal approach quite useful. All we had to do was provide the aggregator with the login credentials to each of our online accounts. The aggregator would then log into that account on our behalf, “read” our data off of the web page, and display all of that data in a single consistent fashion (this is “screen scraping”, the method of data gathering that started it all).
This single view capability has been a compelling proposition that dozens and dozens of firms have emulated in the years since.
Further, use cases have proliferated where a fintech, for example, simply needs access to one or two accounts in order to fulfill its goals. The mobile app model has just accelerated the expansion of apps needing access to user account data.
Yodlee and Plaid, now a Visa company acquired in a whopping big transaction, are examples of companies selling access to user account data either through screen scraping or, in a more modern approach, direct integration to individual financial institutions.
Direct integration to each bank or credit union’s data is, of course, inefficient because each banks exposes its own interface. The syntax and functions of each vary making everyone’s development and maintenance tasks more difficult..
Evolution of a Standard
Into this gap is the Financial Data Exchange organization. With over 100 members https://financialdataexchange.org/pages/members
FDX is a true standards organization. Its members pay dues, yes, but their more important contribution is time and effort. Working groups take on particular technical and usage aspects, develop them, and generate draft standards for the entire membership to ratify.
One of its working groups focuses, for example, on the user experience, on the use cases that benefit from data sharing and how to make that process transparent and secure for end users.
In this Payments on Fire® episode, George and FDX Managing Director Don Cardinal discuss the API, its many reasons for being, and the standards development process.
They also discuss Akoya, Fidelity’s former data sharing unit that is now owned and operated by The Clearing House and 11 member banks. Akoya serves as a central integration provider making it easier for a fintech app to connect its users to the banks subscribing to the Akoya service.
So take a listen. FDX is important to the fintech and financial services community. It’s important to end users. And it’s a great example of how comprehensive standards can be developed swiftly.
Tue, 31 March 2020
Welcome to Payments on Fire® and to our third, now annual, discussion with Steve Ledford, SVP Products and Strategy at The Clearing House, and the leader of his company’s Real Time Payment Network initiative.
As in prior conversations, Steve and George discuss the growth of the RTP Network both in terms of transactions and dollar volume as well as an important metric, the growth in the number of financial institutions and FI processors who are already or in process of connecting to the network.
The evolving set of use cases supported by a new payment system is often surprising. Few expected Zelle’s leading use case to be rent payments. While the RTP Network is in its infancy, Steve shares a number of use cases already in flight.
Changes to the network’s rules also position it for expanded use. For example, the network’s recent increase in transaction size limit to $100,000 positions it far better for B2B transactions.
Like all bank services, strong user authentication is critical and firmly out of scope for the new network. Banks will have to improve their authentication processes because account takeover is a real risk.
As Steve says in this discussion, banks can also reduce the risk of accountholders sending money to bad actors simply by well-timed messaging. Financial institutions can adopt best practices that have evolved in the UK and other markets with similar systems in place. For example, the bank should ask the accountholder if they personally know the recipient of the funds and if they have been pressured to make the payment within a certain timeframe. Both questions are meant to caution the accountholder before pressing Send.
Steve also addresses the announcement of FedNow and its ripple effects on the RTP Network.
New national payment rails are a once in a generation event. New rails, better data representation techniques, and mobile devices make for an innovator’s playground. Take a listen.
Tue, 24 March 2020
Be Safe. Be Well. Help Out.
This is our era’s unprecedented event. I hope you’re staying safe, your family is all well, and you’ve got what you need for what looks to be a pretty long time. On the upside, I’ve seen and experienced people helping one another like never before. That gives me confidence we’ll be able to mitigate COVID-19’s impact on our healthcare system - and on all of us. The downside is obvious. The weight of the pandemic is going to come down heaviest on those with the fewest resources. Helping out is our best response.
Among the Exploiters of The Pandemic
There are characters out there, however, who are bent on taking advantage of this global challenge because the corona virus has only added gasoline to the growth of e-commerce and online fraud of all kinds.
While e-commerce volume skyrockets as so many hunker down, online credit applications are rising at traditional lenders, challenger banks, and fintechs. Responding to the pandemic, some fintechs are making it easier than ever for sole proprietors to get loans in the hopes of having their business survive the pandemic. For similar reasons, others are encouraging government action in support of their SMB customers.
These laudable efforts will attract fraudsters in droves. What could be better than overburdened systems (Robinhood anyone?) and modified onboarding and underwriting processes?
Socure is an identity management company serving financial institutions old and new, fintechs, and marketplaces that extend credit via online applications. Socure’s service operates right at their front door, at “day zero,” when the applicant first appears at the provider’s digital door. The company promises to reduce fraud, reduce the manual review of questionable applications, and onboard more customers through its KYC services.
In this Payments on Fire® episode, George speaks with Rivka Gewirtz Little, SVP Marketing & Strategy at Socure on a range of topics, from the what and how of Socure’s service to the larger concerns of fraud rates, model governance, and the definition of identity.
Socure’s Own Digital ID
Socure is working on its own version of a digital identity, essentially taking all that it knows about each individual and creating a profile that is updated based on the individual’s behavior, system changes, etc. This “Socure Identity” then can be used beyond the Day Zero identity proofing step but for subsequent authentication when the individual returns to Socure’s customer’s website or app.
FI Internal Collaborate on Identity
An encouraging evolution in enterprise organization is the growing collaboration of the produce line leadership within traditional financial institutions in the areas of risk management and marketing, teams with traditionally conflicting goals. Marketing wants as little friction as possible; Risk wants to keep the bad actor out. In the past, each product line fought its own battles and chosen its own solutions. Now that the digital channel is firmly established even among incumbent and with more flexible tech available, coordination and alignment is taking place.
“Data minimization” has achieved buzzword status. And its meaning varies depending on who you are. Essentially, it means a provider should hold only that data that’s necessary and no more. For a Socure that lives on massive data resources, data minimization is meaningless. Socure has to be an exceptional custodian of all of that data.
George and Rivka discuss another connotation for that term, the ability of the accountholder or user to release only the data that’s relevant to the transaction. Showing a driver’s license to prove you’re over 21 is a classic case of over-sharing.
So, take a listen. Stay safe.
For more on digital identity and synthetic identity in particular, check out Episode 115 – Finding the Phantoms – Synthetic Identity and the Issuer – with Naftali Harris of SentiLink.
Mon, 16 March 2020
Episode 116 - Now More than Ever - Glenbrook Payments Boot Camp® Digital Edition - Russ Jones, Glenbrook Partners
Sometimes events delay things. Other times, they hasten them. At Glenbrook, the corona virus has sped us along a path we’ve been traveling for some time. The path is digital delivery of the Glenbrook Payments Boot Camp®.
In this Payments on Fire® episode, Russ Jones, partner in charge of Glenbrook’s education team, talks with George about two major changes in our payments education program.
1. Digital Delivery - what it looks like, how it works, and when we will launch it for our public participants
As you’ll hear Russ say, we’re excited by the capabilities of today’s teleconferencing capabilities, how we can use them to inject a high level of interactivity into each session, and the challenge of bringing the Glenbrook Payments Boot Camp® magic to the digital medium.
Join us April 7-9 for the Glenbrook Payments Boot Camp® digital edition. No travel required!
All of us at Glenbrook wish you the very best of experience and outcome as each and all of us navigates the corona virus threat. Be calm, carry on, and keep your social distance.
Thu, 12 March 2020
Fraudster innovation is a constant. As the defenders of payment transactions thwart one fraud vector, these innovators, playing offense, switch tactics.
Today, the problem of knowing who you are, that you are who you say you are, in the digital domain demands stronger authentication techniques. Many of those rely on the attributes, the data, provided by the user or by the applicants in the case of credit extension.
In turns out that even the data supplied by applicants can be both entirely bogus and sufficient to convince a credit issuer to onboard the applicant and extend credit. This is the problem of synthetic identity.
To explore the synthetic identity challenge, take a listen to this conversation with Naftali Harris, CEO of SentiLink, a company focusing on detecting synthetic identities. Coming from years at Affirm, Naftali and the SentiLink team serve credit issuers struggling with this new fraud vector.
First, let’s define synthetic identity using the Fed’s Synthetic Identity Fraud in the U.S. Payment System Payments Fraud Insight white paper as the source:
“The generally agreed-upon definition of synthetic identity fraud is a crime in which perpetrators combine fictitious and sometimes real information, such as SSNs and names, to create new identities to defraud financial institutions, government agencies or individuals.”
Now we’re looking for phantoms. Uh-oh.
There are terabytes of personally identifiable information for fraudsters to use because of data breaches and our own over-sharing of our personally identifiable information. Knowledge-based authentication based on static data like SSNs, birthdays, and the name of our hometown isn’t hard to break. Nor is this static data generally protected by tokenization or encryption in any way.
The fraudsters know what we know. Uh-oh.
And because the real data presented by the fraudster creating a virtual identity is often that of a child or an elder or even the deceased, well, it’s super hard to detect. That comes from my Glenbrook colleague Yvette Bohanan who has years of risk management experience at Amazon, Google, eBay, BofA and others.
Of course, the fraudster’s goal in making up a new identity is to open a credit line in order to subsequently defraud the issuer, perhaps by carefully using a credit line carefully for years to build up a high credit limit before busting out with a lot of spending and then disappearing to a beach somewhere.
Multiple Types of Synthetic Identities
A startling aspect of some synthetic identity fraud is that it doesn’t take advantage of purloined PII. All of the data used by the credit application is made up out of whole cloth and thin air. The proper format of a social security is well known so why not generate a random one? After all, the federal government doesn’t operate a central SSN repository with realtime validation. A variant approach relies on real and fake data, combining, for example real names with made-up SSNs.
To explore the synthetic identity challenge, take a listen to this conversation with Naftali Harris, CEO of SentiLink, a company focusing on detecting synthetic identities. Coming from years at Affirm, Naftali and the SentiLink team serve credit issuers struggling with this new fraud vector.
Fri, 6 March 2020
On Payments on Fire® we’ve talked with gateway operators, processors, tokenization specialists, fraud management firms, and others - all providers who help payment acceptors handle their payments.
The range of services and business value they deliver varies a lot. Some providers do everything. Others, like Spreedly, the subject of this Payments on Fire® podcast, focus on a narrower set of functions and business outcomes.
Payment Flow and the Payment Service Provider (PSP)
When we talk about merchant acquiring in the Glenbrook Payments Boot Camp, we highlight the following transaction flow:
That picture oversimplifies the tasks at hand. Depending on what kind of merchant you are, the set of payment-based services you need can vary substantially.
If you answer yes to any of the following, there are payment service providers ready to help you with specific tools:
Some payment service providers (PSPs) are owned or captives of larger upstream entities. Their role is to capture an ever widening stream of transactions to flow on to their parent company. CyberSource, owned by Visa, may not care a lot about who the acquirer is but the company's transaction handling drives revenue for Visa.
Other independent PSPs like NMI and, in today's podcast, Spreedly, focus more on the needs of the merchant. NMI anchors it many other talents around its core gateway. Spreedly might be considered is a gateway to gateways. It connects to processors and has developed a broad set of connections into domestic systems around the world. Spreedly is a also payments tokenization provider.
Given that range, Spreedly refers to itself as a merchant-facing payments infrastructure provider. More casually, Spreedly is a layer of glue between the payment acceptor's operations and the payment systems that the acceptor needs to support. Payment orchestration is another in vogue term to describe what Spreedly, and others, do.
This is an evolving story and marketplace. Definitely worth a listen to Justin Benson, CEO of Spreedly, as we talk about what his company does and a range of industry topics including tokenization, risk, and more.
Wed, 26 February 2020
In this Payments on Fire® podcast, we examine the role of a payment service offered through a commerce solution targeted at the small and medium business (SMB) market. To do that, we talk with Nan Siler, Head of Payments Strategy and Operations, at Kabbage.
The small and medium business market is important to both the national and local economies. It’s big. According to the U.S. Small Business Administration, over 40% of GDP is generated by this segment. Over the last decade and more, SMBs have come to face new competition (Amazon and the high concentration of Big Retail) and a less willing lender community of traditional financial institutions. Kabbage has stepped into that environment.
Kabbage has loaned over $9B since its inception to some 220,000 customers and last fall added a new service, Kabbage Payments, to ease payment and invoicing for its SMB customers.
SMBs live and die on cash flow. If a big customer’s payment doesn’t come in on time, the business owner can end up paying her employees but not herself.
Kabbage has built sophisticated onboarding and lending models around the needs and realities small businesses. Cash flow management includes, of course, timely access to money, via lending, to fill funding gaps or help expand the operation.
Nan takes us through how Kabbage’s Payments solution complements Kabbage Funding, its lending operation, and how the two come together to provide better insight on the business’s cash needs. With better insight, the goal is to help the small business borrow less money for shorter periods of time when funding the day-to-day with the expectation that Kabbage can provide larger sums to meet the capital requirements of business expansion.
Many independent software vendors (ISVs) bring payments capabilities to their merchant customers to meet functional expectations as well as enjoy payment related revenues. Indeed, the ISV is now the channel through which many SMBs acquire payments acceptance capabilities. The payment-focused PSP group, and especially the Independent Sales Organization (ISO), no longer control that channel.
Kabbage, while not an ISV, has built its payment service to help merchants get paid faster. Every SMB wants that. So, take a listen to Nan as she discusses both the lending capabilities of her firm and how the new payment service complements that funding function.
Mon, 3 February 2020
As our lives shift online, our providers needs strong digital representations of each of us in order to make authentication and authorization decisions. Besides payment transactions, there are the diverse risks they must manage when, for example, we establish new credit relationships, add new payees to our online accounts, and move money in new ways. The providers of these capabilities—and often a single party offers multiple services—must be concerned with the associated risks each poses.
