Are You Ready for Cardholder Transaction Alerts?

Are You Ready for Cardholder Transaction Alerts?

Quite a few issuers around the world already offer transaction alerts to their cardholders. They find them a helpful tool to reduce fraud, reduce false positives (i.e. unnecessary card declines), and strenghten their engagement with customers.

However, in a few months, this will no longer be optional for issuers in the US. Effective October 14, 2016, Visa is mandating all the US issuers to offer their cardholders an option to enroll into transaction alerts. In other words, customers still have the opportunity to decide whether to use the alerts or not, but the issuers must make the option available to them. The mandate applies to consumer Visa credit, debit and reloadable prepaid cards; currently, commercial cards and non-reloadable prepaid cards are exempt. MasterCard has similar requirements – dual brand issuers also must comply by October 2016; MasterCard-only issuers have until April 21, 2017. Importantlly, unlike EMV deadline, which was a liability shift, these are real mandates which the issuers must comply with.

Alerts via email or SMS are the easiest but also the most basic option. In our view, issuers should look beyond the "compliance" requirements and take the opportunity to deploy notification, alert and control platforms that are integrated into their channels of customer engagement, such as mobile banking or payment apps. Advanced solutions in this space offer a range of alert delivery options, as well as ability for consumers to control their cards (e.g. turn off their use for certain transactions, such as e-commerce) and deliver other types of notifications, such as various offers.

Issuers must decide how they will be delivering the service. They can develop it in-house, deploy a third party solution or rely on their processors to offer the service on their behalf. The networks also offer their own solutions. In fact, in order to pursue any of the above options, the issuers had to notify Visa by April 29 this year that they wish to opt out of Visa-branded alerts service.

Visa itself offers a few alternatives and has just announced this week a "Visa Digital Commerce App, an issuer-branded mobile commerce solution that enables financial institutions to offer their own mobile app to customers with valuable card management services." In addition to the card management features, including the alerts, the issuers can also build HCE-based contactless payments into their apps. While a number of large US issuers (e.g. Capital One, Wells Fargo) have either launched or announced their HCE-based wallets, Visa's offering should help increase adoption of cloud-based payments and issuer-branded apps with contactless payment functionality.

Of course, there are a number of other vendors offering card control platforms or tokenised cloud payments, as well as processors with their capabilities. As an issuer, you have to make sure your choice fits your broader payments strategy. Whatever the decision, you have to make sure you can offer your cardholders the option to receive alerts by October.

Viewing mobile payments strategy holistically

Viewing mobile payments strategy holistically
As the one year anniversary of Apple Pay approaches, banks have to make more decisions about their mobile payments strategy. Android Pay launched in the US a few days ago, and Samsung Pay is expected to be available there soon as well. Should a bank just stick with Apple Pay or enable their cards with all the “pays?” Should they consider alternative options, such as their own HCE-based, or depending on the market, even SIM-based NFC solutions? The answer is that banks have to view their mobile payments strategy holistically. Apple Pay, good as it is, is only available for the latest iOS devices, and only for in-store and in-app payments. Android ecosystem offers more choice: Android Pay, Samsung Pay, HCE and SIM for NFC, but what about P2P and other payments? Barclays in the UK announced this week that it will be launching its own version of mobile payments for Android-based phones. Barclays was a notable absentee when Apple Pay launched in the UK, and are forging ahead with Pingit and bPay wearables. As a result, some view this latest move as yet another indication that the bank “appears to be adopting a go-it-alone strategy with its roll-out of mobile payments, preferring to retain the primary contact with the customer rather than providing the rails for interlopers like Apple, Google and Samsung to hitch a free ride.” I wouldn’t read too much into it. Barclays has since said that it would support Apple Pay at some point in the future. In my view, Barclays is doing what all banks should do – think about mobile payments holistically, i.e. how they will support mobile payments across different platforms and use cases (e.g. in-store, in-app, P2P, etc.). Yes, Android Pay has been launched in the US, but it’s not yet available in the UK. Yet HCE technology has given banks around the world an opportunity to launch their own branded NFC solutions for Android, irrespective of whether Android Pay is available in their market or not. Rather than waiting for Android Pay or Samsung Pay to come to the UK, Barclays is joining the growing list of banks such as BBVA in Spain (read the case study of BBVA Wallet, our Model Bank winner here), RBC in Canada (who were granted a patent for their Secure Cloud payments earlier this month), and others that are taking a proactive stance in developing mobile offerings for their Android user base. I have a new report coming out soon that covers key digital payments issues, such as Android Pay and tokenisation in more detail. Watch this space!

