New Ventures in Financial Services

Focus on Payments and Mobile

Posts Tagged ‘visa

3DS: Collaborative Path to Failure

leave a comment »

Very good paper on card fraud systems and the “collaborative path to failure” posted by Bruce Schneier. I trust you have read this one already.. .wow…
 
http://www.schneier.com/blog/archives/2010/02/online_creditde.html
 
http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf
 
I won’t foget a meeting I had with Paul Baker, Mastercard’s global product head for MasterCard Secure Code (MA’s version of 3DS). When we told him that it was broken and not working and detailed the fraud that was getting through his response was “we just defined the standard, it is the issuers job to implement it correctly“, and that MA thought the requirements were “adequate” but “implementations were not”.
 
So the networks go to merchants with updated agreements, and incent them with discounts of up to 50bps, to adopt new (broken) standards, in turn they obtain a “liability shift” for CNP transactions. Banks like HSBC and Citi saw their fraud losses skyrocket from nothing (as they did not bear loss in a CNP transaction) to $10M+/mo. The issuing banks then began to “dial down” the approval threshold for all transactions (consumers transactions were being declined to manage fraud loss). What a terrible consumer experience… many lessons on “collaboration”. Networks must take ownership for integrity of the system.. although both Visa and MA have Payment Systems Integrity groups, individual banks a left with informal coordination methods to find source of data compromises.. In the states collaborative bank entities like Early Warning are taking the lead.
 
I hope to see a change of attitude by Visa/MA, because if they don’t take ownership of risk and integrity other networks will emerge.
 
– Tom
Advertisements

Written by tomnoyes

April 21, 2010 at 4:52 pm

Posted in Uncategorized

Tagged with , , , , , , ,

Apple’s NEW NFC Patent

with one comment

10 April 2010 (updated 14 April)

I’m still reading through the 243 page patent application… but this is exciting… not just because Apple is taking such an aggressive, broad approach.. but because Visa, MasterCard, ATT, … are also about to “pull the trigger” on some very substantive efforts. As a consumer I know that where there is competition… I win!

From a “payments perspective” Apple looks to be expanding the “iTunes wallet” to support NFC: either as an aggregated payment account (apple as issuer), or an “unaggregated” iTunes Prepaid Card model. In the aggregated model, someone like JPMorgan Chase may be the underlying bank and could provide Apple with an average margin of up to 150bps of TPV. This assumes that the NFC interchange holds at 300-350bps as Merchants are not jumping for joy in current pilots (see BestBuy).

In the “iTunes wallet as prepaid card” model Apple’s NFC revenue would be equal to TPV of ACH payments times the average interchange between POS transactions and other (ex P2P) transactions. Given that iPhone customers are rather Savy, I believe they will quickly educate themselves on the stronger Reg Z consumer protections associated with bank cards (as well as the existing rewards programs) keeping Apple’s interchange revenue suppressed to less then 20-50bps of POS TPV. We should not compare Apple to a “PayPal” as the transaction economics will be much different, given PayPal’s role as both issuer and acquirer. Also note that NFC value proposition is focused at the physical POS.

This is not to say that this will be a marginal business for Apple, in fact my view is the opposite, the real revenue streams to apple will not be from “interchange” but from advertising as  iAD provides the “Yang” to the NFC’s “Ying”. Creating a new payment ecosystem means having incented partners. The timing on Apple’s iAD and NFC developments are not accidental, my belief is that they are part of a very solid mCommerce expansion strategy. (note that the iTunes wallet is clearly evident from patent diagram 5A above).

My guess is that JPMorgan Chase and/or BAC will be a launch partner here, specifically on the “googlization” of financial services (see previous blog). The banks have a tremendous amount of data which can be monetized if consumers give permission. Both BAC and JPM have very aggressive exec teams focused on driving new business models. My guess at a value proposition: Consumer accepts a bank disclosure allowing use of your card data for mobile marketing (x ads per month), in return consumer receives rewards/ discounts/ offers.

On the iAD side, Apple will coordinate  iAD mobile advertising, banks provide “propensity to buy” information (for registered consumers) to Apple’s marketing engine, Apple will manage campaigns and share click revenue with banks. The revenue stream for Apple is in mobile advertising, developing a new ecosystem which will create a “win-win” for: consumers, banks and merchants, and Apple’s application development community.

