Payment Quarterly | Q4 2016 by Payment Week

q4 2016

ALSO INSIDE: TUITION FRAUDSTERS

combatting a global concern

MASTERING UNCERTAINTY

the future you can’t predict

MANY HAVE ANSWERED THE CALL, AND MANY HAVE FAILED TO ACCOMMODATE. WHEN WILL WE SEE THE ‘UBER’ OF PAYMENTS?

TABLE OF CONTENTS MOBILE

Q4 2016

Vol. 2 | No. 4

PROCESSING

Embracing the Mobile-First Marketplace: Tips, Tactics and Insights

32 Aligning E-Invoicing and E-Payments for Greater Efficiency, Visibility and Control

Is Location the Answer to Mobile Payments’ Biggest Problems?

34 6 Components of a Simplified Payments Experience

Mobile Payments and Unearthed Potential

36 Agility in Payments: Prepare for the Future You Can’t Predict

10 Establishing Trust: Key to Innovation in the Mobile Channel 12

Where is the Uber of Payments?

14 The Mobile Wallet: What’s Holding Us Back? 16

Transcending Millennial Hype: What Needs To Happen for Everyone to Use Mobie Payments?

SECURITY 18

Combating International Tuition Fraudsters with the Help of Flywire

20 A Dangerous Confusion: Tokenization vs Token Services 22 Fraud Stops Here: How Chief Risk Officers Keep Payments Running 24 Periscope Skimmers Prove Newest Threat to Card Users

E-COMMERCE 26 The Role of Payments in Driving Up eCommerce Conversion Rates 27 The Countryside Loves eCommerce

38 How Payment Technology Affects Clinical Research

BANKING 40 A Shrinking World, A Growing Problem 42 ATM Defense: Strengthening the Weakest Link 44 How Banks Can Succeed in the Age of Fintech

REGULATION 46 Three Ways Brexit Will Change UK’s Payment Industry 48 How Restrictive State Laws May Impede Fintech’s Growth 50 PCI DSS Minimizing the Burden of Compliance

DIGITAL CURRENCIES 52 What Does 2017 Look Like for Digital Currencies?

MERCHANT SOLUTIONS 28 Card-Free, Hassle-Free: The Rise of Alternative Payment Methods 29 Retailers Planning Big Holiday Hiring...For Online Support Staff 30 Global Payroll Keeps the Heart of Business Transformation Beating

FOR DAILY NEWS AND INSIGHTS ON THE PAYMENTS INDUSTRY

VISIT PAYMENTWEEK.COM

Q4 2016 -THE MOBILE AGE

MONEY 20/20

WELCOME TO MONEY 20/20! We hope you are as eager as ever to delve into the trending topics revolving around the payments industry. The pieces are set in place, and once again Las Vegas is ready to host what is sure to be an eye-opening experience regarding the future of payments, as well as a survey of the previous twelve months. Another year in payments has come and gone, offering the entire industry an opportunity to reflect.

EDITOR-IN-CHIEF Mike Dautner mdautner@lamilmedia.com

ASSISTANT EDITOR Michael Millington mmillington@lamilmedia.com

Within the past year, we have learned what is and isn’t sticking in terms of payment applications, and the winners and losers of the great payments scramble are becoming all the more evident.

CREATIVE DIRECTOR

Still, Money 20/20 is all about looking towards the possibility of progress, and diving into the latest and greatest in mobile, e-commerce, banking, and merchant solutions.

ART DIRECTOR

In that spirit, we ask that you—as always—keep your minds open as you navigate throughout the conference, keeping an ear to ground and a finger on the pulse.

ADVERTISING OPPORTUNITES:

In this issue, we hear from a multitude of industry powerhouses to get the scoop on everything from the latest on the mobile front and how the learning curve may be affecting businesses worldwide, to the end of paper banking—in favor of the digital age. We are also at the one-year anniversary of the EMV liability shift. As such, we have begun to understand how merchants and consumers alike are coping with the growing pains involved. The chip-and-pin conundrum has also spurred a considerable amount of criticism in the recent year. Will we ever see the day when consumers no longer defer to the cashier with a look of bewilderment when determining whether the POS terminal accepts swipes or chip? These are but a few of the topics tackled in this Q4 issue of Payment Quarterly! We hope you enjoy reading as you move from booth to booth at this year’s Money 20/20 conference in search of payments nirvana.

Mike Dautner

Jason Mongiello jmongiello@lamilmedia.com

Erik Ramirez eramirez@lamilmedia.com

Jason Mongiello (212) 592-0300 jmongiello@lamilmedia.com

CONTRIBUTING WRITERS Steven Anderson Kristian Gjerding David Bairstow Pete Blair Michael Lynch Maxime De Nanclas Matthew Goldman Sergio Chalbaud J.D. Oder II Tomas Likar Matthew Digesti Steven Grossman

Michael Doron Bobbi Leach Ian Sparrow Bob Cohen Whitney Stewart Amir Wain Kyle Cunningham Anders La Cour Moshe Ben Simon Patrick Moore Ryan Taylor David Dinkins

© 2016 Payment Quarterly, Payment Week, and Lamil Media, Inc. Payment Quarterly is published 4 times a year by Lamil Media, Inc. 65 Broadway, Suite 737 New York, NY 10006. For customer service contact us at (212) 592-0300 or email info@lamilmedia.com. For advertising inquiries, please contact jmongiello@lamilmedia. com or call (212) 592-0300. For more information about reprints and licensing content from Payment Quarterly, Payment Week, or Lamil Media, Inc. Please email info@lamilmedia.com or visit LamilMedia.com.

Editor-in-Chief

The views expressed in this publication are not necessarily those of the editors or any member of Payment Quarterly. Lamil Media makes reasonable efforts to ensure the timeliness and accuracy of its content, but all content is informational in nature and in no way acts as professional advice, counsel, or services. All other product and service names may be trademarks of their respective companies. Reproduction of any kind is strictly prohibited without prior written consent of the publisher. For subscription or advertising details, please contact jmongiello@lamilmedia.com or call (212) 592-0300.

Payment Quarterly | Q4 2016

MOBILE

Embracing the Mobile-First Marketplace: Tips, Tactics and Insights BY: KRISTIAN GJERDING, ceo, cellpoint mobile

early 10 years since the start of the smartphone revolution, today’s devices have evolved from simple telephones to fully capable devices that handle a multitude of tasks and functions that were previously performed manually or via a computer. Even though KPCB Analyst Mary Meeker predicts a worldwide leveling off in the growth of smartphone usage, actual smartphone subscriptions continue to rise, estimated to reach 6.4 billion by 2021, according to the 2016 Ericsson Mobility Report. The reality is that businesses are nearing a point of evolutionary transformation in which mobility will be paramount to survival. All consumerfacing businesses need a mobile-first or mobile-only commerce strategy – not simply a bolt-on to an existing commerce plan – if they intend to capture the growing opportunity and expand. But the near-term and very real potential of the mobile marketplace isn’t in smartphone subscriptions or usage. The power of its future – and where the real money is now -- literally and figuratively? Payments. According to data from TrendForce, global mobile payments will rise from $620 billion in 2016 to $1 trillion by 2019 – the collective result of consumers’ gradual adoption of new (and alternative) payment methods. These include Android Pay, Amex Express Checkout, Samsung Pay and Apple Pay, as well as various regional payment technologies and greater support from global banking systems for mobileenabled payments. Simplifying the buying process, or improving pathways to purchase from smartphones, will greatly increase conversions from “lookingto-buying.” Adding simple, fast and effective payment processes that match consumer’s mobile preferences

is key. Simultaneously, merchant and retailers can benefit from alliances with industry trendsetters around consumer interaction, such as Google, American Express, Facebook, PayPal, Amazon and Apple. Which raises the question: how can travel operators and companies across all sectors make the shift from traditional card payments to these new alternative payments and currencies, and cryptocurrencies such as Bitcoin? MOBILE PAYMENTS: A KEY FINANCE DIVISION ASSET Finance is about mobile payments. And in today’s payment environment, mobile payment capabilities play a profound role in continued growth, success, revenue generation, customer service profile and reputation A passenger’s purchase from a smartphone should process quickly, smoothly, without multiple steps and without risk of fraud. Each mobile purchase should be part of a broader omnichannel strategy that lets the passenger continue buying during travel – any device, any payment method, any currency. Behind the scenes, airlines can support a variety of payment methods from a single platform that provides the optimal mix of Payment Service Providers, acquirers and rates to deliver new revenue streams and a high rate of return on investment. New payment methods – even if they update frequently and continuously – can be launched and supported by in a matter of weeks, without lengthy IT implementation times or costly internal resources. TURN PAYMENTS INTO PLUG-ANDPLAY BUSINESS SERVICES Mobile payments have the ability to quickly become flexible new revenue streams where purchases can be made from whichever channel makes the most sense or is more convenient at the time:

website, app, mobile device. But to turn their websites and apps into successful, powerful selling tools, travel operators and other retailers must be able to not only accept the latest payments options but also to have functionality up and running in a matter of weeks and be prepared for the potential months-long backlog faced by IT departments for other projects. This is where the use of a mobilefirst Payment Service Provider (PSP) solution comes into play in order to first turn “lookers into buyers” with a frictionless payment experience that improves conversions and taps into new mobile revenue streams. Another way is to control the mobile channel instead of sharing it with partners and consider deploying push messaging and other mobile marketing tactics for up-sell and cross-sell opportunities. Lastly, reducing time-to-market for new payment methods from months and years-to weeks makes a considerable impact. Businesses across all sectors must be able to support these new technologies and innovations without jeopardizing existing revenues, overburdening current payment processes and IT departments, or risking consumer confidence and satisfaction. And often, they must rely on internal operations that were not built for a smartphonedriven marketplace. As global markets prepare for what Ovum researchers call an “m-commerce explosion” and 4.7 billion mobile customers by 2019, merchants and businesses across every sector must prepare now to ensure they have a seat on the mobile payments bandwagon. Just as airlines and travel brands support customers throughout their entire journey, businesses must be positioned to serve their customers from the moment of mobile search to the final click of a smartphone-enabled payment.

Payment Quarterly | Q4 2016

MOBILE

data points deliver local context for the user and can help solve some of mobile payments biggest problems. But how?

BY: DAVID BAIRSTOW vp, product management skyhook

t’s no surprise that everything is going mobile, and payment methods are no exception. While some people still prefer to pay the old fashioned way, payment apps have become increasingly popular. According to Statista, worldwide mobile payment revenue in 2015 was $450 billion and is expected to surpass $1 trillion in 2019. These numbers are too big to ignore, however some people consider mobile payments to be unsafe. In order to capture the most users, brands and mobile payment companies need to make their process as easy as paying with a credit card. Enter location-based triggers. Mobile payments have a unique advantage over credit card services, in that they can be aware of user device signals such as Wi-Fi, cell tower, GPS and gyroscope, whether users are at the register or not. These contextual

Payment Quarterly | Q4 2016

CREATE MORE CONVENIENT PAYMENT EXPERIENCES & FOSTER ADOPTION For some users, accessing payment information from their phone to pay at the register is seen as troublesome and time-consuming. Accenture claims that while 52% of North Americans are “extremely aware” of mobile payments, only 18% use them on a regular basis. Simply reminding users that a mobile payment option is available has been one of the more difficult challenges of mobile payment apps. However, accessing a user’s location gives payment apps an opportunity to enable better adoption, a more efficient payment process and a better user experience. By geofencing eligible venues, payment apps can automatically “wake up” when a user enters a retail location that accepts their method, surfacing the payment screen and saving valuable time for the user at checkout. This automatic response can make paying with your phone as easy as swiping a card. Discounts and store-specific offers can also pop up according to a user’s location and preferences within the app, making mobile payment methods even

more worthwhile and engaging. Skyhook works with a large online payment company to action mobile payment screens across their partner stores—whether they be gas stations, big-box retailers or fast food venues. Throughout the US, when app owners enter any retailer in hundreds of chain locations that accept this form of mobile payment, they can receive an offer or have the payment screen automatically surfaced for a seamless payment experience. Making the app location aware has additional benefits including the option to deliver a report that give deeper insight into consumer preferences and behavior when they’re not at payment venues. The result is that the online payment company can deliver user insights to partner retailers based on where users go, when and how often. PROVIDE NEW FEATURES THAT INCREASE EFFICIENCY AND REVENUE Features such as geofencing can solve a variety of problems for both users and retailers. For example in a quickservice restaurant setting, customers can use mobile payments to order their food in-app and pay for it ahead of time. With location-enabled features, app users can automatically send their proximity updates to the restaurant. Employees

could start cooking the order once users are, for example, 1,000 meters away, so that food is fresh when users arrive. This system creates a more efficient production process and an excellent customer experience. The convenience factor helps procure customer loyalty and further mobile payment adoption. CREATE ADDED SECURITY MEASURES Fraud has always been an underlying concern in any sort of electronic payment, which is why some users are skeptical about jumping onto the mobile payment and banking bandwagon. One security measure in place for mobile wallet solutions utilizes v, which is the process of replacing sensitive payment information with a nonsensitive number called a token. This method has primarily been used to fight digital or online breaches. Location services can help combat security issues as well. Certain location solutions can proactively check user location at store or ATM locations to detect if a transaction happens without the user’s’ phone being present. Banking apps can notify users that

a certain transaction has been made in the absence of their phone to ensure that the transaction was intended, or even remind users at airports to notify their bank of intended travel plans. This method ensures customers aren’t inconvenienced by blocked transactions, a problem that’s plagued the industry for years. ASSIST IN USER ACQUISITION Location features go beyond giving payment apps and brands an opportunity to engage users at their payment-enabled venues. The data gathered from historical locations creates rich consumer insights that can help mobile payment apps and brands understand the preferences of their most valuable customers. Skyhook Personas help apps see device behavior over time, allowing app owners to see, for example, which users shop at budget store locations or buy luxury goods. This user data can be paired with other in-app metrics like lifetime user value. These Personas can then guide the targeting criteria for mobile acquisition campaigns, allowing apps to tailor messaging to

audiences similar to their loyal users. By having unique insight into where your existing users go, you can best tailor your message to gather audiences that don’t know about your app yet. The result: you can build a targeted mobile campaign that reaches users who will remain engaged. BOTTOM LINE Mobile payments will continue to be on the public’s radar. Digital payments are more convenient than traditional methods and offer a kind of experience that can’t be found anywhere else. A word of caution: as with any app that’s considering location-based features, accuracy should be a key factor in the solution you choose. Surfacing a payment screen at the correct store or measuring a user’s proximity to a venue requires immense attention to detail, so app owners should test their intended solution in-depth across multiple locations. The due diligence will pay off, as coupling app functionality with location adds even more opportunities to engage users, acquire new ones and provide an even better experience that users can’t live without.

Payment Quarterly | Q4 2016

MOBILE PAYMENTS AND UNEARTHED POTENTIAL BY: PETE BLAIR, vp of marketing, applause

fter Apple Pay was released in 2014, tech-savvy consumers were introduced to the idea of mobile payments. Back then, Apple famously claimed that a million people had signed up for Apple Pay after three days. That momentum has only grown as a survey from Phoenix Marketing earlier this year found that 67 percent of Millennials in the United States have added a card to a mobile payments app. About 50 percent of Gen X’ers (ages 33 – 48) are also using payments apps. While these numbers tend to paint the picture of a population economy primed for mobile payments, the truth is that we’re only just scratching the surface on where mobile payments will take us. In a 2015 Online Benchmark Survey from Forrester’s North American Consumer Technographics Online Survey, Apple Pay and Google Wallet are both gaining traction with consumers, with three and four percent, respectively. Just above them sits the Starbucks mobile pay app, with five percent. This may seem insignificant until we break down the methods of payment by quarter to see that one in five of all U.S. Starbucks transactions in Q4 2015 were made using its mobile app. At the same time, the U.S. is still under global average for mobile commerce adoption, set at 35 percent by Criteo’s State of Mobile Commerce study. So what does this mean for businesses trying to provide great digital experiences to their customers and attract more users? More fragmented payment options at each point-of-sale? And with the prediction that the mobile payments market will grow from $67 billion in 2014 to $142 billion by 2019 in the U.S. alone (Forrester Research Mobile Payments Forecast), how do you convince users to abandon their traditional methods of payment in favor of mobile wallets or other digital payment approaches?

Payment Quarterly | Q4 2016

THE FUTURE OF MOBILE PAYMENTS: THE MOBILE ENGAGEMENT PLATFORM

If we look at the key trends currently shaping the future of mobile payments, and focus especially on successful mobile wallets like Apple Pay and Google Wallet, one thing becomes clear; the practice of a “mobile payment” will disappear. Instead, brands will build safe, beautifully designed and exhaustively tested mobile engagement platforms that create seamless buying experiences. The Starbucks mobile app is a perfect example of this type of platform. Customers call up their app, select a location, choose what they want and then pay for it with a few taps on their phone. Easy as that. Mobile platforms that integrate services and aggregate offers from multiple brands will lead the way in the future of mobile payments, but this isn’t going to happen overnight. First, existing platforms or a new provider must create a better alternative to what already exists; making it easier, faster and more reliable than anything we’ve seen before. Second, in order to drive adoption, brands must work to change consumer spending habits and find new ways to engage customers beyond their apps. This approach becomes viable by creating a business model that is accessible to everyone – not just Apple users – and creates enough trust to be used for larger ticket-items, not just for cups of coffee and gas. Before that happens, the market will continue to fragment before finally consolidating as brands understand the importance of utilizing a mobile engagement platform. SERVICES IN CONTEXT Throughout this evolution, it will be up to merchants to lead the way with payment apps that not only have integration and cross-platform capabilities, but that also offer the user services in context. This includes loyalty programs, special offers,

exclusive information and immediate support. However, even with the best marketing and slickest design, you rarely get a second chance to make a first impression, which is why any app or platform needs to ensure that user experience dominates development at every step of the way. Not only in order to build trust, increase conversions or harness feedback to iterate design, but to ensure that the app or platform delivers the same experience across each device and in any on and off-line scenario possible. This will be crucial to the evolution of mobile payments and the speed at which consumers embrace a mobile engagement platform. Through real-world testing, brands can be sure that all of their painstaking work isn’t derailed by a glitchy app or poor digital experience. If consumers can’t immediately feel trust in the app through ease of use, simplicity and seamless delivery, they’ll reach for their physical wallet instead of their digital one…or no wallet at all. MAKE GROWING PAINLESS Mobile payments are still in their infancy and have far to go, but disruption in this space looms. It’s clear that there is a huge market for digital payments but there’s a lot of work to do in order to unseat traditional payment methods. Brands can’t just replace people reaching for their wallets to pay for something for people reaching for their phones to pay for an item. They need to go above and beyond to create integrated engagement platforms that not only make payments easier, but also add additional value such as exclusive access to deals or information. The leaders in this still somewhat nascent space have shown the way. As digital payments evolve, those that present added or unique utility for their customers within a well-implemented user experience are the ones who will enjoy expanded brand success.

