In this episode, George speaks with Rafael Lourenco, EVP and Partner of fraud management provider ClearSale. Rafael returns to Payments on Fire® to address COVID’s impact including new online threats and the consumer behavior changes that challenge the customer checkout experience and fraud detection.

COVID-19 has contorted how merchants do business into new shapes. COVID-19 is forcing some merchants, often inexperienced with the online world, to make a swift digital transformation with all of its benefits and downside fraud risk.

For example, numerous brick-and-mortar merchants have rushed to embrace online commerce as they attempt to fill the revenue hole in their business. Others, as we’ll hear in this Payments on Fire® podcast, have suddenly found new demand for what they offer.

Even fraud management companies have found themselves dealing with unexpected shifts, including new behaviors of good customers.

* Consumers new to the online channel have suddenly appeared. Their checkout and payments behavior maybe confused and uneven.
* Prior customers may decide to become quarantine refugees and move in with friends and family at a different address. The new shipping addresses raises a red flag at the merchant’s fraud detection system.

As we’ve seen countless times after natural disasters, fraudsters see opportunity in the misfortune of others. The pandemic is no different. It’s also encouraged fraudsters who formerly operated in the physical world to attack the online channel. After all, they need to make a living, too.

Rafael takes us through these scenarios, what ClearSale has observed since very early in the COVID-19 outbreak, and some of the adjustments ClearSale’s full outsourced fraud management service has had to make.

He also discusses the role of machine learning and artificial intelligence (ML/AI) in fraud management. ML/AI has dropped ClearSale’s need for manual review from 30% of orders 10 years ago to 5% today.

ClearSale differentiates its service partly based on the extent fraud analysts examine the case before a questionable transation is declined. Rafael points out that, unlike an individual merchant who must maintain the same staffing level despite volume fluctuations (think Cyber Monday and mid-July), ClearSale’s fraud analyst team works across multiple merchant categories. That means, when one segments is busy another is less so. The result is “staffing in the cloud.”

For more on how COVID-19 has affected payment flows and the payments industry, read Glenbrook’s COVID Impact series. 

Take a listen to Rapyd's Eric Rosenthal and Glenbrook’s George Peabody as they discuss Rapyd’s swift global expansion, its ability to quickly build new capabilities, and the firm’s cloud-based tech stack. It uses its “white label PayPal” model to payment-enable a wide range of companies and use cases.

Programming Payments Has Been Hard

Among the many evolutions in the payments industry over the last decade, and only accelerating today, is the programmability of payments. Prior to that, a portion of payments providers - gateways, processors, and even networks - provided access to their services via direct integration to whatever interface they cared to expose. The API is the layer now employed for that purpose.

A single interface to core services is, of course, the basic stock in trade of a gateway, an outfit that exposes a single interface to its customers with the promise, among many, of reaching a broad swatch of acquirers out the other side. Networks like American Express and Mastercard have long provided access of their own.

But this approach, for the many merchants and businesses shifting to digital payments, had a number of shortcomings.

First, none of these integrations were truly comprehensive. One gateway could get you to the UK, but others were necessary to reach the rest of Europe, often on a country by country basis because payments are local and domestic. To sell in a country, you have to connect to the methods its citizens use. Cards along won’t do it. So, global reach through a minimum set of providers was a challenge.

A second concern was the effort required to connect to so many providers. A merchant would have to carefully assess the ROI for each development effort in order to sell, say, in Austria or Thailand. Or to take advantage of the fraud services of American Express. Implementing and maintaining so may interfaces - and the contracts or partnerships that exist alongside the technical effort - is a lot of work.

Things Have Improved - A Lot

The way over these barriers is now broadly available. A number of providers have applied a common insight - that merchants, enterprises, and sellers will flock to a provider that offers a single, straightforward API that abstracts the complexity of payments so that they can focus more on their commercial goals.

Multiple providers now offer a single integration through which merchant can reach a global audience and the global range of payment methods.

That’s one of the insights that inspired firms like Braintree, Stripe, Adyen, and others, including the firm Rapyd, the subject of this Payments on Fire® episode.

Built on the Cloud

Rapyd is a young company building out its capability to global scale in a very short period of time. In this discussion with Rapyd’s Eric Rosenthal we hear how the firm’s use of Amazon Web Services has allowed the company to scale operations around the world in a reliable and, critically, compliant manner with respect to data privacy and domicility.

Eric illustrates the company’s model - a white label PayPal as he calls it - through an example of Rapyd supporting a cash collection supply chain challenge for a global CPG manufacturer.

Flexibility and Speed

In our payments consulting work on behalf of merchants and billers, when we support their choice of payments provider, we increasingly see one or more firms like Rapyd competing against incumbents like First Data and Chase. We expect to see them more often in the future.

Incumbents using legacy infrastructure lack the flexibility to be responsive. We frequently hear about the years long implantation projects some legacy providers require. While a single firm may have built, at one time or another, every possible bit of functionality a merchant may want, the reality is that such breadth is not available on a single platform. Hence those long integration timelines.

The ability of these newer entrants to address incremental use cases is impressive. Of course, some of their components lack the functional depth achieved by incumbent competitors. But that gap will narrow with time and faster than in prior years.

By outsourcing the core plumbing to cloud providers like AWS or Microsoft’s Azure, firms like Rapyd are able to put more wood behind the arrow aimed at their customer’s business goals. Freed of much of the operational burden of running the plumbing, they can deploy their talents where the impact is greatest. And that changes the game.

The transition away from paper to an all digital payments world has been underway for decades. But in the last few years the pace has accelerated. Global tech availability and focused development talent is letting software eat the payments world. Other enablers include business models such as payments facilitation and the focus on commerce, not just payments, for merchants.

COVID-19 has simply added fuel to the fire. In May, for the first time, Mastercard reported that over 50% of its volume was card not present, transactions all in the digital payment space. The pandemic is yet another forcing function pushing digital payments deeper into our lives, across the key payment use cases employed by individuals, merchants, enterprises, and government.

Keeping up with all this is what we do at Glenbrook. In this Payments on Fire® episode, Glenbrook's Russ Jones and George talk about what’s hot and how that gets examined in our upcoming Digital Payments Insight Workshop. It will be held online June 24 and 25th. For more on the workshop, check it out here.

Russ and George talk about the online training experience and how interactivity is supported by the tools we use and the flow we establish. So, take a quick listen to get a taste of what’s hot. If you like it, we look forward to seeing you at the workshop. No trains, planes, or automobiles needed.

Take a listen to Craig McDonald, Chief Business Officer of Trustly and George as they discuss how Trustly makes its proposition possible. While Trustly is ramping up its U.S. presence, it does have timing on its side. In this pandemic-constrained age, merchants will be looking for lower cost payments and certainty. Trustly appears to have attributes to meet those concerns.

In our payments education and payments consulting work, we frequently discuss payments “rails” - the networks and systems that move money either between banks in the open lop payments model or within a single operator’s closed loop network. Think cards, wires, and ACH when you hear “open loop.” Think PayPal when you hear “closed loop.”

Each set of rails connects to an account of some kind. And has to present itself to the end user to make payment initiation easy.

We know how to write a check and understand how a wire is initiated. We all know how to initiate a card transaction at both the physical point of sale and online. There’s another important system that most of use all the time if we’re employed. If we actually use it to send a payment, we might know what it’s really called. That, of course, is the automated clearing house, the ACH system.

The ACH has incredible attributes. Almost every financial institution connects to it so the network effect is huge. And, for the financial institutions that use it, it’s very inexpensive. It can be used to both credit or debit an account.

But it has some big shortcomings, too. It runs in batch, overnight and a couple of times during the day. It is not a real time payment. There is no authorization. And when a debit transaction is initiated, the system has no way of knowing if there are funds in the account to be debited.

A number of companies have come and gone over the years who have tried to take advantage of its cost and ubiquity but have been unable to overcome competition from cards, especially debit cards, or the challenges of fraud and security.

But more modern tools are available today from both the technology and the rules/regulations angles that make the ability to pay a merchant from one’s own bank account, certain for both parties, possible.

That’s the topic of this Payments on Fire® episode. Trustly has combined broad connectivity into the ACH system with machine learning to effectively guarantee payments to merchants at a lower cost than debit cards. It’s a fascinating example of how new tech can broaden the utility of a system that is decades old.

Take a listen to Craig McDonald, Chief Business Officer of Trustly and George as they discuss how Trustly makes its proposition possible. While Trustly is ramping up its U.S. presence, it does have timing on its side. In this pandemic-constrained age, merchants will be looking for lower cost payments and certainty. Trustly appears to have attributes to meet those concerns.

This illuminating Payments on Fire® episode takes a deep look at a very new Brazilian payments platform called Conta Zap (Zap Account in English) and how a group of community minded people came together with Conta Zap to provide basic income to economically displaced Brazilians during the COVID-19 outbreak.

The story illustrates how the combination of entrepreneurial thinking, technology, and right-thinking regulation can make a real impact on even those living at the edge.  

The Situation

This story is about how that wallet was put into the field to serve a particular community in real need. That community is made up of mostly fishermen, like the one pictured below, living in the Vergel do Lago neighborhood in the northeastern city of Maceio. Most residents are fisherman who sell their catch to restaurants, a transaction shut down due to COVID-19 restaurant closures.

Already living on the edge, that shutdown put enormous pressure on the 20,000 fishermen working in the area.

How It Started

Conta Zap is a digital wallet that simplifies moving money for P2P, bill payment, and other consumer-based transactions. Under Brazilian bank regulations, Conta Zap is also a “payment institution” able to handle payment transactions on behalf of its user but not to be a lender itself.

When word of the fishermen’s plight reached Conta Zap leadership the idea of using its wallet to get emergency funds to the fishermen was born. The Zap do Bem (roughly translated as Zap for Good) service came to be, based on the Conta Zap wallet. A group of corporate funders donated the funds for the fisherman with each fisherman receiving the equivalent of $35 USD, a meaningful figure to these impoverished workers.

The idea of Zap do Bem started in mid-March before it was clear that the federal government was going to provide an emergency stipend to poor Brazilians. To get those stipends to the millions of unbanked Brazilians, the government took advantage of recent Brazilian Central Bank regulations that allow for easy opening of low value accounts. These so-called CAIXA Tem digital accounts are offered by the government owned CAIXA Econômica banks. Remarkably, more than 40 million accounts are expected to be opened by individuals who previously did not have an account.

As with Conta Zap, this has allowed Brazil to disburse funds relatively easily and safely to millions of people. Of course, this hasn’t stopped people from lining up to take money out as cash but it is a very big, important first step in creating a digital ecosystem.

Multiple Layers of Tech, Regulatory Foresight, and Good Will

The story is a digital one. The Zap do Bem was not about helping speed cash distribution. Stakeholders combined technology from multiple parties, the generosity of donors, and these important regulatory guardrails to create a valuable service. Here are the ingredients to Zap do Bem’s layer cake:

1. The Fishermen. The fishermen needed digital accounts and the means to spend their money.
2. The Merchants. Conta Zap enrolled merchants to accept payments from the Conta Zap wallet.
3. The Donors. A collection of corporate and individual donors agreed to provide the funds to help the fishermen get through the pandemic.
4. Conta Zap provided the digital wallet, enrolling the invited fishermen participants via text message. A Brazilian celebrity sent a message to recipients assuring them that the offer was legitimate.
5. Oi, one of the country’s leading telcos, enabled Conta Zap to verify customer identity using Oi’s geolocation capability for address verification and to help validate the fishermen’s income level by looking at purchase records for prepaid airtime. Oi also helped identify merchants in the neighborhood. That allowed Conta Zap to get those merchants enrolled so the fishermen could begin to spend the donated funds.
6. WhatsApp, by virtue of exposing its capabilities programmatically, Conta Zap, was made available to beneficiaries entirely on WhatsApp using an AI interface as seen in the screen shot below. This approach allows Zap to provide its digital wallet service at very low cost.
7. Regulators. The enabling regulation allows accounts with low balances and modest activity to be opened with minimal personal identification requirements, i.e. your name, national ID number, and birthday.

Screenshot and translation of Zap do Bem:

We’ll plan to follow up on these developments in the future. Listen in now as Elizabeth McQuerry interviews Roberto Marinho, CEO of Conta Zap, and César Souto, a Member of the Board of Directors. If you would like to become a donor, click here and scroll to the bottom of the page for instructions.

There’s no clearer indicator of COVID-19’s economic impact than payment metrics. In this Payments on Fire® episode, we speak with Bryan Derman, Glenbrook’s managing partner, and Glynn Frechette, SVP of PSCU’s Advisors Plus division, in a discussion of PSCU’s payment trends analysis. Glynn provides an exceptionally detailed view into the pain, and some real gains, that the pandemic has brought to U.S. payments activity.

PSCU’s analysis points to both the depth of transaction volume declines for a number of segments, especially travel and fuel. And since so many restaurants are shut down (another segment hammered by the pandemic), the data shows how supermarkets and groceries have benefited.

There’s plenty of detail in this podcast so take a careful listen. To keep up to date on what PSCU is seeing across the country, go to its Resource page. For more, check out PSCU's infographic for the week ending May 3rd.

It is super instructive to hear about payments evolution. So, it’s time to take a trip. In this Payments on Fire® episode we speak with Charles Ifedi, one of the founders of Interswitch, one of the leading digital payments providers in Nigeria, and founder of customer engagement platform company eBanqo.

We hear a lot - and deservedly so - about innovative fintech companies but we hear very little about the advanced and highly competitive payment system already in place in Nigeria. Take a listen as Glenbrook partner Elizabeth McQuerry, partner in charge of Glenbrook’s Global payments consulting practice, talks with Charles about the Nigerian payments ecosystem, his role in developing one of the leading payments providers there and and his new venture in improving the front end of financial services with conversational AI .

Payments in Nigeria are huge in every way. Its large population – some 200 million – allows digital payments to thrive even as the banked population remains stubbornly low at just under 40% of the adult population. Unlike the eastern Africa experience of telco-led companies like M-PESA, Nigerian telcos are not allowed to serve as payments providers. They aren’t banks but their agent networks serve an essential role in last mile service delivery. That said, recent regulatory changes are allowing partner companies of these telcos to apply for the country’s payments services bank license.

Nigerians have been able to take advantage of instant or real-time payments for a decade. You can’t say that for Americans. It’s quite common to see people making instant payments transfers from their mobile devices via the simple USSD menu interface on feature phones. Those with smartphones take full advantage of app-based interfaces.

These instant payments are often used to buy things in retail shops as well as to make business or personal transfers.  Payment by debit and credit card is also quite common and Nigeria is home to Verve, the pan-African card brand.

Listen in as Charles, who was Verve’s first CEO, reflects on developing the Interswitch brand and discusses how Nigerians are making payments at small and large merchants during the Covid-19 lockdown, the successes of ATMs and their challenges to growth, the failure of biometrics, and about the Nigerian payments ecosystem overall.

Payment authorization rates are a theme we return to regularly on Payments on Fire® because they matter so much to merchants, issues, and the payment providers in between. If a big issuer declines more transactions than its peers, the merchant and the issuer, in fact, leave money on the table. The merchant loses sales. The issuer loses interchange revenue.

In this episode, we speak with Stripe’s Jeanne DeWitt, head of revenue and growth for the Americas, for a deep look into how her company maximizes AUTH rates for itself and its hundreds of thousands of sellers. We discuss COVID-19’s impact and some of the creative responses to it. We also address Stripe’s maturation into an enterprise provider, at enterprise orgnization, and wrap with a look ahead at the future shape of the payments industry.

In Glenbrook's Payments Boot Camp® and in our payments consulting work, we use our Domains of Payments framework to subdivide the major use cases and payment contexts into a half dozen categories or domains. The Remote Domain contains cross-border e-commerce, a particularly challenging use case where the buyer and seller are separated by distance and, in the case of cards, credentials are presented without the cardholder present. This is card on file (COF), card not present (CNP) transactions live. Just add cross-border complexity.

If you sell via e-commerce in the EU, Middle East and to the global market, you’re crossing borders. That means regulatory compliance. It also means you want your customers to pay you in the manner to which they’ve become accustomed. Germans and Belgians like SOFORT and PayPal. The Dutch prefer the domestic iDEAL system. The UK is card-centric.

To reach customers in those countries and beyond, you need a payment services provider with reliable connectivity into those domestic systems, access to global card systems, and the ability to maximize authorization rates.

