First thoughts on marriage between Visa Inc. and Visa Europe

Today Visa Inc. announced it would be acquiring Visa Europe, subject to regulatory approvals. The press release is here; the executive team also held an investor call earlier today – the recording and the presentation are here. The deal was widely expected, and so should not be a surprise to anyone who follows payments. Still, it poses a number of questions, such as, for example, how effective the combined entity will be in dealing with intricacies of the European market, and whether this would lead to the Europeans calling (again) for a new separate pan-European card scheme. It’s true the European payments market has unique dynamics in terms of regulation and competition, both in cards and in payments more broadly. PSD2 will have profound effects on the existing market players, including Visa. Depending on the final interpretations, some provisions such as scheme and processing separation requirement might introduce undesirable complexities to the integrated Visa. However, I am sure none of this news to Visa’s management and they must have a plan for how to deal with the regional challenges. Visa has committed to maintaining a strong European presence, including an “empowered European leadership team and in-country resources”, “local data center”, and “differentiated country and regional strategies.” Furthermore, the potential synergies are real – a more consistent product set and fewer duplicated efforts should help Visa drive innovation and move to digital on a global basis.​​​ Visa also said it was planning to incur up to $500 million of integration-related costs over the next 4-5 years, most of which would go towards integrating Visa Inc. and Visa Europe systems. In the past, I have seen on occasions Visa Europe appealing to European banks by playing up its ownership structure in Europe and contrasting it to the global approach of MasterCard. This argument is now gone – both networks will be global commercial entities. Would this re-open calls for a pan-European card scheme? I had a look at this issue a few years ago in the Celent report, “In Search of a Third European Card Scheme” and concluded that it was “time to move on.” I still stand by that conclusion today; in my view, it has always been a politically motivated initiative, with no particularly clear business rationale. When “plastic” was the main/ only form of electronic payment, it at least made more sense to consider various options. Now, the world is changing rapidly, as digital payments and real-time networks between bank accounts emerge. Let’s hope that the European banks will find better use for their financial windfall from this transaction than trying to create a new pan-European card network. Given the original “put” option, it was always more a question of “when” rather than “if”. Congratulations to Visa team for deciding to move forward with the deal. P.S. Stay tuned for my reflections on last week’s Money 20/20; I was planning to post those today as well, but Visa’s deal prompted a number of inquiries, so wanted to offer a few thoughts on that first.