This is the special domain of risk and fraud management companies. In this conversation with Payfone’s CEO Rodger Desai, we focus on digital identity services and the role of the mobile ecosystem in particular. Take a listen.
Many risk and fraud vendors base their services on different data types, such as the email address, SSN, or phone number.
In Payfone’s case, it is the combination of the mobile number, the device it is connected to, and the mobile network serving it that have powerful attributes to measure against. Relevant data attributes include:
1. Tenure. How long the mobile subscriber has had the phone number tells a lot about the subscriber itself.
The union of all this data paints a crisp digital identity once algorithmic power has been applied to it.
In this episode of Payments on Fire® we discuss the risk assessment capabilities the mobile ecosystem provides with Payfone’ CEO Rodger Desai. His long experience in mobile “phone intelligence” informs this discussion. He explains how some very large clients are using Payfone’s scoring capabilities to assess transactional and account risk while addressing the challenge of improving the user experience. Risk and convenience are often at odds. Payfone’s services are designed to mitigate that conflict.
Today’s digital identification capabilities are powerful. But fraudsters are fast moving and well funded. For the relying parties—those enterprises that take on the risk—the role of defense is a tough one. Priorities, cost, business goals, even awareness vary. Each and every party’s approach to risk assessment is unique. Risk tolerance for the same transaction will differ from bank to bank, from enterprise to enterprise.
In other words, individual enterprises can assemble strong risk assessment and mitigation capabilities while, from a systemic view, there will always be gaps to be exploited. The best we can hope in today’s environment is for each enterprise to raise its security game.
Fri, 3 January 2020
The U.S. has just come off a record setting holiday shopping season with e-commerce sales rising over 18%. While the numbers aren’t in yet, there’s no doubt the fraudsters also had a record year. There are so many ways to defraud consumers, merchants, and financial institutions.
At Glenbrook, we are optimistic about our longer term ability to deter, prevent, and detect fraud. Our kit is getting better. The combination of tech and rule making will payoff: strong authentication enabled by standards-based smartphone-enabled biometrics; regulations requiring strong authentication as put forward in the EU through its SCA rules; and our expanding ability to detect new attacks using tools that operate within the transaction flow.
It is this last area that is the topic of this Payments on Fire® episode. Fraud detection tools operated by or on behalf of merchants that examine transactions are today’s major line of defense against payment, loyalty, and coupon fraud. In this conversation with Colin Sims, COO of fraud prevention company Forter, the development, deployment, and maintenance of a modern fraud management platform is the topic.
Colin and George discuss how fraud management and prevention technologies continue to evolve, Forter’s own approach, the role and impact of PSD2 and SCA regulations in the EU, and how fraud continues to adapt. While machine learning is a central technology, Colin makes clear that human effort and insight is what makes the difference.
Sun, 8 December 2019
Deployment of “clean sheet of paper” payment systems is a once in a generation event. In over 50 countries, new account-to-account push payment systems are either in full scale operation, implementation, or fully committed planning stages. The U.S., for example, has the RTP Network in operation and, in a few years, the FedNow system will be online.
This is hard, serious work. Technology decisions need to be paired with equally rigorous rules making. One of the major concerns for these systems is what to do when a transaction is sent in error or initiated by a fraudster. In contrast to card systems, dispute resolution capability is not a standard feature. These choices should reflect clear agreement and follow through by the system’s key participants.
In this Payments on Fire® podcast, Glenbrook’s Elizabeth McQuerry talks with builders of dispute resolution, complex messaging, and connectivity capabilities developed around Australia’s New Payments Platform (NPP).
Joining Elizabeth are Jack Baldwin, Chairman of BHMI, a U.S.-based developer of bank-grade settlement and reconciliation systems, and Nathan Churchward, Head of Product, Emerging Services at Australia’s Cuscal Limited. Cuscal is a developer of payments capabilities that include card issuing and acquiring, mobile payments, fraud prevention, switching and settlement.
There’s a lot to be gained by learning from someone else’s experience. Nathan and Jack address the dispute resolution process, ISO 20022 messaging, and the significant effort needed to build out systemically important payment infrastructure. Take a listen and you’ll gain a deep appreciation of the interplay of rules, regulations, technology, and effort.
Glenbrook Partners is working with the U.S. Faster Payments Council to help shape rules in the U.S. and address significant concerns around system interoperability, directory services, and dispute management. Take a look at the Faster Payments Barometer based on our industry survey. And visit the U.S Faster Payments Council site for more.
Wed, 27 November 2019
Episode 109 - Bitcoin SV, a Payments and Data-focused Path in Bitcoin Evolutio - Jimmy Nguyen, Bitcoin Association
If you thought bitcoin was dead as a payments system, take a listen to George and Jimmy Nguyen, founding president of the Bitcoin Association, as they discuss Bitcoin SV, a new version of bitcoin that is a significant upgrade to the performance and capabilities of the original bitcoin protocol put into the world a decade ago.
From a payments perspective, bitcoin has failed. While successful as an albeit volatile store of value, its failings include:
If you thought bitcoin was dead as a payments system, take a listen to George and Jimmy Nguyen, founding president of the Bitcoin Association, as they discuss Bitcoin SV, a new version of bitcoin that is a significant upgrade to the performance and capabilities of the original bitcoin protocol put into the world a decade ago.
Jimmy brings a refreshing view on cryptocurrencies and payments. Jimmy provides a great review of how bitcoin works and why both its performance and its economics are broken. He explains the advantages of the Bitcoin SV fork and why it was necessary. Suffice it to say, bitcoin’s evolution is subject to the often fractious politics of that community where competing interests inhibit long term thinking.
Bitcoin SV has intriguing potential. Micropayments, sub $1 transactions, have never found a home in electronic payments. BSV could apply there.
BSV is also designed to use enormous blocks in order to keep processing costs low and provide the ability to store massive amounts of data about the payment.
Mon, 18 November 2019
Join Jeff Brown, president of VPay, a firm specializing in insurance claims payments, and George Peabody of Glenbrook Partners in this deep dive discussion of how the work of claims processing is done and how he approaches B2B payments, compliance, and the value-added services needed by the company’s customers.
The B2B Domain
We’re all familiar with the card present POS domain, card not present Remote domain, P2P payments, and the Bill Pay domain. A phone tap here, a card swipe there, a bill payment to the utility company. On a day to day basis, our personal experience with payments is these areas.
The B2B and B2C payment domains are very different. There is a wide range of industries with very specific payment needs. (Listen to episode 92 to hear how customized payments can become. Roadsync’s Robin Gregg talks about the special paper check type built just to serve independent long haul truckers.)
Insurance is Huge
One of the biggest industries is insurance. Premium payments in the U.S. alone are over $1.2 trillion. Payouts by stakeholders, such as healthcare systems and property & casualty insurers, and made to individuals claimants and service providers amount to trillions more.
Insurance is definitely big enough to be a very attractive vertical to a payments service provider.
Knowing Your Customer's Business
If you are a PSP serving a particular vertical market in the B2B space, you have to know at least as much about the vertical you serve as you do about payments operations and services. For example, if you’re making healthcare payments, you have to comply with the strict data privacy requirements specified by HIPAA regulations. You may have to support specific data formats. And you should help your business customers deliver useful features to their own customers.
If you want a great explanation of how payments fits into a vertical market, you can’t do better than listening to this episode of Payments on Fire®.
Thu, 14 November 2019
Episode 107 - The Financial Inclusion Impact of the Digital Wallet in Columbia - Hernando Rubio, CEO, Movii
Digital disruption and financial inclusion are focus areas throughout the developing world and the topics are white hot in Colombia. Listen in as Hernando Rubio, CEO of Moviired, speaks with Elizabeth McQuerry and George Peabody about Movii and payment / financial inclusion ecosystem in Colombia.
Financial Inclusion in Colombia
Although one of the first countries in Latin America to make a big policy push for financial inclusion, those efforts focused a “banking correspondents” or agents in local stores carrying out basic financial services on behalf of banks. While these correspondents greatly improved access to financial services, they have not fully produced the desired results. According to the World Bank, fewer than half of all adults have a bank account and only a handful (less than 5%) have a transaction account from a telco led service. Very few Colombians use those accounts to pay bills or buy something on the internet. Cash is still preferred.
Enter the SEDPEs
In 2015 regulators in Colombia created a new category of licensed financial institutions called a special company for electronic deposits and payments, or SEDPE by the Spanish language initials. While a bank can also pursue this type license to focus financial inclusion efforts, the main conceptualization of SEDPEs are fintechs that gain authorization to take deposits and make payments – the two most basic (and still lacking) aspects of financial inclusion. SEDPEs are not allowed to make loans but can partner with others to make small credits available.
Rubio’s Movii was the first SEDPE to be authorized by regulators. Movii is a classic digital service that offers a wallet for storing funds, access to a reloadable debit card from Mastercard for buying in stores and on the internet, bill payment, mobile top ups and transfers to other Movii users. Movii also recently connected to the new national real-time payment service (Transferencias Ya) in order to be able to reach all account holders in Colombia. Movii builds off the company’s experience managing Moviired, an extensive network of physical agents in stores and bank correspondents throughout Colombia, that people use for those basic payments. Hear how a company disrupts itself as it lays the foundation for the next generation of financial services.
Fri, 8 November 2019
The merchant acquiring industry continues its large scale shift from a payments-led to an operations-led purchasing decision for the merchants it serves. Historically based on independent sales organizations (ISOs) and non-bank acquirers, the party that increasingly provides payment acceptance is the independent software vendor (ISV).
This makes sense for a number of reasons:
Differentiation in Payments Via New Paths
Differentiation based on value-added services drive revenue in payments. For that reason, we have seen non-bank acquirers and ISOs focus on particular vertical market segments to drive and secure long term revenues. A decade and more ago, Heartland Payment Systems (acquired by Global Payments) doubled down on the restaurant vertical by developing special services for restaurant operators as well as acquiring restaurant-focused ISVs. That lesson has been learned by many since.
Over the last few years, differentiation has also stemmed from how well the payments provider serves the ISV and its developers. Integration of payment services both into the ISVs code and within the provider’s own code base is important. A single API that exposes all of a provider’s services is preferable to integration work requiring knowledge of an API tied to each function. Micro-services based capability is also welcome.
Payment Facilitation as Enabler
While not, in and of itself, a new approach, the payment facilitation model is a major enabler of payment service delivery via ISVs. The payfac model is based on network rules that allows an intermediary to act as the merchant of record in order to provide payment system access to smaller merchants. PayPal did this first for ecommerce merchants. Stripe is another card not present example. Square used the payfac model to offer sellers in the physical world access to card acceptance.
ISVs who become payfacs assume responsibility for the activity of their small merchant customers. So, choosing to become a payfac has its complexities and risks. A number of providers, including Finix, bring expertise in the payments facilitation model to help ISVs make that decision.
In this Payments on Fire®, take a listen to Glenbrook’s Nicole Pinto, Drew Edmond, and Finix CEO and founder Richie Serna as they discuss the payfac phenomenon and the larger shift to the ISV as payments provider. This is a cool conversation about a sea change event in the merchant services industry.
Fri, 25 October 2019
Take a listen as George and Nick Starai, Chief Strategy Officer of NMI discuss the role of the independent payments gateway and its evolution as a technology and business enabler for today’s providers of payment acceptance: ISOs, ISVs, and merchants.
A key technology and business partner for merchants and the first-line providers of payment services (think ISVs and ISOs) is the payment gateway.
At their simplest, gateways provide a single interface to their users that, once built, lets the party using it switch between acquirers with relative ease in order to get better performance, service levels, and/or pricing.
For independent software vendors (ISVs) selling line of business software this flexibility allows their customers to choose their acquirer of choice from the range of acquirers supported by the gateway. Many such relationships are in place long before the ISV relationship is established. ISVs can’t insist that their potential customers change acquiring banks in order to use their software. That’s one use case for a gateway.
Another is the Independent Sales Organizations (ISOs) that also realizes the necessity of using gateway technology in order to reach their increasingly demanding merchant customers. Placing stand-beside payment terminals next to a cash register is no longer nearly enough. Integration of payments into the overall business process of even a smaller merchant is now table stakes. Gateways can help make integration of more advanced capabilities happen.
Independence Means Acquirer Neutrality
But for independent software vendors, independent sales organizations selling to ISVs and merchants, and for many merchants themselves, an important virtue of the gateway function is its processor and acquirer independence.
To increase volume, gateways make it as easy as possible for a customer to integrate to the gateway. They make their APIs simple and robust so it’s easy to add new services. The gateway provider builds software developer kits (SDK) to support in-app payments and makes sure their code runs on every important operating system.
Gateways often specialize on a particular payment domain such as large ecommerce merchants or in-store systems. Others offer a broader set of services. NMI, the subject of this Payments on Fire® podcast, supports both EMV terminals and the card not present environment.
The greatest impact of this payfac model is how it streamlines the onboarding process. Instead of the days-long underwriting process traditionally needed, sellers working through a payment facilitator (PayPal, Square, and Stripe all employ that model) can start to take payments within minutes of creating an account.
Because of that swift onboarding, the payment facilitation model reduces sales friction for ISVs. Their customers can install the ISVs line of business software and start taking payments at the same time.
For the ISV, there’s also the opportunity to earn revenue from their customer’s payment transaction flow. We’ve seen multiple merchant companies selling software services earn substantial revenue from the payments side of their business. NMI provides essential infrastructure services for the payfac business model including onboarding, sub-merchant account creation, KYC, and other reporting services.
The NMI Story
Fri, 18 October 2019
Take a listen to Ian Drysdale of Zelis Payments and George as they discuss how complex the payments process is in the healthcare industry.
Near the peak of payments complexity and specificity is the healthcare industry. If you’ve ever looked at an explanation of benefits letter from a healthcare insurer, you’ve had a glimpse into the complexity of these payments. Multiple parties are paid a lot of money, before you may be required to ante up a co-payment yourself.
