New payment methods in a global world?

In recent years, we have seen a lot of innovation in the payment space. It’s not just cash, credit card or cheques anymore. You pay for your coffee with your contactless card or mobile app.  You do some cross-channel shopping; standing in a shop looking at a product and then using your phone to buy it online and get it delivered. You might pay hands free at your favourite fashion shop or take a cab ride without even needing your wallet.  Or you send some money to a friend via GMail.

Most of the new brands and payment methods we have seen focus on the way payments are made by the consumer or how merchants can accept new forms of payments. And most of them are or were to be the next big thing in the payment industry. But are they really?

While the way we shop and pay has changed, in the background things seem to still work the same way. Most of these new forms of payment will require you to create an account and – surprise, surprise -  register with your credit card details. Then you will either load some money onto your account, or the money spent on the account will at some stage be charged to your card. Sometimes you can also choose a domestic form of payment for this, for example the Lastschriftverfahren in Germany with PayPal. So while the front end, the POS, is addressed with very creative and good solutions, the nitty-gritty of the actual transferring of money is not.   We still rely on good old credit cards.

Simply put, what is electronic payment at the end of the day?  It is transferring money from account A to account B. This is easy if you know which account to transfer to and if you are in an authenticated environment (e-banking). But as we all know, looking at this from a POS or consumer’s perspective, this is one of the major issues in payment.  A vast number of consumer banks and a vast number of merchant banks need to be connected in some way. This issue was addressed elegantly by the card schemes. Their network connects all these entities which keeps them alive and makes them part of these new payment methods.

Now, if you have ever spent more than a few months living in different countries, you will know that banking is something very domestic (except if you have a lot of money, then you might have a different experience). You cannot open a bank account if you do not live in the same country as the branch where the bank is located. And if you move abroad for a longer time, the bank might charge you a lot because you live abroad. The same applies for merchant banks.  Most likely a merchant can only open a bank account in the country where it is located.

So, returning to my original topic of new forms of payment, I have not yet seen a payment method that solved this problem. Either they are domestic, or they use the rails of the card schemes to solve this problem. Even worse, many of the new payment methods work only in the country they were first launched (e.g. Gmail Send Money only works in the U.S.).

There are several reasons for this.  Rules and regulations that differ in different regions and countries, proprietary bank interfaces and the cost of integrating them, banks not willing to support a payment method they do not benefit from and so forth. This is the big value of the card schemes and funnily enough is also one of the original problems they wanted to solve.

I am very excited about many new methods of payment, and from a consumer perspective the points I made above are not that important. However, for the payment industry the big innovation would be to overcome this dependency on the card schemes. A payment method that will truly replace credit cards will have to work all over the world.

I think we have only seen the first steps in this changing world of payments. How difficult will it be to overcome dependencies on the card schemes?

Please share your thoughts on this, we appreciate it.

 

Paypass, Paywave and Expresspay, a nightmare for developers

We have been developing contactless EMV level 2 kernels since two years for the various payment schemes, and I must admit: it is a nightmare. There are obstacles everywhere. One of the biggest issues (or stupidities) is, that Visa, Mastercard and American Express cannot agree on a common specification. Not to mention the totally different certification processes. Under these circumstances, what does EMV stand for?

Maybe we start from an earlier point in EMV history. In the early days EMV was standing for Eurocard, Mastercard and Visa to develop a worldwide common standard to process card payments. That really worked well in the contact (chip card) environment. There is one specification and one certification process. EMV recommends to take around 18 month time to develop and certify a contact kernel. The certification is good for Visa, Mastercard and Amex. Perfect. That way, everybody can calculate their development cost plus around euro 50’000 for test tools and certification fees. Something between 200’000 and 400’000 Euro is a normal value.

With NFC things changed. Visa, MaterCard and Amex have their own implementation specifications for the EMV Level 2 contactless kernel. Also the certification cannot be done at one single place. You must do a certification for each kernel at an accredited certification laboratory. As you can imagine you also need several test tools to be able to prepare for certification. Now you can recalculate the cost for development and certification for a contactless kernel. Just multiply everything by three. Ok, that might be a bit exaggerated, but you will face double the cost as for a contact kernel, for sure.