Towards an OS/device-based mobile wallet

Over a year ago, we published a 2014 edition of our annual Top Retail Payment Trends Report (2015 edition is here), in which we distinguished between app-based wallets – majority of mobile payments solutions in the market at that point – and device-based wallets. We suggested that payments would become ever tighter integrated into the device and the operating system (OS) and that we will see the emergence of device-based wallets, “which store securely on the phone a token associated with payment credentials, which can be discovered and summoned as needed by any app or a site reached via mobile browser.” Then Apple Pay came along and demonstrated to everyone the beauty of a payments solution tightly integrated into the OS and the device itself. There is no separate wallet app; customers can configure the solution via the Settings page and store their cards in Passbook. And the token of the credentials can be summoned for an in-store or an in-app transaction. Apply Pay raised the stakes for everyone in mobile payments. The challenge for Google is that the Android ecosystem is nowhere near as tightly controlled as Apple’s. Yet, in the last couple of weeks, we’ve seen a few interesting moves that indicate steps towards OS and device-based wallets in the Android ecosystem. First, Samsung, the leading Android device manufacturer acquired LoopPay, which uses Magnetic Secure Transmission (MST) technology to enable mobile payments at the existing POS devices. Then, Google announced it was buying Softcard’s technology. Finally, the news just emerged that Google would be launching Android Pay at its Google I/O conference in May. LoopPay’s wallet today requires additional hardware, such as phone cases or fobs. I am convinced that Samsung will seek to get away from that and would integrate the technology into its devices. The big question is – why continue to invest into “mag-stripe technology,” and isn’t it a step backwards? It certainly feels that way, although I don’t think it indicates Samsung’s shift away from NFC; my view is that this is a pragmatic move recognising that even with EMV migration underway, the US will continue to accept magstripe-like transactions for the foreseeable future. After all, Visa has also invested in LoopPay back in the middle of last year. The big question with Google’s purchase of Softcard’s IP is whether Google would go back to SIM-based secure element, now that the mobile operators would finally play ball. My guess is that it won’t. HCE gives everyone more flexibility, and leverages the investments the issuers and networks have been making into tokenisation. Visa just announced yesterday that it has been partnering with FIs around the world to enable HCE-based digital services. HCE is also what would enable Android Pay, which would allow third parties to build in payments features into their apps, either for in-app or in-store purchases. Instead of going back to SIM-based SE, I suspect Google will make use of Softcard’s loyalty functionality and will gain access to the MNO distribution networks. According to the announcement, Google Wallet will come pre-loaded on the handsets sold by the operators, which I assume will get paid a distribution fee. As various solutions get tighter integrated into device hardware and operating system, it will be interesting to watch how they would co-exist. Could the latest Samsung Galaxy device support a PayPal app with biometric authentication, LoopPay, Google Wallet and Android Pay without at least confusing the customer? Or are the two giants in the Android ecosystem on the collision path here? Clearly, there is no respite from interesting developments in mobile payments. I am sure we’ll see another wave of interesting announcements next week at Mobile World Congress in Barcelona. I had the privilege to serve as a judge for GSMA Global Mobile Awards, and I am certainly looking forward to the ceremony and the rest of the Congress. I’ll make sure to blog my impressions when I am back. In the meantime, drop me a note if you would like to meet in Barcelona next week.

The Networks’ Support for HCE Breathes Life Into NFC Payments

In my report on Top Trends in Retail Payments published a few weeks ago, I wrote the following paragraph: “Of course, doubts remain over HCE. For example, the payment schemes are yet to clarify on whether they will deem the security and performance of the technology acceptable. However, we view it as a positive development. Inexplicably, HCE was being described by some as the “NFC killer.” Yes, if successful, it might indeed kill the SIM-based business model (and have a negative impact on Trusted Service Managers), but it might actually breathe life into NFC and contactless payments.” The developments this week removed some of those doubts. Both Visa and MasterCard announced their support for Host Card Emulation (HCE) technology, paving the way for banks to offer NFC-based secure payments without relying on the secure element inside the phone. HCE reduces the need for banks and telcos to cooperate, thus helping overcome the business model challenge. However, approval and recognition from the networks was a critical pre-requisite to the technology’s success. Networks executives stressed that it is not an “either/ or” situation and they will continue to support the “traditional” SIM-based secure element solutions. As such, it doesn’t immediately change any of the established ventures, such as Isis, but it certainly makes it easier for others to take an alternative path. I would expect HCE to be important in Europe, which already is further ahead than the US in terms of deploying contactless terminals. European banks have been issuing contactless cards, and HCE will make it easier for them to make use of that infrastructure for mobile payments as well. Having said that, HCE technology is only available on Android, so iOS devices continue to be excluded from these developments at least for now. It will be interesting to see what Apple does in payments. I plan to publish a short report soon speculating on how Apple might enter payments more aggressively – keep an eye on it!

Changes Ahead at Visa?