WHAT COULD YOU DO IF YOUR

PROCESSOR WASNâ&#x20AC;&#x2122;T IN THE WAY? The world is changing and so is payments. Consumers expect payment experiences that meet the needs of todayâ&#x20AC;&#x2122;s mobile and social world. But most issuers are unable to innovate or scale new payments solutions at market speed because they are constrained by legacy processing systems. Agile Processing from i2c lets you deliver a product roadmap vision on your terms, so nothing gets in your way.

Take Control

Agile Processing is Smarter Payments

Learn more at i2cinc.com

MOBILE

ESTABLISHING TRUST: KEY TO INNOVATION IN THE MOBILE CHANNEL BY: MICHAEL LYNCH chief strategy officer inauth

e o f te n d o n’ t f u l ly appreciate the amount of technology in our lives until you take a moment to consider that the apps in the typical smartphone would cost approximately $900,000 thirty years ago. Back then, video conferencing capabilities (which border on being free today) cost almost $600,000 in real dollars. Global positioning services (GPS) which have emerged as the go-to method for navigating to your destination, would have set you back more than a quarter of a million dollars in 1985. For better or for worse, photo selfies would be much less plentiful in the world today if digital cameras still cost $6,000. The pace of innovation continues to accelerate exponentially. Just look at self-driving cars and entirely digital currencies like Bitcoin. While mobile has been available for decades, we can still count it into the innovation space, not only because of the staggering pace at which we are adopting its use globally, but because of how deeply rooted it is into the fabric of our everyday lives both in the US and abroad. YES, MOBILE IS CHANGING THE WORLD There is simply no way to overstate the rate of mobile’s global proliferation. As of 2014, there are as many mobile

Payment Quarterly | Q4 2016

phone subscriptions, an estimated 7 billion of them, as there are people on the Earth. Seemingly overnight, China has emerged as the largest smartphone market with over a billion subscribers, with India expected to soon follow suit. This rapid expansion of low-cost computing is creating a revolution in commercial activities, especially in retail shopping and banking. You can see it reflected in the numbers. For example, while mobile shopping makes up only 14% of total transactions, the activity grew by 42% annually over a 4-year period between 2011-2014. Additionally, the percentage of weekly mobile bank users exceeded the percentage of weekly branch users for the first time in 2015— 30% to 24%. Mobile has clearly emerged as the must-have tool of the 21st century, indispensable to modern living. Just misplace or forget your cell phone and you will know this is true. INNOVATION AND SECURITY: THE DIFFICULT BALANCING ACT Given these developments, the proliferation of mobile technology has forced executives in all types of organizations—banking, retail, payments, healthcare, and other i n d u s t r i e s — i n to a p o s i t i o n o f maintaining a difficult balancing act between maintaining security, ensuring a frictionless user experience, and leveraging advances in the mobile channel that are driving innovation and competitiveness. On the one hand, executives want to capitalize on the business opportunities

mobile represents, from cost savings, to the ability to rapidly engage customers, to driving more transactions for increased revenue. They recognize if they don’t expand their digital vision, they stand to lose customers to their more innovative and nimble competitors. On the other hand, these same executives do not want to put their organization or their customers at risk of exposure to fraud or security breaches that can occur in the mobile channel. The fallout from the many infamous data breaches over the last few years—including the ruination of long-standing careers of many C-suite level executives—has sent reverberations across many industries and made CIOs and other business leaders understandably skittish about venturing too far outside of the box. For this reason, innovation can be slow to take hold in many industries, especially in risk-averse sectors like banking, transportation, healthcare, and others where the consequences of failure are serious. Safety and security are high priorities when a business is entrusted with handling customers’ lives and money. TO INNOVATE, GET THE CUSTOMER EXPERIENCE RIGHT The first rule of innovation is to ensure that the customer experience is frictionless. This helps drive adoption of new services and offerings, in turn driving increased revenue. Organizations then must focus on adding the necessary layers of security

to protect that experience. Enhanced device authentication, intelligence, and risk assessment technologies are critical in being able to execute this approach. With next generation tools, the mobile channel can, in fact, become a firm foundation upon which exciting and lucrative innovations can be implemented that deliver greater customer convenience and ease of use. This helps businesses compete more effectively, and simultaneously, offer organizations a new level of confidence in their ability to protect their customers as well as their data assets and brand reputation. Mobile can be made remarkably secure due to the unique identifying characteristics contained within the

ripe for INNOVATION:

device. These unique identifiers, ranging from the user’s location to the operating system, can be pooled together to create a permanent device identifier that can then be used to more easily distinguish between legitimate users and those intent on committing fraud. The ability to identify a mobile device through a permanent device identifier allows businesses to use that device as a trusted second factor of authentication. Authenticating customers by proving “something they have” can then be done within a few steps, reducing fraud with more transparent analytics, while simultaneously minimizing customer disruption. This provides a frictionless experience, making innovation possible for organizations competing in a

crowded marketplace and seeking to continually attract new customers. SECURITY AND INNOVATION: NOT MUTUALLY EXCLUSIVE A common misperception exists that security and innovation are mindsets that operate in opposition to one another. But, as the examples above indicate, the two are not necessarily mutually exclusive and can, in fact, be made to aid and assist one another. In this new paradigm, innovations in security can, and should, provide the underpinnings for increased performance, productivity, and convenience.

Mobile’s unique ability to provide a secure platform for its users has opened up a wealth of new opportunities for innovation. These include:

CARDLESS ATMS AND MOBILE WALLETS ATM machines that dispense cash to consumers wielding mobile phones instead of cards to identify themselves have been available in Spain since 2011. While still in limited release here in the United States, JPMorgan Chase announced plans to produce thousands of cardless ATMs in January of 2016. Similarly, “mobile wallet” technologies, like Apple Pay and Google Wallet, allow consumers to pay for items with their smartphone, tablet, or smartwatch instead of physical plastic cards. Although these payment methods are not yet in widespread use, they are gaining traction and are predicted to facilitate over a billion dollars of commerce in the EU by 2021.

THE COMING CASHLESS ECONOMY The development of real-time payments combined with “mobile wallet” technologies are leading many experts, including the consulting firm Deloitte, to predict that cash could become a relic of the past. Cash, the firm notes, “is an expensive instrument” which bears significant printing, storage, and transportation costs. Further, many transactions no longer occur in person. Many people rarely carry cash in their wallet nowadays as it is difficult to track and easily lost. This trend is expected to continue in both the near and distant future among an increasing number of consumers.payments in real-time.

FASTER PAYMENTS Until recently, financial institutions have had the advantage of time to review transactions flagged as potentially risky. But with faster payments looming on the horizon—including person-toperson (P2P) payments which allow individuals to send money to anyone securely from any account through any device— financial institutions must have the ability to immediately and accurately authenticate transactions in order to authorize payments in real-time. The stronger authentication model inherent in mobile devices, once tapped into, is making secure real-time payments possible. With the right device authentication capabilities, fraudsters can be barred from making bogus transactions using a mobile device, allowing for the processing of payments in real-time.

GEOFENCING Device authentication can enable geo-fencing services—using the mobile device’s location to drive targeted, proximity-based marketing programs. Through the use of geo-fencing, retailers can detect when a customer is near one of their physical locations and send the owner of the device a marketing message or call to action in real-time. Geofences can also be used to flag potential fraud when a transaction by the user occurs in a non-typical location based on their transaction location history. If a transaction occurs in China, for example, when the account holder is usually conducting business in New Jersey, that is a strong indicator of possible fraud and the transaction can be flagged and suspended before it is authorized.

Payment Quarterly | Q4 2016

MOBILE

WHERE IS THE UBER

OF PAYMENTS? BY: MAXIME DE NANCLAS coo and co-founder mobeewave

Payment Quarterly | Q4 2016

cross every industry, tech startups are chasing the dream of becoming the next Uber. They’re racing to emulate AirBnB, Uber and TaskRabbit, each trying to provide mobile solutions that harness the power of the sharing economy to bring consumers together with individuals who are willing to rent out their assets and services. Taking on their sector’s established companies, these upstarts aspire to meet the needs of consumers who are unsatisfied with what’s currently on offer. Given the almost constant emergence of FinTech solutions, has the payment industry found its Uber? If it hasn’t, what would it take for a company to earn this title? THE KEY INGREDIENTS OF UBERIZATION It’s important to look at what defines a company like Uber. The concept of ‘Uberization’ is much more than the introduction of a technological solution that upsets the applecart in a particular industry. There are specific factors that make these mobile innovations truly disruptive: they cut out the middleman, connecting customers directly with people looking to monetize their possessions and skills; they give both parties the opportunity to rate each other; and they enable peer-to-peer (P2P) transactions. But perhaps most importantly, they are aimed at sectors where people are genuinely in search of something new. HOW TODAY’S MOBILE PAYMENT TOOLS STACK UP If we analyze the current mobile payment solutions available on the market, how many of them display the core criteria that make an ‘Uber’? They are definitely all mobile – the clue is in the name. Some tools on the market even enable peer-to-peer payment – Venmo and PayPal are two good examples. But if we look at the other characteristics, it’s obvious that cutting out the middleman and incorporating rating systems are less important in the context of the payment space. Today’s mobile payment tools do fall noticeably short in perhaps the most important aspect of Uberization: they don’t target an industry where people

are calling out for something different. NO REAL ADDED VALUE ON OFFER AirBnB, TaskRabbit and Uber share a common method that has made them successful: they have all provided a departure from business as usual that has been welcomed by consumers. And they have each provided an alternate approach that is fundamentally different to what was already offered by the major operators in their particular sectors. These innovative companies tapped into the concept of the sharing economy, allowing people to take advantage of the underused assets and skills of others to meet their particular needs. By the same token, they have provided the owners of those resources with the opportunity to easily earn additional income. The same cannot be said for current mobile payment solutions. Not only are they not aimed at sectors where consumers are in search of alternatives, the benefits they offer are not significant enough to convince people to abandon the services of traditional payment players. There is little added value gained from using the peer-to-peer features offered by PayPal or Venmo instead of the transfer features of banking apps that leverage the clearXchange payments network. Moreover, statistics suggest users prefer to go with the services offered by their bank. A recent report from Clarabridge found that consumers in the US would rather use their bank’s apps when it comes to transferring money instead of third party apps like Venmo and PayPal (43% vs. 26%). Clarabridge surveyed more than 2,400 U.S. respondents between the ages of 18-59 on all the ways that they interact with their banks. Interestingly, the numbers remain virtually the same among younger age groups: 42% of millennials use their bank’s apps to transfer money while only 24% prefer third party apps. The lack of a clear consumer value is also hampering the growth of mobile wallets – like Android Pay, Apple Pay and Samsung Pay. There really isn’t a compelling enough reason for consumers to pay with a mobile wallet over a credit or debit card – the experience and the benefit is largely the

42% OF MILLENNIALS USE THEIR BANK’S APPS TO TRANSFER MONEY WHILE ONLY 24% PREFER THIRD PARTY APPS. CLARABRIDGE SURVEY OF MORE THAN 2,400 U.S. RESPONDENTS BETWEEN THE AGES OF 18-59.

same. For this reason, the three major ‘Pays’ have struggled to attract active users and have seen low numbers in terms of frequency of use. A report from Javelin Strategy and Research asserted that the absence of significant consumer value has constrained adoption of these mobile wallets for in-store purchases, with just 5% using Android Pay in the past month in 2016, 8% using Apple Pay and 3% using Samsung Pay. In terms of monthly frequency of wallet purchases per person, the figures declined from 3.7 transactions per month in 2013 to 3 transactions in 2015, a 20% decline in purchases per person. PRESENTING A KEY DIFFERENTIATOR VALUE On the release of the abovementioned Javelin report, the organization’s Director of Mobile, Emmett Higdon said that: “By continuing to focus solely on their role as a replacement for plastic payment cards, the Pays are missing valuable opportunities to enhance the overall purchase experience and create value where cards alone cannot.” In order to be considered as a genuine Uber of the payment space, mobile payment solutions must provide people with the ability to do more than just make a payment. Simply offering an alternative to plastic is not enough. Instead these tools need to incorporate features that offer consumers a real added value. To be the next Uber, they must deliver value beyond the status quo.

Payment Quarterly | Q4 2016

MOBILE

the

MOBILE WALLET

BY: MATTHEW GOLDMAN co-founder and ceo wallaby financial

he feeling of rejection stings. This is just as true when you’re in line to buy groceries and your mobile payment isn’t swiftly accepted, as it is after a job interview or after being on the receiving end of a “swipe left” on a dating app. Over the past few years, the mobile industry has taken an easy, well-known process for point of sale—the traditional swipe of a credit card—and replaced it with a confusing set of choices. This often haunts consumers at the check-in process, as they feel confused and rejected time and time again. BI Intelligence’s most recent Mobile

Payment Quarterly | Q4 2016

what’s

HOLDING us BACK?

Payments Report, published in June of 2016, predicted the U.S. in-store mobile payments volume to reach $75 billion by the end of 2016, climbing to $503 billion by 2020. Yet there still remains a disconnect between these predicted numbers and the number of consumers we see fully embracing the mobile wallet today. From the user’s perspective, the advancement of mobile wallet technologies that assure better security, data collection and integration with other devices are only distant promises. The user is engaged in commerce and making a purchase, not trailing the payment industry for the latest updates. While the mobile wallet ecosystem is maturing at an unprecedented rate, the only moment most consumers remember is the instant they felt rejected by technology that failed to do its job at the point of purchase. MAKING THE MOBILE WALLET AN END USER’S DREAM In the U.S., point of sale systems are littered with confusing and inconsistent

verbiage, some explanatory and some advertorial in nature. From “insert your card with chip,” to “no chips yet, please swipe,” to “we have Apple Pay,” simply paying for something becomes a daunting task. We ask the end user to process an enormous amount of information to make a quick decision, and many times the cashier is the one who must step in to explain how the consumer is supposed to pay. The current confusion consumers face will send them back to the basics— swiping—every time they make a purchase. Only after their swipe is rejected will they dip their chip. The mobile wallet, in most cases, is an afterthought, because it has failed to provide a compelling user-centric reason for use. After all, the traditional wallet, even with 10 cards, a driver’s license and cash, is still a “mobile” option. Interestingly, the awareness of new mobile payment technology—across all generations of consumers—is at an all time high, according to Accenture’s digital payment report. Fifty-two percent of consumer are extremely aware of

mobile payments, even though those with a high-income and millennials are most likely to pay using their mobile device. Not surprisingly, millennials are key drivers of early adopters of digital payments over cash and cards, according to the same report. Twenty three percent of millennials make a mobile payment at a merchant location at least weekly, compared to the average 18% of the rest of the population. The same Accenture survey showed 21% of consumers used a wearable as a payment device at a merchant location. When teamed up with connected, smart devices, the mobile wallet could be a future hot spot for commerce activity. Perhaps the future of the mobile wallet won’t be driven by the act of ridding the world of physical wallets, but rather by how much smarter and easier mobile technology can make the payment process. If you are an Apple Watch user, for example, paying with a tap of your wrist is an advantage, especially because your phone can be in an entirely different place. Similarly, American Express’s experiment with Jawbone serves as a strong example of how two companies paired up to create a user experience dream. With the contactless payment

solution, UP4™, users could tap their Jawbone fitness band and pay instantly, whether or not they had their wallet or phone nearby. Although it’s currently limited to a single product and a single card, UP4™ has shown consumers how easy and seamless use of the mobile wallet can be. Similarly, an eMarketer analyst Bryan Yeager recently explained why the Starbucks app, which combines payments and the chain’s loyalty program on one mobile app, serves as such a great example of what the mobile wallet could be. He told Fortune that “more than 20% of their in store transactions in the U.S. are from their mobile app, and that’s a great success story.” FROM ACCEPTANCE TO ADOPTION For digital wallets to succeed in the real world, we need to create an environment in which acceptance is nearly ubiquitous, not a rarity. Mobile wallets offer endless benefits, from more secure features, to loyalty integration, to a more time-efficient process when everything goes as planned, yet merchants and customers alike still face a confusing, inconsistent process that is slowing true adoption.

Consumers must be able to easily understand the reasons mobile wallets exist and their usefulness. Even as payments professionals, we often fail to see the differences. We think of phone-based wallets as a superior option—but remember, the traditional wallet is mobile. It fits in his or her pocket and requires no batteries. We might understand the potential of the smart mobile wallet, but the consumer probably doesn’t. Consumers are always going to have choices, but in this case we need them to trust that the mobile wallet is a superior option to the traditional wallet. In the future, other items carried by the traditional wallet- like cash, identification and healthcare cardswill need to receive a transformation for consumers to truly go all-in on mobile. But for now, we need to clear up the big feeling of rejection shoppers feel at that point of purchase. They should trust their mobile wallet options, from payment solutions to mobile apps that help them make informed buying decisions, and believe enough in the future usefulness of mobile payment technology to make the switch with confidence.

FOR DIGITAL WALLETS TO SUCCEED IN THE REAL WORLD, WE NEED TO CREATE AN ENVIRONMENT IN WHICH ACCEPTANCE IS NEARLY UBIQUITOUS, NOT A RARITY.

Payment Quarterly | Q4 2016

MOBILE WALLET WARS

What Needs To Happen For Everyone To Use Mobile Payments?

