Are You Ready for Cardholder Transaction Alerts?

Are You Ready for Cardholder Transaction Alerts?

Quite a few issuers around the world already offer transaction alerts to their cardholders. They find them a helpful tool to reduce fraud, reduce false positives (i.e. unnecessary card declines), and strenghten their engagement with customers.

However, in a few months, this will no longer be optional for issuers in the US. Effective October 14, 2016, Visa is mandating all the US issuers to offer their cardholders an option to enroll into transaction alerts. In other words, customers still have the opportunity to decide whether to use the alerts or not, but the issuers must make the option available to them. The mandate applies to consumer Visa credit, debit and reloadable prepaid cards; currently, commercial cards and non-reloadable prepaid cards are exempt. MasterCard has similar requirements – dual brand issuers also must comply by October 2016; MasterCard-only issuers have until April 21, 2017. Importantlly, unlike EMV deadline, which was a liability shift, these are real mandates which the issuers must comply with.

Alerts via email or SMS are the easiest but also the most basic option. In our view, issuers should look beyond the "compliance" requirements and take the opportunity to deploy notification, alert and control platforms that are integrated into their channels of customer engagement, such as mobile banking or payment apps. Advanced solutions in this space offer a range of alert delivery options, as well as ability for consumers to control their cards (e.g. turn off their use for certain transactions, such as e-commerce) and deliver other types of notifications, such as various offers.

Issuers must decide how they will be delivering the service. They can develop it in-house, deploy a third party solution or rely on their processors to offer the service on their behalf. The networks also offer their own solutions. In fact, in order to pursue any of the above options, the issuers had to notify Visa by April 29 this year that they wish to opt out of Visa-branded alerts service.

Visa itself offers a few alternatives and has just announced this week a "Visa Digital Commerce App, an issuer-branded mobile commerce solution that enables financial institutions to offer their own mobile app to customers with valuable card management services." In addition to the card management features, including the alerts, the issuers can also build HCE-based contactless payments into their apps. While a number of large US issuers (e.g. Capital One, Wells Fargo) have either launched or announced their HCE-based wallets, Visa's offering should help increase adoption of cloud-based payments and issuer-branded apps with contactless payment functionality.

Of course, there are a number of other vendors offering card control platforms or tokenised cloud payments, as well as processors with their capabilities. As an issuer, you have to make sure your choice fits your broader payments strategy. Whatever the decision, you have to make sure you can offer your cardholders the option to receive alerts by October.