Credorax is a PSP founded in Israel with a strong technology focus that has also become a Malta-based bank in order to expand its EU presence as an acquiring bank.

In this Payments on Fire® episode, George and Credorax COO Moshe Selfin discuss the initial impact of the novel coronavirus on the travel segment and then move on to authorization optimization.

The podcast includes the Credorax creation story. While technical capabilities were the core of its start-up phase, it was the EU’s PSD2 regulation that created its market strategy and steered its business evolution. While many in the payments industry complain about regulation, it’s true that mandates move markets and, as Credorax saw, create opportunity.

Take a listen to how a this not-yet-quite-global company positions itself in an increasingly crowded market and its approach to delivering value.

In this special episode of Payments on Fire®, Glenbrook partner Elizabeth McQuerry, partner in charge of Glenbrook’s Global payments consulting practice, leads a conversation on the development and adoption of realtime payments in developing markets.

Joining Elizabeth are Miller Abel, Deputy Director, Principal Technologist at Bill & Melinda Gates Foundation and Gene Neyer, Executive Advisor to Icon Solutions, board member at the US Faster Payments Council, who has supported Gates-funded projects in Pakistan and Tanzania.  

This discussion was originally scheduled to take place at the 2020 Payments Canada Summit.

If the development of faster payment, instant funds transfer systems is important to you, take a listen to this episode on the development of these instant push payment systems in developing markets. Many of the issues and concepts discussed apply to developed market concerns and you will gain important insight into the multiple paths governments and leading tech firms take in system and ecosystem development.

Anchoring the discussion is the set of principles for financial inclusion codified in The Level One Project Guide, a work product of the Bill & Melinda Gates Foundation.

An essential principle is the role of real-time payments as an economic development tool. Digital payments have to have the immediacy of cash to be transformative. No one can afford to wait for a payment to wander for a few days through an antiquated banking system when they have to buy fuel in 20 minutes.

Digital payments also have to solve for specific use cases which quickly leads to the need for an API layer to embed payments into purpose-built apps. The discussion addresses these principles and illustrates them with examples like the agriculture-focused version Uber for tractors.

To address the necessary transaction switching and connectivity infrastructure, the Gates Foundation has built the Mojaloop
platform, an open source initiative to ease development for  governments and commercial entities alike. Miller takes us through its genesis and applications.

Elizabeth, Gene, and Miller discuss the extraordinary and growing penetration of inexpensive smart and surprisingly capable feature phones in markets like Nigeria and Myanmar.

They also discuss the “stack” of rules, rails, account providers, and apps that enables innovation, a model that applies to both developed and developing markets.

This is a comprehensive discussion that touches on the roles of government and commercial stakeholders and how they differ across countries, payment economics, and the multiple paths to broad deployment of real-time payments. Take a listen.

The “supermarket” days of financial institutions providing all of our financial services and holding all of our accounts are long over. Brokerages, insurance companies, and the expanding array of fintechs compete to hold, manage, or organize our assets.

With so many custodians of our financial data, it can be difficult for an individual to generate a complete picture of her finances. That’s been a longstanding problem that was addressed over two decades ago by data aggregators like personal financial management app Mint.

Individuals found this single portal approach quite useful. All we had to do was provide the aggregator with the login credentials to each of our online accounts. The aggregator would then log into that account on our behalf, “read” our data off of the web page, and display all of that data in a single consistent fashion (this is “screen scraping”, the method of data gathering that started it all).

This single view capability has been a compelling proposition that dozens and dozens of firms have emulated in the years since.

Further, use cases have proliferated where a fintech, for example, simply needs access to one or two accounts in order to fulfill its goals. The mobile app model has just accelerated the expansion of apps needing access to user account data.

Yodlee and Plaid, now a Visa company acquired in a whopping big transaction, are examples of companies selling access to user account data either through screen scraping or, in a more modern approach, direct integration to individual financial institutions.

Direct integration to each bank or credit union’s data is, of course, inefficient because each banks exposes its own interface. The syntax and functions of each vary making everyone’s development and maintenance tasks more difficult..

Evolution of a Standard

Into this gap is the Financial Data Exchange organization. With over 100 members https://financialdataexchange.org/pages/members
from a wide range of companies - Chase, Plaid, FS-ISAC, Intuit, PNC, Fannie Mae, Truist, Cashflow Solutions - its goal is to standardize the domain of permissioned at a sharing through an API layer in operates in front of financial institution data.

FDX is a true standards organization. Its members pay dues, yes, but their more important contribution is time and effort. Working groups take on particular technical and usage aspects, develop them, and generate draft standards for the entire membership to ratify.

One of its working groups focuses, for example, on the user experience, on the use cases that benefit from data sharing and how to make that process transparent and secure for end users.

In this Payments on Fire® episode, George and FDX Managing Director Don Cardinal discuss the API, its many reasons for being, and the standards development process.

They also discuss Akoya, Fidelity’s former data sharing unit that is now owned and operated by The Clearing House and 11 member banks. Akoya serves as a central integration provider making it easier for a fintech app to connect its users to the banks subscribing to the Akoya service.

So take a listen. FDX is important to the fintech and financial services community. It’s important to end users. And it’s a great example of how comprehensive standards can be developed swiftly.

Welcome to Payments on Fire® and to our third, now annual, discussion with Steve Ledford, SVP Products and Strategy at The Clearing House, and the leader of his company’s Real Time Payment Network initiative.

As in prior conversations, Steve and George discuss the growth of the RTP Network both in terms of transactions and dollar volume as well as an important metric, the growth in the number of financial institutions and FI processors who are already or in process of connecting to the network.

The evolving set of use cases supported by a new payment system is often surprising. Few expected Zelle’s leading use case to be rent payments. While the RTP Network is in its infancy, Steve shares a number of use cases already in flight.

Changes to the network’s rules also position it for expanded use. For example, the network’s recent increase in transaction size limit to $100,000 positions it far better for B2B transactions.

Like all bank services, strong user authentication is critical and firmly out of scope for the new network. Banks will have to improve their authentication processes because account takeover is a real risk.

As Steve says in this discussion, banks can also reduce the risk of accountholders sending money to bad actors simply by well-timed messaging. Financial institutions can adopt best practices that have evolved in the UK and other markets with similar systems in place. For example, the bank should ask the accountholder if they personally know the recipient of the funds and if they have been pressured to make the payment within a certain timeframe. Both questions are meant to caution the accountholder before pressing Send.

Steve also addresses the announcement of FedNow and its ripple effects on the RTP Network.

New national payment rails are a once in a generation event. New rails, better data representation techniques, and mobile devices make for an innovator’s playground. Take a listen.

Be Safe. Be Well. Help Out.

This is our era’s unprecedented event. I hope you’re staying safe, your family is all well, and you’ve got what you need for what looks to be a pretty long time. On the upside, I’ve seen and experienced people helping one another like never before. That gives me confidence we’ll be able to mitigate COVID-19’s impact on our healthcare system - and on all of us. The downside is obvious. The weight of the pandemic is going to come down heaviest on those with the fewest resources. Helping out is our best response.

Among the Exploiters of The Pandemic

There are characters out there, however, who are bent on taking advantage of this global challenge because the corona virus has only added gasoline to the growth of e-commerce and online fraud of all kinds.

While e-commerce volume skyrockets as so many hunker down, online credit applications are rising at traditional lenders, challenger banks, and fintechs. Responding to the pandemic, some fintechs are making it easier than ever for sole proprietors to get loans in the hopes of having their business survive the pandemic. For similar reasons, others are encouraging government action in support of their SMB customers.

These laudable efforts will attract fraudsters in droves. What could be better than overburdened systems (Robinhood anyone?) and modified onboarding and underwriting processes?

Socure is an identity management company serving financial institutions old and new, fintechs, and marketplaces that extend credit via online applications. Socure’s service operates right at their front door, at “day zero,” when the applicant first appears at the provider’s digital door. The company promises to reduce fraud, reduce the manual review of questionable applications, and onboard more customers through its KYC services.

In this Payments on Fire® episode, George speaks with Rivka Gewirtz Little, SVP Marketing & Strategy at Socure on a range of topics, from the what and how of Socure’s service to the larger concerns of fraud rates, model governance, and the definition of identity.

Socure’s Own Digital ID

Socure is working on its own version of a digital identity, essentially taking all that it knows about each individual and creating a profile that is updated based on the individual’s behavior, system changes, etc. This “Socure Identity” then can be used beyond the Day Zero identity proofing step but for subsequent authentication when the individual returns to Socure’s customer’s website or app.

FI Internal Collaborate on Identity

An encouraging evolution in enterprise organization is the growing collaboration of the produce line leadership within traditional financial institutions in the areas of risk management and marketing, teams with traditionally conflicting goals. Marketing wants as little friction as possible; Risk wants to keep the bad actor out. In the past, each product line fought its own battles and chosen its own solutions. Now that the digital channel is firmly established even among incumbent and with more flexible tech available, coordination and alignment is taking place.

Data Minimization

“Data minimization” has achieved buzzword status. And its meaning varies depending on who you are. Essentially, it means a provider should hold only that data that’s necessary and no more. For a Socure that lives on massive data resources, data minimization is meaningless. Socure has to be an exceptional custodian of all of that data.

George and Rivka discuss another connotation for that term, the ability of the accountholder or user to release only the data that’s relevant to the transaction. Showing a driver’s license to prove you’re over 21 is a classic case of over-sharing.

So, take a listen. Stay safe.

For more on digital identity and synthetic identity in particular, check out Episode 115 – Finding the Phantoms – Synthetic Identity and the Issuer – with Naftali Harris of SentiLink.

Sometimes events delay things. Other times, they hasten them. At Glenbrook, the corona virus has sped us along a path we’ve been traveling for some time. The path is digital delivery of the Glenbrook Payments Boot Camp®.

In this Payments on Fire® episode, Russ Jones, partner in charge of Glenbrook’s education team, talks with George about two major changes in our payments education program.

1. Digital Delivery - what it looks like, how it works, and when we will launch it for our public participants
2. Curriculum Update - how Glenbrook maintains the currency of our training and some of the major updates made recently

As you’ll hear Russ say, we’re excited by the capabilities of today’s teleconferencing capabilities, how we can use them to inject a high level of interactivity into each session, and the challenge of bringing the Glenbrook Payments Boot Camp® magic to the digital medium.

Join us April 7-9 for the Glenbrook Payments Boot Camp® digital edition. No travel required!

All of us at Glenbrook wish you the very best of experience and outcome as each and all of us navigates the corona virus threat. Be calm, carry on, and keep your social distance.

Fraudster innovation is a constant. As the defenders of payment transactions thwart one fraud vector, these innovators, playing offense, switch tactics.

Today, the problem of knowing who you are, that you are who you say you are, in the digital domain demands stronger authentication techniques. Many of those rely on the attributes, the data, provided by the user or by the applicants in the case of credit extension.

In turns out that even the data supplied by applicants can be both entirely bogus and sufficient to convince a credit issuer to onboard the applicant and extend credit. This is the problem of synthetic identity.

To explore the synthetic identity challenge, take a listen to this conversation with Naftali Harris, CEO of SentiLink, a company focusing on detecting synthetic identities. Coming from years at Affirm, Naftali and the SentiLink team serve credit issuers struggling with this new fraud vector.

First, let’s define synthetic identity using the Fed’s Synthetic Identity Fraud in the U.S. Payment System Payments Fraud Insight white paper as the source:

“The generally agreed-upon definition of synthetic identity fraud is a crime in which perpetrators combine fictitious and sometimes real information, such as SSNs and names, to create new identities to defraud financial institutions, government agencies or individuals.”

Now we’re looking for phantoms. Uh-oh.

There are terabytes of personally identifiable information for fraudsters to use because of data breaches and our own over-sharing of our personally identifiable information. Knowledge-based authentication based on static data like SSNs, birthdays, and the name of our hometown isn’t hard to break. Nor is this static data generally protected by tokenization or encryption in any way.

The fraudsters know what we know. Uh-oh.

And because the real data presented by the fraudster creating a virtual identity is often that of a child or an elder or even the deceased, well, it’s super hard to detect. That comes from my Glenbrook colleague Yvette Bohanan who has years of risk management experience at Amazon, Google, eBay, BofA and others.

Of course, the fraudster’s goal in making up a new identity is to open a credit line in order to subsequently defraud the issuer, perhaps by carefully using a credit line carefully for years to build up a high credit limit before busting out with a lot of spending and then disappearing to a beach somewhere.

Multiple Types of Synthetic Identities

A startling aspect of some synthetic identity fraud is that it doesn’t take advantage of purloined PII. All of the data used by the credit application is made up out of whole cloth and thin air. The proper format of a social security is well known so why not generate a random one? After all, the federal government doesn’t operate a central SSN repository with realtime validation. A variant approach relies on real and fake data, combining, for example real names with made-up SSNs.

To explore the synthetic identity challenge, take a listen to this conversation with Naftali Harris, CEO of SentiLink, a company focusing on detecting synthetic identities. Coming from years at Affirm, Naftali and the SentiLink team serve credit issuers struggling with this new fraud vector.

On Payments on Fire® we’ve talked with gateway operators, processors, tokenization specialists, fraud management firms, and others - all providers who help payment acceptors handle their payments.

The range of services and business value they deliver varies a lot. Some providers do everything. Others, like Spreedly, the subject of this Payments on Fire® podcast, focus on a narrower set of functions and business outcomes.

Payment Flow and the Payment Service Provider (PSP)

When we talk about merchant acquiring in the Glenbrook Payments Boot Camp, we highlight the following transaction flow:

1. The merchant or its ISV, perhaps running as an PayFac, accepts the customer’s payment
2. They connect to a gateway or a processor
3. The gateway routes the transaction to an acquiring bank or its processor OR the merchant connects directly to one of these entities
4. The transaction is routed by the acquirer or processor into the payment network and on to the accountholders’s financial institution

That picture oversimplifies the tasks at hand. Depending on what kind of merchant you are, the set of payment-based services you need can vary substantially.

If you answer yes to any of the following, there are payment service providers ready to help you with specific tools:

• Are you an e-commerce merchant
• Is omnichannel commerce important?
• Are you strictly a bricks-and-mortar operation?
• Are you a biller or a heavy user of invoicing?
• Do you operate unattended devices like vending machines and kiosks?
• Are you global or have global aspirations?
• Are you an SMB or enterprise-class payment acceptor?

Some payment service providers (PSPs) are owned or captives of larger upstream entities. Their role is to capture an ever widening stream of transactions to flow on to their parent company. CyberSource, owned by Visa, may not care a lot about who the acquirer is but the company's transaction handling drives revenue for Visa.

Other independent PSPs like NMI and, in today's podcast, Spreedly, focus more on the needs of the merchant. NMI anchors it many other talents around its core gateway. Spreedly might be considered is a gateway to gateways. It connects to processors and has developed a broad set of connections into domestic systems around the world. Spreedly is a also payments tokenization provider.

Given that range, Spreedly refers to itself as a merchant-facing payments infrastructure provider. More casually, Spreedly is a layer of glue between the payment acceptor's operations and the payment systems that the acceptor needs to support. Payment orchestration is another in vogue term to describe what Spreedly, and others, do.

This is an evolving story and marketplace. Definitely worth a listen to Justin Benson, CEO of Spreedly, as we talk about what his company does and a range of industry topics including tokenization, risk, and more.

In this Payments on Fire® podcast, we examine the role of a payment service offered through a commerce solution targeted at the small and medium business (SMB) market. To do that, we talk with Nan Siler, Head of Payments Strategy and Operations, at Kabbage.

The small and medium business market is important to both the national and local economies. It’s big. According to the U.S. Small Business Administration, over 40% of GDP is generated by this segment. Over the last decade and more, SMBs have come to face new competition (Amazon and the high concentration of Big Retail) and a less willing lender community of traditional financial institutions. Kabbage has stepped into that environment.

Kabbage has loaned over $9B since its inception to some 220,000 customers and last fall added a new service, Kabbage Payments, to ease payment and invoicing for its SMB customers.

SMBs live and die on cash flow. If a big customer’s payment doesn’t come in on time, the business owner can end up paying her employees but not herself.

Kabbage has built sophisticated onboarding and lending models around the needs and realities small businesses. Cash flow management includes, of course, timely access to money, via lending, to fill funding gaps or help expand the operation.

Nan takes us through how Kabbage’s Payments solution complements Kabbage Funding, its lending operation, and how the two come together to provide better insight on the business’s cash needs. With better insight, the goal is to help the small business borrow less money for shorter periods of time when funding the day-to-day with the expectation that Kabbage can provide larger sums to meet the capital requirements of business expansion.