BY: SERGIO CHALBAUD ceo and founder fintonic

Payment Quarterly | Q4 2016

obile payments have received a lot of attention in the industry for many years, driven into the mainstream by the launch of the Apple and Android Pay platforms. Digital currencies have been synonymous with the preferences and habits of tech and mobile-first millennials and while this generation has been quick to adopt, cash still reigns supreme overall in the United States. As all generations become more comfortable with smartphones, there is a huge, relatively un-tapped opportunity for financial institutions to bring older (and younger) groups on board. While cash remains the preferred form of payment for so many Americans, letâ&#x20AC;&#x2122;s examine what needs to occur to enable mobile payments to rapidly broaden its appeal and gain adoption outside of the millennial set.

GETTING PAYMENT TECHNOLOGY INTO PEOPLE’S POCKETS According to recent research from Pew Charitable Trusts, while millennials account for just 28 percent of the U.S. population, they account for 39 percent of mobile payments users. The inverse is true for baby boomers. While this older generation accounts for a third (33%) of the U.S. population, they make up only 24 percent of mobile payments users. One clear barrier to mobile payment adoption is smartphone ownership. While nearly seven in 10 adults in the U.S. owns a smartphone, only 56 percent of baby boomers do, compared with 90 percent of millennials. As smartphone penetration increases among all demographics, and as the American population ages, this will only drive growth in mobile payment adoption and with it a growing opportunity for financial institutions to service this customer segment via mobile. Supporting that assertion is a recent study by Fintonic, which found that 44 percent of people in the U.S. believe that mobile payments will become more common than card or cash transactions within the next year. As smartphones and payments-enabled devices reach the hands of more Americans, mobile payments will have more opportunity for growth. Mobile payments companies should be prepared to provide increased support for older users who may not be as accustomed to smartphones and who are using the technology for the first time. OVERCOMING SECURITY AND PRIVACY CONCERNS Concerns about security and privacy have long been major hurdles for widespread mobile payment adoption. A December 2014 study by Walker Sands found that more than half of American Internet users were hesitant to use Apple Pay or other mobile payment services because of security and privacy concerns. Mobile payments companies need to not only ensure their security systems are up to par but they also have to convince consumers that their financial information is safe. Older Americans have interesting views on privacy when it comes to mobile payments – according to a

recent GfK study, baby boomers are the least worried about their personal information when making mobile payments, compared to Generations X, Y and Z. However they are the least confident that the payments they make through mobile are 100 percent secure. Some of this hesitancy could be down to the smartphone penetration playing catch-up, and we can expect a greater proportion of boomers to become less skeptical as they become mobile-first and form mobile habits. Bridging the knowledge gap between what concerned consumers think, and what is reality, will take a communications effort on the part of mobile payment firms. To do so, financial institutions and mobile payment providers must reassure customers about security, but the industry should avoid over-hyping this as a stumbling block. In recent years there has been no shortage of credit card security breaches and customer data thefts from major retailers. However, that hasn’t hurt credit card usage. A study by ISACA, an independent and nonprofit global association of IT governance professionals found that almost half (41%) of Americans did not feel their credit card transactions were totally secure and protected, yet use them regularly anyway. As credit card companies struggle to make more secure chip cards user-friendly, this is an opportunity for mobile payments companies to demonstrate the reliability and easiness of using their technology. INCENTIVIZING ADOPTION TO FORM HABITS For mobile payments to truly become the prevalent form of payment in America, the behavior needs to first be introduced, accepted and most importantly become a habit. While the

habit has formed already for millennials, financial institutions still have some work to do to move other generations from introduction to acceptance to habit-forming behavior. Pew Research Trust’s study found that many consumers are attracted by mobile payments incentives. Sixty-two percent of generation X and 44 percent of baby boomers would use mobile payments for rewards or discounts and a further 40 percent of baby boomers would do so to avoid paying overdraft or check cashing fees. Financial institutions gain many operational efficiencies and benefits from mobile banking and mobile payments. Innovation in this area gives benefits not just to the organization, but can be passed onto customers to encourage loyalty and closer relationships. Thus, a final important step for financial institutions is to ensure that the right incentives are communicated and offered to customers beyond millennials to encourage mobile payment habits. Those incentives need to focus on creating sufficient repetition of mobile payment behavior in a short period of time so that it can quickly become a habit and preference. With any new technology, there is a learning curve and older generations are often slower to adopt than young consumers. Understandably, mobile payments are still evolving and competing with cards and cash for consumer trust and loyalty. While millennials currently make up a large part of those who are using mobile payments, don’t be surprised if grandparents and younger consumers are using the technology more frequently in a few short years - just look at Facebook.

WHILE NEARLY SEVEN IN 10 ADULTS IN THE U.S. OWNS A SMARTPHONE, ONLY 56 PERCENT OF BABY BOOMERS DO, COMPARED WITH 90 PERCENT OF MILLENNIALS.

Payment Quarterly | Q4 2016

SECURITY

COMBATTING

INTERNATIONAL TUITION FRAUDSTERS with the help of flywire BY: MICHAEL DAUTNER editor-in-chief

Payment Quarterly | Q4 2016

ecently, I had the pleasure of speaking with Peter Butterfield, CCO at Flywire, to dig deeper regarding the extent of fraudulent transactions at the expense of numerous students studying abroad. Australia, Europe, and the United States, are noted as the leading destinations for international higher education seekers. Beyond that, there are about 975,000 international students in the United States alone that account for more than $14 billion in tuition dollars. As you might imagine, this poses an ever-tantalizing opportunity for fraudsters looking to rip off students, and parents of students. Students studying abroad deal with a considerable amount of unknowns; be it a new language, a new culture, or meeting entirely new people they have little to nothing in common with. Add on the risk of fraudulent tuition scams, and you have a complete headache from a foreign student’s standpoint. Flywire, however, wants to eliminate this threat, and ease the minds of these knowledge seekers by working together with hundreds of universities to stop fraudsters in their tracks. Peter Butterfield spoke with me exclusively about the hazards students and parents face when attempting to pay for their child’s tuition payment in a foreign country. The issue begins at the source, with students (typically students of means) seeking out highly prestigious universities in the United States. Once they have selected the institution of their choice, upon acceptance— students will eventually stumble across an advertisement that claims to be an easy, hassle free method of making international tuition payments. According to Butterfield, scammers will conjure up a marketing scheme that claims things like a percent of savings for using their service. He spoke to me extensively about the impact this fraud pattern has on Chinese students in particular. The students and parents are eager to align with a ‘program’ that claims there is someone willing to deal with the tedious task of handling tuition payments from one country to another, and at a fraction of the cost to boot. Mr. Butterfield also spoke about

a high number of students receiving phone calls from scammers in regard to a phony Federal Student Act that demands students pay a recurring tax on their tuition payments, or else risk not being able to attend the institution of their choice at the start of the semester. It is seen over and over again, with a recent story coming out of the University of Washington just this past August detailing a total of $1 million dollars in tuition being fraudulently obtained by scam artists. The students, all of whom hail from China, were told they could save up to 5 percent—about $600—off the $11,340 cost of summer tuition just by paying an intermediary, according to UM Police Investigator Lt. Doug Schultz. The word spread like wildfire due to a prominent, and well-trusted Chinese student getting the word around about the discount via the popular Chinese social media app called WeChat. It seems so innocently placed, a simple discount for being proactive about your tuition payment. It does not sound too far-fetched or too good to be true to many students. That mentality seems to be these students’ downfall, trapping them in this elaborate scheme that seeks to exploit Chinese students in particular. Another similar scam also reported in August comes out of Michigan State University, where the promise of a discounted tuition again lured students in. The intentional targeting of international students has caused uproar in East Lansing, Michigan; as this report of tuition scammers was uncovered. Essentially, the scammers ask for the student’s login credentials, which they in turn use to pay the student’s tuition with a stolen credit card. Then, once the transaction goes through, the scammers instruct the student to use a wire or check transfer to pay them at the discounted rate. Lastly, the company of the stolen card then reverses the transaction—leaving students with a full tuition balance, and no virtual way of retrieving the funds already transferred to the fraudsters. A simply shameful, yet harsh reality the innocent international student is

FLYWIRE WANTS TO ELIMINATE THE THREAT OF TUITION FRAUD, AND EASE THE MINDS OF KNOWLEDGE SEEKERS BY WORKING TOGETHER WITH HUNDREDS OF UNIVERSITIES TO STOP FRAUDSTERS IN THEIR TRACKS.

facing in pursuit of academia is tuition fraud. They never know what hits them. However, Paul Butterfield, and the good people over at Flywire have gotten to work to figure out a better solution for international students to pay their tuition safely and seamlessly. Through essential partnerships made with universities, Flywire aggregates wholesales on tuition, eliminating transaction costs for students, and giving them multiple options for making a payment. They operate hand-in-hand with universities across the globe to crack down on fraudsters, and allow students to worry about one thing, and one thing only: their studies. That is what college is all about. Finding the best ramen spot off-campus, cramming that extra index-card study session in before the big exam, and making friends and memories that will last a lifetime—NOT tuition fraud. It’s about time these international students put aside their worries pertaining to tuition payments, and focus their time and energy on being the best students they can possibly be. I thank Flywire for keeping us in the know, bringing this shameful practice to light.

Payment Quarterly | Q4 2016

SECURITY

A DANGEROUS CONFUSION: T KENIZATION

vs token services W

BY: J.D. ODER II cto and svp-R&D shift4

Payment Quarterly | Q4 2016

e introduced tokenization to the payments industry just over a decade ago. The idea behind the technology was that of an arcade, where a quarter is exchanged for a token that is used to play games in a particular arcade. Similarly, payment tokenization exchanges a payment card number, which like a quarter has universal value, for a token that has value only within specific parameters and locations. The industry quickly acknowledged that tokenization was a valuable solution, and adoption was rapid and farreaching.

data doesn’t actually need to be stored, even in card-on-file environments. Today, tokenization is considered an industry standard for payment security. However, there’s been no standard mandating how tokenization is deployed or even what defines a token itself. EMVCo (the body that manages and maintains EMV specifications) and PCI have both attempted to standardize tokenization over the past few years, but neither has succeeded. Even these two organizations, that typically work very closely together, can’t agree on what tokens should look like and how they should function.

WHY TOKENIZATION MATTERS Tokenization’s initial purpose was very clear-cut: to secure postauthorization card data for the long term. It was created as an answer to the massive threat of data breach facing merchants who stored transactional information to allow for returns, incremental authorizations, monthly billing, and more. For example, hotels would typically store card numbers from the time an initial reservation was made until after the final checkout. This meant keeping hundreds — if not thousands — of card numbers on file, leaving them with a huge amount of risk should they be breached. Tokenization challenged the norm to prove that sensitive, vulnerable card

TRUE TOKENIZATION MEANS TRUE SECURITY Due to the lack of an official standard, the term “tokenization” is being used far too broadly to describe a variety of payment security methods that perform different security functions. “EMVCo tokenization” has become a particularly hot topic in the payments industry. It can refer to both mobile payment tokenization (à la Apple Pay) and card-based tokenization. These are actually much closer to an encryption or cryptographic hash, and labeling them as tokenization is not only confusing — it is flat out dangerous to merchants. It puts them at risk of being led astray from the very tokenization solutions they need to secure their business.

Tokens should only ever be linked to a single card number only for a single transaction — not linked to the card as a constant. This varies from what you may have heard about tokenization in recent discussions that reference security features driven by mobile wallets and credit or debit cards, such as EMVCo tokenization. Although they are referred to as tokenization, these services aren’t truly tokenization at all. Instead, they are consumer-based token services that seek to protect the cardholder — not the merchant. This is a noble undertaking, but slightly misguided, since having a token that references the same card number has, in essence, done nothing more than create a new card number that is just as vulnerable to attack as the original data; this is not what tokenization was designed to do. Tokenization was never designed to encrypt data. Instead, it was intended to be a globally unique, alphanumeric value that replaces payment card data after bank authorization so the payment data stored in merchant systems has no value outside of their own environment. Tokenization works differently than encryption because each individual token is created when a transaction takes place, making it organically random with no mathematical pattern to be unlocked. Tokens should never maintain a one-to-one relationship with a card

(additional secure technologies exist that allow for tokenized merchants to still track card usage for analytics). This ensures that tokens aren’t predictable and cannot be reversed or unencrypted. Also, because tokenization is alphanumeric, there are enough possible permutations that they will never be repeated within even the largest payment ecosystems (collisions, in industry parlance). My team recently consulted with a massive organization that knows their existing tokenization solution will run out of numeric tokens in the next three to four years. Uh oh. WORKING TOGETHER TO KEEP PAYMENT DATA SAFE Here’s the bottom line: someone could post a comprehensive list tomorrow that included each one of these true tokens, and hackers would be no closer to breaching the token issuer or any of its merchants’ systems. That’s because of the nature of tokenization by its original definition and the limits placed upon it. On the other hand, if one of these consumer-tokenization providers (like Apple, Samsung, or PayPal) released their full list of tokens, you can bet there would be an instant increase of fraud among merchants that accept them. The problem with using the consumerbased token approach that any retailer can accept is that it gives their token

universal value — and therefore universal risk. Now, these “tokenization-in-nameonly” solutions do offer a certain level of protection to cardholders at the point of purchase and have — knock on wood — been relatively effective in preventing mass-scale breaches. My contention with these technologies is simply that they should not be called tokenization, since they go against the original concept of the arcade token. MERCHANTS DON’T NEED TO FEEL TRAPPED This is not an either/or situation, though. These technologies can work together to accomplish greater security. True Tokenization can — and does — tokenize the consumer-based tokens that are received from a mobile wallet or card-based token service. This prevents the merchant from having to maintain a database full of sensitive cardholder data. Merchants are working harder than ever to provide excellent customer experiences, and mobile wallets and other card-based token services play a part in that. But, tokenization is designed to keep merchants as well as their customers safe. As you look into which payment security solutions to implement in your business, remember that not everything labeled “tokenization” actually is.

Payment Quarterly | Q4 2016

SECURITY MOBILE WALLET WARS

n any payment service business, there are certain inevitable risks that must be addressed. With that in mind, each business develops their own strategy to assume the risk, mitigate it, avoid it, transfer it or even insure it. In most cases, the best strategy is a multi-prong approach. For each business, the risk is dependent on the business and economic model, where they sit on the value chain, the services provided and consumed, whether the company is a platform or not (e.g. marketplace), the geographic footprint, the demographics of the consumers and their respective expectations. In terms of risk, fraud is the most protean, persistent, and requires constant vigilance and adaptation. In other words, once understood other risks can be effectively managed through controls, agreements and other means; except for cyber and fraud which requires application

A PAYMENT SERVICE BUSINESS MAY CONFRONT SPECIFIC OPERATING RISK IN THE FOLLOWING CATEGORIES: Fraud - identity theft or true name, account takeover, first-party Credit - insufficient funds to meet obligations Operational - human or technical error Counterparty - settlement Technology - misaligned investment in infrastructure, obsolescence Cyber - protection of information systems and other threats like DDOS Contractual - uncertainty over liability, rights and obligations Payment Networks - rules, regulations, finality of payments Compliance - Federal, state, EU (if operating in European countries) Information - inaccessible, inaccurate or corrupt data; lack of intelligence

HOW CHIEF RISK OFFICERS KEEP PAYMENTS RUNNING BY: YAPSTONE

of new technology, continuous monitoring and continual vigilance through behavior and data analytics. FRAUD RISK - CONTEXT AND EXTENT Today’s consumer expects a friction-free payment process — in online marketplaces, eCommerce websites, and mobile apps. They take the payment, at the click of a button, for granted with the expectation that the transaction will be completion immediately with fluid movement to the next stage. Furthermore, any interference in the transaction process will result in a risk of shopping cart abandonment or delays in confirmation of the transaction. Lack of immediate gratification is, for the most part, unacceptable to the consumer. However, this seamless, brief span of time – from clicking the button to receiving a payment confirmation – is the culmination of a massive effort on behalf of CROs to prevent fraud. In the crowd of honest and deserving buyers hides an unsavory group of hackers and fraudsters; and they look the same. Our job as CROs is to find them, expose them and prevent them from unjust enrichment, making the online economy safe,

Payment Quarterly | Q4 2016

secure and affordable for everyone. In the end the “customer pays” if the risk is not managed well enough through higher cost of the service or good. And the market will also reject the entity that cannot manage the risk effectively. It is a process that starts with deterrence, detection, prevention and mitigation. This can be summed up as containment of risk and is interdependent on all parties engaged in the payments ecosystem. According to a report from Payments Cards and Mobile, U.S. businesses lost over $4.5 billion on credit card fraud. This figure accounts for roughly another $2.0 billion in the rest of the world. While this figure may seem large, it accounts for merely 0.1% of transactions, both online and offline. CNP fraud is expected to reach $7.2 billion in 2020 in the U.S. In Canada, of the CA$548 in credit card losses, CNP was 66%. A recent Javelin’s survey indicated that in 2014, 12.7 million consumers experienced identity fraud. Per IDT911, in 2015, the FBI estimated that more than “1,000 retailers are under assault with the same (or tweaked versions) of the malware that compromised Target and Home Depot.”

What are the most prevalent types of fraud, and what can online retailers and marketplaces do to minimize it?