When Visa restructured in 2007-2008, Visa USA, Visa Canada, and Visa International were merged into the new public company. Visa Europe became a separate company owned by its member banks. An article in Wall Street Journal this week claimed that the European banks were ready to sell their stake in Visa Europe back to Visa Inc. I am not in the position to comment on the validity of that claim, but our clients have been asking for our views, so I wanted to post a few observations:
  1. The option of merging back Visa Inc and Visa Europe has always been on the table, and it has long been the question of “when”, not “if”.
  2. Visa Europe’s separate processing infrastructure and various regulatory concerns are among a number of factors that would make a quick deal unlikely. A number of options could be considered for ownership of various assets of Visa Europe, and careful negotiations would likely take place before any deal is struck.
  3. The article seemed to imply that the banks would use the funds to set up a rival system in Europe. I would argue that it would be an extremely difficult and probably unnecessary thing for them to do. Even if the deal were to happen, Visa payments system will continue to be available for banks in Europe, just like MasterCard has been, even though it opted for a global model since the IPO. Also, there have been multiple attempts to create a “3rd card scheme” in Europe, but none of them have succeeded so far and, as I suggested in my report on the topic last year, it’s time to move on. In my view, given the current economic climate and the latest developments in payments, the European banks would have better uses for the proceeds of sale than to try and set-up an alternative cards network.
  4. Each ownership structure has its own advantages, but one of the effects of the IPOs on Visa and MasterCard has been their increased ability to buy other companies and strike partnership deals improving their competitiveness.
  5. While the integration of the two companies would naturally cause a degree of disruption, a unified Visa would arguably be better placed to compete and innovate on a global scale.
While the buzz is on the potential deal with Visa Europe, other interesting changes are already hapenning at Visa Inc. For example, an agreement between Visa and JP Morgan Chase to launch Chase Merchant Services has potentially far-reaching implications. Under the agreement, the new platform powered by Visa would process Chase-issued Visa cards acquired by Chase Merchant Services, a situation known in the industry as an “on-us” transaction. Visa’s network is most valuable when it processes and “sees” the transaction, but “on-us” transactions have typically been processed outside of VisaNet. The customised solution would enable services that may not be available to the open-loop network, benefiting Chase and their cardholders and merchants. At the same time, Chase is planning to shift additional credit and debit card volume to Visa, driving more transactions on the Visa network. It remains to be seen whether other similar deals would take place and what the broader impact on the card acquiring market would be, but it is clear that Visa is changing to the extent that would have been difficult to imagine in the old “bank association” days.

The Relentless Drive of Payments Innovation

I just came back from three weeks of being on the road. I ran a workshop on merchant-funded rewards at Merchant Payments Ecosystem event in Berlin, presented on mobile payments at Celent’s own (and very successful!) Insight and Innovation Day in Boston last week, and managed to squeeze a holiday on the snow in between. While I was away, there were a lot of interesting news and announcements in the mobile payments space, particularly last week at the Mobile World Congress in Barcelona. As I was catching up on all the latest developments, I wanted to share a few announcements that especially caught my eye. 1. MasterCard introduced MasterPass, the “future of digital payments.” According to the company, MasterPass is “a digital service that allows consumers to use any payment card or enabled device to discover enhanced shopping experiences that are as simple as a click, tap or touch – online, in-store or anywhere”, and represents an evolution of PayPass Wallet Services, itself announced only last year. At first glance, MasterPass appears to be a solution to bridge the chasm I was describing between online and offline payments in my recent digital wallets report. While the initial focus remains on e-commerce and online/ remote transactions, MasterCard was apparently demoing how MasterPass can be used for proximity payments with QR codes on posters and even TV. Naturally, MasterCard will want to make sure it also works well with PayPass contactless to be a truly universal solution, but the direction is definitely encouraging. 2. Visa introduced Visa Ready Partner Program “designed to accelerate the introduction of innovative payment solutions globally and further drive the global migration from cash to electronic payments.” The program has two main components: the existing program for the approval of mobile NFC-enabled devices, and a new one for Mobile Acceptance (mPOS) Solutions. Ingenico’s ROAM is the first partner to participate in the mPOS solutions program. However, it was the announcement of a new deal between Visa and Samsung under the NFC program that I found particularly interesting. Future NFC-enabled Samsung phones will come with Visa’s PayWave applet and pre-certified to work with Visa’s payment system. Another important feature is the new NFC integration allowing banks and others to launch mobile payment services using Visa’s new Mobile Provisioning Service to download payment account information to the devices. This has the potential to simplify the existing complex process of provisioning payment accounts to secure elements, one of the barriers for widespread NFC adoption today. 3. Bankinter in Spain also announced a new way to circumvent secure element hassle for mobile NFC payments. Their customers will need an app on their NFC-enabled phones, and then, instead of using a secure element from a handset manufacturer or network operator, the customer will temporarily download virtual one-time use replicas of their physical credit or debit card every time they make a payment. The service was developed with Visa Europe, Net1 UEPS and Seglan. While such a solution clearly puts the bank in control of mobile payments, it relies on ubiquitous network connectivity and ability to download a virtual token before a payment can be made, which may not be practical in all circumstances. There were more news in the start-up world, from Stripe entering the UK to PayPal co-founder Max Levchin launching a new payments venture Affirm focused on streamlining the mobile checkout process. All of which only confirms that there is no respite when it comes to innovation in mobile payments.