Many independent software vendors (ISVs) bring payments capabilities to their merchant customers to meet functional expectations as well as enjoy payment related revenues. Indeed, the ISV is now the channel through which many SMBs acquire payments acceptance capabilities. The payment-focused PSP group, and especially the Independent Sales Organization (ISO), no longer control that channel.

Kabbage, while not an ISV, has built its payment service to help merchants get paid faster. Every SMB wants that. So, take a listen to Nan as she discusses both the lending capabilities of her firm and how the new payment service complements that funding function.

As our lives shift online, our providers needs strong digital representations of each of us in order to make authentication and authorization decisions. Besides payment transactions, there are the diverse risks they must manage when, for example, we establish new credit relationships, add new payees to our online accounts, and move money in new ways. The providers of these capabilities—and often a single party offers multiple services—must be concerned with the associated risks each poses.

This is the special domain of risk and fraud management companies. In this conversation with Payfone’s CEO Rodger Desai, we focus on digital identity services and the role of the mobile ecosystem in particular. Take a listen.

Many risk and fraud vendors base their services on different data types, such as the email address, SSN, or phone number.

In Payfone’s case, it is the combination of the mobile number, the device it is connected to, and the mobile network serving it that have powerful attributes to measure against. Relevant data attributes include:

1. Tenure. How long the mobile subscriber has had the phone number tells a lot about the subscriber itself.
2. Phone’s Aren’t Free. Unlike email addresses which are cost-less, almost anything to do with a phone costs money, i.e. the service and device costs. Therefore, phone-based frauds, for the fraudster, cost money. Such hacks don’t scale as well as a card data breach. But when there is a phone-based hack, the impact on the victim can be particularly severe.
3. Lots of Activity to Examine. With 50% of American eleven year olds having phones, we generate a rich history using our phones. For billing purposes alone, that activity is tracked by the mobile network ecosystem and, given appropriate privacy controls, can be used to support risk decisioning.
4. Even More Data. Biometric unlocking of devices, behavioral fingerprinting—how we actually interact with the device user interface—and device fingerprinting—the digital portrait developed from such rich data—expand the data available for risk assessment.

The union of all this data paints a crisp digital identity once algorithmic power has been applied to it.

In this episode of Payments on Fire® we discuss the risk assessment capabilities the mobile ecosystem provides with Payfone’ CEO Rodger Desai. His long experience in mobile “phone intelligence” informs this discussion. He explains how some very large clients are using Payfone’s scoring capabilities to assess transactional and account risk while addressing the challenge of improving the user experience. Risk and convenience are often at odds. Payfone’s services are designed to mitigate that conflict.

Today’s digital identification capabilities are powerful. But fraudsters are fast moving and well funded. For the relying parties—those enterprises that take on the risk—the role of defense is a tough one. Priorities, cost, business goals, even awareness vary. Each and every party’s approach to risk assessment is unique. Risk tolerance for the same transaction will differ from bank to bank, from enterprise to enterprise.

In other words, individual enterprises can assemble strong risk assessment and mitigation capabilities while, from a systemic view, there will always be gaps to be exploited. The best we can hope in today’s environment is for each enterprise to raise its security game.

The U.S. has just come off a record setting holiday shopping season with e-commerce sales rising over 18%. While the numbers aren’t in yet, there’s no doubt the fraudsters also had a record year. There are so many ways to defraud consumers, merchants, and financial institutions.

At Glenbrook, we are optimistic about our longer term ability to deter, prevent, and detect fraud. Our kit is getting better. The combination of tech and rule making will payoff: strong authentication enabled by standards-based smartphone-enabled biometrics; regulations requiring strong authentication as put forward in the EU through its SCA rules; and our expanding ability to detect new attacks using tools that operate within the transaction flow.

It is this last area that is the topic of this Payments on Fire® episode. Fraud detection tools operated by or on behalf of merchants that examine transactions are today’s major line of defense against payment, loyalty, and coupon fraud. In this conversation with Colin Sims, COO of fraud prevention company Forter, the development, deployment, and maintenance of a modern fraud management platform is the topic.

Colin and George discuss how fraud management and prevention technologies continue to evolve, Forter’s own approach, the role and impact of PSD2 and SCA regulations in the EU, and how fraud continues to adapt. While machine learning is a central technology, Colin makes clear that human effort and insight is what makes the difference.

Deployment of “clean sheet of paper” payment systems is a once in a generation event. In over 50 countries, new account-to-account push payment systems are either in full scale operation, implementation, or fully committed planning stages. The U.S., for example, has the RTP Network in operation and, in a few years, the FedNow system will be online.

This is hard, serious work. Technology decisions need to be paired with equally rigorous rules making. One of the major concerns for these systems is what to do when a transaction is sent in error or initiated by a fraudster. In contrast to card systems, dispute resolution capability is not a standard feature. These choices should reflect clear agreement and follow through by the system’s key participants.

In this Payments on Fire® podcast, Glenbrook’s Elizabeth McQuerry talks with builders of dispute resolution, complex messaging, and connectivity capabilities developed around Australia’s New Payments Platform (NPP).

Joining Elizabeth are Jack Baldwin, Chairman of BHMI, a U.S.-based developer of bank-grade settlement and reconciliation systems, and Nathan Churchward, Head of Product, Emerging Services at Australia’s Cuscal Limited. Cuscal is a developer of payments capabilities that include card issuing and acquiring, mobile payments, fraud prevention, switching and settlement.

There’s a lot to be gained by learning from someone else’s experience. Nathan and Jack address the dispute resolution process, ISO 20022 messaging, and the significant effort needed to build out systemically important payment infrastructure. Take a listen and you’ll gain a deep appreciation of the interplay of rules, regulations, technology, and effort.

Glenbrook Partners is working with the U.S. Faster Payments Council to help shape rules in the U.S. and address significant concerns around system interoperability, directory services, and dispute management. Take a look at the Faster Payments Barometer based on our industry survey. And visit the U.S Faster Payments Council site for more. 

If you thought bitcoin was dead as a payments system, take a listen to George and Jimmy Nguyen, founding president of the Bitcoin Association, as they discuss Bitcoin SV, a new version of bitcoin that is a significant upgrade to the performance and capabilities of the original bitcoin protocol put into the world a decade ago.

From a payments perspective, bitcoin has failed. While successful as an albeit volatile store of value, its failings include:

• It is slow, only able to handle 2 or 3 transactions per second with a peak rate of 7. Visa handles 50K at peak holiday times with aplomb.
• While transactions are irrevocable, they are not immediately written to the blockchain. Core design specifies that that happens every 10 minutes but when the network is under load it has taken hours.
• Processing cost is too high, measured in dimes and dollars, and also volatile
• As the processors, known as miners, are rewarded with fewer bitcoins for their work, they’ll have to rely on processing revenues, transaction fees, to stay viable. Costs are already too high
• There’s the high power usage of the network that’s needed to maintain consensus, essentially trust in the network.

If you thought bitcoin was dead as a payments system, take a listen to George and Jimmy Nguyen, founding president of the Bitcoin Association, as they discuss Bitcoin SV, a new version of bitcoin that is a significant upgrade to the performance and capabilities of the original bitcoin protocol put into the world a decade ago.

Jimmy brings a refreshing view on cryptocurrencies and payments. Jimmy provides a great review of how bitcoin works and why both its performance and its economics are broken. He explains the advantages of the Bitcoin SV fork and why it was necessary. Suffice it to say, bitcoin’s evolution is subject to the often fractious politics of that community where competing interests inhibit long term thinking.

Bitcoin SV has intriguing potential. Micropayments, sub $1 transactions, have never found a home in electronic payments. BSV could apply there.

BSV is also designed to use enormous blocks in order to keep processing costs low and provide the ability to store massive amounts of data about the payment. 

Join Jeff Brown, president of VPay, a firm specializing in insurance claims payments, and George Peabody of Glenbrook Partners in this deep dive discussion of how the work of claims processing is done and how he approaches B2B payments, compliance, and the value-added services needed by the company’s customers.

The B2B Domain

We’re all familiar with the card present POS domain, card not present Remote domain, P2P payments, and the Bill Pay domain. A phone tap here, a card swipe there, a bill payment to the utility company. On a day to day basis, our personal experience with payments is these areas.

The B2B and B2C payment domains are very different. There is a wide range of industries with very specific payment needs. (Listen to episode 92  to hear how customized payments can become. Roadsync’s Robin Gregg talks about the special paper check type built just to serve independent long haul truckers.)

Insurance is Huge

One of the biggest industries is insurance. Premium payments in the U.S. alone are over $1.2 trillion. Payouts by stakeholders, such as healthcare systems and property & casualty insurers, and made to individuals claimants and service providers amount to trillions more.

Insurance is definitely big enough to be a very attractive vertical to a payments service provider.

Knowing Your Customer's Business

If you are a PSP serving a particular vertical market in the B2B space, you have to know at least as much about the vertical you serve as you do about payments operations and services. For example, if you’re making healthcare payments, you have to comply with the strict data privacy requirements specified by HIPAA regulations. You may have to support specific data formats. And you should help your business customers deliver useful features to their own customers.

If you want a great explanation of how payments fits into a vertical market, you can’t do better than listening to this episode of Payments on Fire®.

Digital disruption and financial inclusion are focus areas throughout the developing world and the topics are white hot in Colombia. Listen in as Hernando Rubio, CEO of Moviired, speaks with Elizabeth McQuerry and George Peabody about Movii and payment / financial inclusion ecosystem in Colombia.

Financial Inclusion in Colombia

Although one of the first countries in Latin America to make a big policy push for financial inclusion, those efforts focused a “banking correspondents” or agents in local stores carrying out basic financial services on behalf of banks. While these correspondents greatly improved access to financial services, they have not fully produced the desired results. According to the World Bank, fewer than half of all adults have a bank account and only a handful (less than 5%) have a transaction account from a telco led service. Very few Colombians use those accounts to pay bills or buy something on the internet. Cash is still preferred.

Enter the SEDPEs

In 2015 regulators in Colombia created a new category of licensed financial institutions called a   special company for electronic deposits and payments, or SEDPE by the Spanish language initials. While a bank can also pursue this type license to focus financial inclusion efforts, the main conceptualization of SEDPEs are fintechs that gain authorization to take deposits and make payments – the two most basic (and still lacking) aspects of financial inclusion. SEDPEs are not allowed to make loans but can partner with others to make small credits available.

Movii

Rubio’s Movii was the first SEDPE to be authorized by regulators. Movii is a classic digital service that offers a wallet for storing funds, access to a reloadable debit card from Mastercard for buying in stores and on the internet, bill payment, mobile top ups and transfers to other Movii users. Movii also recently connected to the new national real-time payment service (Transferencias Ya) in order to be able to reach all account holders in Colombia. Movii builds off the company’s experience managing Moviired, an extensive network of physical agents in stores and bank correspondents throughout Colombia, that people use for those basic payments. Hear how a company disrupts itself as it lays the foundation for the next generation of financial services.

The merchant acquiring industry continues its large scale shift from a payments-led to an operations-led purchasing decision for the merchants it serves. Historically based on independent sales organizations (ISOs) and non-bank acquirers, the party that increasingly provides payment acceptance is the independent software vendor (ISV).

This makes sense for a number of reasons:

• Software is Vertical. Today, the first IT choice more merchants make is the software they use to run their business. This makes sense. Tools that improve overall business operations have a greater impact on success than the comparatively minor differences among payment providers. Auto parts stores need inventory management. Salons need scheduling. Ice cream and coffee shops need quick order entry. Daycare providers need security controls.
• Payments are Horizontal. Every merchant, regardless of its segment, needs to take payments. While many segments have particular requirements for payments, payment acceptance alone is a commoditized service.
• The ISV is the First Point of Contact. Given its primary role, the ISV has moved into an excellent position to sell and profit from payment acceptance.
• Taking a Back Seat in Selling, Payments is Infrastructure. The payments industry has multiple ways of enabling ISVs to sell payments. The ISV may use a gateway to reach multiple acquirers with the gateway itself selling value-added capabilities in areas like fraud management. The ISV may use the payfac model for fast onboarding of new merchants. The ISV may, itself, become an ISO. Multiple forms of business relationship all provide some measure of revenue sharing with the ISV.

Differentiation in Payments Via New Paths

Differentiation based on value-added services drive revenue in payments. For that reason, we have seen non-bank acquirers and ISOs focus on particular vertical market segments to drive and secure long term revenues. A decade and more ago, Heartland Payment Systems (acquired by Global Payments) doubled down on the restaurant vertical by developing special services for restaurant operators as well as acquiring restaurant-focused ISVs. That lesson has been learned by many since.

Over the last few years, differentiation has also stemmed from how well the payments provider serves the ISV and its developers. Integration of payment services both into the ISVs code and within the provider’s own code base is important. A single API that exposes all of a provider’s services is preferable to integration work requiring knowledge of an API tied to each function. Micro-services based capability is also welcome.

Payment Facilitation as Enabler

While not, in and of itself, a new approach, the payment facilitation model is a major enabler of payment service delivery via ISVs. The payfac model is based on network rules that allows an intermediary to act as the merchant of record in order to provide payment system access to smaller merchants. PayPal did this first for ecommerce merchants. Stripe is another card not present example. Square used the payfac model to offer sellers in the physical world access to card acceptance.

ISVs who become payfacs assume responsibility for the activity of their small merchant customers. So, choosing to become a payfac has its complexities and risks. A number of providers, including Finix, bring expertise in the payments facilitation model to help ISVs make that decision.

In this Payments on Fire®, take a listen to Glenbrook’s Nicole Pinto, Drew Edmond, and Finix CEO and founder Richie Serna as they discuss the payfac phenomenon and the larger shift to the ISV as payments provider. This is a cool conversation about a sea change event in the merchant services industry. 

Take a listen as George and Nick Starai, Chief Strategy Officer of NMI discuss the role of the independent payments gateway and its evolution as a technology and business enabler for today’s providers of payment acceptance: ISOs, ISVs, and merchants.

A key technology and business partner for merchants and the first-line providers of payment services (think ISVs and ISOs) is the payment gateway.

At their simplest, gateways provide a single interface to their users that, once built, lets the party using it switch between acquirers with relative ease in order to get better performance, service levels, and/or pricing.

For independent software vendors (ISVs) selling line of business software this flexibility allows their customers to choose their acquirer of choice from the range of acquirers supported by the gateway. Many such relationships are in place long before the ISV relationship is established. ISVs can’t insist that their potential customers change acquiring banks in order to use their software. That’s one use case for a gateway.

Another is the Independent Sales Organizations (ISOs) that also realizes the necessity of using gateway technology in order to reach their increasingly demanding merchant customers. Placing stand-beside payment terminals next to a cash register is no longer nearly enough. Integration of payments into the overall business process of even a smaller merchant is now table stakes. Gateways can help make integration of more advanced capabilities happen.

Independence Means Acquirer Neutrality
Many formerly independent gateways have been acquired by processors. What processor wouldn’t want to move all the transactions managed by the gateway onto its own systems? It’s all about volume, after all.

But for independent software vendors, independent sales organizations selling to ISVs and merchants, and for many merchants themselves, an important virtue of the gateway function is its processor and acquirer independence.

Value-added Services
Gateway operators generally charge flat fees for each transaction handled so they have every incentive to expand the volume of transactions they manage as well as to provide value-added services that increase revenue on each transaction handled.

To increase volume, gateways make it as easy as possible for a customer to integrate to the gateway. They make their APIs simple and robust so it’s easy to add new services. The gateway provider builds software developer kits (SDK) to support in-app payments and makes sure their code runs on every important operating system.

Gateways often specialize on a particular payment domain such as large ecommerce merchants or in-store systems. Others offer a broader set of services. NMI, the subject of this Payments on Fire® podcast, supports both EMV terminals and the card not present environment.

Payment Facilitation
The payment facilitation business model has broadened card payment acceptance to the wide base of small merchants who would otherwise not qualify for a traditional merchant account.

The greatest impact of this payfac model is how it streamlines the onboarding process. Instead of the days-long underwriting process traditionally needed, sellers working through a payment facilitator (PayPal, Square, and Stripe all employ that model) can start to take payments within minutes of creating an account.

Because of that swift onboarding, the payment facilitation model reduces sales friction for ISVs. Their customers can install the ISVs line of business software and start taking payments at the same time.