Looking back on Money 20/20

Looking back on Money 20/20
Last week my colleague Dan Latimore and I were at Money 20/20, which in four short years has become a “must attend” event in payments and Fintech. I’ve been there at the very beginning and it has been exciting to watch it grow from about 1,000 of us in the first year to over 10,000 this year. Congratulations to the Money 20/20 team for this incredible achievement! And thank you to all of those who took time out of their busy schedules to meet with us. As I was reflecting back on the last week, I realised that it’s no longer possible to take in all of Money 20/20. In the first year, even with parallel session tracks, you could absorb a lot of what was happening “by osmosis”, just walking the floors of Aria. As the event grew and moved to a much more spacious Venetian, somewhat paradoxically, the experiences got more individual, depending on which sessions and keynotes you attended, which booths you visited and which people you met. Here are some of my key takeaways:
  1. Perhaps the biggest and most talked-about announcement of the show was Chase Pay and its partnership with MCX. Chase is developing a wallet that will be available to all of its 94 million cardholders to use in-store, in-app and online. The wallet is not planning to use NFC at the POS, with QR codes set to be a most likely method, and as a result will be available on any smartphone device, irrespective of its operating system. On the merchant side, Chase is offering a fixed fee processing which will make merchant costs more reliable and predictable with an opportunity to “earn it down” based on volume. Partnership with MCX gives Chase Pay access to the largest merchants in the country. In addition to a stand-alone app, Chase Pay will also be available as a payment option inside CurrentC, the wallet that MCX has been piloting in Columbus OH, the results of which were presented and greeted with a tentative applause during another keynote at Money 20/20.
  2. Mobile payments market in the US is only getting more complex, with Apple Pay, Android Pay and Samsung Pay already there, more “Pays” on the way (e.g. LG Pay), and now Chase Pay and revived expectations of CurrentC. Make no mistake – while most “pays” look similar, they offer a different customer experience (e.g. how to trigger payment, where it is accepted, etc.) and require issuers to adapt their processes to each of them. At the show, I picked up strong signals from issuers that they want to have more control over digital payments and are looking at various options, including HCE wallets, to achieve that.
  3. The Tokenisation panel was one of the best sessions I attended with panelists from the networks, issuers, merchants and processors sharing their views how tokenisation is going to evolve. It includes tokenisation for cards-on-file and e-commerce transactions (both Visa and MasterCard announced tokenisation of their Checkout and MasterPass wallets respectively), new approach to 3D Secure, introduction of Payment Account Reference (PAR) – a non transactable ID that ties together all the tokens, and tokenisation for DDAs which The Clearing House is working on. According the panelists, tokenisation is the much-needed “abstraction layer” that will be a “foundation for the next 20 years of innovation.”
  4. Biometrics are entering mainstream, with FIDO alliance laying the groundwork for how to deploy biometrics for authentication. Sorting through a myriad of biometrics providers and approaches (e.g. fingerprints, hands, voice, eyes, etc.) is a headache and eventually, it will be consumers that will decide which approach works best for them. FIDO alliance delivers a standard irrespective of what the consumers choose. Looking into the future, the panelists envisaged a behavioural approach where the providers use a number of data points to constantly verify that the user behaviour is consistent with a typical pattern and authenticates automatically in the background, a process called “ambient authentication.”
  5. Conversations about cryptocurrencies have matured enormously over the last 12-18 months. The focus is now very clearly on blockchain technology and how the financial services industry can best deploy it. A number of exciting partnerships are emerging in this space, from TD Bank and RBC working with Ripple on domestic and cross-border P2P payments as well as more efficient transfers between subsidiaries, to Nasdaq’s partnership with Chain, to the R3 consortium. Perhaps the most exciting demo I’ve seen was Visa’s connected car experience, where the driver could review the new leasing document on the screen, sign it, register it on a blockchain and drive off. Time will tell if this is how we will be getting to drive cars in the future, but it only shows the opportunities out there.
Finally, I’ve been asking others at the show what they thought were the key themes. Interestingly, two themes came up very consistently – innovation and focus on customer experience. The latter manifests itself in so many different ways, from making it easy and intuitive for consumers to pay to solving very specific merchant problems, whether it’s around acceptance and security (Verifone, Ingenico, Poynt), conversion rates (BlueSnap, Affirm), lending (PayPal, LendUp) or seamless integration of payments into the overall proposition (Stripe, First Data). The third theme seemed to be a little more contentious. Some said it was all about disruption, while others talked about collaboration. I actually agree with both – to me they are two sides of the same coin. The disruption in FS is real, but many find that the way to deal with it is through collaboration. Few, if any, have talked about demolishing the world as we know it today; instead, all are focused on how to make it better. I know I only scratched the surface here. For example, there were also some very interesting announcements about domestic P2P/push payments such as Early Warning buying clearXchange, Dwolla partnering with CME Group, and The Clearing House working with Vocalink. And companies like Earthport, PayCommerce and Ripple are making an impact on cross-border payments. But as I said, it’s impossible to take it all in, and no write-up can do full justice to Money 20/20 – you just have to be there… See you next year in Vegas or perhaps even in Copenhagen at Money 20/20 Europe!