Good Week for the Olympics (But Not For Everyone There)

London Olympics are in full swing, and so far it’s been a tremendous success. I thought the opening ceremony was absolutely breathtaking – it was creative, ambitious, beautiful and yet so different from everything else we’ve seen. After Beijing, most people said it would be difficult to surpass the sheer scale and grandeur of that opening ceremony. London organisers knew it and so they didn’t even try it, starting instead with peaceful images of rural England and running through the rich history of Britain, from industrial to digital revolution. There were plenty of worries before the Games that the infrastructure (e.g. transport system, security) would struggle to cope with the influx of athletes, spectators and officials. Many firms asked their employees to work from home (most of us at Celent already do anyway). However, the concerns so far proved to be overestimated and London has been running smoothly. The sport itself continues to thrill, offering a full scale of emotions from pride and joy for the medal winners to drama (e.g. competitors “ganging up” against Mark Cavendish, a favourite to win a cycling race) to shame (e.g. badminton players getting disqualified for deliberately losing matches). It’s also inspiring a new generation of future athletes – my own children (almost 5yrs and 2.5yrs) are wowed by almost everything they’ve seen on TV, from the equestrian events to diving, swimming and basketball. I also heard a kid on the radio saying that he would like to compete in the future Olympic cycling, “you know, the one with bikes, not the one where you sort out the rubbish into different bins”, he added helpfully 🙂 However, not everyone associated with the Olympics enjoyed the last week. The decision to make Visa the only accepted payments brand at the Olympics, continued to attract criticism. The Times, one of the largest newspapers wrote: “The sponsors, of course, are highly visible in the park and the one that emerges as early favourite for the gold medal in mean-spirited pettiness is the payments company Visa. Every commercial outlet and even every cash dispenser bears a sign saying it is “proud to accept only Visa”. They may be proud; everyone else will be annoyed.” That decision was really put to test when card payments failed at one of the events at a Wembley stadium and people could only pay cash (so much for the “cashless Olympics”!) It doesn’t necessarily mean that the failure had anything to do with the Visa network; in fact, Visa blamed “Wembley management”, but the incident clearly did not help the Visa’s brand. There were more bad news from Visa in Europe, when the EC commission had another go at Visa Europe and its credit card interchange fees. Encouraged by the court’s recent decision over MasterCard’s fees, the EC clearly feels the time is right to re-open its ongoing battle with Visa. At Celent we have long questioned the wisdom of regulators to keep pushing against the interchange fees in various markets. It looks like the lawyers and lobbyists at the schemes will continue to be busy.