For the ISV, there’s also the opportunity to earn revenue from their customer’s payment transaction flow. We’ve seen multiple merchant companies selling software services earn substantial revenue from the payments side of their business. NMI provides essential infrastructure services for the payfac business model including onboarding, sub-merchant account creation, KYC, and other reporting services.

The NMI Story
Nick relates NMI’s growth and service expansion. It’s a cool story that speaks to the industry’s evolution as well as the company’s own growth. By the end of the podcast, you’ll understand how enabling technology and new business models have shifted, yet again, the payments ecosystem. The gateway and payment facilitation services offered by NMI help move ISVs and tech-forward ISOs into a first position over traditional providers of merchant services.

Take a listen to Ian Drysdale of Zelis Payments and George as they discuss how complex the payments process is in the healthcare industry. 

Near the peak of payments complexity and specificity is the healthcare industry. If you’ve ever looked at an explanation of benefits letter from a healthcare insurer, you’ve had a glimpse into the complexity of these payments. Multiple parties are paid a lot of money, before you may be required to ante up a co-payment yourself.

Regulation, compliance, the huge range of services delivered, and the scale of the healthcare ecosystem—from giant healthcare insurers to the local dentist—make healthcare payments a challenging, and attractive, market to serve. It is an enormous business-to-business market. Americans spent $3.5T, over $10K per person, in 2017. We spend something like 1 in 6 of our dollars on healthcare.

Simply getting the payment to the right party is complicated. Consider the imaging clinic that operates within a big regional hospital. It has its own back accounts, its own P&L, its own accounts receivable. Getting payments routed into the right account isn’t easy.

Checks still dominate in this industry because the development and maintenance of databases to track bank accounts is a major headache for a payer like an insurance company. Dropping a check in the mail, along with invoice information, at least communicates what’s necessary despite slow speed and high cost.

That’s where Zelis Payments and Ian Drysdale, its president and guest on this Payments on Fire® podcast, come in. Zelis Payments specializes in shifting healthcare payments from check rails to ACH rails. Using the service, providers get paid within a two or three days instead of two weeks. That speed has a huge impact on cash flow, a business metric of particular importance to smaller providers.

Zelis Payments also enables an EDI message format that communicates what’s being paid for in a manner consumable by the accounts receivable software in almost every healthcare provider’s office. Matching up the ACH deposit to what it covers is automated. While neither ACH or EDI are considered modern technologies, pairing them tightly produces real efficiencies.

Another area of complexity Ian discusses is healthcare fraud. Unfortunately, no small number of providers enter fraudulent claims into the system. They add up to huge numbers.

Zelis Payments adds value specific to the healthcare industry around the general functionality of EDI and ACH rails. If you’re a dentist getting paid 10 days faster than before, that added value is a very good thing.

Need an early warning system for what payment system hackers are about to do? Then knowing what’s happening on the dark net is imperative.

In this episode of Payments on Fire®, George speaks with Aamna Zia, VP of Finance and Growth at Flare Systems, and David Hetu, its Chief Science Officer. Based in Montreal, Flare Systems operates a dark net monitoring system that brings intelligence to the InfoSec and fraud management teams at banks.

The dark net is a mysterious place for most of us. It exists on something called Tor, an internet overlay that is designed for anonymity. Using a purpose-built browser, users can access websites, chat rooms, and the like, similar services to those we use on the open internet. The anonymity feature makes performance slow but it also works.

And that’s why it is the hub that marketers of stolen card numbers, user IDs and passwords, personally identifiable information, and hacking tools use to buy and sell. It’s this activity and the discussions around it that Flare Systems monitors and reports on.

Among the findings of Flare’s analytics is the fact that the vast majority of card data sellers probably have to live with their parents to get by. There’s not a lot of money in that particularly tired approach.

Obviously, there’s plenty of money to be made in payment fraud, though. Account takeover (ATO) fraud is growing quickly as recent losses on the UK’s Faster Payments system demonstrate. Synthetic identity fraud is fueled by the kind of data sold on the dark web.

Take a listen as Aamna Zia and David Hetu as they describe how Flare Systems works and what the hackers are up too. Then, if you’re on a bank’s infosec or security team, try to get some sleep.

Listen to George and Jacques Soussana, General Secretary, of nexo Standards, an organization based in Europe with global goals to establish interoperability of hardware, software, and data across the point of sale and e-commerce domains.

Interoperability in a Complex Ecosystem

The payments industry is in a period of especially swift change. New methods of payment, new payment systems, new ways to initiate a purchase.

Innovation can be wonderful, improving convenience, speed, and reliability. But there is a downsides to all of this creativity: Interoperability. Connecting disparate systems is technically challenging and faces business questions such as “what's the ROI on connecting to yet another system?”

Today interoperability may be difficult or impossible by design. Payment methods stood up by individual companies often remain closed or must rely on other payment systems to actually move transactions.

In what is an increasingly integrated world with payments as an embedded experience, interoperability challenges show up both at the physical point of sale and online. Acquirers often use proprietary adaptations of standard protocols to “enhance” their capabilities and, to a degree, erect competitive barriers. The software used to connect point of sale terminals processed by one vendor must be changed when those same POS devices are connected to another provider.

Further complicating the merchant challenge is the merchant-facing software that connects to those terminals. That software connects to each brand of payment terminal in a proprietary fashion. While gateway providers simplify the payment interface for these independent software vendors (ISVs), each gateway provider has its own approach.

For merchants, then, there’s no such thing as “plug and play” software to connect to terminals or to connect those terminals to payment networks.

This complexity was bad enough when card rails were the only payment method of consequence. Today, however, domestic and regional payment methods are changing, adding account-to-account push payment systems like the U.S Real Time Payment Network from The Clearing House or the European SEPA Instant Credit system.

In other words, there are new payment rails, the systems that actually move money, that matter.

So, this complexity problem must overcome and that is the goal of nexo Standards, the organization Jacques represents and the topic of today's Payments on Fire® discussion.

Getting stakeholders to work on the common goal of interoperability is no easy task. Most often, participants come from competitive companies. Most of these organizations are large because, first, they have to be large to afford the investment in participation, and, second, they have to be large to realize the financial benefits of actual implementation.

This is known as the “Herding Cats Problem” and they aren’t kitty cats.

nexo Standards, and its prior incarnations, has been working on point of sale standards for over a decade. The nexo FAST standard that addresses the physical point of sale, EMV, and how to connect within the SEPA framework is nearly 1,000 pages long. And there are multiple nexo specifications including the Retailer protocol that describes the interfaces between a card payment application and a retail point of sale system

Other nexo standards address security, terminal management, the acquirer connection, and implementation.

So, a complex technical and business environment with nexo Standards bringing a comprehensive set of specifications to address it.

nexo Standards Annual Conference (attendance is free, in London)

A  Better Way, Please

Last week I tried to connect my accounts at two different banks. Between account type mismatches (my bad), long account numbers, ACH micro-deposits, and balky websites, well, I’ll confess I put a check in the mail as a “quicker” way of overcoming the electronic barriers. Snail mail. Really?

That situation, and many more where speed matters, is exactly why the world is turning to faster payment systems that allow the accountholder to push money from an account she controls to a recipient in near real-time. To eliminate entry, and sharing, of bank routing and recipient account numbers, today’s faster payments systems are often enhanced by a directory that maps the recipient’s name to a mobile number or email address. The director connects those to the underlying bank account.

This is great stuff, especially for the United States where so many push payment methods exist based on closed loop or incumbent payment rails. The U.S. now has providers like Venmo using balance transfers and card rails (Visa Direct, Mastercard Send) to make realtime P2P transfers workable. NACHA has sped up the automated clearinghouse (ACH) system to run batches a few times a day to accomplish its Same Day ACH service.

We have Zelle, the P2P service stood up by Early Warning Services,  that combines a directory with immediate funds transfer availability for the recipient and interbank settlement running over, yet again, an incumbent payment system, in this case the ACH.

Every one of these approaches has merit and traction.

New Rails, New Rules

That said, the new realtime systems are growing here too. Built with modern software and messaging protocols, they promise to change how both end-user settlement and inter-bank settlement is accomplished.

The first on the scene was the Real Time Payment (RTP) network from The Clearing House (TCH). Launched in 2017, the largest financial institutions and bank processors are integrating their core systems—the software that manages accountholder balances and transaction activity—to the RTP Network.

And this summer, the Federal Reserve announced it will build and operate its own faster payments system called FedNow. Like TCH, the Fed has operated multiple payment systems and been the preferred operator for the nation’s smaller financial institutions.

New Complexities

Competitive pressures, market guidance, and regulation are what move the U.S. economy. The Federal Reserve provided plenty of guidance to encourage development and deployment of faster payment systems. THC’s RTP Network was among the first to respond.

These new rails are a result of a multi-year effort by the Federal Reserve to shepherd the highly competitive U.S. payments industry toward the development of these faster payment systems. The RTP Network and FedNow are proof of its success and that of the Faster Payments Task Force, the group convened by the Fed to define the characteristics of the new approaches. 

But there’s still a lot of work to do. Questions of governance, implementation, and more abound. Interoperability concerns are especially high. These are, after all, competitive systems.

The New Organizing Principle - The US Faster Payments Council

To keep the evolution of the U.S. faster payments moving forward, the US Faster Payments Council was formed. Many Task Force members have joined as members of the Council.

The Council serves as an industry-led organization that supports collaboration across multiple areas including security, end user education, and interoperability.

In other words, the Council will be herding some very big cats.

The U.S. Faster Payments Barometer

To support its education and collaboration efforts, the US Faster Payments Council is conducting a survey of industry views on faster payments advancements. A multi-year survey, to monitor the momentum and evolution of Faster Payments here in the U.S. market.

The survey is designed to identify key criteria for market adoption, broadly gauge momentum for various use case applications, and seek to address challenges to be solved in order to have a well-established Faster Payments ecosystem.

Take the Survey

Talking Faster Payments

In this Payments on Fire® episode, Faster Payments Council Executive Director Kim Ford discusses the Council’s work, the U.S. Faster Payments Barometer survey, and where we are today with Glenbrook’s Beth Horowitz Steel and Elizabeth McQuerry. Take a listen and take the survey. You’ll contribute to the Council’s education, planning, and prioritization work.

For a nanosecond, about seven years ago, I thought the payments industry was entering a steady state where change, while sure to be accelerated by technology, was going to settle down to the familiar sedate pace the payments industry had taken for decades.

Hah! Payment industry evolution has leapt forward since then based on, yes, technology, but also new rules, regulations, business models, and changes in attitude toward how money moves, security, and privacy.

One major trend I didn’t anticipate then was the global phenomenon of faster payments, now in active implementation or operation in some 40 countries around the world. Another, of course, is cryptocurrencies but I’ll leave that one alone for now.

The emergence of faster payments is a function of new technology with new transaction switching infrastructure and (mostly) a common messaging standard in the form of ISO 20022. But it’s also a function of rules and market response.

Even in the United States, a nation whose payment strategy is largely set by competitive forces, the central bank has had significant influence in launching new settlement capability. (And now, the Fed is planning to build its own version).

Europe and India are standouts when it comes to government guidance and strategy setting for banking and payment systems.

The European Union’s active role in evolving payments policy is recently expressed in the second Payment Services Directive (PSD2).

PSD2 has chosen to address one of the most vexing digital security challenges: strong customer authentication or SCA. Article 4(30) of the directive defines SCA as:

“an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data”

For anyone familiar with authentication requirements, this is hardly a novel approach. That said, as far as the payments ecosystem goes, however, this is a sea change.

This is also a necessary change. Faster payment systems, where the sender pushes the payment to the recipient, make the sender’s bank responsible for authenticating its accountholders. The accountholder has to prove to her bank that she has the right to access her own account and to initiate a payment.

Unfortunately, phishing and malware are attacks that make account takeover easier than ever. There’s been an uptick in authorized push payment fraud in the UK due to ATO.

Therefore, enforcement of multi-factor authentication is seen as a necessary response.

Point of sale transactions already meet the SCA requirement. The card is something you have; The PIN is something you know. That’s enough to meet the SCA requirement. Oh, right, in the US, we don’t put PINs on credit cards. They do in Europe. We’re going to need biometrics in the US (something you are).

PDS2’s SCA mandate requires that multi-factor authentication be used whenever a user logs into her bank account or makes an e-commerce payment. Whenever payment risk is a possibility, SCA has to be used (there are plenty of exemptions but that doesn’t change the point).

Every stakeholder—every bank, every e-commerce site—must comply by doing something they have not done before.

That means a lot of work.

In this Payments on Fire® episode (Episode 100!), I speak with Russ Jones, Glenbrook’s partner in charge of our Education work and a preeminently insightful payments consultant. Russ takes us through SCA, its relationship to other standards, and the impact of its now somewhat delayed implementation.

Russ concludes the conversation with the rather chilling observation that history is about to repeat itself. The US will experience in the digital arena what the US experienced at the physical point of sale.

When EMV chip cards were mandated in Europe, card fraud at the POS and the ATM migrated to the US. Reliant on the static data of the mag stripe, the US became a global magnet for magstripe card fraud.

Once SCA becomes broadly implemented in the EU, in 2021 and beyond, online fraudsters will redouble their already considerable attacks on US financial institutions, tech providers, and merchants. While security tools are more common than ever—FIDO capable smartphones are one example—the US lacks a single entity to mandate and enforce multi-factor authentication in payments.

Scared yet?

One of the privileges of using a card to make a payment is the ability to dispute that charge should something go wrong. Maybe you ordered one garden rake but got charged for two. Perhaps you ordered a sweater and, as my colleague Allen Weinberg puts it, “got shipped a box of rocks.” Or you discover a charge that you didn’t make on your card account and believe it’s fraudulent.

In all those cases, the dispute process involves a chargeback.

The cardholder disputes the charge, the issuer credits the customer for the amount of that charge if it’s an obvious mistake or fraud, and, depending upon the chain of liability rules and the type of transaction, one party—the issuer, the acquirer, or the merchant—will have to bear the cost of the chargeback.

For merchants, just getting a chargeback message is a cost in the form of a fee paid to its acquirer. How does $5 and (way) up sound? Chargebacks, as a payments cost, are no financial joke.

The card system also views the chargeback rate—the percentage of transactions that result in a chargeback—as a leading indicator of poor merchant behavior. Once a merchant’s chargeback rate approaches one percent of its transactions, the merchant’s acquirer or PSP is going to put it on notice. If the merchant doesn’t lower that rate pronto the merchant could lose the ability to accept card payments.

The chargeback process is also a cost to issuers who are generally the party first called by the unhappy customer (issuers will often ask the customer if she or he has called the merchant, too).

In other words, chargebacks are a result of something going wrong and they can be a costly hassle for everyone because, for many stakeholders, chargeback handling is still dealt with manually.

In this Episode 99 of Payments on Fire® we talk with Rick Lynch, VP of Business Development from Verifi, about the impact of chargebacks on merchants and issuers. He updates us on rule changes by Visa and Mastercard. And he addresses the process and techniques needed to handle these post-authorization events.

While only mentioned in passing during the episode, Verifi is being acquired by Visa, in another example of expansion by card network operators into adjacent payment ecosystem roles.

The global spread of digital payments gets a huge boost from giants like Google. Google’s Google Pay is far more than just a wallet, and the subject of this Payments on Fire® episode with Steve Klebe.

Steve heads Google’s Processor and Partnerships business and has terrific experience in our industry, working with payment gateway CyberSource, payment security firm RSA, and carrier billing firm BilltoMobile. He’s also served multiple times on the board of the Electronic Transaction Association.

In other words, a true payments geek.

Here’s what we talked about:

• The evolution of Google Pay from its 2011 launch as Google Wallet and the various incarnations since then
• Google’s business model for GPay and the degree to which the data generated by GPay transactions influence (or not) the advertisements we see on sites using Google’s advertising services
• Transit payments, Google’s role in the W3C’s Payment Request API, and how Google pulls it into its own tools
• The Google Pay value proposition and how it combines the value of hundreds of millions of cards on file, their organic growth through Chrome’s auto-fill, Google’s own sales, and making those credentials available to third parties via Google Pay
• The new Google Pay APIs that focus more on convenience than payments: event ticketing, airline boarding passes, and more
• Google Pay India, renamed from Tez, and its role in the UPI framework that enables secure bank-to-bank transactions.

We conclude with thoughts on the Open Banking phenomenon and Google’s intentions in that area.