CHARGEBACKS In any marketplace, a fraudulent transaction is returned as a chargeback when a credit or a debit card is used a vehicle for payment. Chargebacks are an inherent and unavoidable risk in online payments. A chargeback occurs when a customer makes a purchase or pays for a service and then the payment gets disputed by the cardholder with his issuing bank. Chargebacks primarily fall into two categories: Fraudulent and Non-Fraudulent. Non-Fraudulent means the transaction between the seller and the buyer occurred however, the buyer was not satisfied in some way: services were not delivered or were defective, promised refund was not received, the payment was made by other means, recurring transaction was cancelled or

the amount is different from what was agreed to, etc. All these can be classified as customer disputes. Depending upon the nature of services, merchandize, merchant and service agreement non-fraudulent chargebacks could range from 20-80% of the total chargebacks. However, some of the chargebacks are related to fraud, meaning that the cardholder was actually a victim of a fraud or claiming to be in order to avoid payment or friendly fraud. A chargeback could also result from not having obtained authorization - these days this is rare. Or, it could result from processing errors or timing. In both cases, as online transactions are considered Card Not Present (CNP) transactions, the merchant is debited for the amount along with a

chargeback fee or whoever is deemed to be MOR (Merchant of Record). There are severe ramifications for “excessive” chargebacks in addition to the processing cost. Fines and penalties kick in and the merchant risks termination from the network when certain tier based threshold are met. Avoidance or and prevention should be the goal of every merchant regardless of the environment - card present or absent (CNP). By developing policies, delivering attentive customer service and relying on an expert payment partner to minimize risk, you can reduce your chargebacks and loss through contesting chargebacks. However, chargebacks related to fraud are hard to win and so merchants should focus on detection and prevention programs.

FRAUD STOPS HERE. VULNERABILITY AND EXPOSURE AGAINST FRAUD

About 12-15 million U.S. residents have had their information used for fraudulent purposes. According

There are a number of ways fraudsters obtain just sufficient

to one survey, 7.5% of the households reported some

i nfo r m at i o n t o c re at e a st o l e n p rof i l e a n d u s e fa b r i c at e d

sort of identity theft. According to Javelin Strategy

or stolen account information to make an online purchase.

& Research Report of 2012, consumers receiving a data breach

Two leading factors are data breaches and social behavior.

notification were 9.5 times were more likely to become a victim of identity fraud. MOBILE DEVICES • 24.7% of mobile apps include at least one high-risk security flaw SOCIAL BEHAVIOR

• The average device connects to

Sharing personal information, such as date

160 unique IP addresses every day

DATA BREACHES

of birth or phone numbers, through social

In the first 5 months of 2016, there have

media exposes users to identity fraud.

been 430 data breaches exposing 12.6

68% of the people with public social media

million records. Over the last 3 years,

profiles shared their birthday information

16%-21% of the breaches exposed credit/

and 18 percent shared their phone number*.

debit card information and during the same

*Use of hackable passwords - 73%

period 43%-48% of the breaches exposed

of social media users rely on the same

Social Security Numbers. These breaches

password across multiple sites. To make

feed into creating composite profiles of real

matters worse, 33% use the same

victims or synthetic identities which are

password across every site. Finally, the

used later in committing fraud.

average user visits 25 password protected sites but uses only 6 passwords*.

• 35% of communications sent by mobile devices are unencrypted • Business apps are 3x more likely to leak login credentials than the average app Games are one-and-a-half times more likely to include a high risk vulnerability than the average app • 19 percent of the users still use WEP instead of WPA-2 giving Hackers the ability to obtain information through home WiFi • eCommerce websites account for 48% of all attack investigations. Other means are through skimming, phishing and smishing.

Payment Quarterly | Q4 2016

SECURITY

SO HOW DO YOU PROTECT AGAINST FRAUD? The biggest challenge is that you can never know for sure who is a legit shopper and who is a fraudster. Therefore, successful techniques rely on what is known as layered security. FFIEC - FIL-50-2011, “FFIEC Supplement to Authentication in an Internet Banking Environment” lays out a good conceptual foundation for layered security. Combating fraud starts with the most basic steps to a complex set of algorithms trained to detect anomalous patterns or behavior. Execution of fraud detection strategies has four components - trained staff, platform to review, decision transactions, and technology – in the form of intelligence that rank orders, risk exposure, and access to data sources to augment internal intelligence. A combination of point solutions (such as device authentication) and with a broader solution set (including fraud scoring) works best for evaluating merchant and transaction in a marketplace environment.

A GOOD RISK MANAGEMENT ARCHITECTURE SHOULD:

• Provide access to multiple data sources in real-time to detect anomalous transaction and navigational behavior and cognitive analytics; previous history and negative information • Leverage network effect and cross-channel

• Assign merchants and consumers certain

information

adaptable parameters - periodic transaction

• Offer a flexible decision engine that allows for

limits, velocity, size of purchase that triggers

construction and deployment of risk based

review based on other factors such as prior

strategy, respond to unanticipated events

history of activity, chargebacks - types and

• Host a platform to execute strategies,

resolution • Address channel and merchant category specific risks • Include analytics tools and technology,

perform testing and simulation • Deliver ability to receive and send alerts, enforce and execute processes in an ordered logic

such as AI, machine learning, decision trees,

• Support case management for investigations,

neural nets and other techniques to develop

receiving and reviewing, and contesting

models with least friction and minimal review

chargebacks

of transactions

The fight against agile, sophisticated fraud rings operating from around the world with asymmetrical flow of information requires CROs to continually adopt and adapt new tools and technology, and continuously monitoring performance of various strategies. CROs have to be mindful of achieving trade-off between usability and friction that risk management

injects in the process. However, todays tools are getting better with passive authentication to achieve that balance. As online retailers and marketplaces face increased risk due to CNP, it is crucial that they adopt rigorous antifraud technologies to minimize fraud risk. Today, CROs must remain on high alert, so that the rest of us can continue to confidently click the “buy” button.

Periscope Skimmers Prove Newest Threat to Card Users

f your mobile payments method of choice involves a card in some way, then this is a report to watch, as no less than the Secret Service released information on this one. The newest threat to monitor is called “periscope skimmers,” and these are harder to find than you might think. The periscope skimmer is a small device placed inside an ATM or similar system, usually right at the card reader point. The system can the make a record of card data contained on the magnetic stripe on the card, and since the device both comes with a battery and a storage drive, the system can run largely autonomously for as long as two weeks at a clip. The device has storage sufficient to hold up to 32,000 numbers, reports note,

Payment Quarterly | Q4 2016

so this could represent a disturbingly wide-scale possibility afoot. There is some good news here; the devices can’t access customer PINs, and it’s actually fairly easy to beat many common types of skimmers by just placing a hand over the number pad on the cash dispenser, according to reports. However, some are wondering if these aren’t really being used to seize information ahead of something much larger and much more unpleasant. Further reports note that the ATMs most at risk for such attack are those with lids that open, as these are most likely to be accessed by such users. Therefore, staying away from standalone ATMs and sticking to those versions built into walls are most likely to be safer. This might well be a problem for

BY: STEVEN ANDERSON

credit or debit card users, especially those who interact with ATMs with any kind of regularity. It could also be a problem for devices like gas pumps, and may well hurt the entire credit / debit card concept outside of users’ homes. That comes at a bad time for cards in general, especially as the Europay / Mastercard / Visa (EMV) concept is proving to do more harm than good, slowing down systems and delivering a terrible customer experience overall. While it’s probably a bridge too far to say that periscope skimmers will kill credit cards, it likely will turn out to be one more straw on that camel’s back. It may only be a matter of time until mobile payment systems step in to take over for credit cards altogether.

1.888.482.6012 • netﬁnanceint@wbresearch.com www.netﬁnanceint.wbresearch.com

Qualiﬁed Digital Finance Professionals

GET 20% OFF WITH DISCOUNT CODE: NFI16PAYWEEK

November 29-December 1, 2016 • Park Hyatt Aviara Resort • Carlsbad, CA

Embrace Disruption. Unleash Your Digital Potential. The Event for Digital Innovation in Financial Services

“NetFinance was an electric event. Topics and speakers were very relevant to rapidly changing times for ﬁnancial institutions. Break out sessions and after day activities provided excellent networking opportunities. I highly recommend this conference “ - Keith Kelly, CEO, Rate Reset

Lead Sponsors:

E-COMMERCE

THE ROLE OF PAYMENTS IN DRIVING UP E-COMMERCE CONVERSION RATES

BY: MICHAEL DORON director, business development aci worldwide

he Golden State Warriors’ Stephen Curry sank more than 45% of his threepointers in 2015-16, leading his team to a record-breaking regular season in the process. But why can one of the greatest shooters in basketball history still not even come close to sinking 100% of his three-point attempts? The main reason is that opposing teams’ defenses are doing all they can to disrupt his shot. In the golden age of eCommerce, 100% conversion rate is equally elusive, as shoppers can encounter all sorts of disruptions as they navigate their way through the checkout and payment process. The task of online merchants is to remove obstacles – the ‘digital defense’ – so that they can drive conversion rates as high as possible. Just as a run of threepointers can swing the result of a game, even a minor change in a merchant’s conversion rate can noticeably impact their revenue, positively or negatively. Merchants are therefore seeking out payment providers that equip them with solutions that remove obstacles to high conversion rates, as the delivery of seamless and frictionless customer journeys becomes ever more important. With sales via the mobile channel more than doubling in the U.S. between 2013 and 2015, m-commerce has now become

Payment Quarterly | Q4 2016

central to discussions around reducing friction in payments. Challenges to achieving high conversion generally fall into one of three categories. Firstly, shopper distrust, which often occurs because of redirects to offsite payment forms, poorly designed payment pages, or the failure to display well-known and trusted logos. Secondly, inconvenience, which causes frustration and takes shoppers elsewhere because of inadequate payment method offerings and forced registration. Finally, process problems, often stemming from inefficient payment setup and overzealous fraud protection. Resulting cart abandonment can significantly lower conversion rates. For this reason, a great checkout process is one that is intuitive and guides shoppers through the purchase, creating the simplest path through the various steps that make up the payment flow. These challenges are amplified for businesses that operate across international borders, where alternative payment methods, regulations, and local fraud patterns all add to the complexity. But there are ways to reduce complexity and succeed in driving up conversion rates, even in a challenging cross-border environment. A QUESTION OF TRUST Shopping cart abandonment can stem from merchant distrust, and savvy online shoppers have few qualms these days about abandoning a purchase if they in any way doubt the legitimacy or integrity of the checkout or the payment process. Sometimes, simple design changes are enough to engender greater trust; displaying logos of major card schemes, relevant local alternative payment methods, and

fraud prevention (including PCI DSS). The familiarity of these logos can help to reassure uneasy shoppers. Redirects and poorly embedded payment pages can also set off alarm bells for shoppers, though they are still commonly used by many merchants utilizing third-party solutions. Payment forms that can be easily adapted to the look and feel of merchants’ websites reassure shoppers and help to build trust, making them an important tool in raising conversion rates. THE TRUTH ABOUT INCONVENIENCE Online shopping is inherently convenient, as consumers browse and buy from the comfort of their couch, or during the morning commute. But merchants need to remember that their competition is not the brick-andmortar retailer 10 miles down the road; another website offering the same (or at least very similar) product is only a click away, and any number of inconveniences could cause them to click away to nearest competitor. One of the specific inconveniences that can cause shoppers to abandon their carts is a lack of payment options. Most shoppers have a preferred payment method (and it’s not always credit card), so merchants need to understand their target market, and provide the payment options that are most relevant to them. This becomes especially pertinent when operating internationally. A globally uniform strategy will simply not work, due to the fact that payment method preferences vary widely by region, country, and even industry. Even within the Eurozone, where there is common currency, there are dozens of alternative payment methods, and

marked divergence in payment behavior even between neighboring countries. Offering the appropriate alternative payment methods and card brands can boost conversion rates by up to 30%. Complicated and multi-step checkouts risk losing shoppers, thus harming conversion rates, so merchants must strive to deliver the seamless experience that shoppers demand. Forced registration should therefore be avoided, as it is an unnecessary step for those shoppers seeking a quick, one-off purchase. However, making registration an option will allow for conveniences such as one-click checkout for returning shoppers. The biggest challenge for those merchants supporting one-click checkout is balancing security with convenience, which can be achieved – in part – with a secure authorization and tokenization solutions. PROBLEMS WITH PROCESSES While the inconveniences already discussed are often a result of a payment setup that is missing certain elements, process problems arise when a proper

setup does not operate efficiently. This can stem from back-end inefficiencies like slow page load times, or incorrect use of data fields. An example of this is when payment data is submitted with internal reference tags (e.g. empty slots in the billing address) and leads to a decline because data discrepancies lead to a fraud alert. Fraud protection – while essential for any online merchant – needs to be carefully calibrated, as an incorrect setup can block genuine shoppers, thereby unnecessarily lowering the conversion rate. Analytics can be hugely beneficial in fine-tuning fraud prevention setup, especially when operating in a crossborder environment. Quality data needs to be collected and managed, and expert analysts can be hugely valuable in interpreting the data and implementing improvements to the fraud prevention setup. An example of this is 3-D Secure, a tool that varies widely by region in its efficacy. In Brazil, for example, where it is practically unknown, 3-D Secure may block fraud but also genuine purchases. A dynamic 3-D Secure, tailored to

The Countryside Loves eCommerce

here’s a lot to say about clean country living. The peace and quiet, the ability to look up and see stars, water pulled straight out of the ground, and more are just part of the benefits involved. Good shopping, however, is not commonly on the list. That’s changing thanks to eCommerce, as things that were only available in the city, are now available to everyone in the countryside too. This sudden popularity, however, means trouble for parcel delivery and others as well. A report from Kantar Retail shows just what’s going on; 73 percent of rural customers are buying online, and that’s up from 68 percent just two years ago. A third of these are Amazon Prime members, which is up eight percent from 2014, and this means a lot more

account for regional or country-bycountry variations, can lead to doubledigit increases in conversion rates. GETTING PAST THE DEFENSES: A TOOLKIT FOR REMOVING BARRIERS AND INCREASING CONVERSIONS Payment providers can help their merchants overcome this array of challenges with a suitable set of tools; embeddable and secure payment forms, currency and language localization, relevant alternative payment methods, device optimization, robust yet flexible fraud prevention, and insightful analytics, to name just a few. Payment providers must also act as ‘coach’ to their merchants, educating them on how to deploy the tools at their disposal for the best possible results. Merchants, meanwhile, need to seek out those payment providers and technology partners that eliminate potential disruptions and give them a clear shot at the basket in the competitive world of global eCommerce.

BY: STEVEN ANDERSON

shopping is taking place from PCs, tablets, and yes, even smartphones. Sounds great, but there’s a problem; rural orders are tough to fill, particularly at Amazon’s impressive speeds, because there’s a lot of open ground in the countryside that needs to be crossed to get people their books, DVDs, clothes, perfumes, and so on. UPS noted that just one mile a day for its entire fleet can run $50 million a year, which means bigger charges to the retailer. This doesn’t mean so much if the volume’s there, but with that kind of volume, that means losses for the local brick-and-mortar, even of the big box variety. It’s a hard proposition to beat. Amazon has just about anything you could ask for, available for a few clicks and a credit card number.

Why would anyone want to go traipsing all over the countryside or making the long trip to a crowded city when that option’s available? About the only reason that this isn’t even more pronounced than it is is likely because rural connectivity is an ongoing disaster. With the arrival of 5G in three years, this is likely to change, and that may make the death of rural America’s main street all but final. People want to buy things, and not have to travel huge distances to get these. Online shopping is providing that outlet, but it’s also raising some less savory issues as well, points that must be addressed lest they do more harm than good.

Payment Quarterly | Q4 2016

MERCHANT SOLUTIONS

CARD-FREE, HASSLE-FREE

the rise of alternative payment methods

BY: BOBBI LEACH ceo futurepay

or most people, online shopping is synonymous with using a credit card. However, with the rise of alternative and card-free payment options, many shoppers are ditching the traditional plastic for faster and more convenient options. Alternative payment options have exploded in popularity in recent years, and today shoppers expect to have flexibility in every way they pay. Whether it’s in-store, on a tablet or mobile device, or from a laptop, shoppers have made it clear that having their choice of payment options is a highly important aspect of the shopping experience. Shoppers want to make purchases in a way that fits their budget and preferences and, for many, a credit card isn’t the most convenient option. To offer customers options and capture as many sales as possible, retailers should consider offering multiple types of payment methods. Following are several key benefits of offering a range of payment options whenever possible.

Payment Quarterly | Q4 2016

FACILITATE A CONVENIENT CUSTOMER EXPERIENCE Online payment options are more than simply the payment method; they’re how shoppers pay. Payment options dictate the user experience and can ultimately make or break a customer’s future relationship with the retailer. Payment methods can affect the checkout flow and are the last hurdle separating happy customers from an abandoned cart. Having alternative payment options isn’t just about having variety for variety’s sake. One of the biggest advantages of alternative payment options from a customer experience perspective is how they can speed up the checkout process and reduce friction. A frictionless customer experience is very important to retailers across industries, as 21 percent of shoppers will abandon their carts if a transaction takes too long to complete. Friction at checkout is one of the largest contributors to cart abandonment, and alternative payments can cut down on this friction. A traditional credit card checkout process requires multiple clicks, a handful of form fields and typing out a 16-digit card number. In some cases, shoppers have to go through each of these steps every time, even if they’re a returning customer. On the other hand, alternative payment methods (APMs) can speed up this process by requiring less information and fewer fields to fill out.

Removing friction helps to reduce cart abandonment and improve conversion rates, especially for shoppers on mobile devices. The last thing shoppers want to do is thumb through several pages of form fields when they’re on-the-go. Retailers can offer customers alternatives that reduce the amount of time it takes to check out. For example, alternative payment options such as Apple Pay, Samsung Pay and Google Wallet store all customer information – such as credit card or bank account number, billing address and shipping address – so customers can complete transactions at the click of a button. By providing customers with a simple and streamlined way to buy online, retailers can help to get more shoppers to their “Thank You” page and avoid shopping cart abandonment. SUPPORT CARD-FREE NEEDS In addition to the hassle of entering in several pages of information each time a transaction is completed, there are several other reasons why people might want to shop online or via a mobile device without having to use a credit card. For example, a shopper might want to buy a gift for his or her spouse and only have a shared credit card. Maybe they’ve reached a limit on a credit card and still need to make a purchase. Or, more simply put, perhaps they want to avoid the high interest rates often associated with credit cards. Security concerns are another reason why shoppers might want to shop online without a credit card. For example, a survey by MasterCard found that 50 percent of North Americans cite security concerns as the reason they don’t shop online. By offering an alternative option to credit cards,

retailers can capture more sales from security conscious customers. Apple Pay, for example, ensures retailers never actually handle shoppers’ payment information – making it a more secure option than merchants storing all the customer information. Rather, Apple uses a one-time code – known as tokenization – for each transaction. So, even if a hacker were to get a hold of the code, it would be useless because the code is good for one time only. Multiple payment options can reinforce trust with the customer that they don’t have to enter in personal information every time they shop. Instead, alternative payment options allow shoppers to use an option that is both easy and secure. Given these and many other reasons people might not want to use credit cards, you can make sure to still capture their business through alternative payment methods. By offering shoppers

alternative payment methods, retailers can effectively lower the barrier to making a purchase and help shoppers buy the products they need in a way that fits their preferences and budget. MEET THE DEMANDS OF TECH SAVVY MILLENNIALS Millennials are one of the driving forces behind the surge in alternative payments. Since the tumultuous period following the 2007 financial crash, millennials have become distrustful of the traditional banking structure. One way this distrust has materialized is in their avoidance of credit cards. For example, Bankrate found that 63 percent of millennials don’t have a credit card. This means retailers need to have payment options available that don’t require credit cards to ensure their millennial shoppers can make a purchase.