Musings from the airplane

Musings from the airplane
I am not writing this literally on the plane, but I might well be – this is a conference season, so many of us are on the road. My colleagues have already been blogging from SIBOS, Finovate, Finnosummit and other events. I wanted to share my own observations from the events I attended. EMV, tokenisation, mobile, Blockchain – these were just a few major themes discussed in depth in Las Vegas at PayThink. This used to be known as ATM, Debit and Prepaid Forum and remains THE event to go to discuss these topics in the United States. It is organised by PaymentsSource and chaired (for the last 12 years!) by Tony Hayes, my colleague and Partner at Oliver Wyman. Thank you to the organisers for inviting me to moderate a panel on lessons learned from cards platform transformations, and many thanks to my panelists – senior executives from FIS and e-Global for sharing their insights. We talked about the drivers forcing processors and issuers to upgrade their processing platforms, such as growing transaction volumes and types, need for flexibility and speed when adding new products, and how the processing proposition changes. Processors are now moving away from out-of-the box to componentised solutions, are changing how they package and price their services, and are re-thinking the business terms how to engage with clients. When working with software vendors, our panelists stressed the importance of “soft aspects”. Of course, the technology matters and must meet the requirements to get you on the short list. However, often it will be your people that will win or lose you the deal – flexibility and commitment they demonstrate during proof of concept and other advanced stage interactions are often major factors when clients make a final decision. Last week I was in Lithuania, the country I grew up in and left over 20 years ago… I go back every year, but this was the first time I went there as an analyst. The Central Banks of Lithuania and Sweden jointly organised a conference on the role of Non-Banks in the Payments Market. I was kindly invited to join the panel to discuss “what’s in the future.” As our clients know, our view at Celent is that the disruption in banking is real and that, as a result, banking will change, however, banks will not disappear. Of course, some of them will, but others will adapt, and some of the today’s non-banks will become banks. The challenge for all is how best to manage that tension and the ongoing evolution of the industry. In between travels, I also published a new report on tokenisation, a hot topic in the industry at the moment. The speed of tokenisation evolution in the last 12-18 months has been remarkable, and there are no signs of slowing down. Celent clients can access the report here. Finally, it’s not long before we board the plane to go back to Vegas to Money 2020. The meteoric rise of this event has been absolutely amazing – fours years ago there were about 1,200 of us; this year, the organisers expect 10,000! My colleague Dan Latimore and I will again be there as well. My diary is already full, but if you are a client and would like to say hello, do reach out to your account managers and we’ll do our best to meet up. With everything going digital, the physical handshake remains as important as ever! Safe travels!

Viewing mobile payments strategy holistically

Viewing mobile payments strategy holistically
As the one year anniversary of Apple Pay approaches, banks have to make more decisions about their mobile payments strategy. Android Pay launched in the US a few days ago, and Samsung Pay is expected to be available there soon as well. Should a bank just stick with Apple Pay or enable their cards with all the “pays?” Should they consider alternative options, such as their own HCE-based, or depending on the market, even SIM-based NFC solutions? The answer is that banks have to view their mobile payments strategy holistically. Apple Pay, good as it is, is only available for the latest iOS devices, and only for in-store and in-app payments. Android ecosystem offers more choice: Android Pay, Samsung Pay, HCE and SIM for NFC, but what about P2P and other payments? Barclays in the UK announced this week that it will be launching its own version of mobile payments for Android-based phones. Barclays was a notable absentee when Apple Pay launched in the UK, and are forging ahead with Pingit and bPay wearables. As a result, some view this latest move as yet another indication that the bank “appears to be adopting a go-it-alone strategy with its roll-out of mobile payments, preferring to retain the primary contact with the customer rather than providing the rails for interlopers like Apple, Google and Samsung to hitch a free ride.” I wouldn’t read too much into it. Barclays has since said that it would support Apple Pay at some point in the future. In my view, Barclays is doing what all banks should do – think about mobile payments holistically, i.e. how they will support mobile payments across different platforms and use cases (e.g. in-store, in-app, P2P, etc.). Yes, Android Pay has been launched in the US, but it’s not yet available in the UK. Yet HCE technology has given banks around the world an opportunity to launch their own branded NFC solutions for Android, irrespective of whether Android Pay is available in their market or not. Rather than waiting for Android Pay or Samsung Pay to come to the UK, Barclays is joining the growing list of banks such as BBVA in Spain (read the case study of BBVA Wallet, our Model Bank winner here), RBC in Canada (who were granted a patent for their Secure Cloud payments earlier this month), and others that are taking a proactive stance in developing mobile offerings for their Android user base. I have a new report coming out soon that covers key digital payments issues, such as Android Pay and tokenisation in more detail. Watch this space!