Here on Payments on Fire® we've spoken a lot with risk and fraud management firms that generally offer some combination of services and technologies that promises to lower customer exposure to payments fraud, data theft, and operational risk.

There’s another dimension to cyber security that’s based on expertise - before and after a data breach. That's the subject of this episode.

First, a company needs to understand its overall exposure. What do we have and what can we afford to lose? That takes a technical assessment of the firm’s internal and external defenses. It also takes an understanding of what the company has to lose, from reputation-based good will to loss of R&D investment through the theft of intellectual property. Such concerns are now top of mind for corporate directors tasked with shepherding their companies in the complex cyber domain.

Yes, there’s a role for insurance.

Post breach, there is the work of uncovering what happened, the maintenance of evidence so that proper forensic procedures can be taken, and the painful resolution process that may include fines (PCI) and litigation.

All of this is well understood territory for Chris Uriarte, Chief Information Officer at Aon Cyber Solutions who joins George in this episode.

Topics discussed include:

• The kind of activities and efforts needed to address today’s cyber risk
• How IoT threats are no longer confined to cheap surveillance cameras
• The sophistication of the cyber criminal industry
• The interlocking roles of threat analysis, risks assessment, and insurance
• The rise of ransomware and the particular exposure larger organizations face from this threat

The task of risk management in the payments business keeps getting bigger. Where once the concern was confined to payments alone - starting with counterfeit checks and currency - payment electronification has created a universe of potential risks. Risk now includes fraudulent cards, system and network hacks, data breaches, and account takeover with all the havoc that can produce.

And we’re seeing how these impact the reputation and value of businesses even when the hack has nothing to do with payments. (By the way, bogus checks and counterfeit twenties are *still* a problem.)

We’ve touched on this topic in multiple ways on Payments on Fire®. We’ve spoken with Ethoca about its data sharing capabilities. We’ve spoken with Feedzai about its AI and machine learning technology. We’ve spoken with White Pages Pro and its data correlation capabilities. And we’ve spoken to companies deeply involved in the problem of online identity.

Each of those has a particular approach, a particular technology, or a combination of approaches, to apply to the problem of e-commerce or CNP fraud.

In this podcast, we talk to Tricia Phillips, SVP of Product and Strategy, at the fraud and risk management firm Kount. Protecting some 6,500 e-commerce merchants, banks, and payment platforms, Kount takes a deeply layered approach to the risk and fraud management.

This deep dive discussion takes us into not only Kount’s approach but into what fraudsters are doing today and the damage they can do, even to non-payments companies like Yelp. It’s a scary scene. Tricia takes us through it with insight and experience.

If Risk in Payments is a topic of interest, check out our upcoming Insight Workshop by the same name. Led by Russ Jones and Yvette Bohanan, you won’t find a more knowledgeable team to guide you through what is, as I hope we’ve demonstrated, one very complex topic.

One of the biggest payments challenges for merchants is how to handle payment data - whether it’s at the POS or in the remote domain where e-commerce and mobile payments take place. A lot of this concern is driven directly by PCI DSS compliance and broadly by the reputational risk data breach represents.

One of the major techniques merchants employ, in order to remove the need to store payment data, is tokenization - the replacement of the high value card data with a low value representation managed by another party. Merchants just store the token for lookup purposes while the third party maintains the database that links these low value tokens to the true primary account number or PAN.

At Glenbrook, we refer to these as merchant tokens because they are specific to and paid for by the merchant. We’ve also heard them referred to as acquirer tokens because the tokenization function is often performed by the merchant’s acquirer, processor, gateway, or payment service provider.

Makes sense, right? Put the radioactive payment card data into another party’s hands.

But for large and mid-size merchants, the provision of tokenization services to an acquirer has a few downsides:

1. The token database maintained by the provider is specific to the merchant. If the merchant wants to shift to another provider, tokenization portability can be an issue and a costly one.
2. In our merchant work, we are seeing the largest ones looking at a multi-acquirer topology for cost, redundancy, and channel flexibility purposes. But each acquirer will use its own tokenization scheme, adding complexity and limiting functionality.
3. Omnichannel merchants may employ one provider for POS transactions and another for ecommerce. That doesn’t work when you want to provide a consistent experience to your returning customer. You want a token that works across channels, i.e. an omnichannel token.

In this Payments on Fire® episode we talk with Alex Pezold, CEO of Token, an acquirer neutral, independent tokenization provider. We talk a lot about protecting payment and bank account data. But we also address the growing need for protecting other data assets and how tokenization can help accomplish that.

Digital identity is one of the most solution resistant challenges to online commerce and, indeed, our online lives. It is basic to online trust, an elusive condition undermined by data breaches, abuse of our data by service provider, and fraudsters.

That’s not say we aren’t trying. Providers of all stripes are applying their value add to the problem. Smartphone makers have a role. Fraud management providers see themselves as having a role because they see so many users visiting their merchant customers’ websites or using their apps.

Networks do, too, as evidenced by Mastercard’s recent interest in identity services.

Then there are specialists in identity who play a role between the end user and the party granting access to a service, i.e. a bank. Today’s podcast is with SecureKey, a Canadian firm that has built a system to generate online trust while not sharing too much data between the parties.

Blockchain technology has increasingly gotten the attention of those in the identity space because the idea of having an immutable database as a single source of truth for identity credentials just seems so obvious.

Well, it’s not exactly as simple as putting your drivers license on a blockchain. SecureKey has partnered with IBM to use blockchain technology in support of its function as a provider of identity services.

SecureKey’s Verified.Me service gives the user the ability to quickly identity themselves and to share only the personally identifiable information they consent to share. Customers include Canadian banks CIBC, Desjardins, RBC, Scotiabank and TD. BMO and National Bank of Canada will be available later this year.

Take a listen to this conversation with Andre Boysen, SecureKey's Chief Identity Officer, and Glenbrook’s George Peabody and imagine the power of coupling a service like this to strong authentication services that use biometrics.

Ever wonder about EMVCo's role in the development and implementation of its technical specifications? Take a listen to Bastien Latge, EMVCo's director of technology and Glenbrook's George Peabody as they discuss EMVCo's EMV®* QR Code Specification for QR code-based transaction initiation in the card system. While developed card markets are shifting to contactless cards and NFC-using mobile phone wallets to kick off payments, the QR code offers a flexible, very low cost alternative. There's a lot to learn here.

Most of us are familiar with QR codes to retrieve product information from websites or print media, or perhaps when authenticating a mobile device to a web page.

In payments, many of the caffeine-reliant among us use the Starbucks app with its 2D barcode to initiate the transaction. It makes it so easy to know when we have enough gold stars to ask the barista for a drink on the house.

Some merchant apps use a QR code for the consumer to present when initiating a payment transaction that calls on card on file payment credentials. Walmart Pay for example.

In China - and really throughout Asia - providers like Alipay and WeChat Pay have been hugely successful with QR code-using payment apps.

In Japan, the proliferation of closed loop QR code-based payment tools, each encoding data differently, has created a cacophony of incompatible approaches. A new industry collaboration effort is attempting to lower the technical noise level by using a common technology provider. 

The card industry, named because of those 85.60 mm × 53.98 mm (​3 3/8 × ​2 1/8 inches) pieces of plastic we carry around, is, of course, far more than the cards it uses to initiate a transaction. Their rules and global networks are unparalleled in reach and sophistication.

But at the edge of those networks, the card format is becoming less important (think mobile wallets) and useless in those markets lacking a terminal infrastructure. To make sure card network transactions can take hold in card-less regions, the card brands put their technical specification organization to work.

In 2017, EMVCo released its EMV QR Code Specification, designed to encode and represent the card message structure in QR code format.

A major hallmark of the EMV Chip Specification in cards is the generation of dynamic data, of a cryptogram unique to that transaction, that prevents replay attacks. The EMV QR Code Specification supports such dynamic data as well as the issuer tokenization framework also codified by EMVCo. Even the payment account reference number (PAR) is accommodated here.

To accelerate use of QR code EMVCo recently built self-assessment tools for both merchant- and consumer-presented that validate the QR format. Certification to individual networks and acquirers is not supported by the EMVCo tools.

* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

Payments on Fire® usually focuses on a single topic, typically a fintech company and the business or personal challenges it addresses. In this episode, we take another direction by bringing together three fintech leaders to talk about their company offerings, how they connect up to payments, and some of the obstacles they’ve faced.

George talks with the leadership of three companies working in very different areas: remittances, small business logistics payments, and healthcare.

• Mike Gaburo, CEO of Brightwell Payments, a company delivering a mobile payments app to global workers for their payroll distribution, enabling card-based purchasing as well as remittance services
• Robin Gregg, CEO of RoadSync, a business software provider that enables electronic payments to SMBs in the logistics sector; and
• Alan Nalle Chief Strategy Officer of Patientco, a payments platform with intuitive, mobile-friendly tools for Health Systems to enable patients to pay their healthcare bills.

This conversation illustrates the breadth of payments and the focus required to solve the specific payments needs of each industry segment.

Robin, Mike, and Alan will join Glenbrook partner Beth Horowitz Steel on her panel called Innovative Solutions - Solving Difficult Payment Needs at the Fintech South conference, held April 22 and 23 in Atlanta.

Five years on from Apple Pay’s release, contactless payment cards are just getting off the ground here in the US but in much of the rest of the card world, contactless payments of both kinds are common practice. In London, half of the card transactions are contactless. The same is true in Canada. While it’s true that the vast majority of these are card-based, not via mobile wallets like Apple Pay and Google Pay, even the mobile wallets are gaining momentum.

To expand contactless usage, Mobeewave has developed software tools for financial institutions to integrate into their merchant app that turn the merchant’s smartphone into a contactless acceptance device. No added hardware: software only.

We’re talking with Maxime de Nanclas, Mobeewave‘s co-CEO and co-founder. A firm based in Montreal, Mobeewave has worked to turn smartphones into general purpose contactless payment terminals.

This is cool tech and, as Maxime tells it, a great journey for the company. Take a listen as he describes what their software does, how they built it, and their experience navigating the complexities of device certification.

The UK and the EU take a very different approach to payments industry evolution than here in the States; the former directed by government mandate, the latter by marketplace dynamics and the lighter touch of regulators. But both are responding, at different speeds, to the need of fintechs and enterprises for access to bank-based data and services.

The Payment Services Directive 2, PSD2, written in 2015 and in effect since January of 2018, addresses a range of concerns including a ban on surcharging on card payments and limiting consumer fraud liability exposure from 150 to 50 euros. But its major impact is its enablement of Open Banking through the granting of access to payment rails and payment data managed, up until PSD2, only by banks. Banks are required to open up programmatic access, via APIs, to that data.

In this Payments on Fire® episode, we dive into the UK and EU experience with the PSD2 a year after it going into effect. We take a look at its impact on Open Banking, the opening up of payment rails to these fintechs and other non-bank players.

To do that, Myles Stephenson, CEO of B2B payments firm Modulr, discusses his firm’s experience as an Electronic Money Institution, an organization chartered by the UK’s Financial Conduct Authority (FCA) under PSD2 rules. Under its provisions, Modulr gains, or will gain, the ability to initiate payments on behalf of its customers as well as access customer data.

While incumbent financial institutions are hardly thrilled at the prospect of opening up their systems to fintech competitors and the cost of doing so, the operational improvements for customers and increase in competitive activity are expected to generate many benefits.

Cross-border B2B payments are frustrating, time consuming, and expensive, especially for small and medium businesses. To dig into why and what's being done to overcome those concerns, join George and Marwan Forzley, CEO of Veem, for an explanation.

SMB B2B payments, particularly cross border payments, have always been time consuming to accomplish and expensive to do.

They are time consuming because sending an international “wire” payment was historically slow with uncertain delivery timing and with uncertain, and high, costs to both the sender and the receiver. For the sender, the process of initiating a cross-border payment has always taken no little time compared, for example, to writing a check.

Cost is a second concern because cross-border payment economics are not always transparent. At least a few times a year, when Glenbrook gets paid by one of our international clients, the funds we receive are less than what we invoiced. While our client sends us the correct amount at the prevailing exchange rate, intermediaries along the way may take “bene deduct fees” - beneficiary deductions - from the funds in transit in order to compensate themselves for their services. I prefer the more accurate term of “lifting fees."

This uncertainty of timing and cost affects millions of small businesses participating in the global supply chain.

Companies like Veem, Western Union, TransferWise, PayPal and many others compete on speed, predictability, low cost, and global reach. Super helpful integration into business accounting and AR/AP functions is a big plus.

Veem’s story is compelling as it began using the bitcoin blockchain to send money between its operations in multiple countries. Since then, the company has added other partners and its own in-country account balances to fund transactions. Veem’s SMB customers can send money to 90 countries and receive funds in 25. The company has served over 100,000 SMB customers.

If blockchain, cross-border, B2B, small business and fintech are terms that interest you, take a listen to George and Marwan as they catch up on the company, SMB pain points, and the impact of Chinese tariffs on Veem customers.

If you're in Atlanta in April, check out the Fintech South Conference. Glenbrook partners Elizabeth McQuerry and Beth Horowitz Steel will be there. Get in touch!

The digital marketplace model brings together buyers and sellers and, frequently, handles the money and payouts to the sellers.

As my guest today has determined, digital infrastructure, e-commerce usage, competition, and workforce characteristics influence a country’s ability to establish a flourishing marketplace component to the economy.

This marketplace economic model is a useful one enabling, among other use cases, the gig economy. Adopted in countries like China, the US, Canada, the UK, Australia, and other established markets, this episode’s guest, Tomas Likar, Head of Business Development and Strategy at Hyperwallet, has done a lot of thinking about its role in these and other countries.

This podcast was prompted by Hyperwallet’s February 2019 release of its Marketplace Expansion Index report, the MEI, that evaluated the marketplace readiness of some 36 countries.

A surprise is the early stage of marketplace adoption in a number of otherwise highly developed countries.

The application of the marketplace model to human labor is, of course, not without controversy and concern. Steady employment with guaranteed benefits is no longer an attribute of employment in many countries, replaced by the uncertainties of the gig economy. That’s the downside concern. On the other hand, these marketplace services provide access to otherwise unavailable work and that is good news for individual and, by extension, domestic economic well being.

Take a listen to this conversation with George and Tomas Likar of Hyperwallet for an overview of marketplace adoption and the variables affecting its uptake.

The business of merchant services continues to undergo two forms of transformation. First, the merchant services businesses, either as acquiring banks or via non-bank acquirers, has undergone massive consolidation over the last five years and more. Fiserv’s takeover of First Data, announced on January 16, is just the latest example.

The second sea change is the expansion of products and services these entities deliver. What was a fairly innovation-averse industry has become, under the competitive pressure of companies like PayPal and Square, far more committed to delivering value that helps customers run their business, not just accept card payments.

At the POS, Square changed the merchant services game by delivering a great deal more business value to the small merchant than the traditional ISO or agent focused on placing stand-beside terminals next to dumb cash registers. For the price of payment processing, Square has given those merchants inventory, time and attendance, sales and marketing focused reporting, and more.

As a result, the giants in this game have been forced to respond. In 2013, First Data acquired Clover to reach small retailers and restaurant customers. Others, like Global Payments’ Heartland unit, have invested heavily in serving the mid-tier and larger restaurant industry.

To deliver similarly broad services, TSYS recently come out with three new merchant offerings targeted at micro merchants, single shop operations, and larger merchants. The new line is called Vital, at vitalpos.com and its solutions are called Vital Mobile, Vital Plus, and Vital Select.

Along with the new Vital hardware, we can expect the offering, taking advantage of cloud delivery, to expand its software and services line-up in the future - a trick that the old POS terminal model never could pull off.

Take a listen to this episode’s discussion with Gavin Rosenberg, vice president of product marketing, at TSYS. It’s a revealing conversation about the decision making and product strategy of a major provider of merchant services.

This Stuff is Hard

As the remote payments domain (think in-app and browser-based payment transactions) continues to grow at around 15% a year, that growing number means the size and scale of fraud losses are going to increase. And they have - in both absolute terms and as a percentage of overall transaction volume. That also means rising chargeback rates for many merchants.

Rising fraud in the online world is also a result of better security technology in the physical world. While EMV chip cards have dropped counterfeit losses way down, the fraudsters still have their own bills to pay. They’ve just shifted more aggressively to the card not present channel.

A Delicate Balance

All e-tailers face a delicate balance in managing fraud. If they err too far on the side of fraud minimization by tightening approval standards too far, they leave good sales on the table and insult customers with unnecessary declines (the “insult rate”). Of course, those customers promptly go to another site to make their purchase.