Also, millennials now make up the largest generation in the U.S., and as such retailers need to make sure they cater to some of their unique preferences. Giving millennial shoppers flexibility in how they pay can help build loyalty and trust with retailers. By not forcing them into one payment method, retailers can offer millennials a better user experience and increase the chances that they become loyal customers in the long run. Accepting new payment methods might seem like a daunting task for retailers, but in order to keep up with consumers’ changing needs and demands, retailers must adapt. By catering to online shoppers’ payment needs beyond the traditional credit card payment option, e-commerce retailers can boost revenue and loyalty, and reduce cart abandonment.

Retailers Planning Big Holiday Hiring … For Online Support Staff BY: STEVEN ANDERSON

f you’re planning to do most of your shopping online this year, even if you’re not necessarily planning to use mobile payment systems to cover the bill for said shopping, you’re not going to be alone this year by any stretch. In fact, the stores are expecting more online shopping as well and are planning to hire extra workers accordingly. The extra workers won’t be going to stores so often as they will be to take on extra work in the warehouses and fulfillment centers where product goes forth to reach customer hands. A report from Challenger, Gray and Christmas says that seasonal hiring this year will be about what it was last year, with an extra 738,000 part-timers picked up to fill in the various gaps encountered by added shoppers. While some of these will certainly be going to store floors, most of the hiring is instead headed for online shopping points. Target, for example, plans to hire 70,000 people, and 7,500 of them

will be proceeding to warehouses and fulfillment centers. Other shops haven’t yet announced plans—which isn’t surprising given it’s still September—but we’re already seeing more moves to bring employment to the warehouse and fulfillment center. Macy’s, for example, lowered instore hiring last year and increased hiring of eCommerce fulfillment staff. Amazon, not surprisingly, doubled its hiring over the course of three years and some still don’t think it’s enough. Basically, the Black Friday / Cyber Monday concepts are starting to fall apart. Perhaps people are tired of the rampant commercialism, the shopping day’s increasing incursion into Thanksgiving Day, or maybe just fighting crowds in a bid to get to one of 35 items that have been marked down with a sale that runs out when the 35th such item leaves the store. With some reports suggesting that holiday shoppers actually want to be done early—one report noted one in

seven respondents had already started, and this being only September—the idea that more will focus on online shopping this year makes a lot of sense. Thus, stores are hiring to fill in the gaps, which may be more often in warehouses rather than store floors. If it continues like this, we may have fewer stores survive period—a development we’re already starting to see. Will Black Friday go the way of Candlemas? It’s starting to look that way.

Payment Quarterly | Q4 2016

MERCHANT SOLUTIONS

GLOBAL PAYROLL KEEPS THE HEART OF BUSINESS TRANSFORMATION BEATING BY: IAN SPARROW vice president, global payroll strategy for multinational clients adp

ayroll professionals find themselves in the midst of dual transformations as their roles evolve along with the businesses they support. On the one hand, they are undergoing a profound metamorphosis as their focus becomes more global in scope. On the other, global payroll practitioners are expected to spearhead the transition from a transactional environment to one focused on business transformation. Today’s global payroll professionals are not just responsible for devising ways to reduce costs. They now are expected to serve as catalysts for change who bring savings, efficiency and added value to the employee experience. The challenge becomes even more acute as frequent mergers and acquisitions among multinational companies continue to typify the global business environment. New technology has advanced

Payment Quarterly | Q4 2016

payroll from a basic function to a strategic tool, enabling Human Capital Management (HCM) leaders to leverage valuable information to improve employee experience, increase employee retention and ensure a stable, global workforce. Innovative HCM solutions are delivering new capabilities to these business transformation leaders – mobile, real-time access to information, self-service and more – with no constraints based on location or time of day. At the same time, payroll remains complex. Supporting a global workforce across various geographies brings new challenges to payroll organizations. To be successful, HCM leaders need to build skills to manage organizations, systems and technologies that support multiple regulatory environments, laws and compliance frameworks. Consider this: There have been 562 changes to payroll legislation in the past three years in the Asia Pacific region (APAC) alone. That pace would leave even the most seasoned payroll practitioner breathless. But it highlights how imperative it is for payroll professionals to thoroughly understand local and regional regulations, as well as the implications of those laws to their organizations. Ensuring a company is prepared to navigate this growth and related regulatory challenges means global professionals are required to take on a role they may not be prepared for:

Becoming an active, strategic HCM leader who effectively manages the business and its people. Of course, change -- particularly at large multinational companies -is often difficult. In a survey of 160 multinational organizations, Ernst & Young® found that more than half of global payroll professionals don’t want to change their current processes, with 54 percent preferring to keep historical payroll practices versus searching for a global technology solution that will better suit an expanding workforce. In fact, on average, 32 percent of the global organizations in APAC still manage payroll using paper or spreadsheetbased systems. With new regulations in nearly every country and organizations resisting change, how can today’s global payroll professional prepare to meet these new complexities? What technology can be used to ensure integration and compliance across all geographies? Payroll and HCM leaders can help address new regulations and global organization’s apprehension with four steps: The first is to accept inevitable change. Interestingly, many HR and finance leaders at global organizations are still clinging to “traditional” ways of managing payroll, which may be hindering their business’ success. Implementing one, integrated global solution can be daunting for a company that has managed its workforce the

same way for decades – even if that means they’ve been using more than 33 payroll systems to do it! However, when the leaders of an organization understand and come to a consensus that change can benefit the business at large, the next steps of implementing a single global solution are more likely to succeed. Next, find a partner. Choosing the right global payroll partner is no small task and requires rigorous due diligence. For instance, it’s key to find a partner that has expertise in evolving local tax and labor laws, and that can determine how compliance changes may impact an overall business. The wrong choice can lead to costly consequences and, potentially, the payroll practitioner’s worst nightmare – being unable to pay employees on time or in accordance with local tax and labor laws. Getting payroll wrong can possibly erode employee trust and productivity, as well as potentially result in expensive fines and penalties that directly impact an organization’s bottom line. When engaging a global payroll partner, HR leaders at multinational firms must ensure their selection process reflects their organization’s business strategy, culture, and longterm growth plans. Finding the right partner can empower global employers to reduce risk and administrative costs while focusing more resources on HR initiatives that support their company’s strategic growth and employee engagement. Co n s i d e r I m p l e m e n t i n g a n Integrated Solution. Today, HR leaders still focus on capabilities, controls and accuracy – the more “traditional” processes and tools connected with local payroll. But that focus will occur less frequently as global businesses implement integrated payroll solutions. An integrated payroll solution can address the basics of payroll m a n a g e m e n t (e . g. , c o m p l i a n c e management, operational efficiency and consolidated reporting), as well as provide analytical tools to help identify insights that will enhance decisionmaking, and help global businesses stay ahead of employee turnover and dissatisfaction. It also can reduce

THERE HAVE BEEN 562 CHANGES TO PAYROLL LEGISLATION IN THE PAST THREE YEARS IN THE ASIA PACIFIC REGION (APAC) ALONE. THAT PACE WOULD LEAVE EVEN THE MOST SEASONED PAYROLL PRACTITIONER BREATHLESS. risk, provide greater visibility into organizations in other geographies and, ultimately, reduce the probability of a costly compliance penalty. Last, support professional development. For companies making the shift toward a fully integrated global payroll system, formal training to refine payroll specialists’ skills can be very important. That kind of education is often invaluable when combined with a foundational understanding of how payroll and workforce data support broader business goals. Payroll today actually is an important source of critical data that can help all executives at a company make better decisions – where to allocate resources, where to invest, and potentially what markets they’re best positioned to serve. Leveraging payroll knowledge and expertise, as well as understanding the payroll technology landscape, can be a powerful business

combination. No matter what the remit – global or local, large company or small – the goal of the payroll professional remains the same: Pay employees accurately, in compliance and on time, every time, in every location. And it may be helpful to remember that payroll is at the heart of HCM and HCM is at the heart of people management, which is strategic to all companies. Without effective people management, business transformation can be even more difficult to achieve! Technology is making payroll even more strategic because of the way it’s delivered. It is enabling HR leaders to leverage the information they already may have to improve the employee experience. Ultimately, the success of global payroll will be directly linked to its ability to be fully integrated within a suite of global HCM solutions.

Payment Quarterly | Q4 2016

PROCESSING

ALIGNING E-INVOICING AND E-PAYMENTS FOR GREATER EFFICIENCY, VISIBILITY AND CONTROL C

BY: BOB COHEN vp, north america basware

Payment Quarterly | Q4 2016

ompanies and governments around the world are realizing the benefits of automating and speeding up the processing, delivery and receipt of invoices. They’re enjoying visibility gains, cost and time savings, and the ability to better manage spend, cash flow and working capital as well as a new world of financing opportunities. I nv o i c e s c o n t a i n e s s e n t i a l information needed for payment processing, including who the buyer and supplier are, what is purchased and when, and payment terms. Under manual processes, invoices were often lost or misplaced, resulting in late fees and poor visibility into an organization’s financial obligations. Invoice automation and e-invoicing overcome these challenges, and enable organizations to gain the real-time view into invoices that enable them to conduct payments and financing electronically. W h i l e i nvo i c e a u to m a t i o n , which streamlines and speeds up the processing of invoices once they arrive to an organization, is a key component of Accounts Payable automation, e-invoicing is also needed to expedite payments. For example, while it would typically take a couple of weeks for invoices to be manually sent and received – including the time it takes for the sender to print and mail invoices and the supplier to open the mail and key in invoice data—e-invoicing allows that to all be done instantaneously. It benefits buyers by saving them time and money, expediting invoice processing and helping to shorten the payment cycle, while also being valuable to suppliers who can track their invoices

in real-time and potentially get paid sooner. GOVERNMENTS LEAD THE WORLDWIDE E-INVOICING CHARGE B2B e-invoicing has been steadily increasing over the past few years, although there is still much room for growth. In an annual survey conducted by the European E-Invoicing Service Providers Association (EESPA), 1.252 billion electronic invoices were processed and delivered by its members in 2015--representing a significant growth of 27 percent over 2014 volumes of 985 million. Despite this growth, these e-invoicing volumes are a small part of the 370 billion or more total invoices issued annually, according to estimates from the Billentis Market Report 2016: E-Invoicing /E-Billing. Interestingly, governments have been early adopters of e-invoicing, which they are pursuing for a variety of reasons, including increased efficiency and cost savings, reduced tax fraud, and faster payments to suppliers. Among the worldwide leaders in e-invoicing is Latin America, which is making an e-invoicing push to ensure tax compliance. Europe, which is also leading the effort, is building infrastructure to connect buyers and suppliers and introducing legislation and mandates to ensure compliance. The government of Denmark, for example, has been a trailblazer, conducting e-invoicing for more than 10 years and up to 90 percent of its invoices are received electronically. And the UK is undertaking e-invoicing to help smaller businesses improve their cash flow, implementing the voluntary Prompt Payment Code, to help small

businesses get paid within 30 days. While the U.S. is moving at a slower pace than many of its global counterparts, it has made headway as well. The federal government introduced the Invoice Processing Platform (IPP) in Nov. 2007 to enable its agencies to more efficiently and costeffectively send and process invoices. Participation in the program grows every year, and there is a push to have all federal agencies move to e-invoicing by the end of FY 2018. The government is also promoting prompt payments to support smaller companies. President Obama’s Supplier Pay Initiative, enacted in Nov. 2014, requests that companies pay their small suppliers faster or offer them a lower-cost financing solution. THE LATE PAYMENT CULTURE While poor processes and a lack of automation contribute to late payments, a late payment culture is exacerbating the issue. In an effort to hold onto working capital, some buyers are extending their payment terms up to 60-100 days— negatively impacting supplier cash flow, which is especially difficult for some of the smaller suppliers. According to a survey Basware conducted, businesses seem to understand the need to pay on time, yet 43 percent are paying suppliers up to a month late and consider late payments to be business as usual. Similarly, while businesses understand the benefits of early payment discounts, suppliers are not offering them systematically. While 69 percent of suppliers agree that early payments would have a considerable positive impact on the cash flow of their organization, only 33 percent of them are considering offering discounts for early payment. NEW PAYMENT AND FINANCING OPTIONS Progress in B2B electronic payments has lagged behind the advances on the B2C front, where great strides have been made through digital payment solutions. Perhaps part of the problem for the B2B marketplace is that historically, the purchase-to-pay process has been siloed—with procurement,

invoicing, and payments and the supply chain operating in separate areas with distinct processes and systems. This not only has been inefficient and costly, but the lack of visibility and control means that one hand doesn’t know what the other hand is doing. Another problem with B2B payments has been that traditional financing options offered by supply chain finance and financing companies were typically expensive. Today, however, the B2B community is learning from the advances on the B2C side and how they can be applied to business. Over the past decade the B2B marketplace has developed commerce networks that enable buyers and sellers around the world to electronically send and receive invoices and purchase orders, create credit notes and exchange e-catalogs. This infrastructure also is a platform for e-payments and financing services. This infrastructure, innovative technologies and cross-functional v i s i b i l i t y t h a t p u rc h a s e - to - p ay automation provides are opening up new possibilities for payment and cost-effective financing. For example, for the first time, companies can offer alternative financing at the individual invoice level. Since this is typically a smaller amount than most business loans, for a shorter period of time, and with low risk (particularly when it is tied to invoice approval) the cost for invoice financing can now be very competitive. The cross-functional visibility, especially when coupled with analytics, enables companies to gain greater

insight into purchasing and payment trends, drill down into root-cause analysis of inefficiencies, and view their spend by supplier, geography and other criteria. This not only allows these organizations to identify opportunities for volume discounts, early payment opportunities and other cost savings options, but also enables them to develop a payment strategy, scheduling the timing of payments to different suppliers, and determining how they will finance these payments. Through a strategic payment plan companies can more effectively manage their cash flow in real time based on their specific needs. For example, companies that are cash rich may opt to pay early to take advantage of discounts, others might want to help finance the receivables of their top suppliers, while others may choose to extend their payments through new competitively priced financing. By aligning e-invoicing with e-payments and new financing options, organizations of all sizes now have the flexibility to free up working capital, manage their cash positions and gain the liquidity they need to operate and grow their businesses—and at the same time, meet their obligations to suppliers. And it’s a win for suppliers too, enabling them to get paid faster and improve cash flow—which is critical to keeping their businesses healthy and afloat. The payments tug-of-war between buyers and suppliers could rapidly become a thing of the past as both parties are now able to control their own cash flow and payment destinies.

Payment Quarterly | Q4 2016

PROCESSING

COMPONENTS OF A SIMPLIFIED PAYMENTS EXPERIENCE W

BY: WHITNEY STEWART SVP, product management & strategy, electronic payments fiserv

hen people pay, they’re not thinking about how their money gets from one place to another. They just want their funds to arrive securely and on time. In the ideal payments scenario, sending money would be as easy as answering four basic questions: 1. Who do you want to pay? 2. How much are you paying? 3. When do you want the payment to arrive? 4. Where is the money coming from? However, today’s payments reality is far from this simple. In order to send money from Point A to Point B in the most efficient way, consumers need to know what payment technology they want to use and where to find it. THE CHALLENGES WITH TODAY’S PAYMENT EXPERIENCE Consider the payments a typical consumer might make in a given day. Beyond payments made for purchases at the point of sale, a category in and of themselves, consumers may go to their online banking site to pay a bill, use an app to transfer funds, or write a check for their share of the office baby shower gift. The payment experience is currently fragmented, with multiple solutions and providers disrupting the payments value chain for consumers and billers. A large percentage of payments could be sent electronically, b u t o f te n t i m e s a re n’ t b e c a u s e consumers aren’t aware of the services their financial institution offers, such as person-to-person payments.

Payment Quarterly | Q4 2016

When surveyed, most consumers indicate a preference for making payments using their primary financial institution, yet many consumers send payments using third-party niche providers. These competitors often deliver a good consumer experience and are able to cross-sell services, which encroaches on traditional banking relationships. Even within financial institutions, the payments experience is fragmented as most require consumers to access different payment functions separately in online or mobile banking – paying a bill from one place, a person from another and making a transfer from yet another. AN INTEGRATED PAYMENT STRATEGY A single, cohesive platform that could deliver a unified payments experience, allowing money and data to move safely and securely in a common ecosystem – could address these challenges and make moving money easier and faster than ever before. Yet this is much easier said than done. Fiserv has identified six key components that we believe are essential to the creation of a simplified payment experience for the end user. While these are technical components, they all impact the overall payments experience. Some, such as alerts and notifications as well as faster payments are also highly visible to the end user. The network and underlying intelligence behind a simplified, integrated payment experience has six primary components:

1. SHARED REGISTRY A single data source and registry of those sending and receiving payments – including both consumers and companies that may be receiving payments –eliminates historical silos of data and facilitates the communication of payment information. A shared registry can also enable “peering” with other networks and user registries, which exponentially expands the number of financial institutions, consumers and companies that can be connected. These connections and integration can make business and personal payments easy, fast and friction-free. In addition, direct, two-way connectivity between network participants and a consistent experience across all payment types can help reduce costs, expedite the payment process, “electronify” more payments and drive customer engagement.