Regulation, compliance, the huge range of services delivered, and the scale of the healthcare ecosystem—from giant healthcare insurers to the local dentist—make healthcare payments a challenging, and attractive, market to serve. It is an enormous business-to-business market. Americans spent $3.5T, over $10K per person, in 2017. We spend something like 1 in 6 of our dollars on healthcare.
Simply getting the payment to the right party is complicated. Consider the imaging clinic that operates within a big regional hospital. It has its own back accounts, its own P&L, its own accounts receivable. Getting payments routed into the right account isn’t easy.
Checks still dominate in this industry because the development and maintenance of databases to track bank accounts is a major headache for a payer like an insurance company. Dropping a check in the mail, along with invoice information, at least communicates what’s necessary despite slow speed and high cost.
That’s where Zelis Payments and Ian Drysdale, its president and guest on this Payments on Fire® podcast, come in. Zelis Payments specializes in shifting healthcare payments from check rails to ACH rails. Using the service, providers get paid within a two or three days instead of two weeks. That speed has a huge impact on cash flow, a business metric of particular importance to smaller providers.
Zelis Payments also enables an EDI message format that communicates what’s being paid for in a manner consumable by the accounts receivable software in almost every healthcare provider’s office. Matching up the ACH deposit to what it covers is automated. While neither ACH or EDI are considered modern technologies, pairing them tightly produces real efficiencies.
Another area of complexity Ian discusses is healthcare fraud. Unfortunately, no small number of providers enter fraudulent claims into the system. They add up to huge numbers.
Zelis Payments adds value specific to the healthcare industry around the general functionality of EDI and ACH rails. If you’re a dentist getting paid 10 days faster than before, that added value is a very good thing.
Thu, 3 October 2019
Episode 103 - Mining the Dark Web for Early Detection of Fraud - Aamna Zia and David Hetu, Flare Systems
Need an early warning system for what payment system hackers are about to do? Then knowing what’s happening on the dark net is imperative.
In this episode of Payments on Fire®, George speaks with Aamna Zia, VP of Finance and Growth at Flare Systems, and David Hetu, its Chief Science Officer. Based in Montreal, Flare Systems operates a dark net monitoring system that brings intelligence to the InfoSec and fraud management teams at banks.
The dark net is a mysterious place for most of us. It exists on something called Tor, an internet overlay that is designed for anonymity. Using a purpose-built browser, users can access websites, chat rooms, and the like, similar services to those we use on the open internet. The anonymity feature makes performance slow but it also works.
And that’s why it is the hub that marketers of stolen card numbers, user IDs and passwords, personally identifiable information, and hacking tools use to buy and sell. It’s this activity and the discussions around it that Flare Systems monitors and reports on.
Among the findings of Flare’s analytics is the fact that the vast majority of card data sellers probably have to live with their parents to get by. There’s not a lot of money in that particularly tired approach.
Obviously, there’s plenty of money to be made in payment fraud, though. Account takeover (ATO) fraud is growing quickly as recent losses on the UK’s Faster Payments system demonstrate. Synthetic identity fraud is fueled by the kind of data sold on the dark web.
Take a listen as Aamna Zia and David Hetu as they describe how Flare Systems works and what the hackers are up too. Then, if you’re on a bank’s infosec or security team, try to get some sleep.
Sat, 21 September 2019
Listen to George and Jacques Soussana, General Secretary, of nexo Standards, an organization based in Europe with global goals to establish interoperability of hardware, software, and data across the point of sale and e-commerce domains.
Interoperability in a Complex Ecosystem
The payments industry is in a period of especially swift change. New methods of payment, new payment systems, new ways to initiate a purchase.
Innovation can be wonderful, improving convenience, speed, and reliability. But there is a downsides to all of this creativity: Interoperability. Connecting disparate systems is technically challenging and faces business questions such as “what's the ROI on connecting to yet another system?”
Today interoperability may be difficult or impossible by design. Payment methods stood up by individual companies often remain closed or must rely on other payment systems to actually move transactions.
In what is an increasingly integrated world with payments as an embedded experience, interoperability challenges show up both at the physical point of sale and online. Acquirers often use proprietary adaptations of standard protocols to “enhance” their capabilities and, to a degree, erect competitive barriers. The software used to connect point of sale terminals processed by one vendor must be changed when those same POS devices are connected to another provider.
Further complicating the merchant challenge is the merchant-facing software that connects to those terminals. That software connects to each brand of payment terminal in a proprietary fashion. While gateway providers simplify the payment interface for these independent software vendors (ISVs), each gateway provider has its own approach.
For merchants, then, there’s no such thing as “plug and play” software to connect to terminals or to connect those terminals to payment networks.
This complexity was bad enough when card rails were the only payment method of consequence. Today, however, domestic and regional payment methods are changing, adding account-to-account push payment systems like the U.S Real Time Payment Network from The Clearing House or the European SEPA Instant Credit system.
In other words, there are new payment rails, the systems that actually move money, that matter.
So, this complexity problem must overcome and that is the goal of nexo Standards, the organization Jacques represents and the topic of today's Payments on Fire® discussion.
Getting stakeholders to work on the common goal of interoperability is no easy task. Most often, participants come from competitive companies. Most of these organizations are large because, first, they have to be large to afford the investment in participation, and, second, they have to be large to realize the financial benefits of actual implementation.
This is known as the “Herding Cats Problem” and they aren’t kitty cats.
nexo Standards, and its prior incarnations, has been working on point of sale standards for over a decade. The nexo FAST standard that addresses the physical point of sale, EMV, and how to connect within the SEPA framework is nearly 1,000 pages long. And there are multiple nexo specifications including the Retailer protocol that describes the interfaces between a card payment application and a retail point of sale system
Other nexo standards address security, terminal management, the acquirer connection, and implementation.
So, a complex technical and business environment with nexo Standards bringing a comprehensive set of specifications to address it.
nexo Standards Annual Conference (attendance is free, in London)
Mon, 16 September 2019
A Better Way, Please
Last week I tried to connect my accounts at two different banks. Between account type mismatches (my bad), long account numbers, ACH micro-deposits, and balky websites, well, I’ll confess I put a check in the mail as a “quicker” way of overcoming the electronic barriers. Snail mail. Really?
That situation, and many more where speed matters, is exactly why the world is turning to faster payment systems that allow the accountholder to push money from an account she controls to a recipient in near real-time. To eliminate entry, and sharing, of bank routing and recipient account numbers, today’s faster payments systems are often enhanced by a directory that maps the recipient’s name to a mobile number or email address. The director connects those to the underlying bank account.
This is great stuff, especially for the United States where so many push payment methods exist based on closed loop or incumbent payment rails. The U.S. now has providers like Venmo using balance transfers and card rails (Visa Direct, Mastercard Send) to make realtime P2P transfers workable. NACHA has sped up the automated clearinghouse (ACH) system to run batches a few times a day to accomplish its Same Day ACH service.
We have Zelle, the P2P service stood up by Early Warning Services, that combines a directory with immediate funds transfer availability for the recipient and interbank settlement running over, yet again, an incumbent payment system, in this case the ACH.
Every one of these approaches has merit and traction.
New Rails, New Rules
That said, the new realtime systems are growing here too. Built with modern software and messaging protocols, they promise to change how both end-user settlement and inter-bank settlement is accomplished.
The first on the scene was the Real Time Payment (RTP) network from The Clearing House (TCH). Launched in 2017, the largest financial institutions and bank processors are integrating their core systems—the software that manages accountholder balances and transaction activity—to the RTP Network.
And this summer, the Federal Reserve announced it will build and operate its own faster payments system called FedNow. Like TCH, the Fed has operated multiple payment systems and been the preferred operator for the nation’s smaller financial institutions.
Competitive pressures, market guidance, and regulation are what move the U.S. economy. The Federal Reserve provided plenty of guidance to encourage development and deployment of faster payment systems. THC’s RTP Network was among the first to respond.
These new rails are a result of a multi-year effort by the Federal Reserve to shepherd the highly competitive U.S. payments industry toward the development of these faster payment systems. The RTP Network and FedNow are proof of its success and that of the Faster Payments Task Force, the group convened by the Fed to define the characteristics of the new approaches.
But there’s still a lot of work to do. Questions of governance, implementation, and more abound. Interoperability concerns are especially high. These are, after all, competitive systems.
The New Organizing Principle - The US Faster Payments Council
To keep the evolution of the U.S. faster payments moving forward, the US Faster Payments Council was formed. Many Task Force members have joined as members of the Council.
The Council serves as an industry-led organization that supports collaboration across multiple areas including security, end user education, and interoperability.
In other words, the Council will be herding some very big cats.
The U.S. Faster Payments Barometer
To support its education and collaboration efforts, the US Faster Payments Council is conducting a survey of industry views on faster payments advancements. A multi-year survey, to monitor the momentum and evolution of Faster Payments here in the U.S. market.
The survey is designed to identify key criteria for market adoption, broadly gauge momentum for various use case applications, and seek to address challenges to be solved in order to have a well-established Faster Payments ecosystem.
Talking Faster Payments
In this Payments on Fire® episode, Faster Payments Council Executive Director Kim Ford discusses the Council’s work, the U.S. Faster Payments Barometer survey, and where we are today with Glenbrook’s Beth Horowitz Steel and Elizabeth McQuerry. Take a listen and take the survey. You’ll contribute to the Council’s education, planning, and prioritization work.
Tue, 20 August 2019
For a nanosecond, about seven years ago, I thought the payments industry was entering a steady state where change, while sure to be accelerated by technology, was going to settle down to the familiar sedate pace the payments industry had taken for decades.
Hah! Payment industry evolution has leapt forward since then based on, yes, technology, but also new rules, regulations, business models, and changes in attitude toward how money moves, security, and privacy.
One major trend I didn’t anticipate then was the global phenomenon of faster payments, now in active implementation or operation in some 40 countries around the world. Another, of course, is cryptocurrencies but I’ll leave that one alone for now.
The emergence of faster payments is a function of new technology with new transaction switching infrastructure and (mostly) a common messaging standard in the form of ISO 20022. But it’s also a function of rules and market response.
Even in the United States, a nation whose payment strategy is largely set by competitive forces, the central bank has had significant influence in launching new settlement capability. (And now, the Fed is planning to build its own version).
Europe and India are standouts when it comes to government guidance and strategy setting for banking and payment systems.
The European Union’s active role in evolving payments policy is recently expressed in the second Payment Services Directive (PSD2).
PSD2 has chosen to address one of the most vexing digital security challenges: strong customer authentication or SCA. Article 4(30) of the directive defines SCA as:
“an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data”
For anyone familiar with authentication requirements, this is hardly a novel approach. That said, as far as the payments ecosystem goes, however, this is a sea change.
This is also a necessary change. Faster payment systems, where the sender pushes the payment to the recipient, make the sender’s bank responsible for authenticating its accountholders. The accountholder has to prove to her bank that she has the right to access her own account and to initiate a payment.
Unfortunately, phishing and malware are attacks that make account takeover easier than ever. There’s been an uptick in authorized push payment fraud in the UK due to ATO.
Therefore, enforcement of multi-factor authentication is seen as a necessary response.
Point of sale transactions already meet the SCA requirement. The card is something you have; The PIN is something you know. That’s enough to meet the SCA requirement. Oh, right, in the US, we don’t put PINs on credit cards. They do in Europe. We’re going to need biometrics in the US (something you are).
PDS2’s SCA mandate requires that multi-factor authentication be used whenever a user logs into her bank account or makes an e-commerce payment. Whenever payment risk is a possibility, SCA has to be used (there are plenty of exemptions but that doesn’t change the point).
Every stakeholder—every bank, every e-commerce site—must comply by doing something they have not done before.
That means a lot of work.
In this Payments on Fire® episode (Episode 100!), I speak with Russ Jones, Glenbrook’s partner in charge of our Education work and a preeminently insightful payments consultant. Russ takes us through SCA, its relationship to other standards, and the impact of its now somewhat delayed implementation.
Russ concludes the conversation with the rather chilling observation that history is about to repeat itself. The US will experience in the digital arena what the US experienced at the physical point of sale.
When EMV chip cards were mandated in Europe, card fraud at the POS and the ATM migrated to the US. Reliant on the static data of the mag stripe, the US became a global magnet for magstripe card fraud.
Once SCA becomes broadly implemented in the EU, in 2021 and beyond, online fraudsters will redouble their already considerable attacks on US financial institutions, tech providers, and merchants. While security tools are more common than ever—FIDO capable smartphones are one example—the US lacks a single entity to mandate and enforce multi-factor authentication in payments.
Thu, 8 August 2019
One of the privileges of using a card to make a payment is the ability to dispute that charge should something go wrong. Maybe you ordered one garden rake but got charged for two. Perhaps you ordered a sweater and, as my colleague Allen Weinberg puts it, “got shipped a box of rocks.” Or you discover a charge that you didn’t make on your card account and believe it’s fraudulent.
In all those cases, the dispute process involves a chargeback.
The cardholder disputes the charge, the issuer credits the customer for the amount of that charge if it’s an obvious mistake or fraud, and, depending upon the chain of liability rules and the type of transaction, one party—the issuer, the acquirer, or the merchant—will have to bear the cost of the chargeback.
For merchants, just getting a chargeback message is a cost in the form of a fee paid to its acquirer. How does $5 and (way) up sound? Chargebacks, as a payments cost, are no financial joke.
The card system also views the chargeback rate—the percentage of transactions that result in a chargeback—as a leading indicator of poor merchant behavior. Once a merchant’s chargeback rate approaches one percent of its transactions, the merchant’s acquirer or PSP is going to put it on notice. If the merchant doesn’t lower that rate pronto the merchant could lose the ability to accept card payments.
The chargeback process is also a cost to issuers who are generally the party first called by the unhappy customer (issuers will often ask the customer if she or he has called the merchant, too).