The e-tailer’s sales and marketing team, then, tells the fraud manager that she’s killing sales.

If the approval standards are too loose, on the other hand, the e-tailer risks the twin threats of higher fraud and chargeback costs and, if the chargeback rate exceeds 1%, placement on a watch list if that rate stays over 1%. Not a good list to be on because the the merchant could lose card acceptance privileges if the problem is not addressed.

The Smaller E-Tailer is Challenged

While Amazon continues to gobble up half of the growth in US commerce volume, it still means that there is room for smaller online merchants to prosper. It also means they face growing fraud losses. Unlike their larger competitors who can afford internal fraud management teams and technology, small and mid-tier e-tailers have limited time, budget, and skills to meet those needs.

Fraud management is a non-trivial problem even for the largest enterprises. They deploy a layered set of technologies, ranging from table stakes tools like address verification system (AVS) to device and behavioral fingerprinting and on to rules engines, AI, and machine learning controls.

That level of sophistication is beyond what the mid-tier e-tailer can handle. Some enterprise customers don’t want to deal with that complex task either.

The Outsourced Option

That’s where the wholly outsourced proposition comes in. The third party fraud management service provider assembles the necessary technology, makes the right integrations with shopping carts and other software providers, puts an analyst team in place to decide on questionable transactions, and offers its services for a fee.

ClearSale (www.clear.sale) is a provider in this space. Take a listen Rafael Lourenco, its EVP, and George as they discuss fraud management in this segment, how the ClearSale service is deployed, and some merchant best practices. Rafael breaks down this topic very clearly. Definitely worth your time.

Ecommerce fraud rates are rising and that means more cardholders are seeing unauthorized charges on their accounts.

The cardholder remedy is to call either the merchant or the issuer to flag the problem. If the cardholder turns to the issuer to resolve the problem, the remedy is often an expensive chargeback for the merchant and a generally lousy experience for everyone.

Ecommerce Merchant Pain

Ecommerce merchants have invested heavily in fraud detection tools because in the remote payment domain liability rules make them responsible for fraud losses. Ecommerce merchants employ sophisticated fraud management processes and tools to detect fraud in realtime to stop authorization (best in class fraud rates are 25 bps - 35 bps).

On top of that, they must eat the direct costs associated with stolen goods and services. These include a chargeback processing fee from the acquirer as well as the merchant’s internal costs to manage the chargeback process. If the merchant fights the chargeback, the merchant has to gather the supporting evidence (the receipt or copy of the order) and submit it to the acquirer.

Disputes and chargebacks re initiated by cardholders for a range of reasons including fraud, authorization, various processing errors, and consumer-specific disputes. Examples of consumer dispute codes include products or services not as described, counterfeit, misrepresentation, and failure to process a credit.
https://www.worldpay.com/global/support/support-articles/what-are-chargeback-reason-codes-visa-and-mastercard

Issuer Pain

For issuers, disputes and chargebacks are painful, too. In the POS domain, issuers hold the liability for fraud losses. If a counterfeit card is used and the issuer authorizes the payment, the issuer owns that liability. Issuers also bear the customer servicing and communications costs as chargebacks initiate with the cardholder’s call to the issuer.

Consumers Game the System

Zero liability rules have taught U.S. cardholders that they don’t have to worry about fraud and that they have broad powers to dispute a transaction.

Knowing that, too many cardholders are taking advantage of these rules. Digital merchants, in particular, are suffering from friendly fraud (not exactly an accurate term) that occurs when a cardholder, for example, disputes the charges made by another family member. For some digital merchant, over half of their chargebacks are friendly fraud, purchases for which the cardholder is truly responsible but able to renounce (“It wasn’t me!”) because of the rules.

Such high chargeback rates carry other risks for these merchants. Once a merchant’s chargeback rate exceeds 1% of its transactions, that merchant is put on a watch list, a remediation plan, and faces the possibility of losing card acceptance privileges. High chargeback rates also increase authorization declines for the merchant, losing even more good transactions.

Card Network Remediation

On the face of it, there’s an asymmetry when it comes to liability. Merchants shoulder a large burden. With that in mind, both Visa and Mastercard updated their chargeback rules in 2018.

In a chargeback mitigating move, Mastercard recently announced an end to the automatic renewal of free trial subscriptions.

Timely Data Sharing

In other words, chargebacks are a pain. Steps to reduce chargeback cost and frequency are a Good Thing.

One approach is to speed up data sharing. For example, once an issuer determines that a transaction is fraudulent, a timely message to the merchant could halt a product shipment. While the rules would still make an ecommerce merchant liable for the chargeback costs, the merchant wouldn’t lose the cost of order handling, shipping, and the item itself.

Similarly, if merchants can share their cardholder fraud experience back to the issuer then that financial institution can adjust its fraud detection models and algorithms.

Such data sharing is the proposition of Ethoca, a firm that federates bank fraud signals from hundreds of major global issuers and connects to thousands of merchants in the developed world in order to share alerts and chargeback messages.

In this conversation with Keith Briscoe, CMO at Ethoca, we talk about the chargeback problem, hear some truly astounding chargeback stories (hackers aren’t the only fraudsters), and discuss Ethoca’s role in this space.

Fraud prevention today is about how quickly we can separate good customers from questionable ones and, for those doubtful transactions, use the right set of tools and data sources to optimize speed, costs, and fraud losses.

When it comes to fraud prevention, it turns out that data is key. No revelation there, but how we manipulate it, gather it, and assure its provenance is undergoing major change. What would be a revelation to fraud managers of a decade ago is the unbelievable amount of data and the wide variety of sources that we have today. It’s a flood.

The only means we have to make sense of this data deluge is through algorithmic examination. Rules engines and neural networks are staple approaches. In recent years, application of artificial intelligence and the newer incarnation of machine learning (“let the computer figure it out based on all the data it sees”) has become a hot, and effective, area for fraud prevention. Only machines can find correlations among all that data in order to identify potential fraud.

A number of firms focused on the fraud prevention problem employ techniques that gather data and then analyze it in order to provide their customers like e-commerce merchants or financial institutions with a risk score. Companies specializing in device fingerprinting, for example, gather the relevant data (think IP address, mobile IMSI number, device type, OS version, browser software version, etc.) to create a profile or “fingerprint” of that device in order to generate a history of its behavior. Threat Metrix, owned by LexisNexis Risk Solutions, is an example.

Behavioral biometric companies may take that data and layer on how the owner actually uses their device, often by looking for keystroke patterns, screen tap rhythms, the angle that the phone is held, and more, in order to build a more nuanced profile that includes how the owner interacts with the device. That richer data then feeds into analysis and risk scoring. Mastercard’s NuData Security acquisition uses this approach.

Subsequent bidirectional data sharing can provide these firms with insight into the results of their decisioning.

As these firms gain customers, they see more and more devices and develop clearer visibility into the outcome of their work. As a result, it becomes a natural step to pool or federate the data they see from all of their customers. There’s an expectation that a card account, for example, will be seen at multiple merchant clients of the fraud solution provider. These repeat interactions will improve fraud detection for all when the cardholder is a bad actor or speed the transaction of a trusted one.

Data consortia where multiple financial institutions and merchants pool their fraud and chargeback data also exist. Ethoca is a prime example.

The deeper the data pool the better, provided, of course, there’s the ability to analyze it all.

Massive analytical capability is the foundation for artificial intelligence and machine learning. In the fraud prevention space, Feedzai is a firm that applies its analytics power to data sourced from multiple provider and techniques. Feedzai, like others providers who have attained a critical mass of customers, has also invested in federation of their data to improve, for everyone, its fraud prevention results.

In an earlier episode, we spoke with Feedzai CEO Nuno Sebastiao to get us grounded in how AI and ML apply to fraud prevention. In this discussion with Saurabh Bajaj, Feedzai’s Head of Product and Nick Stanchenko, product manager for Feedzai’s Risk Ledger, its data federation program, we go further. Saurabh catches us up on Feedzai's growth and then take a look at how Feedzai works and at the data sources it uses. Nick addresses federation, its value, and the light integration required.

Payment Innovation Moves to the Core

When we conduct our Glenbrook Payments Boot Camp, our first graphic illustrates the three essential steps in every transaction - initiation, funding, and completion. When looked at through the lens of of the past decade most innovation has been in initiation. Consider: Apple Pay, Google Pay, Venmo, QR codes. The list is long of ways to kick off a transaction.

Funding is all about where the money comes from. Usually a bank account, often a wallet holding money. Some innovation there but not a great deal. There are only so many ways to store funds.

Completion, the last step, is the most important to many participants as it’s when the transaction completes with the final movement of money.

Five years ago, in those boot camps, I said that completion, also called settlement, is the innovation-resistant phase of a transaction. Today, everything has changed.

In the U.S., we have new services such as Zelle and Venmo that appear to the end parties to deliver instant settlement. They may use card rails or bank rails like ACH to complete the transaction. 

Two Forms of Settlement

In this discussion with Glenbrook’s Carol Coye Benson, we look at two forms of settlement: end party settlement - for example, an employer paying an employee - and then Carol focuses on the nuanced world of interbank settlement.

If you’ve heard the terms net settlement, gross settlement, or RTGS and wondered what they mean, take a listen. 

Faster Payments and Settlement

We also talk about the phenomenon of faster payments and the settlement techniques these systems employ. 40 countries around the world are in one stage or another of deploying faster payment systems that push money from bank account to bank account. It's already in the US via the Real Time Payments Network from The Clearing House and, perhaps, a competing service from the Federal Reserve. (To get an update on the Real Time Payment Network, listen to Episode 81 of Payments on Fire).

These faster payment systems vary in their capabilities. Speed and data carrying capacity are just two variables. But we have seen that when a new payment system enters a market innovative offerings can flourish, provided access to that system is encouraged by rule, regulation, or both. However, that level of openness is not guaranteed. As Glenbrook have seen in our work around the world, some systems are essentially closed by market power or operating rules. These constraints limit the network effect's benefits of ubiquity, convenience and, often, cost.

This is an ongoing challenge. In this age of fintech, banks are under pressure to innovate. As owners or participants in new systems, some may choose to limit access to their fancy new rails in an attempt to forestall competitive market entrants. Others will be “encouraged” by regulators to open up. Of course, end party choices will play a big role, provided there’s a choice available.

The New Game

Settlement has traditionally been led by major commercial banks or the central bank of each country. That model still holds. In some markets, including the U.S., we expect a push and pull for control between those two entities. Christine Lagarde, Managing Director of the International Monetary Fund, suggests such tensions may justify  the issuance by a nation's central bank of a fiat digital currency as a counterweight to the alternative control over payments by a concentrated set of banks and processors.

Settlement innovation has created a competitive environment that did not exist before. It will be the interplay of rules, regulations, technical capabilities, end party value proposition, and market power that will determine the evolution of each country's settlement platform. In some, regulators will shape the outcome. In others, system access for fintechs and the "open banking" model will be a determinant. For all, cost effective access for end parties is critical.

So much for thoughts of a static payments ecosystem.

If you think of yourself as a payments geek or just want to get under the hood of how money really moves, Carol is a terrific guide.

Restaurant payments is a complex area especially for those companies serving the mid-sized and large restaurant operator. They have different needs that extend well beyond payment acceptance but even that is a highly variable concern.

Ever notice that we pay differently depending upon the type of restaurant we’re in? It’s always been walk up and pay the central server at McDonalds. Applebees uses Presto table top devices to speed table turns, upset desserts (“that lava cake sure looks good”) and take payments. At most sit-down establishments, especially those in the fine dining segment, we still hand over our cards and the server walks away to authorize the transaction (later that night, the manual tip adjustment process determine the final clearing amount.)

For certain segments, order ahead is a priority. Order ahead dominates how pizza shop operate. Initially, that capability took market share from mom and pop pizza shops because only the largest operators in the “Big Pizza” segment could afford the necessary IT expertise. Now, mom and pop have multiple order ahead services to choose from.

But consider the complexities of integrating the order into the kitchen or at the barista’s station. Business process automation is a differentiator.

This podcast with Tim McKenna, VP of Sales, at Heartland Payment Systems, is both a deep dive into restaurant operator concerns and a revealing look into how a major payments provider has shifted its business model to serve mid-tier and larger restaurant operators.

Like Square, Heartland has realized the revenue benefits of expanded commerce services above and beyond the traditional payments revenue stream. By cross selling multiple services, Heartland expects to see 60% of its revenues coming from payments coupled with value-added services that automate the business of their customers.

If you’re interested in how the payments industry is evolving to market demands or how larger restaurant operators think about payments, Tim’s observations are well worth your time. Take a listen.

The payment industry’s responses to ongoing payment security are many. We have procedural approaches and technical ones. For example, we are requiring merchants to attest to their compliance with PCI security standards that themselves include procedural requirements.

Technical solutions are also called out by PCI and are, of course, being applied across the ecosystem. Encryption of payment data in flight is one approach. In the physical POS world, semi-integrated POS terminals connect directly to the acquirer’s front end instead of passing card transaction data back through the merchant’s workstation and enterprise system.

An important technique, and the topic of this discussion, is tokenization.

Tokenization is an ancient security technique. In the broadest sense, a token is just a dummy representation of something of higher value.

In cards, that means the replacement of a PAN with a number or even an alphanumeric value that represents the underlying PAN. The mapping between the two is stored in a vault with the owner restricting access to that vault. If a hacker gets ahold of a token value, it’s useless. It’s a value that, to the payments ecosystem, is gibberish.

Tokenization is used in pull payment systems where payment credentials are given to the payee by the payer so that the payee has the information necessary to go get the money. Think card numbers or the routing and account numbers on a check.

In card payments, there are two forms of tokenization: merchant and issuer tokenization. Merchant tokenization has been around for more than a decade. A response to PCI, merchants generally outsource that token vault to a third party so they no longer store PANs themselves. When the merchant needs to do a lookup or initiate another payment, the merchant sends the token to the upstream service provider who then looks up the PAN and sends it off for authorization by the acquirer.

That’s been around for awhile.

The newer innovation is what we call issuer tokens - token values that are at the heart of Apple Pay, Google Pay, Samsung Pay and more. These token values are real card numbers, issued by your bank, but unlike a PAN that can be used to initiate a payment everywhere, issuer tokens are expected to come, for example, from specific devices or merchants.

Every card in your Apple Pay wallet is represented by an issuer token and whenever that token is presented for authorization, data about where it’s coming from is sent along too. If the token is sent from another device, for example the one the hacker has, authorization will fail.

This approach is totally compatible with the current card payment system. No changes are needed at the merchant or the acquirer and minimal ones at the issuer.

Glenbrook will be conducting an Insight Webinar on December 13 called Tokenization Fundamentals. Russ Jones will conduct that webinar.

In this Payments on Fire podcast, George talks with Russ about issuer tokenization, its role in the Pays (Apple Pay, Google Pay, Samsung Pay), in e-commerce, and the need for new entities in the payments ecosystem to support tokenization. This gets complicated. There's now the need for token gateways.

Take a listen to the podcast and then sign-up for the webinar. Use the code POF80 to take 10% off the registration price.

In the US, there’s the automatic assumption that payment cards and perhaps PayPal are the way to pay online. But if you’re an ecommerce merchant trying to sell in the Netherlands, you’d better support the domestic system known as iDeal.

Connectivity into domestic payment systems is an important and complex issue. There are over 150 such systems across dozens of countries around the world. While not all are important to a given merchant, most are important to the acquirers and payment service providers serving ecommerce merchants.

Join George and Steve Villegas, VP Partner Management and Head of US Office, of London-based PPRO Group, a company that provides white label connectivity to these domestic systems by serving acquirers and PSPs alike.

Knowing who you’re dealing with online is critical if you’re taking transaction risk. Digital identity is tough. To address that challenge - and it is a challenge - relying parties, those who take on risk, employ two broad categories of technology: active tools that require user interaction and passive network-based approaches.

When the user is required to explicitly provide identifying information, we use the interactive approach. The merchant or lender or website owner asks for user IDs, passwords, perhaps data generated by multi-factor authentication techniques such as biometrics, or one time passwords generated by an app or a hardware key.

If you’re an ecommerce merchant or an entity trying to sell something online - lenders included - you don’t want to ask the customer to do more than absolutely necessary to complete a good sale. Transactional friction is deadly to revenues and a main cause of shopping cart abandonment.