Payments and the London Olympics

It’s less than two weeks until the opening ceremony of the Olympic Games. The Olympic spirit is already in the air in London with all sort of preparations entering their final stages. A section of M4, a major motorway connecting the West of the UK with London was closed for a few days last week causing havoc – all to make sure it can cope with the increased traffic from Heathrow. No doubt, London will be ready to welcome thousands of athletes and guests that will be arriving from next week. If only the weather would be more welcoming as it’s been a terrible summer so far – chilly, rainy and windy… There has been an increased interest from our clients and press in the Olympics-related payments topics as well. Is Visa right in monopolising payments for the Olympics? Will all those who receive Samsung Galaxy S III NFC phones to try out new NFC payments be aware of the potential security risks? And why were the ambitious plans to upgrade the London transport infrastructure to accept NFC delayed? Indeed, as a worldwide sponsor of the Olympics, Visa is investing heavily in payment innovations, such as NFC and contactless and promoting its brand. The Olympic tickets could be paid for only with a Visa card – not that big of a deal in the UK, as most UK debit cards are now issued under Visa brand, but I imagine, a bit of a nuissance for those in other countries who may not have a Visa card. Most recently, the press reported Visa requesting that the existing ATMs in the Olympic Village, which would have accepted all Link cards, were switched off and replaced with eight new machines which would only accept Visa cards. While no one disputes Visa’s right to certain privileges as a major sponsor, it is arguably not the most elegant way to endear your brand to the users. Also, Visa and Samsung, another worldwide Olympics sponsor, have started distributing 1,000 Samsung Galaxy S III NFC phones with a Visa payments app to key stakeholders and decision makers for use during the Olympics. All POS terminals at the Games will be able to accept Visa PayWave contactless payments and the distribution of phones is expected to help promote wider adoption of NFC and contactless services. Those with a chance to try out the new app are reporting favourable first impressions. However, there was also a lot of buzz around a recent blog from McAfee, a security software firm, which (perhaps not that surprisingly) warned about the potential security risks, particularly if the hackers used the so-called “fuzzing” technique. My personal view is that while these risks are real, the organisers are busy making sure they address much bigger and more immediate security concerns around the Olympics. It’s only natural that many people will find their own relevant angle to the Olympics. However, I am sure London 2012 will not be remembered for what it did or did not do for payments. Lets hope it is remembered for all the right reasons – sportsmanship, passion, spectacle and lasting legacy. Let the games begin and lets enjoy them!

Some Facts About Data Breach at Global Payments

Last Friday, the press began reporting about a major data breach at Global Payments, a large US card processor. As always in the early stages of such events, there were plenty of rumours and speculation with various sources reporting stolen card numbers to be as low as 50,000 or as high as 10 million. This morning, as I write this, Global Payments is holding a conference call to provide us all with more information. So, this is what we have directly from the company:
  • Up to 1.5m cards records “may” have been affected;
  • The incident is contained to North America only;
  • Only Track 2 data has been taken (not Track 1 data and not customer name, address, etc.);
  • Visa removed Global Payments from a PCI compliance list;
  • The incident does not involve any merchants, ISOs or customers and occurred on some “local servers” at Global Payments;
  • Due to the ongoing federal investigation, the company can’t be specific about timelines, but did confirm that “about 3 weeks ago” it discovered that some card data “may have been taken” and immediately contacted federal law enforcement agencies and the schemes;
  • Customers are “encouraged to be vigilant”. Also, the company is setting up an information site for consumers which should be operational later today:
The trading of Global Payments shares was suspended on Friday and the full impact on the company remains to be difficult to estimate at this stage. However, the executives on the call remained positive and stressed that the company:
  • Continues to process all card transactions, including Visa;
  • Is working with the schemes and other parties to address the situation; “~100 people are working on this”;
  • Intends to get its ROC (Record of Compliance) back “as soon as it is humanly possible”;
  • Will continue with its planned investments in other areas, but also will “spend even more on security” going forward;
  • Expects to come out stronger and more experienced as a result, and believes that their customers will recognise this.
Data breaches are unpleasant, dangerous and costly. They are also a fact of life. In our most recent payment trends report, we called retail payments security as an important focus area for 2012. As commerce environment gets more complex (online, offline, mobile, etc.) and as access points to payments proliferate, security issues are only getting more complex. What are your thoughts on how best to ensure payments security in the digital age?

Which Way for Debit in Europe?