3. FASTER PAYMENTS Different situations call for different payment speeds. In some cases, delivery in a few days’ time is perfectly fine. In others, payments need to be immediate. In order to meet consumer expectations for speed and choice, a platform must support multiple payment speeds, including realtime. This necessitates real-time posting and funds availability, as well as the ability to support instant-access funds. A platform must be able to support the delivery and receipt of payments utilizing the most efficient delivery method, whether cardbased or cardless.

2. MONEY MANAGEMENT ACROSS CHANNELS AND NETWORKS As noted Consumers think about payments in terms of who they want to pay, how much they want to send, when they want the money to arrive and how they want to fund the payment. Consumers do not know how payments “work” on the back end, and they should not have to. The ability to move money across multiple payment products, services and networks with optimized payment speeds is an essential requirement of a platform designed to enable a simplified payments experience. If a platform can handle these requirements it means the user does not have to know which product, service or network to use to best complete their payment – that is all handled for them.

4. FRAUD AND RISK MANAGEMENT By integrating a broader range of payment transactions and utilizing a single platform for fraud analytics, risk monitoring and management can maximize fraud detection and prevention. This allows for enhanced fraud and risk management for the payment provider, with little or no impact to the user experience. Enhanced capabilities in these areas can even improve the perception of payment security when they result in more accurate alerts to the end user.

5. INTEGRATED ALERTS AND NOTIFICATIONS Alerts, which let consumers know specific information related to a payment such as a bill due date, and notifications, which tend to be more general in nature, can be generated directly from a payments platform. In order to meet consumer demand for anytime, anywhere information, alerts should be able to be delivered via email, mobile, in-application and insession messages, according to the recipient’s preference.

DESIGNING FOR HOW PEOPLE LIVE TODAY 6. DECISION ENGINE Any single transaction can be sent in a variety of ways, which may impact payment speed and cost. A decision engine enables the application of operating and governance rules, which determine transaction routing options, response rates and exception handling.

In today’s increasingly connected world, any payments experience should be designed with mobile in mind. The development and deployment of browser-based and plug-in mobile capabilities ensures people have a consistent, intuitive payment experience whether they’re online or on a mobile device. By delivering an integrated payments experience, financial institutions can readily respond to consumer preferences and expectations, and most importantly, make it easier for people to pay who they want at the speed they choose. Streamlining and simplifying the payments experience delivers a heightened level of ease and convenience to a new generation of users.

Payment Quarterly | Q4 2016

PROCESSING

BY: AMIR WAIN founder and ceo i2c inc.

or financial institutions, payments transformation is as much or more of a business issue than a technology problem. With the market evolving so quickly and consumer expectations driving much shorter product development cycles than most enterprises are equipped to handle, how do you put together a strategy that delivers the right payments solutions at the right time in the future? Predicting the future of payments, no matter how good a crystal ball you think you may have, remains virtually impossible. When it comes to the underrecognized transformation that’s happening in payments right now and the opportunity it represents, the key question business leaders of financial institutions (FIs) should be asking is whether they have the organizational agility and the supporting toolset to keep their businesses competitive and agile in the long run. Focusing on rolling out static point products they think may work in the future is a losing battle. They are better off focusing on capabilities and functional agility, and on a technology platform that gives them to tools to quickly create solutions and evolve them over time to meet changing market needs. PAYMENTS TRANSFORMATION: INDUSTRY AT A CROSSROADS Issuers and payment providers know they need to create and deliver new roadmaps with better products and features that appeal to their changing customer base and drive

Payment Quarterly | Q4 2016

revenue. What’s making this harder is the confluence of market forces and trends that are defining today’s rapidly changing market dynamics: compressed time of innovation and adoption, new business models, and rapidly changing customer needs. New technology and ideas are spreading faster than ever. Today’s superheated digital environment has compressed timeline between early adopters and laggards. For financial institutions, previously the gap could have been as long as a decade; but now, that timeframe can be as little as 24 to 36 months. Financial institutions that have been working under the assumption that they can wait to adopt new technologies to mitigate risks and costs run the much bigger risk of not having a competitive product or service offering that appeals to new and evolving customer segments. Consumer expectations are vastly different than what they were just a few years ago. The way we shop and buy has changed, and payments is no exception. Purchases are digital and mobile, and social conversations influence what consumers buy, when, and how. Today’s consumers expect purchasing experiences that are timely and relevant to their unique situations. At the same time, competition is getting more intense, and not just from other banks. New technologies have given rise to entirely new business models. Recent years have witnessed the proliferation of new products and services like P2P payments and alternative lending offerings from

fintech firms remain top of mind for consumers. Tech giants like Apple, Samsung, Facebook, and Uber and other non-traditional payments players are disrupting banking and payments. All this brings added pressure on FIs to differentiate their products and services to stay top of wallet. This is a daunting environment for card issuers looking to build new revenue streams and take advantage of new market opportunities. Given the velocity of innovation and technology adoption, traditional players have little time to transform themselves into agile innovators, able to quickly and cost-effectively deliver differentiated, personalized payments products that appeal to social and mobile-savvy consumers. Unfortunately, the legacy processing technology many issuers rely on is completely out of sync with today’s market realities. It wasn’t designed to address problems and take advantage of the new opportunities the digital revolution has presented, and it’s inherently inflexible, complex, and difficult to change. The result is that issuers can’t react quickly to anticipate market needs and are often stuck rolling out undifferentiated “me-too” products. MASTERING UNCERTAINTY For financial institutions and issuers, mastering payments transformation means formulating the right product roadmap vision and strategy—and having the right tools to act on it quickly. The pace of change is accelerating, and the future is impossible to predict. Spending precious resources trying to out-innovate the competition on very short time scales with point products that may or may not bear fruit is a losing proposition. If you don’t know the future, the best strategy is to have a system to help you manage it. With the right set of tools and building blocks, you can build specific solutions that map to market needs in the moment. The key to future-proofing innovation in payments is a processing platform that fuses the agility and flexibility of a modular architecture with the highest levels reliability, security, and scalability. What is needed is a more agile payment processing model.

THE NEW PAYMENTS TOOLBOX – AGILE PROCESSING i2c’s Agile Processing is a unique, highly-configurable and reliable payments processing model that gives issuers the control to quickly and cost effectively build and deploy new, customized solutions that deliver value to customers. With Agile Processing issuers have tools they need to enable a product roadmap vision, test it, modify it, and deploy it using a sandbox to scale model to get to market quickly and drive revenue. THREE KEY CONCEPTS ARE AT THE HEART OF AGILE PROCESSING: COMPOSITION, CONTEXT, AND CONTROL. Composition: Composition is the ability to conceive and configure any payment or business process. Just as LEGO bricks can be pieced together to assemble virtually any structure, i2c’s Agile Processing platform is comprised of a vast library of blocks

of payments functionality that can be quickly assembled to rapidly bring new solutions to market. Like a structure composed of interlocking LEGO bricks, the different component pieces are engineered to fit and function together, providing inherent stability and extensibility. Issuers can pick and choose elements based on their unique requirements and swiftly and costeffectively create, test, and introduce differentiated payment products on an inherently secure platform. No coding is required. Hard-coded legacy processing technology is completely out of step with how the marketplace works, making it impossible for issuers to test options and apply what they know about their customers’ experiences. Context: In payments, context means understanding and acting on preferences, external events, entitlements, purchase history, and other consumer information that are relevant at that exact moment to create personalized payment experiences.

Payment Quarterly | Q4 2016

PROCESSING

A real-time offer is an example of this as you think about the concept of delivering the right offer to the right person at the right time. Unlike older payment processing technology which is context blind, Agile Processing’s context-sensitive data leverages individual cardholder attributes to create memorable experiences. Context inserts intelligence into the payments stream. It is vital to curating personalized purchasing experiences for consumers, and it can accelerate revenue and enhance loyalty. Co n t r o l : U l t i m a te l y, Ag i l e Processing is about giving control back to card issuers so they can execute their unique payments vision and business strategy—on their timeline and on their terms. It gives issuers the tools to respond quickly to changing market

requirements and deliver high-value payment solutions. FUTURE PROOF The pace of advances in technology and the compressed timeline of adoption are putting pressure on FIs to do a better job managing uncertainty. Agility is the secret ingredient for navigating a future that’s increasingly difficult to plan for— and one that certainly doesn’t allow for lengthy product development cycles. For issuers, agility and control comes from a next-generation processing platform that gives them the tools to respond strategically— and in the moment—to rapidly changing market dynamics without compromising reliability and scalability. The underlying architecture of most payment processing solutions on the

market today provide either reliability and scale and in some cases flexibility, but not both. Those who hesitate to modernize because they are wary of the cost and effort at a distinct disadvantage. Deciding to do nothing is a mistake, but simply deciding to “keep pace” really is no longer an option. Rather than spending resources on point products or innovation labs that may take many months to roll out solutions, any investment today should be in a flexible processing platform to serve as the foundation of their future payments business.

HOW PAYMENT TECHNOLOGY AFFECTS CLINICAL RESEARCH C

BY: KYLE CUNNINGHAM vp of product management greenphire

Payment Quarterly | Q4 2016

linical trials rely on the ability to recruit and retain motived, informed and eligible patients. The consequences of poor retention include, but are certainly not limited to delays in clinical trial timelines and approval, higher costs to complete the clinical trial, and subjects not receiving full course of therapy and follow up. Payment solutions can improve patient engagement and retention, optimize resources, and provide a complete record of financial transactions to support financial t ra n s p a r e n c y a n d c o m p l i a n c e requirements

PATIENT ENGAGEMENT AND RETENTION A clinical trial’s success resides in its ability to attract and retain participants in the study. In order to keep patients engaged, many researchers compensate trial participants, reimbursing them for their time, travel and other expenditures that may come into play to participate. Payment also may be given just to provide an incentive for participation. Eliminating any financial hurdles that may impact a person’s ability to continue to participate and engage in a study is critical to the success of that research. In fact, compensation and reimbursement is regularly referenced as a key reason to participate in clinical

research. Additionally, how a patient is reimbursed is equally as important as the fact that they are reimbursed at all. Traditional methods of patient reimbursement include cash, check or gift card. Each of these methods come with a host of challenges that can impact patient retention. Cash for example can be lost and is not traceable (or replaceable) and can thus present a risk to the participants as well as the sites providing payment in terms of compliance and trail of funds. Checks are also lost very often and, because many clinical trial participants do not have a bank account, come with fees to access the funds. Checks also come with delays for processing and mailing, causing many patients to drop out of the study. Gift cards may seem like a simple solution but, similar to checks and cash, require a great deal of manual effort to acquire and track the distribution of the cards. Additionally, like cash, once a card is lost or stolen, it cannot be replaced. Compensating trial participants with a reloadable debit card solution has been proven time and time again to improve patient retention. It also is the preferred way that patients want to receive payments – even more than cash. With a reloadable debit card, patients have instant access to their funds, are able to track their expenditures via an online portal and replace a lost or stolen card. Reimbursing patients is simplified, saving the research site team a host of time and resources as well, freeing time to focus on the patient care. WORKFLOW OPTIMIZATION Clinical research sites struggle with sustainability. According to the Society of Clinical Research Sites, 65% of sites have less than three months operating cash. A site’s resources are drained from recruiting efforts, so once a patient is enrolled, minimizing drop out is key. Every effort to provide a positive trial experience must be made to keep the patients engaged. Administrative tasks that can deter from the patient experience or drain resources need to be examined to stay in business. This was the reason electronic data capture (EDC) has been such a transformation for clinical trials – eliminating the error

prone and time consuming manual paper work that this task required. Processing patient reimbursements can also be resource draining. Issuing checks or cash require multiple handoffs and also requires a manual effort to track, reconcile and record the distribution. Additionally, if a participant has a question about the status of receiving a payment or to be reissued the funds, there is even more work involved. In fact, independent analysis shows that the cost of issuing a check to a patient can cost up to $20 – including the time, resources needed to complete the task. Automating this process with a reloadable debit card solution, backed by a technology platform that can capture a complete record of the transactions and trigger payments based on patient visits streamlines this process, creates significant efficiencies for the site. Optimizing resources at the site benefits the patient, freeing the time of the doctors and staff to focus on the patient care and research. Clinical research and getting a new therapy to market relies on clean, accurate data. The need for comprehensive data needs to be inclusive of financial transactions – not just patients. FINANCIAL TRANSPARENCY AND CONTROL Reimbursing patients via cash, check and even gift card requires the research staff to manually track patient visits, issue the payment and then manually record that this has been distributed. As a result, the records are

often inaccurate and out dated, as this is an afterthought in the researcher’s everyday tasks. In order to support financial transparency and compliance, it is critical that a research site is able to pull accurate, clean, and timely data reports recapping the financial activity related to patient reimbursement. Sites who are able to accurately report and track this become more attractive to sponsor partners who are looking to engage sites for their trials. Tracking the amount of money that each study participant has received with spreadsheets or even handwritten logs is cumbersome. To then use this data to generate reports can lead to many costly errors and unnecessary work. This is particularly true when the participant has been receiving cash, checks or gift cards – not automated payments through a comprehensive solution. With a fully automated solution that provides instant access to a comprehensive record of all payments distributed, separated as taxable and non-taxable income, research sites can generate the data needed for reporting very easily. Patient reimbursement through a reloadable debit card is quickly becoming the industry standard, with more and more research sites around the world adopting this technology each year. Additionally, large Sponsors and CROs are investing in these solutions to provide their research site partners with a technology proven to increase patient retention and optimize workflow efficiencies in clinical research.

Payment Quarterly | Q4 2016

BANKING

SHRINKING WORLD a growing problem

BY: ANDERS LA COUR ceo saxo payments

Payment Quarterly | Q4 2016

he world today is a smaller place than ever, in terms of international travel, commerce and business, and it continues to shrink rapidly. The fast development of new technology and online solutions to long-standing impasses are opening up the world so that even the smallest companies and start-ups can trade across borders in a way never before possible. However, in setting up the international infrastructure of a business – whether a fledgling company with global ambitions or a large firm only now expanding internationally – provision of a strong and cost effective payment solution can often be left neglected at the bottom of the to-do list. If it makes it onto the list in the first place, that is. The automatic response when payments do make it to the ‘priorities’ list, is to investigate suitable bank accounts. This is, of course, the traditional and long-standing solution for sending and receiving payments.

ONLY BANKING HAS THE ANSWER? Companies looking to trade abroad generally need to open accounts in each of the geographical regions in which they wish to do business. But the appetite of the incumbent banks to offer this service is waning. Regulation, competition and even terrorism are all causing the incumbents to find the basic bank account a less attractive aspect of their offering. As a result, start-ups, including the burgeoning world of FinTechs, and established payments businesses are left searching for a bank that is willing and able to help them reach their international trading potential, by allowing them to open the necessary bank accounts. It seems that the supposedly ‘simple’ process of opening a bank account is becoming increasingly difficult for start-ups and even established businesses. This presents a real risk, quite remarkable in this day and age, of a growing community of underbanked businesses. Worryingly, this can seriously affect their growth both locally and globally. Regulation requirements also play a part in hindering cross

border growth of businesses. And these high barriers to entry can stall many companies and ultimately reduce competitiveness across the board. It’s a ‘lose-lose’ situation. When banks are able to help businesses with their bank account requirements, companies can find that the bank’s sheer size, and restrictions due to legacy infrastructure, mean the bank is not able to be as flexible and responsive as they might require. This is especially true for younger companies including FinTechs. By nature, FinTechs are small, nimble and quick to adapt to changing market conditions, and can find incumbent banks restrictive when it comes to trading internationally. Even just the number of intermediaries required for a traditional international bank transfer adds significantly to the cost and time involved with the process. STUCK IN A BANKING RUT Worryingly, many companies – of all sizes, from start-ups to huge corporations – are putting up with these high costs and slow transfer times when there are alternatives available in the market. At Saxo Payments we recently carried out an exclusive study into the payment processes of issuers, acquirers, payment service providers (PSPs) and merchants, which provided some shocking figures. 63% of businesses are not satisfied with the length of time from payment being sent to payment arriving, yet haven’t switched provider. This is mainly due to a basic lack of spare time to invest in researching alternatives (31.5%), but these businesses also stated that they are hampered by limitations on the internal resources which would be required to make a change (25%). In addition, less than 40% (38.2%) believe they get a competitive foreign exchange rate when handling cross border transfers but again have not switched provider. The reasons given mirror those above - 32% do not have time to look elsewhere and 28% are put off because the change is so unlikely to be implemented due to the resources required to make the switch. Finally, opinions on whether business get a good deal in terms of the

rates they pay to handle cross border transfers for customers is split relatively evenly – almost half (48%) do not feel satisfied, yet are putting up with the poor service from their current provider. These businesses are sleepwalking through the payment and transfer process, paying fees which have a serious impact on their profit margins, and putting up with delays which could see them lose potential business or suppliers if they cannot make payments occur more quickly. The payment process is a fundamental element in the running of a business, which should not be neglected, lest the company risks losing out in a big way. THE FUTURE OF PAYMENTS Accelerator programmes, sandboxes and tech labs: just some of the latest buzzwords in payments and FinTech. All of which present some really exciting opportunities. FinTech accelerators are popping up across the world, regulatory sandboxes have also been introduced globally, and the latest news in technology laboratories is the signing up of eight start-ups to the Asia-Pacific FinTech Innovation Lab. This is all extremely exciting for development and innovation in the banking and payments industry. But these new initiatives must not ignore the basic fundamentals of business operation – including payments. As FinTech start-ups continue to emerge on an almost daily basis, there is a growing question over whether they will be able to access the basic banking services they need. TO BANK OR NOT TO BANK? But what is a FinTech to do? They need a bank account in order to send and receive payments, but these are time-consuming and complex to set up even if they do find a bank able to provide a basic account, and the high cost and slow transfer times associated with cross border payments through this account could make trading abroad unfeasible. All of this culminates in huge limits on the company’s growth potential. Should the business keep looking for a cheaper bank account, or accept the limitations the account places on their company? Neither is

63% OF BUSINESSES ARE NOT SATISFIED WITH THE LENGTH OF TIME FROM PAYMENT BEING SENT TO PAYMENT ARRIVING, YET HAVEN’T SWITCHED PROVIDER. an attractive option, particularly to an ambition new start-up. Thankfully, there are now alternative solutions available to businesses of any size. Whilst banks will remain necessary for certain banking services, such as deposits, not all payments and transfers need to be carried out through a traditional bank as they have in the past. It is also possible for a company to use more than one provider, selecting the range of solutions which best meets their specific requirements. And this doesn’t have to make the process or management of payments more complicated, in fact it can make things simpler as well as faster and cheaper. What businesses should be looking for is a solution that allows companies who are serving merchants in the digital space to open physical and/or virtual IBAN accounts in a wide choice of currencies, in their name and/or their client’s name. And users should be able to send and receive cross border and local payments at a low cost and within seconds rather than days. Banks will always play an important role in business, but alternative solutions can be employed alongside to complement the traditional banks’ offering and maximise profit potential and international growth. The most important thing is that companies of all sizes take the time to investigate these alternatives, rather than sleepwalking through high fees, slow transfer times and poor FX rates which with they have long been dissatisfied. It is time payments worked FOR payments businesses, not AGAINST them.