In other words, chargebacks are a result of something going wrong and they can be a costly hassle for everyone because, for many stakeholders, chargeback handling is still dealt with manually.
In this Episode 99 of Payments on Fire® we talk with Rick Lynch, VP of Business Development from Verifi, about the impact of chargebacks on merchants and issuers. He updates us on rule changes by Visa and Mastercard. And he addresses the process and techniques needed to handle these post-authorization events.
While only mentioned in passing during the episode, Verifi is being acquired by Visa, in another example of expansion by card network operators into adjacent payment ecosystem roles.
Wed, 17 July 2019
The global spread of digital payments gets a huge boost from giants like Google. Google’s Google Pay is far more than just a wallet, and the subject of this Payments on Fire® episode with Steve Klebe.
Steve heads Google’s Processor and Partnerships business and has terrific experience in our industry, working with payment gateway CyberSource, payment security firm RSA, and carrier billing firm BilltoMobile. He’s also served multiple times on the board of the Electronic Transaction Association.
In other words, a true payments geek.
Here’s what we talked about:
We conclude with thoughts on the Open Banking phenomenon and Google’s intentions in that area.
Wed, 10 July 2019
Episode 97 - Data Breach Prevention, Investigation, and Remediation - Chris Uriarte, AON Cyber Solutions
Here on Payments on Fire® we've spoken a lot with risk and fraud management firms that generally offer some combination of services and technologies that promises to lower customer exposure to payments fraud, data theft, and operational risk.
There’s another dimension to cyber security that’s based on expertise - before and after a data breach. That's the subject of this episode.
First, a company needs to understand its overall exposure. What do we have and what can we afford to lose? That takes a technical assessment of the firm’s internal and external defenses. It also takes an understanding of what the company has to lose, from reputation-based good will to loss of R&D investment through the theft of intellectual property. Such concerns are now top of mind for corporate directors tasked with shepherding their companies in the complex cyber domain.
Yes, there’s a role for insurance.
Post breach, there is the work of uncovering what happened, the maintenance of evidence so that proper forensic procedures can be taken, and the painful resolution process that may include fines (PCI) and litigation.
All of this is well understood territory for Chris Uriarte, Chief Information Officer at Aon Cyber Solutions who joins George in this episode.
Topics discussed include:
Wed, 12 June 2019
The task of risk management in the payments business keeps getting bigger. Where once the concern was confined to payments alone - starting with counterfeit checks and currency - payment electronification has created a universe of potential risks. Risk now includes fraudulent cards, system and network hacks, data breaches, and account takeover with all the havoc that can produce.
And we’re seeing how these impact the reputation and value of businesses even when the hack has nothing to do with payments. (By the way, bogus checks and counterfeit twenties are *still* a problem.)
We’ve touched on this topic in multiple ways on Payments on Fire®. We’ve spoken with Ethoca about its data sharing capabilities. We’ve spoken with Feedzai about its AI and machine learning technology. We’ve spoken with White Pages Pro and its data correlation capabilities. And we’ve spoken to companies deeply involved in the problem of online identity.
Each of those has a particular approach, a particular technology, or a combination of approaches, to apply to the problem of e-commerce or CNP fraud.
In this podcast, we talk to Tricia Phillips, SVP of Product and Strategy, at the fraud and risk management firm Kount. Protecting some 6,500 e-commerce merchants, banks, and payment platforms, Kount takes a deeply layered approach to the risk and fraud management.
This deep dive discussion takes us into not only Kount’s approach but into what fraudsters are doing today and the damage they can do, even to non-payments companies like Yelp. It’s a scary scene. Tricia takes us through it with insight and experience.
If Risk in Payments is a topic of interest, check out our upcoming Insight Workshop by the same name. Led by Russ Jones and Yvette Bohanan, you won’t find a more knowledgeable team to guide you through what is, as I hope we’ve demonstrated, one very complex topic.
Mon, 10 June 2019
One of the biggest payments challenges for merchants is how to handle payment data - whether it’s at the POS or in the remote domain where e-commerce and mobile payments take place. A lot of this concern is driven directly by PCI DSS compliance and broadly by the reputational risk data breach represents.
One of the major techniques merchants employ, in order to remove the need to store payment data, is tokenization - the replacement of the high value card data with a low value representation managed by another party. Merchants just store the token for lookup purposes while the third party maintains the database that links these low value tokens to the true primary account number or PAN.
At Glenbrook, we refer to these as merchant tokens because they are specific to and paid for by the merchant. We’ve also heard them referred to as acquirer tokens because the tokenization function is often performed by the merchant’s acquirer, processor, gateway, or payment service provider.
Makes sense, right? Put the radioactive payment card data into another party’s hands.
But for large and mid-size merchants, the provision of tokenization services to an acquirer has a few downsides:
In this Payments on Fire® episode we talk with Alex Pezold, CEO of Token, an acquirer neutral, independent tokenization provider. We talk a lot about protecting payment and bank account data. But we also address the growing need for protecting other data assets and how tokenization can help accomplish that.
Thu, 6 June 2019
Digital identity is one of the most solution resistant challenges to online commerce and, indeed, our online lives. It is basic to online trust, an elusive condition undermined by data breaches, abuse of our data by service provider, and fraudsters.
That’s not say we aren’t trying. Providers of all stripes are applying their value add to the problem. Smartphone makers have a role. Fraud management providers see themselves as having a role because they see so many users visiting their merchant customers’ websites or using their apps.
Networks do, too, as evidenced by Mastercard’s recent interest in identity services.
Then there are specialists in identity who play a role between the end user and the party granting access to a service, i.e. a bank. Today’s podcast is with SecureKey, a Canadian firm that has built a system to generate online trust while not sharing too much data between the parties.
Blockchain technology has increasingly gotten the attention of those in the identity space because the idea of having an immutable database as a single source of truth for identity credentials just seems so obvious.
Well, it’s not exactly as simple as putting your drivers license on a blockchain. SecureKey has partnered with IBM to use blockchain technology in support of its function as a provider of identity services.
SecureKey’s Verified.Me service gives the user the ability to quickly identity themselves and to share only the personally identifiable information they consent to share. Customers include Canadian banks CIBC, Desjardins, RBC, Scotiabank and TD. BMO and National Bank of Canada will be available later this year.
Take a listen to this conversation with Andre Boysen, SecureKey's Chief Identity Officer, and Glenbrook’s George Peabody and imagine the power of coupling a service like this to strong authentication services that use biometrics.
Fri, 17 May 2019
Ever wonder about EMVCo's role in the development and implementation of its technical specifications? Take a listen to Bastien Latge, EMVCo's director of technology and Glenbrook's George Peabody as they discuss EMVCo's EMV®* QR Code Specification for QR code-based transaction initiation in the card system. While developed card markets are shifting to contactless cards and NFC-using mobile phone wallets to kick off payments, the QR code offers a flexible, very low cost alternative. There's a lot to learn here.
Most of us are familiar with QR codes to retrieve product information from websites or print media, or perhaps when authenticating a mobile device to a web page.
In payments, many of the caffeine-reliant among us use the Starbucks app with its 2D barcode to initiate the transaction. It makes it so easy to know when we have enough gold stars to ask the barista for a drink on the house.
Some merchant apps use a QR code for the consumer to present when initiating a payment transaction that calls on card on file payment credentials. Walmart Pay for example.
In China - and really throughout Asia - providers like Alipay and WeChat Pay have been hugely successful with QR code-using payment apps.
In Japan, the proliferation of closed loop QR code-based payment tools, each encoding data differently, has created a cacophony of incompatible approaches. A new industry collaboration effort is attempting to lower the technical noise level by using a common technology provider.
The card industry, named because of those 85.60 mm × 53.98 mm (3 3/8 × 2 1/8 inches) pieces of plastic we carry around, is, of course, far more than the cards it uses to initiate a transaction. Their rules and global networks are unparalleled in reach and sophistication.
But at the edge of those networks, the card format is becoming less important (think mobile wallets) and useless in those markets lacking a terminal infrastructure. To make sure card network transactions can take hold in card-less regions, the card brands put their technical specification organization to work.
In 2017, EMVCo released its EMV QR Code Specification, designed to encode and represent the card message structure in QR code format.
A major hallmark of the EMV Chip Specification in cards is the generation of dynamic data, of a cryptogram unique to that transaction, that prevents replay attacks. The EMV QR Code Specification supports such dynamic data as well as the issuer tokenization framework also codified by EMVCo. Even the payment account reference number (PAR) is accommodated here.
To accelerate use of QR code EMVCo recently built self-assessment tools for both merchant- and consumer-presented that validate the QR format. Certification to individual networks and acquirers is not supported by the EMVCo tools.
* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.
Fri, 12 April 2019
Payments on Fire® usually focuses on a single topic, typically a fintech company and the business or personal challenges it addresses. In this episode, we take another direction by bringing together three fintech leaders to talk about their company offerings, how they connect up to payments, and some of the obstacles they’ve faced.
George talks with the leadership of three companies working in very different areas: remittances, small business logistics payments, and healthcare.
This conversation illustrates the breadth of payments and the focus required to solve the specific payments needs of each industry segment.
Robin, Mike, and Alan will join Glenbrook partner Beth Horowitz Steel on her panel called Innovative Solutions - Solving Difficult Payment Needs at the Fintech South conference, held April 22 and 23 in Atlanta.
Fri, 12 April 2019
Five years on from Apple Pay’s release, contactless payment cards are just getting off the ground here in the US but in much of the rest of the card world, contactless payments of both kinds are common practice. In London, half of the card transactions are contactless. The same is true in Canada. While it’s true that the vast majority of these are card-based, not via mobile wallets like Apple Pay and Google Pay, even the mobile wallets are gaining momentum.
To expand contactless usage, Mobeewave has developed software tools for financial institutions to integrate into their merchant app that turn the merchant’s smartphone into a contactless acceptance device. No added hardware: software only.
We’re talking with Maxime de Nanclas, Mobeewave‘s co-CEO and co-founder. A firm based in Montreal, Mobeewave has worked to turn smartphones into general purpose contactless payment terminals.
This is cool tech and, as Maxime tells it, a great journey for the company. Take a listen as he describes what their software does, how they built it, and their experience navigating the complexities of device certification.
Thu, 11 April 2019
The UK and the EU take a very different approach to payments industry evolution than here in the States; the former directed by government mandate, the latter by marketplace dynamics and the lighter touch of regulators. But both are responding, at different speeds, to the need of fintechs and enterprises for access to bank-based data and services.
The Payment Services Directive 2, PSD2, written in 2015 and in effect since January of 2018, addresses a range of concerns including a ban on surcharging on card payments and limiting consumer fraud liability exposure from 150 to 50 euros. But its major impact is its enablement of Open Banking through the granting of access to payment rails and payment data managed, up until PSD2, only by banks. Banks are required to open up programmatic access, via APIs, to that data.
In this Payments on Fire® episode, we dive into the UK and EU experience with the PSD2 a year after it going into effect. We take a look at its impact on Open Banking, the opening up of payment rails to these fintechs and other non-bank players.
To do that, Myles Stephenson, CEO of B2B payments firm Modulr, discusses his firm’s experience as an Electronic Money Institution, an organization chartered by the UK’s Financial Conduct Authority (FCA) under PSD2 rules. Under its provisions, Modulr gains, or will gain, the ability to initiate payments on behalf of its customers as well as access customer data.
While incumbent financial institutions are hardly thrilled at the prospect of opening up their systems to fintech competitors and the cost of doing so, the operational improvements for customers and increase in competitive activity are expected to generate many benefits.
Tue, 26 March 2019
Episode 89 - Growing a Fintech Business for Small Business Cross-border Payments by Outgrowing the Blockchain - Marwan Forzley, Veem
Cross-border B2B payments are frustrating, time consuming, and expensive, especially for small and medium businesses. To dig into why and what's being done to overcome those concerns, join George and Marwan Forzley, CEO of Veem, for an explanation.
SMB B2B payments, particularly cross border payments, have always been time consuming to accomplish and expensive to do.
They are time consuming because sending an international “wire” payment was historically slow with uncertain delivery timing and with uncertain, and high, costs to both the sender and the receiver. For the sender, the process of initiating a cross-border payment has always taken no little time compared, for example, to writing a check.
Cost is a second concern because cross-border payment economics are not always transparent. At least a few times a year, when Glenbrook gets paid by one of our international clients, the funds we receive are less than what we invoiced. While our client sends us the correct amount at the prevailing exchange rate, intermediaries along the way may take “bene deduct fees” - beneficiary deductions - from the funds in transit in order to compensate themselves for their services. I prefer the more accurate term of “lifting fees."
This uncertainty of timing and cost affects millions of small businesses participating in the global supply chain.
Companies like Veem, Western Union, TransferWise, PayPal and many others compete on speed, predictability, low cost, and global reach. Super helpful integration into business accounting and AR/AP functions is a big plus.
Veem’s story is compelling as it began using the bitcoin blockchain to send money between its operations in multiple countries. Since then, the company has added other partners and its own in-country account balances to fund transactions. Veem’s SMB customers can send money to 90 countries and receive funds in 25. The company has served over 100,000 SMB customers.
If blockchain, cross-border, B2B, small business and fintech are terms that interest you, take a listen to George and Marwan as they catch up on the company, SMB pain points, and the impact of Chinese tariffs on Veem customers.
Thu, 21 March 2019
The digital marketplace model brings together buyers and sellers and, frequently, handles the money and payouts to the sellers.
As my guest today has determined, digital infrastructure, e-commerce usage, competition, and workforce characteristics influence a country’s ability to establish a flourishing marketplace component to the economy.
This marketplace economic model is a useful one enabling, among other use cases, the gig economy. Adopted in countries like China, the US, Canada, the UK, Australia, and other established markets, this episode’s guest, Tomas Likar, Head of Business Development and Strategy at Hyperwallet, has done a lot of thinking about its role in these and other countries.