Beyond near term NFC payment at the POS, many questions will arise on the openness of Apple’s NFC API within the iPhone architecture. Will Apple try to lock the wallet? If it is open Apple may loose control of the ecosystem as other “channel masters” emerge. Beyond payment at the POS, NFC/RFID has many applications.. from opening a door at a college campus.. to a price check on the RFID tag of  a new HDTV. I can’t imagine the strategy discussions going on in the Valley this week “What do we build”….

My messages for the start up community:

  • Better to ride a wave then create your own. Find a way to add short term value in this new ecosystem. Visa/AT&T are far ahead in coordinating a launch of products.
  • Network effects: volume, intelligence, routing, expand nodes, …
  • The iAD revenue stream. Find a way to become part of it. Integrating existing marketing programs (ex. NFC on a subway billboard).
  • Beyond the POS to mCommerce/physical confluence. How can you drive sales or store traffic? (ex. will apple integrate an RFID reader?)
  • Supporting banks. Example. Look at page 4 of patent application, taking an image of a credit card/check. How will a bank use this to make an authorization decision?
  • International. Apple has a tendency to design for US markets… what will it take to localize?

Apple’s approach to controlling its ecosystem is not perfect, but is the right thing to do early stage as both technology and consumer behavior evolve (I remember my Apple IIe). Right now my bet on “mobile wallet” is with Apple precisely because of their ability to orchestrate such an extended ecosystem. This is going to be hot, within the US there are currently 3 major competitive teams:

  • Apple (likely with JPM/BAC)
  • ATT/Visa/First Data (possible that they are aligned w/ Apple)
  • Citi/MasterCard (NFC Stickers)

Comments appreciated

Written by tomnoyes

April 12, 2010 at 3:51 pm

Posted in US

Tagged with , , , , ,

Tyfone/First Data

with one comment

27 March 2010

When I evaluate companies, I look at the team first, business focus second and technology/platform third. Tyfone has one of the best technical teams in the NFC business led by Siva Narendra. Their product IP is just tremendous, resulting in a hardware platform that is in production and ready for market (a 5 year effort).

Tyfone’s micro-SD card is both NFC and MiFare (ISO 14443) compliant, meaning that in one device I “could” pay at every NFC POS reader AND go through every public transit (Oyster, Octopus, …) system. In other words, I buy this Micro-SD card, put it in my blackberry’s slot and now can wave my blackberry across POS terminals to pay a merchant and wave my blackberry on the UK Tube turnstile. “Could” is the operable word here as each payment network (including “closed loop” transit networks) holds the key to certification (and acceptance).

Tyfone’s partnership with First Data is key to addressing both Visa certification AND the 6 party fur ball which surrounds NFC. Why do I love these guys?

  • Team
  • IP
  • Hardware
  • Partnership
  • Flexible business model

Their competitors are: QCOM, handset manufacturers, bladox, …etc and perhaps (at the low end) NFC “sticker” providers like INSIDE. The “battle” in NFC is very complex as it extends into authentication, provisioning, device silicon, standards, certification, IP, POS … etc.  Obviously much heavy lifting remains to be done here, but my prediction is that the winner will be driven by a stellar team that is able to form the right alliances, with enough capital to ride through the storm. Their top challenge will be to stay focused on revenue generating opportunities and ignore (politely) the 100s of banks and transit teams looking to test their hardware.

The VISA/ATT NFC effort should kick start First Data in their role as Trusted Service Manager. I hope that my ATT store will be selling the Tyfone cards soon.. because I will certainly buy one.

Written by tomnoyes

March 26, 2010 at 1:21 pm

Posted in mobile payment

Tagged with , , ,

SquareUp – Take 4

with 3 comments

27 January 2010 (updated 4March)

www.squareup.com

Venture Beat – SquareUp

New note from VentureBeat yesterday. Jack has certainly assembled a who’s who of angels. Given that these investors are proven winners I’m trying to guess whether they have “bet on the right horse” or have a plan that I’m not privy to (ex PayPal buyout). If it is the later, my educated guess is that prospects will let this bake for a few years before getting serious. There are too many issues which must be addressed for serious acquisition money to chase a customer convenience play.  Some of which I attempt describe below.