Payment Quarterly | Q4 2016

BANKING

ATM DEFENSE:

strengthening the weakest link

BY: MOSHE BEN SIMON vice president & co-founder trapx security

utomated teller machines (ATMs) have been under assault by organized crime around the time the first machine was put into production in a branch of Chemical Bank in Long Island, New York in 1969. The reason? As the old joke goes, that’s where the easiest banking money is. For thieves, ATMs are a broad target. Today there are more than 425,000 ATMs installed in the United States and more than 3,000,000 installed worldwide. To put that in perspective, that means there are more than 280 new ATM machines installed every day, which is roughly 3000 people in the world for every ATM. UNDERSTANDING ATM ATTACKS Over the past five years, criminal attacks on ATMs have substantially increased. These attacks can be roughly placed into three categories. Tier 1 attacks physically target the machines and cash delivery with direct theft. During these attacks, thieves

Payment Quarterly | Q4 2016

can literally blow up an ATM machine, penetrate the machine with cutting tools or simply drag it off to another location. Tier 2 ATM attacks more often target customers. In some cases, cyber criminals swipe customer PIN codes by “surfing” over their shoulder. Also in these attacks, criminals can acquire used ATM machines that record the PIN codes with “skimmers,” devices that fit over the card insertion slots and steal the electronic card, and then keep the cards. Finally, cyber criminals also employ a technique known as cash “trapping,” in which the cash is diverted to the attacker instead of the frustrated customer. Tier 3 attacks may be either localized to the loading of malware on a specific ATM , or broadscale network-based cyber attacks which target multiple ATMs. In the localized attacks cyber thieves gain full access to the targeted ATMs in order to load a CD or USB memory stick into

the embedded computer drive and then reboot the system. Several of these localized cyber attacks gained notoriety in 2013 and 2014. One of those attacks was Tyupkin, an attack that was loaded via CD rom and required the attacker to have a key in order to get cash from the ATM. During that same timeframe, attackers also launched Backdoor.Ploutus, a threat that enabled attackers to activate access to compromised ATM machine via a SMS text message. In 2015, both Suceful and GreenDispenser once again raised the bar for sophisticated attacks. Suceful interacted with the middleware XFS manager, giving it the ability to work with the ATM of more than one manufacturer. Suceful also has the ability to read all of the chip and embedded data, allowing the ATM PIN pad to control the malware execution

Figure 1: Tier 3 attack where an operator reboots an ATM through a malware CD

Figure 2: How deception technology defends an ATM network

and suppress ATM sensors to avoid detection. Meanwhile, GreenDispenser allowed thieves to completely drain the cash vault in a single set of transactions by leveraging two factor authentication, then auto-deleting itself after a chosen date. Broad scale network-based attacks raise the bar substantially. In 2013, sophisticated cyber attackers were able to steal $45 million from ATMs by penetrating the networks centrally. The attackers first penetrated credit card processors, then moved through the networks identifying the key financial applications that controlled, both directly and indirectly, the ATM networks and resources. Once the breach yielded access to the applications, the attackers raised the withdrawal limits on one set of debit card accounts with the authorizing bank. From there, they developed a process to encode the account information onto magnetic encoded cards that could access the accounts and then distributed the information to accomplices in around 20 countries around the world, who used the cards to steal almost $5 million in cash. Two months later, the attackers used the same vectors successfully to withdraw an additional $40 million from ATMs in more than 20 countries. In a separate case two years later, an attack dubbed Carbanak enabled perpetrators to monitor transactions, procedures and authentications. By

leveraging this technique, the attacker was able to locally and internationally transfer money to fraudulent accounts. In addition, Carbanak also enabled attackers to direct ATMs to disperse money in any location, without requiring anyone to enter any PIN pad codes! UNDERSTANDING ATM ARCHITECTURE AND WEAKNESSES U n d e r s t a n d i n g t h e AT M architecture also requires organizations to understand the weaknesses that attackers target. For these machines, the CPU processors and Operating Systems are some of the biggest Achilles heel for ATMs, as they’re also the broadest and easiest points of entry for attackers. Particularly, ATM processors run Windows XP and Windows 7, which remain prime targets for cyber thieves because they no longer receive security updates and are essentially unprotected. Communications is another area where attackers have sought to better understand the entry points in order to exploit the associated vulnerabilities. Most ATMs use the XFS communications standard (eXtended Financial Services) to access other components within the machine, which can work on just about any manufacturer’s systems. However, XFS also knows what is on the ATM card and whether it has magnetic strip or chip (EMV), also giving it the ability to access to the bank safe and the cash.

DECEPTION TECHNOLOGY NEW TECHNOLOGY STALKS THE ATTACKER WITHIN YOUR ATM NETWORK Deception technology brings a new breed of technology to defend your ATM networks. Deception technology finds the cyber attackers that have already penetrated your network defenses by setting up Traps (decoys). These traps emulate real ATMs, computer workstations and servers. Traps are distributed using automation throughout the networks that support an organization’s financial applications and ideally those of its partners.These traps surround a bank’s real resources making it impossible for the cyber attackers to know what is fake and what is real. Any attempt to engage in activity with a fake asset such as an ATM, financial network server, or financial network workstation generates an immediate alert to the bank’s security teams and the perpetrator is caught. ATMs have experienced a rapid uptick of attacks -- a trend which shows no sign of slowing down. But in parallel new best practices have also evolved to combat these accelerating threats head on.The opportunity to use powerful new approaches offers organizations the opportunity to find the most sophisticated attackers hidden within their networks, turning the hunters into the hunted, and moving the initiative back to their own security teams.

Payment Quarterly | Q4 2016

BANKING

HOW BANKS CAN SUCCEED in the age of fintech T

BY: PATRICK MOORE evp, head product & innovation and NE regional executive for PRIDE network capital one

Payment Quarterly | Q4 2016

he foundation for the fintech revolution we are experiencing today was laid just a little more than a decade ago. At that time, the financial system depended on a fleet of airplanes that crisscrossed the country transporting checks—an estimated 36.7 billion a year—from one financial center to another. The float depended on the weather! The advent of Check 21 in 2004 challenged financial institutions to develop new capabilities for processing image files—and spawned the introduction of new treasury management products, including remote deposit, point of purchase entry and back office conversion entry for retailers, and accounts receivable entry for high-volume remittance receivers. Technology’s ability to translate paper into code has reshaped the treasury management environment for banks, generally favoring larger institutions and creating fertile ground for a new class of service providers. The emergence of today’s fintech companies and the technology they are bringing to the treasury management space now promises to make the Check 21 revolution seem inconsequential. Through disintermediation, the fintech revolution could relegate banks to the sidelines of the payments industry. There will be winners and losers, and banks that succeed in managing this disruption to their advantage will be those who focus on the client experience, leverage cutting-edge

technology, and, most of all, move quickly to create competitive advantage. A CONVERGENCE OF TECHNOLOGIES The fintech moment represents an extraordinary convergence of powerful technologies and software tools. One of the most consequential is blockchain, which can be adapted to create a distributed ledger shared over a peer-to-peer network that is authoritative, secure, and current. This remarkable achievement brings significant disruptive implications: a blockchain network eliminates the need for payment processors, dramatically reducing the time and expense of settlement. New approaches to application programming interfaces (APIs) are another game-changing development, opening up an almost limitless field of innovation for fintechs. APIs offer the potential to integrate disparate systems into a single unified payment solution, providing fertile ground for tapping technologies including artificial intelligence, machine learning, and predictive analytics that can be used to transform transactions into actionable information. INTRODUCING A FRICTIONLESS CLIENT EXPERIENCE But as powerful as this technology is, it is ultimately a means to an end—and that is delivering treasury management solutions that truly address client pain

points. Here banks that have a genuine commitment to using new problemfinding frameworks and focusing on the end-to-end client relationship have an advantage—both over other banks and fintechs themselves. These relationships provide an insight into the points of irritation that hinder clients from collecting payments faster or reducing their receivables. Banks with deep client relationships understand the sources of frustration that clients feel when working with payment systems that are inflexible, inefficient and often incompatible with each other. Working with fintech partners, these financial institutions can deploy technology in ways that relieve these pressure points and deliver a frictionless client experience, creating a seamless flow from an accounting system to a bank’s back-end for payment processing and decreasing the number of interfaces that clients have to navigate, manage, and support. The value of fintech lies not in the complexity of its underlying technology, but in the clarity and simplicity it produces. Fintech can also provide a powerful advantage for those banks with the depth of industry-specific experience to create specialized solutions for distinct business segments. The payment challenges of healthcare clients and multifamily clients, for example, are unique. The financial institution that offers these clients solutions customized to their industry as well as to their

individual needs will be in a position of strength as the fintech revolution unfolds. Of course, not every client will need or require an elaborate fintech solution. Part of developing a frictionless client experience is offering technology that is scalable and therefore appropriate to institutions of different sizes and with different needs. The speed of this revolution is rapid, and banks that have not already begun understanding their clients’ business challenges and everyday inefficiencies are likely to be left behind. Only those that have already invested in humancentered design thinking will have the knowledge and insight to deploy fintech in ways that reinforce their client relationships. TRANSFORMING DATA INTO INTELLIGENCE In the age of fintech, removing pain points and streamlining systems is one component in optimizing the client experience. Another critical element is to convert the flow of payments data into information. The rapid evolution of tools such as machine learning and predictive analytics now makes it possible to catalog and interpret vast data sets, uncovering patterns and trends that might otherwise have gone unnoticed. This information can be invaluable for clients, providing the insight they need, for instance, to negotiate payment terms or to switch from checks to virtual

card. Financial institutions that will be successful in the fintech age must work with fintech partners to find ways for clients to gain ever more valuable information each time they make a payment. USING FINTECH FOR YOUR OWN ADVANTAGE As we have seen, financial institutions that emerge as winners in the age of fintech will be those that already have a deep understanding of their clients and their clients’ business segments, who can deploy the technology to create a frictionless payments experience, and generate actionable information. But if they are to remain solidly in charge of the technology and retain a dominant position in their dealings with fintech partners, they also must have a deep understanding of innovation and a track record of leveraging new technology effectively. In other words, financial institutions cannot emerge as leaders in a fintech world if they hold technology at an arm’s length and leave the innovating—and most importantly, the thought that goes into innovating— to others. The bottom line: Banks who succeed in the age of fintech will not only offer a frictionless client experience – they will also control it.

Payment Quarterly | Q4 2016

REGULATION

Three ways

will change UK’s payment industry

BY: TOMAS LIKAR vp of strategy and business development hyperwallet

forefront of the national debate, it’s also important to consider the role Brexit will play in shaping the UK’s payments and fintech industries. Here are a few factors you may want to keep an eye on in the coming months.

ondon has been commonly referred to as the financial capital of Europe – and for good reason. In 2015, the British fintech sector generated £6.6 billion in revenues while attracting more than £520 million from investors. It’s fintech workforce of 61,000 is greater than that of competing markets such as New York, Hong Kong and Australia. But perhaps most importantly, hundreds of financial institutions and fintech startups rely upon London as a gateway to the 27 countries that make up the European Union (EU). Or at least they used to. The now infamous Brexit has left many wondering how citizens will fare in the wake of the country’s mostanticipated referendum in decades. Forecasts of higher interest rates and greater volatility among currencies – particularly when it comes to the pound – threaten to bring about a new reality for the British people. But while concerns over citizens remain at the

NEW REGULATORY REQUIREMENTS Friendly licensing agreements between members of the EU have made London a particularly attractive destination for global payments companies and new fintech business models. Rather than applying for a license with different regulators throughout Europe, startups have enjoyed the luxury of “passporting” their eMoney license from the Financial Conduct Authority (FCA) – Britain’s regulatory body – to all other European countries. This has made it possible for fintech startups based in London to seamlessly complete digital transfers across borders. That, however, may change following Britain’s exit from the EU. Compliance with regulators in European countries could soon involve setting up a subsidiary in an EU country. Only then would a fintech startup have “passporting” rights across the rest of Europe. For business owners, a difficult

Payment Quarterly | Q4 2016

decision looms on the horizon: establish multiple European offices in order to enjoy regulatory freedom across the EU or shut down the London office and relocate operations to new offices entirely. Unfortunately, the challenges don’t end there for major processors and cross-border acquirers that base their operations in London. European privacy and data security laws require processing centers to call the EU home. Given the UK’s recent departure, hundreds of companies could face the possibility of moving their payment processing operations to one of the remaining members of the EU. While it’s too early to tell what will happen, such regulatory complications could very well bring an end to London’s reign as the financial capital of Europe. TALENT SHORTAGES It’s no secret that the UK boasts one of the most diverse workforces in the world. When compared to the U.S., employees at UK startups are five times more likely to be female, two and a half times more likely to be under the age of 36 and 10 times more likely to be of an ethnicity other than white or Asian. This rich pool of talent is the reason why so

many financial technology companies have flocked toward London’s bustling startup scene. Although the Brexit may not immediately wipe out such an advantage, tracking down a diverse and talented group of workers could soon prove to be more difficult thanks in large part to restricted freedom of movement. In the past, workers have been able to travel in between London and the rest of Europe without much issue. Trips to and from offices located throughout the EU have become routine. The Brexit promises to bring about stricter work visa policies that will not only force some employees currently living in the UK to look for jobs abroad, but also discourage prospective workers from making the trip over. The same restrictions apply to British schools, which will now be less attractive to European students who are interested in preparing themselves for a career in the UK. Even companies that recruit workers from the UK are hurt by the absence of an open border. While it’s important to note that the UK will still be regarded as a hotbed of talent for years to come, a gradual outf low of the country’s human capital could hamper the growth and innovation we are used to seeing from fintech startups.

LIMITED ACCESS TO FINANCIAL MARKETS Collaboration between UK-based financial institutions and fintech startups has introduced major benefits for both parties. Investments in upand-coming startups have provided big banks with access to new technology and business models they might not have otherwise come across. On the other hand, startups received an influx of capital that opened the door for further development. But while partnerships between UK banks and fintech startups have long been considered a natural fit, new restrictions surrounding the European financial services market could spell trouble for financial institutions located within the UK. Up until now, fintech startups have used partnerships with UK banks to access the rest of the EU’s internal banking market. Such an advantage may now be in jeopardy. Since Switzerland is not a member of the EU, its banking sector has only been granted limited access to the rest of the Europe’s banking market. In fact, Swiss banks have typically relied on “passporting” from the UK to operate in other EU countries. In the same way that Swiss banks will have to forge a new path to Europe’s financial services market,

fintech startups will be forced to look elsewhere for potential business partners. From France to Germany, dozens of EU members are already scrambling to take advantage of such an opportunity. By providing fintech startups with financial market access that the UK no longer enjoys, these banks stand to see a big boost in business. AN UNCERTAIN FUTURE Predicting how all of this might be looked upon in several years hardly seems possible at the moment. After all, Europe has never before encountered a situation quite like this. But while the UK’s position within the common market is questionable, one thing remains absolutely certain – owners of payments companies will soon be asked to make difficult decisions that will decide the future of their businesses.