This podcast was prompted by Hyperwallet’s February 2019 release of its Marketplace Expansion Index report, the MEI, that evaluated the marketplace readiness of some 36 countries.
A surprise is the early stage of marketplace adoption in a number of otherwise highly developed countries.
The application of the marketplace model to human labor is, of course, not without controversy and concern. Steady employment with guaranteed benefits is no longer an attribute of employment in many countries, replaced by the uncertainties of the gig economy. That’s the downside concern. On the other hand, these marketplace services provide access to otherwise unavailable work and that is good news for individual and, by extension, domestic economic well being.
Take a listen to this conversation with George and Tomas Likar of Hyperwallet for an overview of marketplace adoption and the variables affecting its uptake.
Fri, 15 March 2019
The business of merchant services continues to undergo two forms of transformation. First, the merchant services businesses, either as acquiring banks or via non-bank acquirers, has undergone massive consolidation over the last five years and more. Fiserv’s takeover of First Data, announced on January 16, is just the latest example.
The second sea change is the expansion of products and services these entities deliver. What was a fairly innovation-averse industry has become, under the competitive pressure of companies like PayPal and Square, far more committed to delivering value that helps customers run their business, not just accept card payments.
At the POS, Square changed the merchant services game by delivering a great deal more business value to the small merchant than the traditional ISO or agent focused on placing stand-beside terminals next to dumb cash registers. For the price of payment processing, Square has given those merchants inventory, time and attendance, sales and marketing focused reporting, and more.
As a result, the giants in this game have been forced to respond. In 2013, First Data acquired Clover to reach small retailers and restaurant customers. Others, like Global Payments’ Heartland unit, have invested heavily in serving the mid-tier and larger restaurant industry.
To deliver similarly broad services, TSYS recently come out with three new merchant offerings targeted at micro merchants, single shop operations, and larger merchants. The new line is called Vital, at vitalpos.com and its solutions are called Vital Mobile, Vital Plus, and Vital Select.
Along with the new Vital hardware, we can expect the offering, taking advantage of cloud delivery, to expand its software and services line-up in the future - a trick that the old POS terminal model never could pull off.
Take a listen to this episode’s discussion with Gavin Rosenberg, vice president of product marketing, at TSYS. It’s a revealing conversation about the decision making and product strategy of a major provider of merchant services.
Fri, 22 February 2019
This Stuff is Hard
As the remote payments domain (think in-app and browser-based payment transactions) continues to grow at around 15% a year, that growing number means the size and scale of fraud losses are going to increase. And they have - in both absolute terms and as a percentage of overall transaction volume. That also means rising chargeback rates for many merchants.
Rising fraud in the online world is also a result of better security technology in the physical world. While EMV chip cards have dropped counterfeit losses way down, the fraudsters still have their own bills to pay. They’ve just shifted more aggressively to the card not present channel.
A Delicate Balance
All e-tailers face a delicate balance in managing fraud. If they err too far on the side of fraud minimization by tightening approval standards too far, they leave good sales on the table and insult customers with unnecessary declines (the “insult rate”). Of course, those customers promptly go to another site to make their purchase.
The e-tailer’s sales and marketing team, then, tells the fraud manager that she’s killing sales.
If the approval standards are too loose, on the other hand, the e-tailer risks the twin threats of higher fraud and chargeback costs and, if the chargeback rate exceeds 1%, placement on a watch list if that rate stays over 1%. Not a good list to be on because the the merchant could lose card acceptance privileges if the problem is not addressed.
The Smaller E-Tailer is Challenged
While Amazon continues to gobble up half of the growth in US commerce volume, it still means that there is room for smaller online merchants to prosper. It also means they face growing fraud losses. Unlike their larger competitors who can afford internal fraud management teams and technology, small and mid-tier e-tailers have limited time, budget, and skills to meet those needs.
Fraud management is a non-trivial problem even for the largest enterprises. They deploy a layered set of technologies, ranging from table stakes tools like address verification system (AVS) to device and behavioral fingerprinting and on to rules engines, AI, and machine learning controls.
That level of sophistication is beyond what the mid-tier e-tailer can handle. Some enterprise customers don’t want to deal with that complex task either.
The Outsourced Option
That’s where the wholly outsourced proposition comes in. The third party fraud management service provider assembles the necessary technology, makes the right integrations with shopping carts and other software providers, puts an analyst team in place to decide on questionable transactions, and offers its services for a fee.
ClearSale (www.clear.sale) is a provider in this space. Take a listen Rafael Lourenco, its EVP, and George as they discuss fraud management in this segment, how the ClearSale service is deployed, and some merchant best practices. Rafael breaks down this topic very clearly. Definitely worth your time.
Thu, 24 January 2019
Ecommerce fraud rates are rising and that means more cardholders are seeing unauthorized charges on their accounts.
The cardholder remedy is to call either the merchant or the issuer to flag the problem. If the cardholder turns to the issuer to resolve the problem, the remedy is often an expensive chargeback for the merchant and a generally lousy experience for everyone.
Ecommerce Merchant Pain
Ecommerce merchants have invested heavily in fraud detection tools because in the remote payment domain liability rules make them responsible for fraud losses. Ecommerce merchants employ sophisticated fraud management processes and tools to detect fraud in realtime to stop authorization (best in class fraud rates are 25 bps - 35 bps).
On top of that, they must eat the direct costs associated with stolen goods and services. These include a chargeback processing fee from the acquirer as well as the merchant’s internal costs to manage the chargeback process. If the merchant fights the chargeback, the merchant has to gather the supporting evidence (the receipt or copy of the order) and submit it to the acquirer.
Disputes and chargebacks re initiated by cardholders for a range of reasons including fraud, authorization, various processing errors, and consumer-specific disputes. Examples of consumer dispute codes include products or services not as described, counterfeit, misrepresentation, and failure to process a credit.
For issuers, disputes and chargebacks are painful, too. In the POS domain, issuers hold the liability for fraud losses. If a counterfeit card is used and the issuer authorizes the payment, the issuer owns that liability. Issuers also bear the customer servicing and communications costs as chargebacks initiate with the cardholder’s call to the issuer.
Consumers Game the System
Zero liability rules have taught U.S. cardholders that they don’t have to worry about fraud and that they have broad powers to dispute a transaction.
Knowing that, too many cardholders are taking advantage of these rules. Digital merchants, in particular, are suffering from friendly fraud (not exactly an accurate term) that occurs when a cardholder, for example, disputes the charges made by another family member. For some digital merchant, over half of their chargebacks are friendly fraud, purchases for which the cardholder is truly responsible but able to renounce (“It wasn’t me!”) because of the rules.
Such high chargeback rates carry other risks for these merchants. Once a merchant’s chargeback rate exceeds 1% of its transactions, that merchant is put on a watch list, a remediation plan, and faces the possibility of losing card acceptance privileges. High chargeback rates also increase authorization declines for the merchant, losing even more good transactions.
Card Network Remediation
In a chargeback mitigating move, Mastercard recently announced an end to the automatic renewal of free trial subscriptions.
Timely Data Sharing
In other words, chargebacks are a pain. Steps to reduce chargeback cost and frequency are a Good Thing.
One approach is to speed up data sharing. For example, once an issuer determines that a transaction is fraudulent, a timely message to the merchant could halt a product shipment. While the rules would still make an ecommerce merchant liable for the chargeback costs, the merchant wouldn’t lose the cost of order handling, shipping, and the item itself.
Similarly, if merchants can share their cardholder fraud experience back to the issuer then that financial institution can adjust its fraud detection models and algorithms.
Such data sharing is the proposition of Ethoca, a firm that federates bank fraud signals from hundreds of major global issuers and connects to thousands of merchants in the developed world in order to share alerts and chargeback messages.
In this conversation with Keith Briscoe, CMO at Ethoca, we talk about the chargeback problem, hear some truly astounding chargeback stories (hackers aren’t the only fraudsters), and discuss Ethoca’s role in this space.
Wed, 26 December 2018
Fraud prevention today is about how quickly we can separate good customers from questionable ones and, for those doubtful transactions, use the right set of tools and data sources to optimize speed, costs, and fraud losses.
When it comes to fraud prevention, it turns out that data is key. No revelation there, but how we manipulate it, gather it, and assure its provenance is undergoing major change. What would be a revelation to fraud managers of a decade ago is the unbelievable amount of data and the wide variety of sources that we have today. It’s a flood.
The only means we have to make sense of this data deluge is through algorithmic examination. Rules engines and neural networks are staple approaches. In recent years, application of artificial intelligence and the newer incarnation of machine learning (“let the computer figure it out based on all the data it sees”) has become a hot, and effective, area for fraud prevention. Only machines can find correlations among all that data in order to identify potential fraud.
A number of firms focused on the fraud prevention problem employ techniques that gather data and then analyze it in order to provide their customers like e-commerce merchants or financial institutions with a risk score. Companies specializing in device fingerprinting, for example, gather the relevant data (think IP address, mobile IMSI number, device type, OS version, browser software version, etc.) to create a profile or “fingerprint” of that device in order to generate a history of its behavior. Threat Metrix, owned by LexisNexis Risk Solutions, is an example.
Behavioral biometric companies may take that data and layer on how the owner actually uses their device, often by looking for keystroke patterns, screen tap rhythms, the angle that the phone is held, and more, in order to build a more nuanced profile that includes how the owner interacts with the device. That richer data then feeds into analysis and risk scoring. Mastercard’s NuData Security acquisition uses this approach.
Subsequent bidirectional data sharing can provide these firms with insight into the results of their decisioning.
As these firms gain customers, they see more and more devices and develop clearer visibility into the outcome of their work. As a result, it becomes a natural step to pool or federate the data they see from all of their customers. There’s an expectation that a card account, for example, will be seen at multiple merchant clients of the fraud solution provider. These repeat interactions will improve fraud detection for all when the cardholder is a bad actor or speed the transaction of a trusted one.
Data consortia where multiple financial institutions and merchants pool their fraud and chargeback data also exist. Ethoca is a prime example.
The deeper the data pool the better, provided, of course, there’s the ability to analyze it all.
Massive analytical capability is the foundation for artificial intelligence and machine learning. In the fraud prevention space, Feedzai is a firm that applies its analytics power to data sourced from multiple provider and techniques. Feedzai, like others providers who have attained a critical mass of customers, has also invested in federation of their data to improve, for everyone, its fraud prevention results.
In an earlier episode, we spoke with Feedzai CEO Nuno Sebastiao to get us grounded in how AI and ML apply to fraud prevention. In this discussion with Saurabh Bajaj, Feedzai’s Head of Product and Nick Stanchenko, product manager for Feedzai’s Risk Ledger, its data federation program, we go further. Saurabh catches us up on Feedzai's growth and then take a look at how Feedzai works and at the data sources it uses. Nick addresses federation, its value, and the light integration required.
Thu, 15 November 2018
Payment Innovation Moves to the Core
When we conduct our Glenbrook Payments Boot Camp, our first graphic illustrates the three essential steps in every transaction - initiation, funding, and completion. When looked at through the lens of of the past decade most innovation has been in initiation. Consider: Apple Pay, Google Pay, Venmo, QR codes. The list is long of ways to kick off a transaction.
Funding is all about where the money comes from. Usually a bank account, often a wallet holding money. Some innovation there but not a great deal. There are only so many ways to store funds.
Completion, the last step, is the most important to many participants as it’s when the transaction completes with the final movement of money.
Five years ago, in those boot camps, I said that completion, also called settlement, is the innovation-resistant phase of a transaction. Today, everything has changed.
In the U.S., we have new services such as Zelle and Venmo that appear to the end parties to deliver instant settlement. They may use card rails or bank rails like ACH to complete the transaction.
Two Forms of Settlement
In this discussion with Glenbrook’s Carol Coye Benson, we look at two forms of settlement: end party settlement - for example, an employer paying an employee - and then Carol focuses on the nuanced world of interbank settlement.
If you’ve heard the terms net settlement, gross settlement, or RTGS and wondered what they mean, take a listen.
Faster Payments and Settlement
We also talk about the phenomenon of faster payments and the settlement techniques these systems employ. 40 countries around the world are in one stage or another of deploying faster payment systems that push money from bank account to bank account. It's already in the US via the Real Time Payments Network from The Clearing House and, perhaps, a competing service from the Federal Reserve. (To get an update on the Real Time Payment Network, listen to Episode 81 of Payments on Fire).
These faster payment systems vary in their capabilities. Speed and data carrying capacity are just two variables. But we have seen that when a new payment system enters a market innovative offerings can flourish, provided access to that system is encouraged by rule, regulation, or both. However, that level of openness is not guaranteed. As Glenbrook have seen in our work around the world, some systems are essentially closed by market power or operating rules. These constraints limit the network effect's benefits of ubiquity, convenience and, often, cost.
This is an ongoing challenge. In this age of fintech, banks are under pressure to innovate. As owners or participants in new systems, some may choose to limit access to their fancy new rails in an attempt to forestall competitive market entrants. Others will be “encouraged” by regulators to open up. Of course, end party choices will play a big role, provided there’s a choice available.
The New Game
Settlement has traditionally been led by major commercial banks or the central bank of each country. That model still holds. In some markets, including the U.S., we expect a push and pull for control between those two entities. Christine Lagarde, Managing Director of the International Monetary Fund, suggests such tensions may justify the issuance by a nation's central bank of a fiat digital currency as a counterweight to the alternative control over payments by a concentrated set of banks and processors.
Settlement innovation has created a competitive environment that did not exist before. It will be the interplay of rules, regulations, technical capabilities, end party value proposition, and market power that will determine the evolution of each country's settlement platform. In some, regulators will shape the outcome. In others, system access for fintechs and the "open banking" model will be a determinant. For all, cost effective access for end parties is critical.
So much for thoughts of a static payments ecosystem.
If you think of yourself as a payments geek or just want to get under the hood of how money really moves, Carol is a terrific guide.