I understand that Jack’s vision for the company is to provide payment services to “craigslist” customers as the market place which will drive volume (an attempt to mimic the paypal/eBay synergy). His story is that everyone has a card in their pocket.. and merchants want to leverage this instrument without the burden of becoming a merchant in the network sense.

Of course Jack is competing with Cash and Checks in this pattern.. much different than the remote Card Not Present (CNP) world which PayPal attacked. I must say that many of my colleagues do not share my negative views on Square, and it has led to some very good conversations.  I certainly agree that issuers want SquareUp to succeed (read: interchange), and Square does have a very nice application, however my strong views are:

  1. There is no compelling consumer or merchant driver. Square will find that changing consumer payment behavior is much more challenging than social networking,
  2. Third party payment aggregation at POS is a moving out of favor with respect to network rules
  3. Fraud rates will be very high (see skimming video below) and bank issuers have ability to shut them down through authorization
  4. Volume will be low (merchant costs, competing methods of payment, charge back rules, …) and business will take at least 4 years to build (with sustained marketing).
  5. Competing bank/MNO sponsored “handset based” payments will overtake this approach in 2-3 years.

PayPal excelled because it addressed a clear gap in payments in a new marketplace where a 4 party system (merchant, consumer, merchant bank, issuing bank) could NOT adapt. This 4 party group, combined with the network and regulators, proved to be ineffective in responding to the “change” presented by online marketplaces.  PayPal did much heavy lifting, building “new rails” to manage merchants.  These eBay merchants were a well organized community which collaborated (generally speaking) and shared best practice. There was a REAL business problem in these pre-PayPal days..

Comparatively Square’s “Craigslist community” is not well organized, and the square payment method is competing with well entrenched behavior (check/cash, a 2 party system) in a person-person sale dominated by checks and cash. What is the problem that Square is attempting to address? My belief is that it is a convenience play, which will have  a much different adoption (and profitability model) then PayPal’s.

Top card issuers would love to see SquareUp succeed in order to drive cards (interchange revenue) further into cash replacement. However network rules (like PCI and merchant agreements) exist for a reason. Square’s approach to lowering the barrier for merchants (a valid market need) risks payment system integrity. In other words, the existing card merchant agreement process represents the rules by which the 4 party system has agreed to. If we take the SquareUp model to the extreme, what will stop every business from ditching their merchant agreement and start using square?  What benefits do acquirers/issuers and network have in supporting this model? Is the potential revenue upside for interchange (in cash replacement) vs. downside in fraud and lost revenue (merchant fees)?

SquareUp is acting as a third party payment aggregator (TPPA), a model which banks have adapted to since their experience with Paypal creating significant new rules and constraints (both ACH and Card). The network PCI rules (and certification process) for devices storing card information are also quite cumbersome, and require sponsor for certification. Perhaps this is why Square’s current customer agreement states:

You are responsible for all electronic communications sent to us or to any third party containing Account Data.

The acquirer that takes this on will likely have a few headaches when the first major craigslist merchant starts using the device to skim and resell card information (among other things). There is a reason for PCI compliance and for my “securing” my physical card and CVV. I can’t wait to see Square’s Payment Services Agreement (PSA). Operationally, the issuer’s have control over card authorization through systems like HNC’s Falcon or SAS Raptor. This means that if SquareUp is found to have contributed to a data loss, or has a high number of fraudulent transactions (see link) customer would see their card transaction declined, or the network (Visa/MC) would shut SquareUp down.

The great thing about the PayPal model is that the customer funded the account after agreeing to terms. In Square’s model, consumers are unregistered, Square is acting as an agent of the merchant. For Square’s investors, there is atypical risk which they will see through “unique” bonding/insurance requirements from the acquirer.  Just as with any company, Square will face unlimited liability associated with loss of consumer information (think TJX). To get an idea for potential mis-use see you tube video below.. crooks invest quite a bit in technology here… will SquareUp make it easier for every iPhone owner to become a skimmer?