So, you use passive approaches that examine whatever data the customer’s device can provide. Device fingerprinting, behavioral analytics, rules engines, machine learning, and the past behavior of card numbers are among the portfolio of decisioning tools that do not interfere with the user experience.

Data is the foundation of the passive approach. In this podcast, George speaks with Ajay Andrews, Senior Director, Product, at Whitepages Pro, a data provider and analytics firm about identity verification and how the linkage of key data items influences decisioning. It turns out that particular pairs are strong indicators of potential fraud. 

We discuss where the data linkage approach fits in the overall portfolio, what drives merchants to adopt, and how the tool is integrated into automated decisioning and case management.

Alexa. Siri. Cortana. We’re talking to or at our machines. I walk into my office and say “Hey Google, what’s the weather?” or “Hey Google, when’s my first appointment?” When I’m driving in a strange town, it’s “hey Google, navigate to the [fill in the blank] hotel.”

This kind of hands-free access to information is hugely helpful and hugely popular. But there’s a long way to go toward a general purpose voice interface for every task we want to accomplish.

That said, we’re getting there. In this conversation with Central 1’s Alex Chan, we discuss the process of voice-enabling access to the high volume queries that credit union members make, i.e. balance inquiries, balance transfers, etc.

We cover what it takes to build an Alexa skill, the code that links Alexa’s natural language processing to the underlying application that executes the action.

Voice design, the process of imagining and codifying how the user interaction proceeds, is at the heart of a successful voice-enablement project. Alex takes us through that process. It sounds like fun.

While payments are a tiny fraction of today’s voice-based interactions, they’re coming along, too. Better design and broader participation is needed. As a recent (failed) demo proved, Siri can’t send me money if I’m not an Apple Pay Cash user.

Take a listen and get in touch if you've questions or comments. We'd love to hear from you!

During the Glenbrook Payment Book Camp we make clear that national payments systems are domestic by definition. Each country has its own set of systems to effect payments. We point out that national payment systems differ in many of their details. Regulation, operating rules, governance, ownership, technology, and more are highly variable.

At the same time, we also point out that major components are generally similar. An overnight, batch-based system for low-cost, low-value retail payments and an instant, irrevocable wire system for high-value transfers are typical of most countries.

Across the planet, countries are planning, designing, trialing or enjoying fully deployed immediate funds transfer systems, new ones that instantly transfer lower value payments. The UK's Faster Payments system and The Clearing House's Real Time Payments (RTP) are two examples of this system type.

Beside increased speed of payment, a second push for changes to national payment systems is the need for a richer representation of the data surrounding the payment transfer itself. Remittance data, for example, communicates what the payment is for, which invoices a payment may be covering, and what trade terms were taken by the payor. ISO 20022 is the internationally recognized method for representing this information and support for it has become a new priority not just for system operators but for financial institutions and enterprise customers.

Generally, major upgrades, never mind deployment of an entirely new system, are performed in a step-wise manner because of the critical nature of these systems, the cost, and the difficulty of herding system stakeholders through the many stages needed to achieve broad support and usage.

Undeterred by those realities, Canada is taking on a comprehensive upgrade to multiple systems over the next few years, including its overnight settlement and wire systems while simultaneously planning for its own immediate funds transfer system, codenamed Real Time Rails. Significantly, each system upgrade will include support for ISO 20022.

Payments Canada is the non-profit organization mandated by the federal government to manage, operate, and upgrade these systems.

In this Payments on Fire episode Glenbrook's George Peabody speaks with Justin Ferrabee, Payment Canada's COO about his organization's work, how its systems differ from those in the U.S., and what's ahead. It's a great conversation between payments geeks.

In this second discussion with First Data execs, George and Scott MacKay, Vice President, Strategic Solutions talk digital commerce in the automative space, both at the fuel pump and in the Connected Car.

The importance of full stack security, whether it's sole sourced or the result of an integration effort, to successful deployment of mobile commerce is a theme here.

Enabling the mobile experience at the fuel pump is complex. Petro sellers have a lot of legacy gear and the cost of upgrading that equipment is very high, a fact that has, at least, inhibited the pace of the EMV upgrade.

The richness of the mobile device's data such as device fingerprinting and back end intelligence makes it conceivable that a fuel retailer could skip EMV altogether. Maybe.

Scott also shares a look at payments and the Connected Car through the company's discussions with automobile manufacturers.

In this, the first of a two-part podcast series with First Data executives, Ajay Guru, VP of Merchant Fraud Solutions at First Data and George discuss the impact of fraud on the merchant, what the merchant has to do to manage it, and the classes of tools and techniques available to mitigate fraud.

Ajay addresses machine learning technology's remarkable ability to identify anomalies and makes candid remarks on the necessity of human analysis to determine whether these anomalies are indeed fraud.

Other topics discussed include behavioral analysis (how we enter our user ID and password into the browser) as well as the sophistication of today's manual and automated attacks. There is still a lot of CNP fraud taking place over the phone.

There's good detail on the technology and what fraudsters are up to. Take a listen.

Online trust requires a context-based understanding of who we transact with. Attributes about us are needed to build that trust but in many transaction contexts we share more than we need to.

To pick a simple example, the law says you must be 21 to buy alcoholic beverages but our current method of proof is to show our driver's license, an unnecessary oversharing of personal information. Why show that creepy barkeep where you live when you only need to prove you were born before 1997?

In this wide-ranging Payments on Fire podcast, George and Lockstep Technology CEO Steve Wilson discuss how we share the attributes that, in aggregate, define to the online world who we are.

Steve makes the case that security and identity professionals continue to encourage the oversharing of personal data. Now that we have sophisticated network-based fraud management tools - device fingerprinting, behavioral analytics, machine learning and AI - that generate a crisp profile of our devices and our behavior, the attributes that a user must provide could be limited to just what's required and no more.

An "attribute wallet" under the user's control - yes, another role for the smartphone - might prove to be a valuable authentication enabler.

This episode concludes with Steve's report on comments made by some of the deans of modern cryptography on the threat that quantum computing represents. It sounds like good news.

This episode of Payments on Fire covers two topics - payments in Atlanta and the essential challenge of online authentication and identity.

May in Atlanta - Fintech South and Glenbrook Payments Boot Camp

Everyone in the payments industry knows that Atlanta is a hotbed of activity. Coming shortly to Atlanta are two fintech-focused events that will add to the goings-on.

The Fintech South conference takes place on May 7 and 8. With great speakers - and great sponsors like Glenbrook and the Technology Association of Georgia - the conference describes itself as “FinTech South 2018 is a global exchange of insights, innovations and trends fueling tomorrow's financial tech industry.

“Attracting international companies and speakers across multiple industries, FinTech South is an opportunity to engage with 400 FinTech companies employing more than 130K employees globally, generating $72B in revenues, and processing over 118B transactions annually.”

Speakers include:

• Kathryn Petralia, President and Co-founder of Kabbage
• Barry McCarthy, EVP of Network and Security Solutions at First Data
• Nuno Sebastiao, founder and CEO of Feedzai, who is also a past guest on Payments on Fire.
• Right after the conference ends, Glenbrook will host our Payments Boot Camp on May 9 and 10.

Both events draw will attendees from all over North America. So if you want to expand your network, hear the latest at the conference and/or get smart about how payments work, come to Atlanta.

Authentication, Biometrics, and Banking

Authentication online remains one of the most challenging aspects of life online. Given the complete availability of personal data, account takeover has never been easier for the hackers. Knowledge-based authentication (KBA) asks softball questions like “what was your father’s middle name?” Easy stuff to find online. User IDs and passwords are even easier to find. We have a problem.

Strengthening the connection between an accountholder’s true identity - perhaps proven by a drivers license or passport - and the credentials that the user presents online is necessary and the topic of this Payments on Fire episode. George speaks with
Andrew Gowasack, CEO and co-founder, of TrustStamp, an identity verification company using AI and facial biometrics to create a strong, unique digital credential. For a few use cases, TrustStamp also employs a blockchain-based database.

Andrew knows all about the Technology Association of Atlanta, too. So, take a listen and geek out in this conversation about authentication, biometrics, and how to answer the online conundrums of “who are you?” and “do I trust you?”

The rise of Chinese mobile payment systems is the top global mobile payments story of the last few years. Alipay and WeChat Pay serve hundreds of millions of users with payments, loyalty programs, merchant coupons, and more.

QR codes are used to initiate many of these interactions especially within the point of sale (POS) domain. When there isn’t a legacy payment infrastructure in place, software is easier, and cheaper, to deploy than the hardware-reliant approaches used for card-based transactions.

To serve its millions of accountholders traveling around the world, Alipay is building out its acceptance footprint. In this episode of Payments on Fire, George speaks with payments industry veteran Souheil Badran about his role as president of Alipay Americas and the company’s plans for reaching US merchants in tourist hotspots and beyond.

Mid-market financial institutions have enormously strong relationships with their banking customers. But their size makes home grown IT difficult because it is simply too hard, and too costly, to meet all the B2B finance needs of their enterprise customers.

The answer, of course, is deeper integration to third party software systems like SAP, Oracle, JDA and the growing set of fintech providers brining point solutions to these institutions.

But that’s no simple task. These FIs often run on legacy systems, generally provided by a large bank processor. Integrating software built before the cloud and APIs and these modern point applications is not easy.

Into that gap is a new company called FI Span. Led by founder and CEO Lisa Shields, the company value proposition is to act as an API orchestration platform for banks. In other words, FI Span proposes to be the glue that connects legacy code or a processor’s banking platform to the growing base of fintech point solutions in the market.

The goal of becoming a one-stop shop for new tools for these B2B-focused banks will take time and focus. Connecting up nextgen software and data to older systems demands clever approaches and a lot of spade work. Maintenance of a growing set of evolving API interfaces is non-trivial, too.

A fintech startup serving fintech startups, incumbent bank processors, and mid-tier banks has a lot of work to do. Lisa is no stranger to the start-up world; she also founded Hyperwallet. Take a listen to this conversation about the technical challenges, the business model, and the goals Lisa has for her customers and for her company.

“Digital cash” has been a dream of the internet age for, well, almost the entire internet age. That goal requires instant payment settlement. It’s more than just sending a message that a payment has happened; it means the money has actually moved.

In this wide ranging conversation with Laurence Cooke, founder and CEO of nanopay, he discusses the platform his firm has built to move value between parties in both real-time and, when necessary, offline modes. More distributed than blockchain systems, nanopay is designed for multiple uses cases including B2B payments using ISO 20022 representation of the payment data.

If you’re at all curious about payment security, blockchains, distributed ledgers, or the instant payment systems now being deployed, take a listen to this conversation between Laurence and Glenbrook’s George Peabody. It’s quite a story and we touch a lot of bases.

Digital identity is a crisp sounding term that belies a complex layer of concepts. There is identity proofing. Identify verification. Identity assurance. Each addresses one element of the many questioned raised by digital identity.

• How does a bank really know the digital presence at its banking portal is associated with the accountholder?
• How can you, as an individual, release only the amount of data necessary to satisfy the parties to the transaction? We share more than we need to. I still get carded at a bar to prove I’m over 21 (what a waste of time!). When I show my license, the barkeep also sees my address, license number, and more. Definitely a case of oversharing.
• If parties such as utilities, government, and financial institutions vouch for that digital presence, should any of them be responsible for proving that digital presence is right and true?
• Simplifying complex problems for multiple stakeholders should be a formula for success. SecureKey is a long time player in the identity ecosystem, having built a federated identity platform linking Canadian citizens to government resources using bank-issued credentials.

SecureKey has evolved its system to make use of a mobile app as well as a blockchain-based database that securely points to data stored by banks, utilities, and government entities, all in a zero liability arrangement.

This conversation between Glenbrook’s George Peabody and SecureKey’s chief identity officer Andre Boysen dives into identity concepts, how SecureKey’s Verified Me system works, and its use of blockchain.

For more on digital identity concepts, look at NIST’s excellent set of Digital Identity Guidelines.

Voice is the natural user interface and the robots are coming to take it on. Enabled by high volume consumer devices like Amazon Echo, Google Home, Apple’s Siri and powered by artificial intelligence engines like Amazon’s Alexa, Google Assistant, and Apple’s Siri, we are headed toward making voice-enabled commerce and payments a common experience.

Russ Jones is Glenbrook’s “tech whisperer,” an expert observer of tech evolution and how it applies to payments. Join Russ and George as they discuss the development of the voice ecosystem, Amazon’s leadership, the intersection of voice and IoT, and where voice-enabled payments may flourish.

Payment innovation runs at multiple speeds. Changes in how a payment is initiated happen almost every day. Payments infrastructure change is a lot slower. But it’s happening. Nudged forward by the Federal Reserve’s Faster Payment Task Force, we are seeing the launch of the first entirely new payment system in decades. Called Real Time Payments (RTP) the new system switched its first real-time payment on November 13, 2017.

Built entirely around the rich payment messaging standard ISO 20022, we have a system that can carry both payment instructions and meta-data about the payment. Data rich, essentially instant, bank-fased account to account push transactions could be a game changer.

Join George and Steve Ledford, Senior Vice President, Product and Strategy, at The Clearing House (TCH) as they discuss the spread of real-time payment systems around the world and take a deep dive into RTP’s operation, rules, and use cases.

Once upon a time, text messaging systems didn't interoperate. But when they did, usage skyrocketed. Many of the world's mobile money payment systems still operate within that old "walled garden" model, limiting the ability of citizens in areas like Southern Africa to send money home to family, pay utility bills, and, most important, enjoy the benefits of an national economy that is payments enabled.

The Bill & Melinda Gates Foundation sees today's limited interconnection of payment systems as a high barrier to the poor's participation in that payment enabled economy. Fortunately, those barriers are beginning to come down.

In this Payments on Fire podcast, Kosta Peric, Deputy Director of Financial Services for the Poor at Bill & Melinda Gates Foundation joins George in discussing Mojaloop, the foundation's open source software initiative that provides interconnection capability between disparate payment systems. Informed by the foundation's Level One Project, the goal is to encourage a lower cost deployment of this critical payments infrastructure as well as the active collaboration among the operators of mobile money services, financial institutions, each country's central bank, and national regulators.

Listen for a view into how payments systems can improve the health and well being of millions of people as well as the nation's they inhabit. This is very cool and important work.

The intersection of new tech, faster payments capabilities, and forward looking regulation is enabling significant innovation in B2B, and consumer, payment services in the UK and EU. Join Glenbrook’s George Peabody and Myles Stephenson, CEO of business payments platform provider Modulr, as they discuss how modern tech and updated rules have created opportunities for fintech service providers. The challenges to incumbent banks are only getting bigger.

Payments standards typically operate deep within a payment system, invisible to most of us. But before long a new standard for web browsers will touch us all. Known as the Payment Request API, it is one of the newer projects of the Word Wide Web Consortium (W3C). Supported by browser builders Mozilla, Apple, Google, Microsoft, and more, this new API should simplify web payments for consumers and merchants alike.

Join the W3C project leader Ian Jacobs and Glenbrook’s George Peabody as they discuss the effort’s goals, transaction flow, and status. It’s coming very soon.

If you’re planning on attending Money/2020 in October, the Glenbrook team will be there in force. This short, not entirely serious, podcast previews the sessions we are leading there on two of the hottest topics around: B2B payments and the faster or real-time payments systems coming to the U.S.

We all know that the evolution of payments systems in the U.S. is accelerating. That’s why Glenbrook has just published the third edition of our book, Payments Systems in the U.S. - Third Edition: A Guide for the Payments Professional, the definitive guide to the how and, in particular, the why of our multiple payments systems.

The third edition addresses that evolution through updated examples and, unique to this edition, a focus on payments innovation in all three payments phases: initiation, funding, and settlement.

Join Payments on Fire host George Peabody and Glenbrook’s Russ Jones as they talk about the new edition, what it covers, and the book’s relationship to Glenbrook’s Payments Boot Camp. Payments Systems in the U.S. – Third Edition is available on Amazon.com in paperback and Kindle format. 

Interchange is fundamental to open look card system economics and a mystery to many, especially to merchants who must pay it but don’t perceive any benefit from it. It’s a non-optional component of what the merchant pays to accept cards. It’s one element of the merchant discount fee. Despite the stubborn fact of it, there are ways for some merchants to make sure they pay as low a rate as possible.

Join Angelo Grecco of CardConnect (now a part of First Data) and Glenbrook’s George Peabody for a conversation about interchange optimization, an approach that certain B2B merchants can employ to lower their acceptance costs.