Towards an OS/device-based mobile wallet

Towards an OS/device-based mobile wallet
Over a year ago, we published a 2014 edition of our annual Top Retail Payment Trends Report (2015 edition is here), in which we distinguished between app-based wallets – majority of mobile payments solutions in the market at that point – and device-based wallets. We suggested that payments would become ever tighter integrated into the device and the operating system (OS) and that we will see the emergence of device-based wallets, “which store securely on the phone a token associated with payment credentials, which can be discovered and summoned as needed by any app or a site reached via mobile browser.” Then Apple Pay came along and demonstrated to everyone the beauty of a payments solution tightly integrated into the OS and the device itself. There is no separate wallet app; customers can configure the solution via the Settings page and store their cards in Passbook. And the token of the credentials can be summoned for an in-store or an in-app transaction. Apply Pay raised the stakes for everyone in mobile payments. The challenge for Google is that the Android ecosystem is nowhere near as tightly controlled as Apple’s. Yet, in the last couple of weeks, we’ve seen a few interesting moves that indicate steps towards OS and device-based wallets in the Android ecosystem. First, Samsung, the leading Android device manufacturer acquired LoopPay, which uses Magnetic Secure Transmission (MST) technology to enable mobile payments at the existing POS devices. Then, Google announced it was buying Softcard’s technology. Finally, the news just emerged that Google would be launching Android Pay at its Google I/O conference in May. LoopPay’s wallet today requires additional hardware, such as phone cases or fobs. I am convinced that Samsung will seek to get away from that and would integrate the technology into its devices. The big question is – why continue to invest into “mag-stripe technology,” and isn’t it a step backwards? It certainly feels that way, although I don’t think it indicates Samsung’s shift away from NFC; my view is that this is a pragmatic move recognising that even with EMV migration underway, the US will continue to accept magstripe-like transactions for the foreseeable future. After all, Visa has also invested in LoopPay back in the middle of last year. The big question with Google’s purchase of Softcard’s IP is whether Google would go back to SIM-based secure element, now that the mobile operators would finally play ball. My guess is that it won’t. HCE gives everyone more flexibility, and leverages the investments the issuers and networks have been making into tokenisation. Visa just announced yesterday that it has been partnering with FIs around the world to enable HCE-based digital services. HCE is also what would enable Android Pay, which would allow third parties to build in payments features into their apps, either for in-app or in-store purchases. Instead of going back to SIM-based SE, I suspect Google will make use of Softcard’s loyalty functionality and will gain access to the MNO distribution networks. According to the announcement, Google Wallet will come pre-loaded on the handsets sold by the operators, which I assume will get paid a distribution fee. As various solutions get tighter integrated into device hardware and operating system, it will be interesting to watch how they would co-exist. Could the latest Samsung Galaxy device support a PayPal app with biometric authentication, LoopPay, Google Wallet and Android Pay without at least confusing the customer? Or are the two giants in the Android ecosystem on the collision path here? Clearly, there is no respite from interesting developments in mobile payments. I am sure we’ll see another wave of interesting announcements next week at Mobile World Congress in Barcelona. I had the privilege to serve as a judge for GSMA Global Mobile Awards, and I am certainly looking forward to the ceremony and the rest of the Congress. I’ll make sure to blog my impressions when I am back. In the meantime, drop me a note if you would like to meet in Barcelona next week.

The Networks’ Support for HCE Breathes Life Into NFC Payments

The Networks’ Support for HCE Breathes Life Into NFC Payments
In my report on Top Trends in Retail Payments published a few weeks ago, I wrote the following paragraph: “Of course, doubts remain over HCE. For example, the payment schemes are yet to clarify on whether they will deem the security and performance of the technology acceptable. However, we view it as a positive development. Inexplicably, HCE was being described by some as the “NFC killer.” Yes, if successful, it might indeed kill the SIM-based business model (and have a negative impact on Trusted Service Managers), but it might actually breathe life into NFC and contactless payments.” The developments this week removed some of those doubts. Both Visa and MasterCard announced their support for Host Card Emulation (HCE) technology, paving the way for banks to offer NFC-based secure payments without relying on the secure element inside the phone. HCE reduces the need for banks and telcos to cooperate, thus helping overcome the business model challenge. However, approval and recognition from the networks was a critical pre-requisite to the technology’s success. Networks executives stressed that it is not an “either/ or” situation and they will continue to support the “traditional” SIM-based secure element solutions. As such, it doesn’t immediately change any of the established ventures, such as Isis, but it certainly makes it easier for others to take an alternative path. I would expect HCE to be important in Europe, which already is further ahead than the US in terms of deploying contactless terminals. European banks have been issuing contactless cards, and HCE will make it easier for them to make use of that infrastructure for mobile payments as well. Having said that, HCE technology is only available on Android, so iOS devices continue to be excluded from these developments at least for now. It will be interesting to see what Apple does in payments. I plan to publish a short report soon speculating on how Apple might enter payments more aggressively – keep an eye on it!

Top Trends in Retail Payments: A New Celent Report Is Out

Top Trends in Retail Payments: A New Celent Report Is Out
Last week we published our annual report on Top Trends in Retail Payments, which looks back at 2013 and calls out the main themes to watch for in 2014. In 2013 we observed interesting developments in each of the four dimensions defining the battleground for mobile payments – see the chart below. Starting with customer interface, we are seeing the rise of mobile apps from retailers and service providers. These apps focus on adding a digital layer over service provision with seamlessly integrated payments capability. We call this trend “contextual payments” – recognising that customers engage in a broad set of activities and ensuring they are able to pay in any context, while acknowledging that the actual service provider is likely to offer a richer digital experience and customer interface than a generic open payments wallet. Trends chart One of the effects of contextual payments is the increased willingness of banks to consider enabling all types of payments directly from the bank accounts rather than cards, either by building “push” solutions or deploying APIs to expose banking services and enable account access from retailer and other apps. While there has been no breakthrough in the adoption of NFC-based contactless payments in 2013, the emergence of host card emulation (HCE), might just breathe life into NFC and contactless payments by enabling banks and other providers to host credentials in the cloud while making use of the phone’s NFC interface but bypassing secure element owners. However, in our view BLE and Beacons will play a much more important role in marketing than they will in payments. Celent clients can download the report here. If you are interested in hearing me discuss these and other trends in more detail, please join me for a webinar on February 13th – more details here.