Tue, 13 November 2018
Restaurant payments is a complex area especially for those companies serving the mid-sized and large restaurant operator. They have different needs that extend well beyond payment acceptance but even that is a highly variable concern.
Ever notice that we pay differently depending upon the type of restaurant we’re in? It’s always been walk up and pay the central server at McDonalds. Applebees uses Presto table top devices to speed table turns, upset desserts (“that lava cake sure looks good”) and take payments. At most sit-down establishments, especially those in the fine dining segment, we still hand over our cards and the server walks away to authorize the transaction (later that night, the manual tip adjustment process determine the final clearing amount.)
For certain segments, order ahead is a priority. Order ahead dominates how pizza shop operate. Initially, that capability took market share from mom and pop pizza shops because only the largest operators in the “Big Pizza” segment could afford the necessary IT expertise. Now, mom and pop have multiple order ahead services to choose from.
But consider the complexities of integrating the order into the kitchen or at the barista’s station. Business process automation is a differentiator.
This podcast with Tim McKenna, VP of Sales, at Heartland Payment Systems, is both a deep dive into restaurant operator concerns and a revealing look into how a major payments provider has shifted its business model to serve mid-tier and larger restaurant operators.
Like Square, Heartland has realized the revenue benefits of expanded commerce services above and beyond the traditional payments revenue stream. By cross selling multiple services, Heartland expects to see 60% of its revenues coming from payments coupled with value-added services that automate the business of their customers.
If you’re interested in how the payments industry is evolving to market demands or how larger restaurant operators think about payments, Tim’s observations are well worth your time. Take a listen.
Thu, 25 October 2018
For those of you who didn't make it to Money20/20 and want to hear the latest on The Clearing House's Real Time Payments Network (RTP), take a listen to this update conversation with Steve Ledford, SVP at The Clearing House for the RTP Network.
A year ago, The Clearing House got out of the gate with its Real Time Payments Network, a wholly new payments system based on the push payment model.
A lot has changed - more banks have integrated into the system and many more are in process. By the end of June 2019, over 3,000 FIs are expected to connect to RTP, most via their bank processor. B2B payments are taking place over RTP between known parties.
Not All Things
TCH is not attempting to provide everything necessary for a ubiquitous push payment system. It relies on its FI participants and their processors to expose RTP capabilities to their customers. RTP hopesto have bank-friendly fintech partners use its rails through the traditional model that gives the new provider access to bank rails via a sponsor bank.
Thus far, TCH has also steered clear of a native directory service, a necessary feature for broad use in P2P and C2B payments. Given the partial ownership overlap with Zelle's Early Warning Services parent banks and The Clearing House, no one will be shocked if Zelle becomes RTP's lead P2P directory provider. For that matter, few will be surprised when Zelle shifts to RTP for settlement. Of course, at least one business-facing directories will be needed for bill payments to take off.
It's Taking a Lot of Work
Connecting up a financial institution to the RTP Network requires deep integration into the FI’s core system, the software responsible for managing debits and credits. Connecting bank ledgers to any payment system is non-trivial, a fact that impacts how fast banks implement new payment rails like RTP.
Tell Me All About the Payment
A feature of the RTP network that holds enormous promise is its native use of the ISO 20022 messaging format. The standard's flexible and structured qualities--not an oxymoron--provide a major leap in data carrying capability. By representing the payment meta data, for example, ISO 20022 can support invoice information, letters of credit, and other business documents. Accounts receivable and accounts payable systems from multiple vendors will be able to communicate directly, reducing manual data input and data entry errors.
The RTP Push
In the U.S., we are accustomed to pull payment systems. We think nothing of giving our bank account information when we hand over a check or our card data when we hand our card to a merchant. We’re telling the payees where to go get their money so it can be pulled into their account.
RTP and Zelle are both push payment systems. Such systems are characterized by near instant funds availability to the recipient, messaging to send and receiver, and irrevocable payments. That last is very different from the chargeback protections U.S. cardholders, in particular, enjoy. While Reg E applies to the sender's transaction account, accountholder protections will also be prescribed by the FI.
To emulate some push payment attributes, RTP and most other immediate funds transfer systems offer a Request for Payment message type that essentially sends an instant invoice to the payer. The customer may press a Pay Now button that uses the Request for Payment Message on her screen. She then uses bank account credentials to authorize the payment. There may even be a redirect to the bank site. It's a flexible solution applicable to multiple use cases and payment initiation methods like embedded links and QR codes.
Instant Clearing and Settlement
The RTP switch runs software built by Mastercard's Vocalink unit, builder of the now 10 year old Faster Payments system in the UK. The RTP code base, however, is a new version, with native ISO 20022 messaging and an instant clearing and settlement system. That system uses a single, pre-funded account at the Federal Reserve common to all participating financial institutions. A separate ledger operated by TCH is the single source of truth, keeping track of the transfer of ownership of those pre-funded monies. Separate accounts, for each FI at the settlement bank, aren't necessary. So, instant clearing, no batch-based settlement. Lower risk, simpler management.
If you've attended a Glenbrook Payments Boot Camp in the last couple of years, you know RTP and Zelle have some overlapping capabilities. Zelle, however, is targeted at P2P and C2B uses cases. RTP is a set of payment rails open to whatever use cases come along. In the short term, think B2B and payroll but there's no inherent limit to where it can go. Just don't expect it to take over POS payments any time soon. The UK's Faster Payments rails have operated for a decade and have barely touched merchant POS payments.
Another fact boot camp attendees know is that there are two ACH operators in the US: The Clearing House and the Fed. The Fed is now floating the idea of operating an RTP analog of its own. Smaller Fish may be glad to see the Fed operate an alternate system. We'll touch on that more later but the Fed will have a lot of selling to do because, at the very least, adding a new set of rails requires a lot of integration effort by financial institutions and their processors.
And I thought the U.S. payments landscape was settling down. Hah!
Thu, 18 October 2018
The payment industry’s responses to ongoing payment security are many. We have procedural approaches and technical ones. For example, we are requiring merchants to attest to their compliance with PCI security standards that themselves include procedural requirements.
Technical solutions are also called out by PCI and are, of course, being applied across the ecosystem. Encryption of payment data in flight is one approach. In the physical POS world, semi-integrated POS terminals connect directly to the acquirer’s front end instead of passing card transaction data back through the merchant’s workstation and enterprise system.
An important technique, and the topic of this discussion, is tokenization.
Tokenization is an ancient security technique. In the broadest sense, a token is just a dummy representation of something of higher value.
In cards, that means the replacement of a PAN with a number or even an alphanumeric value that represents the underlying PAN. The mapping between the two is stored in a vault with the owner restricting access to that vault. If a hacker gets ahold of a token value, it’s useless. It’s a value that, to the payments ecosystem, is gibberish.
Tokenization is used in pull payment systems where payment credentials are given to the payee by the payer so that the payee has the information necessary to go get the money. Think card numbers or the routing and account numbers on a check.
In card payments, there are two forms of tokenization: merchant and issuer tokenization. Merchant tokenization has been around for more than a decade. A response to PCI, merchants generally outsource that token vault to a third party so they no longer store PANs themselves. When the merchant needs to do a lookup or initiate another payment, the merchant sends the token to the upstream service provider who then looks up the PAN and sends it off for authorization by the acquirer.
That’s been around for awhile.
The newer innovation is what we call issuer tokens - token values that are at the heart of Apple Pay, Google Pay, Samsung Pay and more. These token values are real card numbers, issued by your bank, but unlike a PAN that can be used to initiate a payment everywhere, issuer tokens are expected to come, for example, from specific devices or merchants.
Every card in your Apple Pay wallet is represented by an issuer token and whenever that token is presented for authorization, data about where it’s coming from is sent along too. If the token is sent from another device, for example the one the hacker has, authorization will fail.
This approach is totally compatible with the current card payment system. No changes are needed at the merchant or the acquirer and minimal ones at the issuer.
Glenbrook will be conducting an Insight Webinar on December 13 called Tokenization Fundamentals. Russ Jones will conduct that webinar.
In this Payments on Fire podcast, George talks with Russ about issuer tokenization, its role in the Pays (Apple Pay, Google Pay, Samsung Pay), in e-commerce, and the need for new entities in the payments ecosystem to support tokenization. This gets complicated. There's now the need for token gateways.
Take a listen to the podcast and then sign-up for the webinar. Use the code POF80 to take 10% off the registration price.
Fri, 5 October 2018
In the US, there’s the automatic assumption that payment cards and perhaps PayPal are the way to pay online. But if you’re an ecommerce merchant trying to sell in the Netherlands, you’d better support the domestic system known as iDeal.
Connectivity into domestic payment systems is an important and complex issue. There are over 150 such systems across dozens of countries around the world. While not all are important to a given merchant, most are important to the acquirers and payment service providers serving ecommerce merchants.
Join George and Steve Villegas, VP Partner Management and Head of US Office, of London-based PPRO Group, a company that provides white label connectivity to these domestic systems by serving acquirers and PSPs alike.
Thu, 13 September 2018
Knowing who you’re dealing with online is critical if you’re taking transaction risk. Digital identity is tough. To address that challenge - and it is a challenge - relying parties, those who take on risk, employ two broad categories of technology: active tools that require user interaction and passive network-based approaches.
When the user is required to explicitly provide identifying information, we use the interactive approach. The merchant or lender or website owner asks for user IDs, passwords, perhaps data generated by multi-factor authentication techniques such as biometrics, or one time passwords generated by an app or a hardware key.
If you’re an ecommerce merchant or an entity trying to sell something online - lenders included - you don’t want to ask the customer to do more than absolutely necessary to complete a good sale. Transactional friction is deadly to revenues and a main cause of shopping cart abandonment.
So, you use passive approaches that examine whatever data the customer’s device can provide. Device fingerprinting, behavioral analytics, rules engines, machine learning, and the past behavior of card numbers are among the portfolio of decisioning tools that do not interfere with the user experience.
Data is the foundation of the passive approach. In this podcast, George speaks with Ajay Andrews, Senior Director, Product, at Whitepages Pro, a data provider and analytics firm about identity verification and how the linkage of key data items influences decisioning. It turns out that particular pairs are strong indicators of potential fraud.
We discuss where the data linkage approach fits in the overall portfolio, what drives merchants to adopt, and how the tool is integrated into automated decisioning and case management.
Wed, 12 September 2018
Alexa. Siri. Cortana. We’re talking to or at our machines. I walk into my office and say “Hey Google, what’s the weather?” or “Hey Google, when’s my first appointment?” When I’m driving in a strange town, it’s “hey Google, navigate to the [fill in the blank] hotel.”
This kind of hands-free access to information is hugely helpful and hugely popular. But there’s a long way to go toward a general purpose voice interface for every task we want to accomplish.
That said, we’re getting there. In this conversation with Central 1’s Alex Chan, we discuss the process of voice-enabling access to the high volume queries that credit union members make, i.e. balance inquiries, balance transfers, etc.
We cover what it takes to build an Alexa skill, the code that links Alexa’s natural language processing to the underlying application that executes the action.
Voice design, the process of imagining and codifying how the user interaction proceeds, is at the heart of a successful voice-enablement project. Alex takes us through that process. It sounds like fun.
While payments are a tiny fraction of today’s voice-based interactions, they’re coming along, too. Better design and broader participation is needed. As a recent (failed) demo proved, Siri can’t send me money if I’m not an Apple Pay Cash user.
Take a listen and get in touch if you've questions or comments. We'd love to hear from you!
Thu, 19 July 2018
During the Glenbrook Payment Book Camp we make clear that national payments systems are domestic by definition. Each country has its own set of systems to effect payments. We point out that national payment systems differ in many of their details. Regulation, operating rules, governance, ownership, technology, and more are highly variable.
At the same time, we also point out that major components are generally similar. An overnight, batch-based system for low-cost, low-value retail payments and an instant, irrevocable wire system for high-value transfers are typical of most countries.
Across the planet, countries are planning, designing, trialing or enjoying fully deployed immediate funds transfer systems, new ones that instantly transfer lower value payments. The UK's Faster Payments system and The Clearing House's Real Time Payments (RTP) are two examples of this system type.
Beside increased speed of payment, a second push for changes to national payment systems is the need for a richer representation of the data surrounding the payment transfer itself. Remittance data, for example, communicates what the payment is for, which invoices a payment may be covering, and what trade terms were taken by the payor. ISO 20022 is the internationally recognized method for representing this information and support for it has become a new priority not just for system operators but for financial institutions and enterprise customers.
Generally, major upgrades, never mind deployment of an entirely new system, are performed in a step-wise manner because of the critical nature of these systems, the cost, and the difficulty of herding system stakeholders through the many stages needed to achieve broad support and usage.
Undeterred by those realities, Canada is taking on a comprehensive upgrade to multiple systems over the next few years, including its overnight settlement and wire systems while simultaneously planning for its own immediate funds transfer system, codenamed Real Time Rails. Significantly, each system upgrade will include support for ISO 20022.
Payments Canada is the non-profit organization mandated by the federal government to manage, operate, and upgrade these systems.
In this Payments on Fire episode Glenbrook's George Peabody speaks with Justin Ferrabee, Payment Canada's COO about his organization's work, how its systems differ from those in the U.S., and what's ahead. It's a great conversation between payments geeks.
Mon, 4 June 2018
In this second discussion with First Data execs, George and Scott MacKay, Vice President, Strategic Solutions talk digital commerce in the automative space, both at the fuel pump and in the Connected Car.
The importance of full stack security, whether it's sole sourced or the result of an integration effort, to successful deployment of mobile commerce is a theme here.
Enabling the mobile experience at the fuel pump is complex. Petro sellers have a lot of legacy gear and the cost of upgrading that equipment is very high, a fact that has, at least, inhibited the pace of the EMV upgrade.
The richness of the mobile device's data such as device fingerprinting and back end intelligence makes it conceivable that a fuel retailer could skip EMV altogether. Maybe.