The challenge any analyst has in assessing strategy is information. Given Square’s potential to drive electronic payments, either a card acquirer or PayPal interested … certainly a partner capable of managing the remote risk. If I were interested in acquiring, I would certainly let Square burn money gaining adoption,  changing consumer behavior, gaining approval from the networks, finding an acquirer and learning to manage the fraud issue… then if they are successful join in. At GartnerGroup we would call this approach  a  “late follower”. There is no revenue in this business for 3-5 years… my guess is that competing technologies like NFC will step all over this by that time… at least I HOPE SO!

Previous/Related Posts

https://finventures.wordpress.com/2009/12/02/squareup/

http://tomnoyes.wordpress.com/2010/01/26/usregs/

Written by tomnoyes

March 2, 2010 at 6:23 pm

Monitise – Loss widens

leave a comment »

16 Feb 2010

http://www.guardian.co.uk/business/marketforceslive/2010/feb/16/2

MONI.L Global strategic alliances with Visa and over 1.75MM registered consumers in over 200 banks could not pull it out of a pre-tax loss of £6.67MM. Think of Monitise as a “Mobile ATM” kind of service.. much less dealing with payments and more about checking balances. MONI’s fee structure is a monthly  subscription (by the bank by customer/transaction) with a monthly minimum. My guess is that they are growing users.. but also suffering from bank’s efforts to delete “inactive” users.

Given Visa’s June 2009 $13MM investment, my bet is that Monitise will pull through with a new service and continue its growth as it evolves into new products.

https://finventures.wordpress.com/2009/11/13/vendor-review-monitise/

Written by tomnoyes

February 16, 2010 at 8:50 pm

MPAYY

with 2 comments

mPayy Launches Free iPhone Mobile Payment App

12 January 2010

https://content.mpayy.com/pdf/merchant_integration_overview.pdf

Interesting effort by USBank, the key investor and  supplier of: technology, infrastructure, operations and Reg E compliance. Think of this as “merchant focused” paypal lite.. Sell merchants first.. (0 liability fraud) then try to get customers… Agreement states payment limit of $500 per MONTH. Banks have been trying to get moving with a paypal competitor for quite some time. Historically USBank has spent significant (well intentioned) effort in trying to get other banks involved in its efforts through groups like BITS, Payment Round Table, FSTC, … Given USBank’s majority investment here (rumored $5-7M) MPAYY may be able to patiently build the business through merchant integration.. (a long tough road). Paypal is well established in the CNP space, and their momentum is increasing…. it is tough to start any new payment type without a significant market driving adoption. Even today roughly 50% of paypal’s TPV is on e-Bay. MPAYY will be competing against a very well established team at paypal.

The paypal team is not only ramping up its merchant integration, with partners like Chase PaymenTech, it is broadening both consumer and merchant accounts internationally. Given USBank’s history, my guess is that they are making a strong play with other large US institutions to collaborate on a “paypal competitor”.

With respect to a “bank driven” mobile play (non card).. Cashedge is the clear leader watch here. With penetration into 60% of US Deposit accounts as the transfer service for: BAC, Wachovia, Citi, PNC, … Cashedge’s new POPMoney service will not only compete on P2P and Mobile.. but beyond.

For a bank friendly mobile “Card” play.. when will someone partner with Apple in putting NFC on the iPhone? Expect something soon.. VERY soon.

Written by tomnoyes

January 12, 2010 at 12:54 pm

Apple Event – Jan 27

with 2 comments

http://www.pcworld.com/businesscenter/article/185809/report_apple_scheduling_jan_27_media_event.html

In addition to the iSlate announcement, I wouldn’t be surprised if there are some significant details about the next iPhone and Payment Capability (NFC, Visa, Bank of America and AT&T). It could be just wishful thinking.. but there are just too many things lining up for me to think it is coincidence:

  • Rumored ATT/Visa announcement at end of Jan on NFC
  • First Data making heavy investment to act as TSM
  • Apple’s “complete silence”  on NFC to date
  • 3 mobile Start up vendors (2 tied to Apple) are in pre-launch prep for major announcement at end of month (?unrelated)

Perhaps I drank too much egg nog…. it seems impossible that 6 vendors could maintain radio silence for so long.

Written by tomnoyes

January 4, 2010 at 9:54 pm

Posted in mobile payment

Tagged with , , , ,