In this episode of Payments on Fire we decode the payments industry terms:

• Merchant discount fee
• Interchange
• Bundled pricing
• Interchange plus pricing
• Level II/III data

If you’re new to payments or just need a refresher on interchange, take a listen!

B2B payments are huge. Taken together, these supply chain payments exceed the gross domestic product. But supply chain payments remain an imperfect art. While consumers pay for one purchase at a time, a B2B payment may cover multiple invoices, each with different commercial terms. Given the amount of data about the payment that’s necessary to crisply communicate between a buyer’s accounts payable department and a seller’s receivables group, it’s no wonder paper checks are still in broad use.

While B2B payments have been resistant to “electronification,” the cloud, the mobile user interface, a new data standard (ISO 20022), and APIs into banks and payment schemes are enabling a renewed effort to streamline B2B payment transactions. B2B payments are hot.

Join Erin McCune, partner in charge of Glenbrook’s B2B practice, as she discusses:

• How B2B payments are different from consumer payments
• Why B2B is “hot” once again
• What market forces are pushing B2B forward
• Why Faster Payments in the U.S. and around the world could have a major impact on supply chain payments

The Faster Payments Task Force has brought together a broad constituency with the payments industry thoroughly represented. And thanks to participation by organizations like Consumers Union, the people who bring us Consumer Reports, the voice of the consumer has been well represented in determining important evaluation criteria.

Christina Tetreault, staff attorney at Consumers Union, joins Glenbrook’s George Peabody for this podcast discussion on faster payments, the consumer benefits these new approaches could offer, and what to hope for from their deployment in the U.S.

Merchant adoption of EMV capability isn’t a done deal in the U.S. Glenbrook’s own estimates show that we’re only halfway there. Few people have as much insight into merchant payment acceptance and the technology that enables it as Larry Godfrey of Global Payments’ Heartland Payments business.

Take a listen to George and Larry’s discussion as they cover:

• The EMV terminal transition
• The chargebacks that many merchants have encountered (looking at you, LA)
• Contactless payments
• Security and encryption
• Payment acceptance

The Internet of Things (IoT) will bring us a tsunami of network-enabled devices, for consumer use as well as yet to be imagined industrial and commercial applications. Many of these devices will be payment enabled, many using card payment rails. Securing those billions of IoT devices is going to require techniques deployed by the mobile industry, the card industry, and other sectors. Cryptographic hardware will be part of the solution.

The answers, of course, will include multiple methods and modes, all chosen based on risk and cost. Join Gemalto’s Jack Jania and Glenbrook’s George Peabody for a discussion on the broad world of IoT device security and how payments intersects with this new and enormous category of devices. 

Bringing electronic payment capability to small merchants is a major hurdle for multiple developing economies. In this Payments on Fire podcast with Glenbrook co-founder Allen Weinberg and George Peabody, we discuss merchant enablement in markets reliant on 2G wireless and feature phones. We take a deeper look at India’s payment evolution in particular. Allen’s observations come from his recent work in India and the insights into payment system success factors he’s developed. Take a listen!

Bringing payments and financial services to those of us with a tenuous connection to the banking system is the goal of the Center for Financial Services Innovation. FinLab, a joint effort by the CFSI and JPMorgan Chase, is a five year effort, now in its third year, that’s using a competition for funding and business support to broaden American financial services options.

When nearly half of Americans don’t have $400 ready money, better financial management tools can help. Join FinLab’s Managing Director, Ryan Falvey and Glenbrook’s George Peabody as they discuss the FinLab mission, its process, successes, and what Ryan hopes to see next.

The term identity gets used a lot whenever internet payments and security are discussed. Knowing who we transact with is still the knotty problem. Strong authentication is required. Identity verification is required, too. A means of sharing the fruits of that work among the parties involved, especially those taking on risk, could save everyone a lot of cost and effort. That’s the notion behind federated identity and other means of securely sharing identity attributes without undermining privacy.

That tall order is the subject of this podcast with Andre Boysen, Chief Identity Officer of SecureKey. Join George and Andre as they talk about trust on the internet, SecureKey’s approach, and the company’s use of blockchain technology via a partnership with IBM.

Want to know what it takes to to stay smart in payments? Take a listen to Russ Jones, the Partner in Charge of Glenbrook’s Payments Boot Camp program. Russ gives a look behind the scenes, talks over the boot camp’s evolution, and how it stays forward looking in what’s become a fast changing industry. Over 13,000 payments professionals have experienced the Payments Boot Camp Russ talks about in this Payments on Fire podcast. 

Sometimes a change in direction is the way forward. Network aspirant Dwolla has recently pivoted its work toward the product and development teams inside financial institutions. Instead of being a system operator, Dwolla now offers a broad set of APIs designed for those FIs to take advantage of the ACH’s overnight and Same Day ACH services. Dwolla’s shift also comes as the company and the US anticipates the impact of new immediate funds transfer systems Zelle, The Clearing House, and likely others.

Take a listen to this conversation with Jordan Lampe, Dwolla’s Director of Communications and Policy Affairs, and Glenbrook's George Peabody as they discuss the Federal Reserve Faster Payments Payments Task Force Steering Committee, use cases for Same Day ACH, and more.

Turning money movement into a core capability of the internet is the guiding principle of Circle Internet Financial. Not an easy task. While technical issues abound, regulatory and business hurdles pose larger challenges.

Join Payments on Fire host George Peabody and Circle’s co-founders Jeremy Allaire and Sean Neville for this discussion on Circle’s geographic expansion, its recent shift in bitcoin support, and its development of Spark, a blockchain-based open source smart contract platform optimized to share and store payments meta-data including exchange rates, KYC details, identity, etc.

One of last year's most anticipated advances in fraud management was the final release of EMVCo’s 3D Secure 2.0 protocol specification. Designed to take a risk-based approach to authorization and lower the checkout friction of its predecessor, 3DS2 will be a new tool in the growing anti-fraud arsenal.

One of its supporters and a service provider that’s been closely tied to 3D Secure is CardinalCommerce. Cardinal, now a new addition to Visa’s arsenal with its recent acquisition, has been working with the risk-based approach for quite awhile. Take a listen to Visa’s Mark Nelson and Mike Keresman and Tim Sherwin of CardinalCommerce in this discussion about 3DS2, card network mandates, Cardinal’s acquisition by Visa, and when the market will see 3DS2 solutions.

In e-commerce and mobile commerce the problem of false declines is significant, especially during the holidays. Issuers decline transactions that online merchants approve. And vice versa. In other words, the necessary process of sorting out fraud from good transactions catches good transactions with the bad. This poor decision making means merchants lose the sale and the issuer its transaction fees.

In this Payments on Fire podcast, Glenbrook's George Peabody discusses the false decline issue with Ethoca’s CMO Keith Briscoe as well as the company’s program to encourage more merchants and issuers to take advantage of its shared data service. 

Multiple organizations have emerged to address different aspects of security, privacy, and identity. In this Payments on Fire Podcast, Glenbrook’s George Peabody speaks with Craig Spiezle, Executive Director of the Online Trust Alliance, an organization bringing together privacy and security best practices for a range of industries, including payments. Take a listen to this conversation about the security challenges ahead, especially around the Internet of Things.

Faster payments, B2B payments, international remittances, cross-currency, and cross-border payments. These are hot topics and major challenges the payments industry must address. Central to all is the ability to represent, in an interoperable fashion, the information that surrounds the payment itself. What’s this payment for? Who is it for? Where’s it going? These are information gaps that bedevil B2B payments and all of the above. Extensible standards in general and ISO 20022 in particular are the answer.

The International Payments Framework Association (IPFA) is dedicated to expanding the utility of ISO 20022 through rule building around the usage of this data representation method. Standardized business messages are huge and that’s what the standard and the IPFA are all about. In this podcast, the IPFA’s CEO, Glenbrook’s own Elizabeth McQuerry, addresses ISO 20022 itself, the IPFA’s role, and updates to accommodate international faster payments. Cross-border money may finally fly. 

As the breadth of transaction data expands, even the definition of payment data is getting stretched. Payment data, when combined with other sources, is becoming a valuable tool for both commerce and security. If we know your first name, we can figure out if you’re male or female 92%+ of the time. If your email address is at AOL, you’re probably over 50. What you might buy can be inferred from the websites you visit. And that’s just the start of data’s role in payments.

Take a dip into the payment data pool in this podcast with Glenbrook’s Russ Jones. Russ discusses artificial intelligence, privacy, and the spread of Bluetooth beacons. For a deeper dive into the topic, join Russ at the Payments Data Insight Workshop on October 13 in Palo Alto because data’s influence in payments continues to expand.

Bitcoin’s reliability and transaction-level security has inspired today’s explosion of blockchain pilots, companies, and consortia. But the bitcoin rails already have solid commercial applications. Circle Internet Finance has focused on person to person payments. Align Commerce has focused on international B2B payments for smaller businesses. With growth, both have blended bitcoin rails with more traditional methods to accomplish fast, cost effective transfers.

Join Marwan Forzley, CEO of Align Commerce, and Glenbrook’s George Peabody for a conversation about how Align moves money and the state of bitcoin and blockchain development. There may be no such thing as an international wire but this approach gets pretty close.

Stretching the retail financial institution’s (FI) mission beyond checking account and debit card management is on that industry’s agenda. It’s what fires the imagination of fintech entrepreneurs too because retail financial services is an industry in need of creative, expansive approaches to accountholder services. Not every idea catches fire but fortunately there are those willing to light a match.

This Payments on Fire podcast looks at Sensibill, a digital receipting and data repository service for FIs. Join Glenbrook's George Peabody and Sensibill’s CEO and co-founder Corey Gross in this discussion of how an FI can help its accountholders turn digital receipts into data far more useful than what’s on a statement or that piece of paper stuffed into a purse or wallet.

Machine learning and the broader category of artificial intelligence are rightly attracting attention and discussion. These are powerful technologies. But, like many new technology conversations, there’s the suggestion that they can address all use cases.  

Maybe focusing on a single use case is the better approach right now. Join Glenbrook’s George Peabody and Nuno Sebastiao, Chairman and CEO of fraud management firm Feedzai, in this refreshing discussion about the role of machine learning in fraud management, some of its limitations, and how services like these fit into an enterprise’s fraud and risk management operations.

Digital identity is the black hole of the internet. Our online lives simply aren’t protected by a system without strong authentication. Killing the password is Mission One for security professionals because they’re so readily stolen through phishing attacks and malware. Users, warned to make passwords complex and unique, have no hope of remembering them. And a password is simply one factor of secure authentication. Biometrics and data, when used in combination, can relieve password fatigue and, for the relying party, increase security substantially, bringing some light to that dark place on the internet.

We talk with MasterCard’s biometrics and authentication leader, Bob Reany, about where biometrics work and the intersection of device-based tools with what the cloud provides through Big Data, particularly device profiling and behavioral analytics. Your fingerprint’s not just for unlocking the phone anymore.

Chargebacks are one of the card system’s great consumer benefits. If fraud happens, the merchant doesn’t deliver on what was promised, or you’re charged six times for something you bought just once, the chargeback mechanism returns your money or restores your credit. What’s not to like? Well, if you’re a merchant, a lot. While there are plenty of legitimate chargebacks, there are also consumers who take advantage of the system through “friendly fraud,” the “I didn’t do it” chargeback category abused by all too many.

Chargebacks are expensive for merchants. There’s a chargeback handling fee from the acquirer. There’s the cost of disputing the chargeback. There’s the cost if, at the network’s discretion, the merchant loses the chargeback. And then there’s the small matter of the cost of the goods or services. Take a listen to this audio primer on chargebacks with Glenbrook’s George Peabody and Chargeback’s CEO Dave Wilkes. Hear how they work, what the trends are, and how Chargeback assists merchants in the chargeback dispute process.

This episode of Glenbrook’s Payments on Fire podcast comes from the Shoptalk conference, mid-May 2016. Focused on the entire customer engagement cycle, the attendees are all about influencing consumer behavior, the processes of moving customers through that cycle, about making some portion of enterprise IT work more smoothly, or, yes, even about payments.

Take a listen to my conversations with start-ups Tuku (in-store digital content delivery), Belly (in-store loyalty), Bold Financial Technologies (payout management for Treasury) and established fintech provider ACI Worldwide.

Payments industry professionals naturally have a hard focus on the industry’s own dynamics. So, it’s not uncommon to lose sight of who the customer is and who pays the freight. In retailing, yes, the consumer pays, but payments is a direct cost to the merchant. With all of the changes underway in the U.S. payments landscape, merchants now view payments as a complex, strategic element of their business, both as a way to drive new sales as well as a cost component to be tightly managed.

To learn what’s top of mind for a large scale retailer, take a listen to Dean Sheaffer, SVP of Financial Services at Boscov’s Inc., the U.S.'s largest family-owned department store. In this Payments on Fire podcast, Dean addresses payments as a sales tool (Dean and his team have upped usage of the Boscov private label card to 40% of tender!), payments and data security, and the potential of Faster Money.

Extension of credit to people in developing markets has been a long time challenge. Banks, of course, look to repayment history to make such determinations but in much of the world, banking relationships and repayment track records are few. But history has demonstrated that extension of credit in developing markets can be effective and profitable. Just look at the Grameen Bank’s high micro-loan repayment rates.

To address this repayment data dearth, Lenddo.com developed a lending data set in multiple developing countries, having gone into the lending business just to generate the data it needed to tune its machine learning capability. Lenddo then built its algorithms that examine some 1,000 characteristics in the data drawn from social, mobile, and other sources. This Payments on Fire podcast with Lenddo.com’s founder Jeff Stewart takes a look at lending in developing countries, social and mobile data sources, and examines the algorithmic "black box" that is at the heart of the company’s approach to making credit decisions in "thin file" markets.

The world of moving money is changing. And faster is the theme. Domestic real time payment systems are showing up across the planet. Today's discussion is full of bitcoin, open and permissioned blockchain approaches to speed asset exchange. But the competitive balance between proprietary and open systems is in flux.

The view that moving money is or should be an internet-wide capability is a guiding principle for Jeremy Allaire, founder and CEO of Circle. Take a listen to Jeremy on how Circle is connecting US dollars to British pound sterling, his plans for the euro, and how multiple technologies - blockchain and machine learning among them - enable money movement for Circle's customers.  

The Smart Card Alliance has been educating payments, government, and security professionals since 2008 on the fundamentals of smart card technology and how smart cards are put work across a range of use cases. In this Payments on Fire podcast, Randy Vanderhoof, Executive Director of the SCA and the EMV Migration Forum, talks about the organization’s training programs, their evolution and the establishment of the new National Center for Advanced Payments and Identity Security, an expansion supported by a grant from Heartland Payment Syhttps://www.heartlandpaymentsystems.com/stems.

Talking with Randy is always refreshing. He lays out the important elements of payment security and speaks directly about how they interrelate. Hardware-based security is always at the core of his mission but he’s well up on the expanded use of data and mobile devices in authentication and payments security.

Blockchain. Is it the most revolutionary technology in value exchange ever or just the latest fintech buzzword enjoying its peak on the hype cycle? Or both? These young techniques are undergoing swift evolution, going from bitcoin and money transfer into new use cases such as identity management.

There’s still truth in the cartoon’s joke that, online, no one knows you’re a dog. The challenge goes beyond discerning hacker activity from the permitted. It’s also about the release of just the data necessary to satisfy the needs of both parties in a transaction - and no more. How much better that would be than sharing a full suite of personally identifiable information when simply asking the question “are you over 21?”

Take a listen to my discussion with Matthew Commons, CEO, of Cambridge Blockchain on how his company’s blockchain-based approach can be used to address one of the internet’s remaining fundamental concerns. You’ll also learn about the state of play in this new stage of permissioned blockchains.

Anyone even vaguely conscious during Sunday afternoon football games has seen adverts for Visa Checkout, that shopping cart checkout assistant the card network is encouraging everyone—cardholders, issuers, and merchants—to adopt. Visa is not alone. MasterCard’s MasterPass and American Express Checkout are similar product offerings all meant to add convenience and security to the merchant’s checkout flow.

These checkout assistants—you could even stretch the definition a bit and think of them as wallets—use the payment tokenization specification from EMVCo. But as products from competitive networks, each has unique attributes, never mind its own APIs specification.

Glenbrook’s Russ Jones takes us for a pretty deep dive into how these tools work. And the benefits they provide to merchants especially in mobile commerce. Russ has been under the hood and this is a report on what he’s found.