Scott also shares a look at payments and the Connected Car through the company's discussions with automobile manufacturers.
Mon, 4 June 2018
In this, the first of a two-part podcast series with First Data executives, Ajay Guru, VP of Merchant Fraud Solutions at First Data and George discuss the impact of fraud on the merchant, what the merchant has to do to manage it, and the classes of tools and techniques available to mitigate fraud.
Ajay addresses machine learning technology's remarkable ability to identify anomalies and makes candid remarks on the necessity of human analysis to determine whether these anomalies are indeed fraud.
Other topics discussed include behavioral analysis (how we enter our user ID and password into the browser) as well as the sophistication of today's manual and automated attacks. There is still a lot of CNP fraud taking place over the phone.
There's good detail on the technology and what fraudsters are up to. Take a listen.
Tue, 8 May 2018
Online trust requires a context-based understanding of who we transact with. Attributes about us are needed to build that trust but in many transaction contexts we share more than we need to.
To pick a simple example, the law says you must be 21 to buy alcoholic beverages but our current method of proof is to show our driver's license, an unnecessary oversharing of personal information. Why show that creepy barkeep where you live when you only need to prove you were born before 1997?
Steve makes the case that security and identity professionals continue to encourage the oversharing of personal data. Now that we have sophisticated network-based fraud management tools - device fingerprinting, behavioral analytics, machine learning and AI - that generate a crisp profile of our devices and our behavior, the attributes that a user must provide could be limited to just what's required and no more.
An "attribute wallet" under the user's control - yes, another role for the smartphone - might prove to be a valuable authentication enabler.
This episode concludes with Steve's report on comments made by some of the deans of modern cryptography on the threat that quantum computing represents. It sounds like good news.
Tue, 17 April 2018
This episode of Payments on Fire covers two topics - payments in Atlanta and the essential challenge of online authentication and identity.
May in Atlanta - Fintech South and Glenbrook Payments Boot Camp
Everyone in the payments industry knows that Atlanta is a hotbed of activity. Coming shortly to Atlanta are two fintech-focused events that will add to the goings-on.
The Fintech South conference takes place on May 7 and 8. With great speakers - and great sponsors like Glenbrook and the Technology Association of Georgia - the conference describes itself as “FinTech South 2018 is a global exchange of insights, innovations and trends fueling tomorrow's financial tech industry.
“Attracting international companies and speakers across multiple industries, FinTech South is an opportunity to engage with 400 FinTech companies employing more than 130K employees globally, generating $72B in revenues, and processing over 118B transactions annually.”
Both events draw will attendees from all over North America. So if you want to expand your network, hear the latest at the conference and/or get smart about how payments work, come to Atlanta.
Authentication, Biometrics, and Banking
Authentication online remains one of the most challenging aspects of life online. Given the complete availability of personal data, account takeover has never been easier for the hackers. Knowledge-based authentication (KBA) asks softball questions like “what was your father’s middle name?” Easy stuff to find online. User IDs and passwords are even easier to find. We have a problem.
Strengthening the connection between an accountholder’s true identity - perhaps proven by a drivers license or passport - and the credentials that the user presents online is necessary and the topic of this Payments on Fire episode. George speaks with
Andrew knows all about the Technology Association of Atlanta, too. So, take a listen and geek out in this conversation about authentication, biometrics, and how to answer the online conundrums of “who are you?” and “do I trust you?”
Fri, 13 April 2018
The rise of Chinese mobile payment systems is the top global mobile payments story of the last few years. Alipay and WeChat Pay serve hundreds of millions of users with payments, loyalty programs, merchant coupons, and more.
QR codes are used to initiate many of these interactions especially within the point of sale (POS) domain. When there isn’t a legacy payment infrastructure in place, software is easier, and cheaper, to deploy than the hardware-reliant approaches used for card-based transactions.
To serve its millions of accountholders traveling around the world, Alipay is building out its acceptance footprint. In this episode of Payments on Fire, George speaks with payments industry veteran Souheil Badran about his role as president of Alipay Americas and the company’s plans for reaching US merchants in tourist hotspots and beyond.
Wed, 24 January 2018
Mid-market financial institutions have enormously strong relationships with their banking customers. But their size makes home grown IT difficult because it is simply too hard, and too costly, to meet all the B2B finance needs of their enterprise customers.
The answer, of course, is deeper integration to third party software systems like SAP, Oracle, JDA and the growing set of fintech providers brining point solutions to these institutions.
But that’s no simple task. These FIs often run on legacy systems, generally provided by a large bank processor. Integrating software built before the cloud and APIs and these modern point applications is not easy.
Into that gap is a new company called FI Span. Led by founder and CEO Lisa Shields, the company value proposition is to act as an API orchestration platform for banks. In other words, FI Span proposes to be the glue that connects legacy code or a processor’s banking platform to the growing base of fintech point solutions in the market.
The goal of becoming a one-stop shop for new tools for these B2B-focused banks will take time and focus. Connecting up nextgen software and data to older systems demands clever approaches and a lot of spade work. Maintenance of a growing set of evolving API interfaces is non-trivial, too.
A fintech startup serving fintech startups, incumbent bank processors, and mid-tier banks has a lot of work to do. Lisa is no stranger to the start-up world; she also founded Hyperwallet. Take a listen to this conversation about the technical challenges, the business model, and the goals Lisa has for her customers and for her company.
Fri, 19 January 2018
“Digital cash” has been a dream of the internet age for, well, almost the entire internet age. That goal requires instant payment settlement. It’s more than just sending a message that a payment has happened; it means the money has actually moved.
In this wide ranging conversation with Laurence Cooke, founder and CEO of nanopay, he discusses the platform his firm has built to move value between parties in both real-time and, when necessary, offline modes. More distributed than blockchain systems, nanopay is designed for multiple uses cases including B2B payments using ISO 20022 representation of the payment data.
If you’re at all curious about payment security, blockchains, distributed ledgers, or the instant payment systems now being deployed, take a listen to this conversation between Laurence and Glenbrook’s George Peabody. It’s quite a story and we touch a lot of bases.
Wed, 20 December 2017
Digital identity is a crisp sounding term that belies a complex layer of concepts. There is identity proofing. Identify verification. Identity assurance. Each addresses one element of the many questioned raised by digital identity.
SecureKey has evolved its system to make use of a mobile app as well as a blockchain-based database that securely points to data stored by banks, utilities, and government entities, all in a zero liability arrangement.
This conversation between Glenbrook’s George Peabody and SecureKey’s chief identity officer Andre Boysen dives into identity concepts, how SecureKey’s Verified Me system works, and its use of blockchain.
For more on digital identity concepts, look at NIST’s excellent set of Digital Identity Guidelines.
Mon, 11 December 2017
Voice is the natural user interface and the robots are coming to take it on. Enabled by high volume consumer devices like Amazon Echo, Google Home, Apple’s Siri and powered by artificial intelligence engines like Amazon’s Alexa, Google Assistant, and Apple’s Siri, we are headed toward making voice-enabled commerce and payments a common experience.
Russ Jones is Glenbrook’s “tech whisperer,” an expert observer of tech evolution and how it applies to payments. Join Russ and George as they discuss the development of the voice ecosystem, Amazon’s leadership, the intersection of voice and IoT, and where voice-enabled payments may flourish.
Thu, 30 November 2017
Payment innovation runs at multiple speeds. Changes in how a payment is initiated happen almost every day. Payments infrastructure change is a lot slower. But it’s happening. Nudged forward by the Federal Reserve’s Faster Payment Task Force, we are seeing the launch of the first entirely new payment system in decades. Called Real Time Payments (RTP) the new system switched its first real-time payment on November 13, 2017.
Built entirely around the rich payment messaging standard ISO 20022, we have a system that can carry both payment instructions and meta-data about the payment. Data rich, essentially instant, bank-fased account to account push transactions could be a game changer.
Join George and Steve Ledford, Senior Vice President, Product and Strategy, at The Clearing House (TCH) as they discuss the spread of real-time payment systems around the world and take a deep dive into RTP’s operation, rules, and use cases.
Fri, 20 October 2017
Once upon a time, text messaging systems didn't interoperate. But when they did, usage skyrocketed. Many of the world's mobile money payment systems still operate within that old "walled garden" model, limiting the ability of citizens in areas like Southern Africa to send money home to family, pay utility bills, and, most important, enjoy the benefits of an national economy that is payments enabled.
The Bill & Melinda Gates Foundation sees today's limited interconnection of payment systems as a high barrier to the poor's participation in that payment enabled economy. Fortunately, those barriers are beginning to come down.
In this Payments on Fire podcast, Kosta Peric, Deputy Director of Financial Services for the Poor at Bill & Melinda Gates Foundation joins George in discussing Mojaloop, the foundation's open source software initiative that provides interconnection capability between disparate payment systems. Informed by the foundation's Level One Project, the goal is to encourage a lower cost deployment of this critical payments infrastructure as well as the active collaboration among the operators of mobile money services, financial institutions, each country's central bank, and national regulators.
Listen for a view into how payments systems can improve the health and well being of millions of people as well as the nation's they inhabit. This is very cool and important work.
Wed, 18 October 2017
The intersection of new tech, faster payments capabilities, and forward looking regulation is enabling significant innovation in B2B, and consumer, payment services in the UK and EU. Join Glenbrook’s George Peabody and Myles Stephenson, CEO of business payments platform provider Modulr, as they discuss how modern tech and updated rules have created opportunities for fintech service providers. The challenges to incumbent banks are only getting bigger.
Thu, 28 September 2017
Payments standards typically operate deep within a payment system, invisible to most of us. But before long a new standard for web browsers will touch us all. Known as the Payment Request API, it is one of the newer projects of the Word Wide Web Consortium (W3C). Supported by browser builders Mozilla, Apple, Google, Microsoft, and more, this new API should simplify web payments for consumers and merchants alike.
Wed, 13 September 2017
If you’re planning on attending Money/2020 in October, the Glenbrook team will be there in force. This short, not entirely serious, podcast previews the sessions we are leading there on two of the hottest topics around: B2B payments and the faster or real-time payments systems coming to the U.S.
Tue, 29 August 2017
We all know that the evolution of payments systems in the U.S. is accelerating. That’s why Glenbrook has just published the third edition of our book, Payments Systems in the U.S. - Third Edition: A Guide for the Payments Professional, the definitive guide to the how and, in particular, the why of our multiple payments systems.
The third edition addresses that evolution through updated examples and, unique to this edition, a focus on payments innovation in all three payments phases: initiation, funding, and settlement.
Join Payments on Fire host George Peabody and Glenbrook’s Russ Jones as they talk about the new edition, what it covers, and the book’s relationship to Glenbrook’s Payments Boot Camp. Payments Systems in the U.S. – Third Edition is available on Amazon.com in paperback and Kindle format.
Thu, 24 August 2017
Interchange is fundamental to open look card system economics and a mystery to many, especially to merchants who must pay it but don’t perceive any benefit from it. It’s a non-optional component of what the merchant pays to accept cards. It’s one element of the merchant discount fee. Despite the stubborn fact of it, there are ways for some merchants to make sure they pay as low a rate as possible.
Join Angelo Grecco of CardConnect (now a part of First Data) and Glenbrook’s George Peabody for a conversation about interchange optimization, an approach that certain B2B merchants can employ to lower their acceptance costs.
In this episode of Payments on Fire we decode the payments industry terms:
If you’re new to payments or just need a refresher on interchange, take a listen!
Fri, 11 August 2017
B2B payments are huge. Taken together, these supply chain payments exceed the gross domestic product. But supply chain payments remain an imperfect art. While consumers pay for one purchase at a time, a B2B payment may cover multiple invoices, each with different commercial terms. Given the amount of data about the payment that’s necessary to crisply communicate between a buyer’s accounts payable department and a seller’s receivables group, it’s no wonder paper checks are still in broad use.
While B2B payments have been resistant to “electronification,” the cloud, the mobile user interface, a new data standard (ISO 20022), and APIs into banks and payment schemes are enabling a renewed effort to streamline B2B payment transactions. B2B payments are hot.
Tue, 8 August 2017
The Faster Payments Task Force has brought together a broad constituency with the payments industry thoroughly represented. And thanks to participation by organizations like Consumers Union, the people who bring us Consumer Reports, the voice of the consumer has been well represented in determining important evaluation criteria.
Christina Tetreault, staff attorney at Consumers Union, joins Glenbrook’s George Peabody for this podcast discussion on faster payments, the consumer benefits these new approaches could offer, and what to hope for from their deployment in the U.S.
Tue, 1 August 2017
Merchant adoption of EMV capability isn’t a done deal in the U.S. Glenbrook’s own estimates show that we’re only halfway there. Few people have as much insight into merchant payment acceptance and the technology that enables it as Larry Godfrey of Global Payments’ Heartland Payments business.
Take a listen to George and Larry’s discussion as they cover:
Fri, 28 July 2017
Consumer billing payments get complicated in the healthcare space. Co-payments are bigger than ever as are the medical bills. Consumers need prompting to pay and even incentives to get those big bill onto a payment plan. With higher co-payments, smaller insurance payments, and so many patients having to deal with large medical bills, providers need services to take on the revenue management task.
Join Glenbrook’s George Peabody and David Yohe of the billing specialist BillingTree as they discuss the rising importance of consumer payments in healthcare and the challenges of changing property management payments. You’ll hear how an ISO addresses payment industry change. Listen closely and you’ll hear that the ISO’s job isn’t easy.
Mon, 24 July 2017
The Internet of Things may be a hot topic but its security isn’t hot at all. Up until recently, IoT device manufacturers and buyers haven’t cared much about security, a disinterest that’s led to over one hundred thousand surveillance cameras being hijacked by Mirai botnet malware. While cameras aren’t making or accepting payments (yet) it’s easy to imagine automobiles paying for tolls and fuel directly. If it’s not my Roku box, maybe it’s Alexa or Google Home that makes payments on my behalf over the IoT. The payments industry is working to get out in front of this potential trouble.