But know, since the contactless stuff is still in a pre-birth (embryonic) state, things like specifications, test tools and certification processes change a lot. To give you an example: with the Expresspay Contactless Kernel we had to pass around 500 test cases. After we were down to 5 unpassed tests, we received a new version of the test tool that sent us back to around 300 unpassed tests. That means they fixed over half of their tests? This game went on three times until we had a test tool that was ok and free of bugs. Annoying or nightmare-ish. Or think of developing Paypass 2.1 versus Papass 3.0. This is basically a totally new specification and you can almost redevelop everything from scratch to pass the 3.0 certification. This multiplies the cost by 3 or 4 times, for sure.

And why do we have to do this? To process maybe one percent of all the transactions contactless? That’s a lot of pain and a very small gain.  I hope the industry is not starting to hate NFC before it starts. Or; does NFC really start or will it be a stillborn child of some technology freaks?

I would love to see some comments of fellow developers or card scheme people. Maybe we did everything wrong or we have a lot of suffering friends out there. Please drop a comment.

 

 

Visa plans to accelerate acceptance/use of EMV cards in U.S.

EMV Deployment Map (September 2010)

In Summer 2011 Visa announced plans to accelerate the acceptance and use of EMV cards throughout the U.S. EMV cards are also known as IC or Chip cards. This announcement was no surprise as EMV has been a long accepted standard through Europe and Asia. However, to make the entire network EMV ready requires all the participants in the market to adapt their systems. Chip cards will need to be issued, the acquirer/processors must adapt their host systems and the terminals at the POS will need to be replaced.

Accompanying the announcement Visa published a road map stating the following:

  1. Visas Technology Innovation Program (TIP) will be expanded into the U.S., effective October 2012.
    This means Visa will waive the annual validation of a merchant’s PCI/DSS compliance, as long as at least 75% of the merchant’s transactions originate from dual-interface EMV terminals. Dual-interface terminals are terminals that can process contact and contactless EMV transactions.
  2. All participating acquirer/processors have to make their systems EMV ready by April 2013.
  3. Visas global POS Counterfeit Liability Shift Program will be extended into the U.S., effective October 2015 (two years later for petrol merchants).
    This program will transfer the liability for fraud originating from non-EMV transactions to the acquirer/processor, and as a result to the merchant as seen in other countries.

This plan clearly focuses on two goals:

  1. Reducing fraud.
  2. Setting the benchmark for NFC based card acceptance (for example; contactless payment by card or mobile phone).

In recent years the U.S. has been an easy target for fraud. In 2008, fraudulent transactions made up 0.04% or USD 8 billion of the complete U.S. turnover of credit card transactions. Card numbers are being stolen all across the world and used in the U.S. to commit fraud. The predominant number of magstripe POS terminals makes this a relatively easy way to commit fraud. With the adoption of the liability shift program one large fraudulent region will be eliminated, as seen in other countries that already run the program. Once this has been achieved, the question remains: Where will the fraud move next? Until chip cards are used worldwide, magstripe fraud will remain a global problem.

Interestingly, the liability shift program is a sweet deal for Visa as it will instantly and largely increase the points of acceptance for NFC based cards. Conversely, it will be a cost intensive change for the merchants as it forces them into changing their POS infrastructure into dual-interface EMV terminals. This sets the ground for Visas contactless program Pay Wave and for mobile payment. Google already provides a nice solution with its wallet, where the phone emulates an NFC payment card.

This is where we believe it gets really interesting. In contrast to Europe where cardholder authentication through PIN is usually required, Visa aims for an online / non-PIN model in the U.S. which will pave the way for contactless transactions. Wave the card and that’s it, no PIN entry required. Issuers and acquirer/processors will be happy with this, as it lessens the costs and complexity on the card and the terminal.

In contrast to all of this, one can see an increasing market for “easy” magstripe transactions. Square, amongst others, provides an easy way for merchants to accept magstripe cards. Up to April 2011 Square has seen USD137M total flow. These payment solutions target small businesses and make it very easy to accept credit cards as a merchant. Common to all these solutions are high transaction fees for the merchant and the full risk of chargebacks. What some people might not know is that Visa invested in Square. There seems to be a two way strategy in pushing the mid and large size businesses into accepting contactless EMV cards and enabling small businesses to accept credit cards on their full risk. Clearly a winner for Visa! But what do they actually do for it?

In the longer term magstripe transactions will disappear. Issuers will simply stop issuing magstripe cards. This has already started in some Eastern European countries. The main reason is fraud, but also because there is new technology that makes cards obsolete. The “card” itself might not be a “card” anymore, but a mobile phone, key fob or all sorts of mediums carrying the chip. While it may take several years to fully implement, it is interesting to wonder how small businesses will be targeted.