Payment Quarterly | Q4 2016

REGULATION

BY: MATTHEW DIGESTI clo bristlecone holdings

Fintech Mashup voiced their opinions on the negative effects, and 43 percent of the companies in attendance said they considered regulatory issues to be the largest obstacle impeding growth. In its wake, burdensome regulations have created an ecosystem in which startups with solutions are battling the inevitable consolidation of financial services into a select few large companies.

ew opportunities for alternative lending are on the rise, offering great rewards to consumers and small businesses. However, the significant innovation and evolution of these lending options are lapping outdated regulations. Without thoughtful adjustments to these regulations, the entire industry will continue to face challenges. Major advances and innovations in fintech shed light on several antiquated regulations. As a result of regulatory agencies’ defensive approach to fintech, consumers and small businesses may continue to be chained to timeworn processes and choices. The current approach to regulatory oversight is not only incredibly expensive, but also opaque in how regulations are structured and enforced. According to a 2014 survey by the Independent Community Bankers of America, community banks commonly find that the costs associated with these regulations reduce the time and money spent on actually serving customers who are in search of loans and mortgages. The participants at last year’s SVB

CHALLENGES AT THE STATE LEVEL Some states focus on immediate licensing requirements to obtain oversight authority over fintech companies. While some fintech companies fall under the jurisdiction of licensing bodies, many do not but are forced to comply anyway. This is a direct result of not understanding certain fintech technology. Rather than regulatory bodies or agencies meeting with fintech companies to learn their business models and understand their products, these regulators require companies to license and abide by regulations that may not even apply. This creates unnatural barriers to entry that keep alternative lending companies from operating in certain states. The current situation in New York highlights how an opaque regulatory approach has limited opportunity and expansion. Thankfully, the state’s Department of Financial Services is proposing rules around digital currency and has done a good job of working with the state’s fintech community to revise draft rule proposals. However, fintech technology moves quickly, and the department is simply not moving quickly enough to keep up with advances

Payment Quarterly | Q4 2016

in the industry. Truthfully, financial regulators command a critical role. The current approach to regulation offers a small degree of structure, but the reality is that the pace of fintech innovation has been running laps around regulation for years, and this pace is only accelerating. Many in the fintech industry are willing and eager to speed up this process, further developing positive relationships through effective communication and a more transparent approach to the challenges. Innovators are hungry for consistent and fair guidance in working toward consumer protection that still allows for the innovative drive that’s revolutionizing the financial industry. So what possible solutions will satisfy this need for practical regulations while still serving both customers and businesses? SECURING THE FUTURE OF FINTECH Financial regulators should allow technology creators to operate in a truly free market environment — without oppressive licensing or regulatory oversight. Additionally, fintech companies that solely facilitate transactions should not be subjected to the same regulatory oversight as fintech companies that lend or take customer deposits. We must create an environment in which reasonable consumer protection needs drive licensing and regulations — not the other way around. Those innovative companies currently have a tough choice on their

hands: allocate their resources to regulatory investigations or work to improve customer products and services. Many simply can’t afford to pursue both. A regulatory investigation also makes those small companies unattractive to debt or equity. And when those small companies creating pro-consumer technologies are stalled by regulatory concerns, consumers ultimately suffer the negative consequences. This must change. A better approach to regulation starts with more effective collaboration. Currently, if regulators receive

complaints, their first step is typically to investigate with the mindset to prepare for potential litigation. The interaction between companies and regulators, therefore, is immediately primed to be adversarial. Adversarial interactions with regulators cost businesses a tremendous amount of resources when better approaches are available. It’s no secret that centralized banking institutions are frustratingly slow, unnecessarily opaque, and in possession of a near-total grip over consumers’ money. Fintech represents the change agent that takes the

power currently consolidated among a few behemoth banks and returns it to consumers, where it belongs. A widespread embrace of fintech will empower consumers to manage and control their personal finances. Implementing a more collaborative regulatory process would encourage businesses and regulators to work cooperatively and transparently to come to prompt resolutions, enabling the rapid change and innovation that yields big benefits for small businesses and, most importantly, empowers consumers.

Encouraging Business And Regulatory Cooperation

hat often gets lost during these initial interactions is that fintech businesses want to cooperate. These businesses strive to improve their processes and systems in order to provide more value and options to their customers, which are philosophies that should align with regulators. The essential components of this more collaborative process would include:

Settlement discussions based in good faith. A first step to improve the interactions between regulators and fintech companies is to establish a collaborative relationship from the outset rather than a combative relationship. If regulators believe an investigation or litigation is necessary, they should first notify the business in question. Then, that business would have two options: enter good-faith settlement discussions or disregard regulators’ requests to engage. A business’s decision to embark on settlement talks would trigger a mandatory six-month engagement period for negotiating a settlement. If the settlement discussions fail or if the business has ignored the regulators’ requests to engage in talks, regulators may advance to investigation or litigation.

The promise of safe harbor. Businesses that choose to engage with regulators should accordingly be granted safe harbor — or protection from liability or penalty — during that six-month engagement period. In response, regulators would temporarily suspend any violations or fines incurred during the engagement period and waive them if a settlement is ultimately reached. Should the settlement discussions fail, the business would again be potentially liable for those violations and monetary penalties. This system would encourage and incentivize businesses to work in earnest toward finding a resolution with regulators within the engagement period. Collaboration shielded by confidentiality. In the way safe harbor would stimulate businesses’ participation, regulators should also reap rewards for engaging with businesses — in the form of increased access to information. Although regulatory bodies need information from businesses in order to regulate effectively, businesses are typically reticent to disclose information for fear it will be used against them, leading to an impasse if regulators don’t serve subpoenas. As a solution, the information that regulators request and businesses disclose during the engagement

p e r i o d wo u l d b e c o n s i d e r e d confidential and inadmissible in court, allowing for a freer flow of knowledge. If a settlement isn’t reached, regulators would destroy the information, certify its destruction, and gather that information through traditional discovery methods, such as investigations. Like the promise of safe harbor, this approach protects the interests of both parties by motivating them to be transparent and find a resolution in a timely manner. Accountability backed by fees. An effective resolution process requires consequences for either party that fails to put in a good-faith effort. If the business and regulatory body fail to reach a resolution and the dispute moves on to trial, either may request attorney’s fees, regardless of the winner. The court would review the conduct of both parties during the engagement period and have the authority to punish any bad-faith effort. If the court, for example, discovered that the business had neglected to turn over important information to regulators, the judge could award fees to the regulators, levy fines against the business, or both. When both sides are operating under penalty of payment, they are more likely to remain honest.

Payment Quarterly | Q4 2016

REGULATION

PCI DSS

minimizing the burden of

COMPLIANCE

BY: STEVEN GROSSMAN vp of strategy and enablement bay dynamics

Payment Quarterly | Q4 2016

his September, the Payment Card Industry Security Standards Council (PCI SSC) turned 10-years-old. The PCI SSC was created by the major card brands in 2006 as an industry effort to help better protect cardholder data. The Council manages the Payment Card Industry Data Security Standard (PCI DSS), a compliance standard for companies that store, process or transmit payment card information. The PCI DSS is a baseline compliance framework that establishes the basis for companies protecting cardholder information. Even though the PCI SSC continuously updates the PCI DSS based on the latest threats and evolving complexities within the business environment, payment card data breaches continue to make headlines. The reason why is two-fold. First, as a compliance framework, it does not really measure the effectiveness of controls, as much as their existence. As a result, companies often check the compliance box and call it a day, without spending enough time measuring how well those controls are protecting them. Those companies are selling themselves short and exposing themselves to potential breaches. Secondly, companies continue to struggle implementing a fluid PCI DSS reporting process, which results in significant resources focusing on data

gathering and manipulation instead of protection. A reporting process that is the result of manual spreadsheet extracts, emails and compilation often introduces errors and bias, and often doesn’t truly reflect the producer’s cyber risk posture. An example of the compliance vs. effectiveness phenomena is the PCI requirement that mandates infrastructure associated with PCI applications have endpoint protection software installed on all hosts. That box is often checked merely due to the existence of the software, not an assessment of its health or effectiveness. Are all hosts on the latest version? Are signature files up to date? Are all hosts reporting in? Checking the compliance box may make the auditors go away, but it will not protect companies’ infrastructure from internal and external threats. Reporting on compliance is also a struggle. Historically, security teams never focused on reporting their results in a holistic way. They created single tool reports that were focused on their area of responsibility, with monthly or quarterly data compiled at a high level from these siloed data sets for executive reporting. For PCI reporting, in many organizations, the vulnerability assessment process is a quarterly scramble of scanning, data gathering,

reporting, rescanning, re-reporting, lather rinse, repeat… To avoid having to report unresolved vulnerabilities, some organizations only scan and pen test in line with their quarterly PCI reporting, leaving themselves exposed in-between. When executed in a completely manual fashion and primarily for the purpose of compliance, it takes on a life of its own and does not accomplish the real goal of ensuring that companies’ infrastructure and customer data is well protected. To overcome those two PCI DSS compliance challenges, companies must focus on achieving continuous compliance and use automation. Continuous compliance means putting an automated process in place that enables companies to understand their compliance posture on demand. By automating the process and putting up-to-date cyber risk data in front of the right people every day of the week, it ensures that companies are proactively managing their

compliance requirements, but more importantly allows them to focus on their effectiveness protecting their most valuable assets. When it comes to reporting, automation is critical, not just for PCI DSS compliance but also for companies to understand how well they are protecting their crown jewels. All stakeholders – from the CISO, to line-ofbusiness application owners to incident responders to boards of directors – must look at the appropriate and relevant views and perspectives for their needs, but it all needs to be generated in a consistent way from the same set of underlying cyber risk data. Metrics automation eliminates variations in how data is compiled, calculated and presented, and ensures everybody is making decisions based on the same traceable information. Finally, an efficient PCI DSS compliance process communicates the right information to the right

stakeholders, thereby eliminating bottlenecks that arise from one small group collecting, compiling and distributing data. Too often, application security owners and IT remediators are stuck waiting for information they need to do their jobs. Automating the process ensures that they receive the information they need at the right time, with the ability to take action as soon as possible. Overall, companies must have the right processes and methodologies in place so when the inevitable PCI DSS change happens or the quarterly audits and annual assessments come up, companies can fulfill the requirements in a fluid, organized way that minimizes distraction from the real goal of protection. That approach will enable companies to practice good cyber hygiene on an ongoing basis so that they can continuously protect their environment while also inherently complying with any industry regulation.

Payment Quarterly | Q4 2016

DIGITAL CURRENCIES

igital currencies have m a t u r e d s i g n i f i c a n t ly since Satoshi Nakamoto released the first version of Bitcoin in 2009. Though digital currencies have certainly attracted investment, and now boast over $10 billion in aggregate market value, numerous barriers have hampered mainstream adoption. The financial industry is among the most heavily regulated in the world, and law enforcement and government agencies are especially wary of the technology’s potential for money laundering or financing criminal activities. However, digital currencies also offer great promise. Transactions are inexpensive, fast, and cross international borders with ease. It is against this backdrop that digital currency is struggling to establish its position within the financial landscape. However, if digital currencies are ever going to break into the mainstream, they must evolve into relevant services that consumers can understand. Nearly eight years after their introduction, the experience of using digital currencies is little changed from the initial version of Bitcoin, and consumers lack the incentive to learn about this complex new technology. Ultimately though, the consumer shouldn’t have to… First, the digital currency industry must make its products easier to understand. Most people simply don’t grasp how magic “internet money” can exist and hold value without the need for any central authorities and controls. People’s eyes glaze over when they hear terms like cryptography, algorithms, mining, private keys, and blockchains. Education must become the centerpiece of any adoption effort, and the concepts of digital currency must be made more relatable and relevant to the consumer. Consumers are actually quite accustomed to some of the concepts of digital currency, such as digital tokens having value. Think of credit card miles, rewards programs, and gaming tokens. Yet the industry continues to focus inward on its obscure and complex jargon that intimidates everyday consumers. More importantly, digital currency must become easier to use. Ordinary

Payment Quarterly | Q4 2016

what does

2017

look like for

DIGITAL CURRENCIES?

Will they finally break into the mainstream?

BY: RYAN TAYLOR director of finance & DAVID DINKINS core team member dash

consumers aren’t likely to download a wallet, wait hours to download an enormous blockchain, figure out how to back up their files, find an exchange, fill out KYC paperwork, transfer funds from their bank account, purchase digital currency, and then wait for their favorite merchants to start accepting it as payment. Talk about friction! The process is simply too complex and time consuming. This is why hundreds of third-party services are entering the fray to facilitate the onboarding process, providing web wallets and user-friendly exchange services. Nonetheless, there is much more work to be done. There are however, glimmers of hope when it comes to mainstream adoption. Circle is a great example: they recently introduced a feature called Circle Pay, through which users can transfer money to each other easily and inexpensively. Circle uses the Bitcoin network to complete the transfers, but it doesn’t involve its users in any of the complexity. Consumers don’t need to see how the sausage is made to appreciate the speed and convenience Circle Pay provides. Circle demonstrates that consumers don’t need to understand how a financial service works to use it and value it. The underlying complexity of credit cards, bank transfers, remittance networks, and even checks would boggle the minds of average consumers. The trick is obscuring away that complexity and removing the friction from those transactions. Digital currencies must also do a better job at addressing consumer protections. Much attention has been given to the irreversibility of digital currency payments. Merchants love that feature because chargebacks and fraud are non-existent. But those benefits come at the expense of the consumer, who has no mechanism to address merchant fraud or incorrect payments. Consumer protection issues remain largely unaddressed by the industry, but consumers would likely benefit greatly from third-party service providers or features that would facilitate this capability. Once these barriers are addressed, mass adoption must be driven by

THANK YOU TO OUR CONTRIBUTORS

ADVERTISING INDEX COMPANY

WEBSITE

PHONE

PAGE

Discover Network

Discovernetwork.com

i2c Inc.

www.i2cinc.com

+1 650.593.5400

NetFinance Interactive

Netfinanceint.wbresearch.com

+1 888.482.6012

Radial

www.radial.com

+1 877.255.2857

Hyperwallet Systems Inc.

Hyperwallet.com

+1 512.770.9006

Payment Quarterly | Q4 2016

DIGITAL CURRENCIES

consumers, not businesses. Granted, the low cost of digital currencies can save merchants up to 3% of the transaction in fees. In certain low margin businesses, that might actually double a company’s profits. Yet 3% is typically not sufficient to motivate a consumer to radically alter payments behavior, so even passing the bulk of these savings to consumers would fail to encourage adoption. No matter how badly merchants may want their customers to pay with digital currency, they discover that it’s extraordinarily difficult to influence consumer behavior. Unless a compelling case can be made for consumer adoption, businesses would simply find themselves pushing on a string: they won’t get the user on the other end to budge. So digital currency networks, or the consumer services like Circle that leverage them must identify mechanisms that will drive consumer adoption. Digital currencies offer many advantages that make payments faster, easier, and more secure than alternatives and it is these attributes that can help drive adoption in the right circumstances. The outlook for digital currencies in 2017 is far from bleak, however. Even if mainstream adoption is still some distance away, the digital currency space is building the infrastructure necessary to accommodate the needs and desires of consumers. Some of the flaws in digital currency are being resolved. Various digital currencies are exploring and implementing new ways to make their networks more intuitive, improve usability, and provide consumer protections. Over the past year, the digital currency industry seems to have woken up to the idea that nimbly meeting the needs of an ever-changing marketplace – and delivering the radical changes needed to resolve existing flaws – requires exponentially more effective governance. Since the vast majority of all digital currency projects are decentralized, it can be incredibly difficult to come to an agreement on changes to a project’s code. Each digital currency has numerous stakeholders: users, internal developers, merchants,

Payment Quarterly | Q4 2016

and service providers. Without effective governance, achieving the necessary consensus for controversial changes can be daunting. The most popular digital currency, Bitcoin, has been beset by one such controversy regarding network capacity. At present Bitcoin’s network is capable of processing less than four transactions per second. During times of congestion, transactions can get stuck for hours until the backlog clears. Several solutions have been proposed for scaling Bitcoin’s transaction capacity, but for over a year none had gained traction. Although Bitcoin’s development community appears to be coalescing around a solution, the exorbitant delay calls into question the effectiveness and efficiency of Bitcoin’s decision-making process. What will happen the next time a controversial change needs to be undertaken? Another popular digital currency, Ethereum, faced a serious attack this June that many believed called for a drastic and controversial response called a “hard fork.” Even under these dire circumstances, it took about two months for the developers and community to reach consensus and successfully deploy the necessary software change. Even then, many stakeholders who strongly opposed the change refused to participate, and fractured off to form Ethereum Classic to compete with the original. Fortunately, other digital currency projects have worked to resolve the governance challenges, and effective models are emerging that should allow much more rapid progress. One example is Dash, which allows holders of its currency to vote on critical issues such as major strategic decisions. At the height of Bitcoin’s recent capacity debate, the Dash network voted on a similar question and reached consensus in less than 24 hours. The digital currency Steem has a similar governance model, where certain “witnesses,” elected by the community, vote on changes to the code. Economic incentives can facilitate effective governance as well, something that Dash has implemented alongside it’s voting capability. The currency self-funds its development, and the

community votes on budget proposals every month to allocate the funds. At the present time, nearly $90,000 in budget funding is created every month, and holders of the Dash currency vote on which projects to fund. If a certain project is not performing, it can be defunded. If the developers aren’t doing a good job, their funding can be removed and another team of developers could replace them. Challenges abound, but they are being met with increasing amounts of success. Expect these still-emerging trends to continue throughout 2017. While it remains unlikely that mainstream adoption will occur just yet, the industry is finally maturing the prerequisite governance mechanisms to manage rapid change. It is upon this foundation that competing currencies will begin evolving the user experience more dramatically and rapidly than we’ve previously seen. In parallel, new customer-facing services will make digital currency easier and more useful for the average consumer. While the most important and most popular digital currency remains Bitcoin, a number of other digital currencies – such as the aforementioned Dash, Ethereum, and Steem – offer effective solutions to important problems, often specializing in serving specific needs. Perhaps one day Bitcoin will surrender its massive lead to one of these alternative digital currencies, or perhaps Bitcoin will continue to evolve while incorporating ideas from other digital currency projects. Either way, the future for digital currency appears to be on the brink of dramatic change.

ADVERTISE IN OUR

NEXT ISSUE OF PQ! Reach more than 10,000 payment industry professionals looking for in-depth analysis and critical insights on the emerging payments market. Owned and published by Payment Week, Payment Quarterly magazine is available in both print and online formats. Whether you are looking to increase brand awareness, build new partnerships, or gain qualiied leads, our team will work with you one-on-one to build a campaign that will meet your goals and t your budget. Email jmongiello@lamilmedia.com to learn about bundled pricing! Q3 2016 Deadline:

June 3, 2016

To Reserve Advertising Contact: Jason Mongiello Director of Marketing jmongiello@lamilmedia.com (212) 592-0300 Payment Quarterly | Q4 2016

PLUG & PAY

One Connection, Unlimited Payment Possibilities Add New Transfer Method Select country and currency

Select Country

---

Bank Account

Prepaid Card

Debit/Credit Card

MoneyGram

Western Union

Paper Check

Your funds have been transferred.

1234 5678 9876 5432 1234

GOOD THRU

00/00

DEBIT

cardholder name

With a single back-end connection, Hyperwallet’s API-driven payout architecture enables localized, multi-currency payment distribution to just about anywhere in the world.

MONEY20/20 — BOOTH #2820 Attending Money20/20? Come by the Hyperwallet booth for exclusive workshops from our team of payments innovators: • PAY THE PLANET: A Payout Platform Walkthrough • MATCHMAKER OR MARKETPLACE? Why the Transaction Matters • COMPLETING THE GLOBAL PAYMENT CYCLE • PONIES INTO UNICORNS: 7 Secrets for New Economy Success

www.hyperwallet.com/money2020

www.hyperwallet.com/money2020 | money2020@hyperwallet.com | 1-855-449-3737