EMVCo tokenization, now expressed in services like Apple Pay and Android Pay, is a leading tool in the payments security kit. 3D Secure. 2.0 services, when used in combination with other security layers, should have a role in IoT payments security, too. Join Tim Sherwin, Co-Founder and CEO of Visa’s CardinalCommerce unit and Glenbrook’s George Peabody in this deep dive into 3DS 2.0, where it works, who pays for it, and its expected role in the IoT.
Fri, 7 July 2017
The Internet of Things (IoT) will bring us a tsunami of network-enabled devices, for consumer use as well as yet to be imagined industrial and commercial applications. Many of these devices will be payment enabled, many using card payment rails. Securing those billions of IoT devices is going to require techniques deployed by the mobile industry, the card industry, and other sectors. Cryptographic hardware will be part of the solution.
The answers, of course, will include multiple methods and modes, all chosen based on risk and cost. Join Gemalto’s Jack Jania and Glenbrook’s George Peabody for a discussion on the broad world of IoT device security and how payments intersects with this new and enormous category of devices.
Mon, 19 June 2017
Bringing electronic payment capability to small merchants is a major hurdle for multiple developing economies. In this Payments on Fire podcast with Glenbrook co-founder Allen Weinberg and George Peabody, we discuss merchant enablement in markets reliant on 2G wireless and feature phones. We take a deeper look at India’s payment evolution in particular. Allen’s observations come from his recent work in India and the insights into payment system success factors he’s developed. Take a listen!
Sun, 11 June 2017
Bringing payments and financial services to those of us with a tenuous connection to the banking system is the goal of the Center for Financial Services Innovation. FinLab, a joint effort by the CFSI and JPMorgan Chase, is a five year effort, now in its third year, that’s using a competition for funding and business support to broaden American financial services options.
When nearly half of Americans don’t have $400 ready money, better financial management tools can help. Join FinLab’s Managing Director, Ryan Falvey and Glenbrook’s George Peabody as they discuss the FinLab mission, its process, successes, and what Ryan hopes to see next.
Tue, 16 May 2017
Payments transactions generate plenty of useful data for merchants. But wrangling that data into informative shape gets challenging, especially when multiple acquirers, gateways, processors, or other service providers are used. Each one has a different approach to reporting and some are (much) better than others. Developing a consolidated view and, as important, reconciling financials from different sources is a time consuming task for staff who need timely data on multiple concerns.
Tue, 4 April 2017
The term identity gets used a lot whenever internet payments and security are discussed. Knowing who we transact with is still the knotty problem. Strong authentication is required. Identity verification is required, too. A means of sharing the fruits of that work among the parties involved, especially those taking on risk, could save everyone a lot of cost and effort. That’s the notion behind federated identity and other means of securely sharing identity attributes without undermining privacy.
That tall order is the subject of this podcast with Andre Boysen, Chief Identity Officer of SecureKey. Join George and Andre as they talk about trust on the internet, SecureKey’s approach, and the company’s use of blockchain technology via a partnership with IBM.
Mon, 27 March 2017
Want to know what it takes to to stay smart in payments? Take a listen to Russ Jones, the Partner in Charge of Glenbrook’s Payments Boot Camp program. Russ gives a look behind the scenes, talks over the boot camp’s evolution, and how it stays forward looking in what’s become a fast changing industry. Over 13,000 payments professionals have experienced the Payments Boot Camp Russ talks about in this Payments on Fire podcast.
Thu, 16 February 2017
Sometimes a change in direction is the way forward. Network aspirant Dwolla has recently pivoted its work toward the product and development teams inside financial institutions. Instead of being a system operator, Dwolla now offers a broad set of APIs designed for those FIs to take advantage of the ACH’s overnight and Same Day ACH services. Dwolla’s shift also comes as the company and the US anticipates the impact of new immediate funds transfer systems Zelle, The Clearing House, and likely others.
Take a listen to this conversation with Jordan Lampe, Dwolla’s Director of Communications and Policy Affairs, and Glenbrook's George Peabody as they discuss the Federal Reserve Faster Payments Payments Task Force Steering Committee, use cases for Same Day ACH, and more.
Wed, 11 January 2017
Turning money movement into a core capability of the internet is the guiding principle of Circle Internet Financial. Not an easy task. While technical issues abound, regulatory and business hurdles pose larger challenges.
Join Payments on Fire host George Peabody and Circle’s co-founders Jeremy Allaire and Sean Neville for this discussion on Circle’s geographic expansion, its recent shift in bitcoin support, and its development of Spark, a blockchain-based open source smart contract platform optimized to share and store payments meta-data including exchange rates, KYC details, identity, etc.
Tue, 3 January 2017
One of last year's most anticipated advances in fraud management was the final release of EMVCo’s 3D Secure 2.0 protocol specification. Designed to take a risk-based approach to authorization and lower the checkout friction of its predecessor, 3DS2 will be a new tool in the growing anti-fraud arsenal.
One of its supporters and a service provider that’s been closely tied to 3D Secure is CardinalCommerce. Cardinal, now a new addition to Visa’s arsenal with its recent acquisition, has been working with the risk-based approach for quite awhile. Take a listen to Visa’s Mark Nelson and Mike Keresman and Tim Sherwin of CardinalCommerce in this discussion about 3DS2, card network mandates, Cardinal’s acquisition by Visa, and when the market will see 3DS2 solutions.
Tue, 20 December 2016
In e-commerce and mobile commerce the problem of false declines is significant, especially during the holidays. Issuers decline transactions that online merchants approve. And vice versa. In other words, the necessary process of sorting out fraud from good transactions catches good transactions with the bad. This poor decision making means merchants lose the sale and the issuer its transaction fees.
In this Payments on Fire podcast, Glenbrook's George Peabody discusses the false decline issue with Ethoca’s CMO Keith Briscoe as well as the company’s program to encourage more merchants and issuers to take advantage of its shared data service.
Wed, 14 December 2016
Multiple organizations have emerged to address different aspects of security, privacy, and identity. In this Payments on Fire Podcast, Glenbrook’s George Peabody speaks with Craig Spiezle, Executive Director of the Online Trust Alliance, an organization bringing together privacy and security best practices for a range of industries, including payments. Take a listen to this conversation about the security challenges ahead, especially around the Internet of Things.
Mon, 10 October 2016
Faster payments, B2B payments, international remittances, cross-currency, and cross-border payments. These are hot topics and major challenges the payments industry must address. Central to all is the ability to represent, in an interoperable fashion, the information that surrounds the payment itself. What’s this payment for? Who is it for? Where’s it going? These are information gaps that bedevil B2B payments and all of the above. Extensible standards in general and ISO 20022 in particular are the answer.
The International Payments Framework Association (IPFA) is dedicated to expanding the utility of ISO 20022 through rule building around the usage of this data representation method. Standardized business messages are huge and that’s what the standard and the IPFA are all about. In this podcast, the IPFA’s CEO, Glenbrook’s own Elizabeth McQuerry, addresses ISO 20022 itself, the IPFA’s role, and updates to accommodate international faster payments. Cross-border money may finally fly.
Wed, 21 September 2016
As the breadth of transaction data expands, even the definition of payment data is getting stretched. Payment data, when combined with other sources, is becoming a valuable tool for both commerce and security. If we know your first name, we can figure out if you’re male or female 92%+ of the time. If your email address is at AOL, you’re probably over 50. What you might buy can be inferred from the websites you visit. And that’s just the start of data’s role in payments.
Take a dip into the payment data pool in this podcast with Glenbrook’s Russ Jones. Russ discusses artificial intelligence, privacy, and the spread of Bluetooth beacons. For a deeper dive into the topic, join Russ at the Payments Data Insight Workshop on October 13 in Palo Alto because data’s influence in payments continues to expand.
Fri, 5 August 2016
Bitcoin’s reliability and transaction-level security has inspired today’s explosion of blockchain pilots, companies, and consortia. But the bitcoin rails already have solid commercial applications. Circle Internet Finance has focused on person to person payments. Align Commerce has focused on international B2B payments for smaller businesses. With growth, both have blended bitcoin rails with more traditional methods to accomplish fast, cost effective transfers.
Join Marwan Forzley, CEO of Align Commerce, and Glenbrook’s George Peabody for a conversation about how Align moves money and the state of bitcoin and blockchain development. There may be no such thing as an international wire but this approach gets pretty close.
Fri, 15 July 2016
Stretching the retail financial institution’s (FI) mission beyond checking account and debit card management is on that industry’s agenda. It’s what fires the imagination of fintech entrepreneurs too because retail financial services is an industry in need of creative, expansive approaches to accountholder services. Not every idea catches fire but fortunately there are those willing to light a match.
This Payments on Fire podcast looks at Sensibill, a digital receipting and data repository service for FIs. Join Glenbrook's George Peabody and Sensibill’s CEO and co-founder Corey Gross in this discussion of how an FI can help its accountholders turn digital receipts into data far more useful than what’s on a statement or that piece of paper stuffed into a purse or wallet.
Thu, 7 July 2016
Machine learning and the broader category of artificial intelligence are rightly attracting attention and discussion. These are powerful technologies. But, like many new technology conversations, there’s the suggestion that they can address all use cases.
Maybe focusing on a single use case is the better approach right now. Join Glenbrook’s George Peabody and Nuno Sebastiao, Chairman and CEO of fraud management firm Feedzai, in this refreshing discussion about the role of machine learning in fraud management, some of its limitations, and how services like these fit into an enterprise’s fraud and risk management operations.
Thu, 30 June 2016
Digital identity is the black hole of the internet. Our online lives simply aren’t protected by a system without strong authentication. Killing the password is Mission One for security professionals because they’re so readily stolen through phishing attacks and malware. Users, warned to make passwords complex and unique, have no hope of remembering them. And a password is simply one factor of secure authentication. Biometrics and data, when used in combination, can relieve password fatigue and, for the relying party, increase security substantially, bringing some light to that dark place on the internet.
We talk with MasterCard’s biometrics and authentication leader, Bob Reany, about where biometrics work and the intersection of device-based tools with what the cloud provides through Big Data, particularly device profiling and behavioral analytics. Your fingerprint’s not just for unlocking the phone anymore.
Tue, 21 June 2016
Chargebacks are one of the card system’s great consumer benefits. If fraud happens, the merchant doesn’t deliver on what was promised, or you’re charged six times for something you bought just once, the chargeback mechanism returns your money or restores your credit. What’s not to like? Well, if you’re a merchant, a lot. While there are plenty of legitimate chargebacks, there are also consumers who take advantage of the system through “friendly fraud,” the “I didn’t do it” chargeback category abused by all too many.
Chargebacks are expensive for merchants. There’s a chargeback handling fee from the acquirer. There’s the cost of disputing the chargeback. There’s the cost if, at the network’s discretion, the merchant loses the chargeback. And then there’s the small matter of the cost of the goods or services. Take a listen to this audio primer on chargebacks with Glenbrook’s George Peabody and Chargeback’s CEO Dave Wilkes. Hear how they work, what the trends are, and how Chargeback assists merchants in the chargeback dispute process.
Tue, 17 May 2016
This episode of Glenbrook’s Payments on Fire podcast comes from the Shoptalk conference, mid-May 2016. Focused on the entire customer engagement cycle, the attendees are all about influencing consumer behavior, the processes of moving customers through that cycle, about making some portion of enterprise IT work more smoothly, or, yes, even about payments.
Take a listen to my conversations with start-ups Tuku (in-store digital content delivery), Belly (in-store loyalty), Bold Financial Technologies (payout management for Treasury) and established fintech provider ACI Worldwide.
Wed, 11 May 2016
Payments industry professionals naturally have a hard focus on the industry’s own dynamics. So, it’s not uncommon to lose sight of who the customer is and who pays the freight. In retailing, yes, the consumer pays, but payments is a direct cost to the merchant. With all of the changes underway in the U.S. payments landscape, merchants now view payments as a complex, strategic element of their business, both as a way to drive new sales as well as a cost component to be tightly managed.
To learn what’s top of mind for a large scale retailer, take a listen to Dean Sheaffer, SVP of Financial Services at Boscov’s Inc., the U.S.'s largest family-owned department store. In this Payments on Fire podcast, Dean addresses payments as a sales tool (Dean and his team have upped usage of the Boscov private label card to 40% of tender!), payments and data security, and the potential of Faster Money.
Sun, 1 May 2016
Extension of credit to people in developing markets has been a long time challenge. Banks, of course, look to repayment history to make such determinations but in much of the world, banking relationships and repayment track records are few. But history has demonstrated that extension of credit in developing markets can be effective and profitable. Just look at the Grameen Bank’s high micro-loan repayment rates.
To address this repayment data dearth, Lenddo.com developed a lending data set in multiple developing countries, having gone into the lending business just to generate the data it needed to tune its machine learning capability. Lenddo then built its algorithms that examine some 1,000 characteristics in the data drawn from social, mobile, and other sources. This Payments on Fire podcast with Lenddo.com’s founder Jeff Stewart takes a look at lending in developing countries, social and mobile data sources, and examines the algorithmic "black box" that is at the heart of the company’s approach to making credit decisions in "thin file" markets.
Wed, 20 April 2016
The world of moving money is changing. And faster is the theme. Domestic real time payment systems are showing up across the planet. Today's discussion is full of bitcoin, open and permissioned blockchain approaches to speed asset exchange. But the competitive balance between proprietary and open systems is in flux.
The view that moving money is or should be an internet-wide capability is a guiding principle for Jeremy Allaire, founder and CEO of Circle. Take a listen to Jeremy on how Circle is connecting US dollars to British pound sterling, his plans for the euro, and how multiple technologies - blockchain and machine learning among them - enable money movement for Circle's customers.