Apple Enters Payments

Apple Enters Payments
Yesterday Apple announced entering the payments space with Apple Pay, a new way to pay in physical stores and mobile apps. The move was not unexpected – the question of when and how Apply would do something in payments was subject to much speculation in recent months. At Celent we also published a report in March this year called Apple in Payments: What to Expect? Yesterday, we got the answer. Details of the announcement can be found here. In this blog I would like to focus on some of the key highlights of the solution and consider its chances of success. As we predicted in March, Apple did NOT launch an open wallet available on all mobile devices, including those using Android and Windows operating systems. Instead, Apple focused on providing a seamless payments experience for customers using Apple’s own hardware devices. In fact, those devices are only limited today to the newly announced iPhone 6 models and the Apple Watch. We can only assume that any future iPad models will also have this capability, as otherwise Apple would be shooting itself in the foot in the m-POS market. Our report also discussed that Apple was going to make use of its relevant assets, namely access to card details registered at iTunes, Passbook app, Touch ID and biometric customer authentication, iCloud keychain, AirDrop and iBeacon. The first three are indeed at the heart of Apple Pay’s proposition. However, I was surprised to see no mention of iBeacons, especially given their potential synergies with payments. P2P payments capability is also currently missing. Again, I would expect we will hear more from Apple on both of those topics. We thought that Apple would start with payments facilitation online before entering physical stores. However, yesterday’s solution addresses both areas immediately. Also, we thought that Apple might want to leverage NFC technology, but would implement it differently from traditional NFC contactless payments. Indeed, Apple Pay uses NFC in a very different way – instead of storing actual card details, Secure Element on the new iPhone only stores a token associated with a card. The payments transaction requires combining that token with a dynamic security code generated for each transaction and a biometric customer authentication based on Touch ID. This approach also turns card provisioning on its head – instead of starting with banks and TSMs, it starts with the customer who can take a picture of the card and have it “tokenised” immediately (assuming it is issued by one of the participant banks.) It is interesting to note that when Google Wallet launched, they were not going take any cut on the payment transaction, but were seeking to make money from transaction data. Apple claims not to see any of the transaction data, which would alleviate major concerns for both merchants and issuers. However, it also begs the question of how Apple intends to make money from this service. One view is that they won’t. However, although unconfirmed, there are rumours that the issuers will be paying Apple up to 25 bps for each transaction. Some speculate that Apple, confident on the security of its approach, has promised issuers to take on some of the transaction risk. Others argue that Apple can pull it off because of its size and importance, perceived or otherwise. Which brings us to a number of questions:
  • How easy will it be for Apple Pay to scale? The announcement talked about the issuers who agreed to participate as well as merchants that will be able to accept the service. But what kind of pre-existing relationships are required between Apple and issuers and merchants for the system to work? Clearly, issuers will need to be able to handle tokenised transactions, although that perhaps can be done by 3rd parties on their behalf. However, if they also need to negotiate the commercials, the enrolment process is likely to be more onerous. For merchants, my understanding is that any merchant capable of accepting contactless should be able to accept Apple Pay; however, online and in-app merchants would have to integrate Apple Pay into their checkout experience.
  • How will the merchants react? On one hand, Apple and its market clout can set the standard for the industry providing a much needed direction to merchants where to invest. It also helps that the approach is aligned with EMV migration in the US and any new terminal that the merchants install should be capable of accepting Apple Pay transactions. However, other questions remain, such as:
                    – How will MCX react? MCX just recently announced their own payments wallet, CurrentC; most of the big MCX merchants were notably absent from the list announced by Apple. Can MCX afford to boycott Apple? Can Apple Pay be successful without MCX merchants?                     – What will it do to merchant transaction economics? US merchants have been enjoying reduced debit interchange rates and ability to decide how to route the transactions. Apple Pay is likely to tilt the balance back towards credit transactions. And how will the routing choice for debit work in the tokenised Apple solution?
  • How will the consumers react? Clearly, the early demos show a very slick user experience, as we have grown to expect from Apple. However, without any additional bells and whistles, will it be enough to convince the consumers to reach for their mobile phones instead of their cards when paying? Sure, Apple’s approach is more secure than a mag stripe transaction, but will consumers understand the nuances of tokenisation or will they rather remember the nude pictures stolen from iCloud? In Europe, these arguments are even weaker – many consumers already enjoy the benefits of EMV and the speed and convenience of contactless (card) transactions.
So, how significant is this announcement? Time will tell, and it’s not going to be an overnight success. Consumers will need to get the new phones, and while there are 800 million or so iTunes accounts, about 25 million of them are in the US and eligible for an upgrade next year. Merchants in the US will need to install and switch on contactless. And Apple will need to go internationally, where it enjoys a much smaller market share. Having said that, it is clearly good news for mobile payments, paving the way forward for new payments technologies such as tokenisation and biometric authentication. And after all the failed and floundering mobile payments initiatives, this is surely a cause for the industry to be cautiously optimistic.