I recently published a report titled “In Search of a Third European Card Scheme: Time to Move On,” in which I claimed that most of the initiatives aimed at establishing an alternative to Visa and MasterCard were unlikely to deliver a viable solution any time soon. I also said that the arguments for having such a scheme in the first place are simply no longer there. Some arguments never really stacked-up to begin with, and others are being destroyed by the emergence of new technologies (e.g. mobile) which provide stiff competition to the card schemes in a different way. The report seemed to strike a chord with many, as it generated a lot of interest from clients, press and others in the industry. It was interesting to see vindication of these ideas at a conference I attended in Barcelona last week, Cards and Payments 2012, organised by the Axiom Grouppe. I chaired Day 1 and also presented on payments innovation. We also heard from Visa Europe on the progress of its V Pay product and a very interesting case study from Luxembourg, one of the latest examples of a trend of banks in a given European market deciding to shut down their local debit scheme and migrate their debit portfolio to a different product. Banks in Luxembourg did exactly that during 2011 – decided to stop supporting bankomat, their local debit scheme, and migrate to V Pay instead. They said they did a thorough investigation of various available options and found that none of the potential contenders for an alternative scheme could deliver on their requirements. Conferences such as this are also a great reminder (if one was needed) of the diversity of Europe. For example, V Pay is based entirely on chip and PIN with no magstripe compatibility. In other words, it doesn’t work at non-EMV POS terminals or ATM’s. Personally, I would be mortified if I couldn’t use my debit card to withdraw cash in the US or anywhere else in the world, as I would be charged an arm and a leg by my credit card issuer if I made a cash advance on a credit card. Many Europeans pay annual fees for their credit cards, but get different services, such as cash withdrawal allowances as part of the package. They are quite happy to know that they have a very secure debit card for their day-to-day needs across Europe and rely on credit cards elsewhere. V Pay has been designed to be a debit product exclusively for Europe right from the outset. However, it’s relatively modest progress (16.6m cards issued, 68.9m cards committed almost 5 years since launch) only serves to higlight the difficult, and often political, decisions banks have to make when determining the future of debit for their market.

Applauding Visa’s Plans to Accelerate EMV Adoption in the US

Yesterday Visa announced its plans to accelerate EMV adoption in the US. A confluence of factors, such as some of the US merchants and issuers making independent moves towards EMV, as well as accelerating developments around mobile payments, helped Visa decide that the time to act is now. It is the first time that a major cards network has thrown its weight behind the EMV debate in the US, and I think it is a very important development. For those of us in Europe already used to EMV, the announcement had a number of familiar tactics and incentives to ignite the industry-wide migration, such as:
  • Expanding the Technology Innovation Program (TIP) to Merchants in the U.S. effective October 1, 2012. TIP eliminates the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75 percent of the merchant’s Visa transactions originate from chip-enabled terminals;
  • Establishing a Counterfeit Fraud Liability Shift for domestic and cross-border counterfeit card-present point-of-sale (POS) transactions, effective October 1, 2015 with fuel-selling merchants given an additional two years to comply.
However, there were some very important differences:
  • Visa is not forcing the US to migrate to Chip and PIN, a standard currently used in Europe. Instead, the migration to chip is intended to lay the foundation for dynamic customer authentication. While PIN is undoubtedly more secure than signature, both tools suffer from being static authentication methods, which, if compromised, will lead to security breaches. Dynamic authentication means that new data is generated for every transaction, making it less valuable to steal card data and thus boosting security. Visa re-iterated its intent to support signature and PIN authentication methods globally, but also stated its expectations that their use will diminish over time and be replaced by dynamic authentication technologies.
  • Visa insists on the rollout of terminals able to support both contact and contactless chip acceptance, including NFC-based mobile payments. In fact, unlike in Europe, only such terminals will qualify for the TIP incentive. By doing so, Visa creates the conditions to solve the “chicken part” of the “chicken and egg” connundrum of NFC mobile payments.
In my opinion, Visa should be applauded for:
  • asserting industry leadership;
  • thinking strategically and proposing a pragmatic and forward-looking solution;
  • proposing specific and realistic dates (SEPA rule-makers, take note!)
  • creating incentives for the migration to happen.
Nevertheless, I suspect this will generate a lot of debate in the industry. No doubt, some will argue that given the economic uncertainty and Durbin implementation, the industry already has enough on its hands at the moment. What do you think? Will Visa’s decision be enough to move the needle? How will the issuers, merchants and the other schemes react?