The Scariest Things In Payments
Friday is Halloween, a holiday in the U.S. that involves people – young and old – dressing up in (sometimes) scary costumes and going door to door “trick or treat-ing” for candy. It’s a pretty big deal where I live in Beacon Hill in Boston. The streets actually close all over the neighborhood for four hours as hundreds and hundreds and hundreds of kids and their parents from all over Boston turn out to collect lots of treats from homeowners who dole it out from the doorsteps of their appropriately decorated brownstones. If you actually want to catch John Kerry at home (aka the U.S. Secretary of State and former U.S. Senator who lives in Beacon Hill), this is the day to do it. He’s typically one of the Beacon Hill homeowners who gets into the Halloween swing of things, too. (I’m certain that this year, visitors to his home, if he’s home, will have to wade thru about a zillion Secret Service people who will, no doubt, be dressed up as scary Secret Service people.)
In this, the season of scary, I couldn’t help but think about all of the scary things in payments that could walk up to the doorsteps of those in the payments ecosystem this year and scare innovators and incumbents half to death.
Here are a few of the things that come to my mind.
The kerfuffle over Rite Aid and CVS ditching Apple Pay got them first place on my list.
CurrentC, aka MCX, as all of you know, has been pretty quiet now for the last two years. The last big piece of news was a deal that they announced with InComm last month (October 2014) to enable “payment options through the consumer’s selected financial account, all with just one scan of the app at the POS.” That was sort of a big yawner and garnered hardly any headlines, since, of course, what people really want to know is (a) what is CurrentC/MCX and (b) when will its mobile payments scheme be available.
Then again, CurrentC has trained us not to look for it to generate news. It has repeatedly said that it would rather keep its head down and focus on execution rather than to get out ahead of its skis by blabbing about things it hasn’t done yet. Okay, that’s sort of the polar opposite of every other innovator in payments, but so be it. Unfortunately, for them, their “let’s be quiet until it’s time” has backfired big time over the last few days.
Something CurrentC also doesn’t blab about, but is a well-known fact throughout payments-land, is that its contracts strictly prohibit its member merchants from accepting any other form of in store mobile payments scheme outside of its own. I would imagine that over the last two years, that’s probably led to more than one scary conversation between the “just-keep-my-cost-of-acceptance-low” Corporate Treasury folks and the “I-want-to-just-sell-more-stuff-in-my-stores-and-accommodate-my-customer’s-payments-preferences” marketing and merchandising folks when presented with compelling mobile payments schemes. Until Apple Pay, which has generated all sorts of hype and media attention, its member merchants probably felt that they weren’t too missing out on much since it wasn’t like its customers were walking into those stores asking to use a mobile payments scheme and were denied the opportunity.
Until last week.
And, I’d be willing to wager that the conversations last week at Rite Aid and CVS HQ between Treasury and Marketing had to have been more terrifying than hearing Freddy Kruger utter the words, “Come to Freddy”.
You don’t have to be a Rhodes Scholar to figure out that the abrupt about face at Rite Aid and CVS, CurrentC merchants, was the result of some sort of disconnect between the marketing peeps wanting to offer Apple Pay and the finance/treasury folks that signed the contracts a few years ago that said they couldn’t.
And, seriously folks, say what you will about Apple Pay and its long term prospects as a viable mobile payments scheme, but the spin about security concerns and data privacy concerns is not only spin, it’s not even believable spin given all that we know about Apple Pay and its security and privacy protocols. It’s also borderline ludicrous coming from merchants whose POS systems this year have been as porous as the Turkish/Syrian border.
So, the horror movie that’s now likely playing at Rite Aid, in particular, goes something like this.
Customers, furious at not being able to use the payment method of choice to shop at Rite Aid, are taking to Twitter to not only let their feelings be known, but letting Rite Aid know that they are now, literally, walking across the street to Walgreen’s so they can use Apple Pay. Walgreens is also taking to Twitter to tweet their thanks to Rite Aid for giving them so many new customers. Marketing people are probably furious and full of “I-told-you-so’s” and the CEO is now probably going to be the one brought in to decide whether losing sales and reputation is worth saving a few cents on interchange.
Of course, what making matters worse is that CurrentC can’t even offer Rite Aid an alternative for its customers to use today or even tomorrow or the day after that. Rite Aid is saying, and I would guess a little sheepishly, just wait folks, we’ll have something too, soon, like sometime in 2015. And, it will be great.
For all of you who didn’t believe me when I wrote (and have written a million times) that the consumer will decide who wins and loses in this game of mobile payments adoption, here’s proof.
The bigger horror movie is what kinds of conversations are happening now between every other set of Treasury/Marketing folks at every other CurrentC/MCX merchant and all of the CurrentC/MCX merchants and its CEO and executive team. You gotta believe that it’s not only ugly, but that having Freddy Krueger show up might not look so bad, by comparison. My guess is that the winner will be whoever can convince the CEO and Board that they are going to drive profit to be the bottom line soon, and sorry CurrentC, that’s the marketing folks who just want to get incremental sales.
When Apple Pay launched, I wrote that CurrentC merchants would probably take a wait and see approach before making any decisions to break ranks. I have no idea how hard that is to do, and what penalties there are for doing so, but I can imagine that there are a whole lot of models being built and played with this weekend doing the cost/benefit analysis of sticking with CurrentC and ditching the contract and enabling Apple Pay, and every other mobile payments scheme that is in the market today. Once those contracts get ditched, it’s Katie-Bar-The-Door for every other mobile payments scheme to come a’knockin’.
So, be on the lookout for The Nightmare on CurrentC street – playing in store, at probably all MCX merchants, except probably Walmart, near you, and soon. I think that unless something extraordinary happens, and pretty soon, this is the beginning of the end of CurrentC. It may have a great solution, but it won’t be able to withstand the PR hazing and fallout from this Apple Pay fiasco.
Shriek!!! Talk about terrifying.
Reading the latest Rand report on cybercrime is scarier than watching The Amityville Horror, alone, at 112 Ocean Avenue in Amityville, NY.
Of course, we all know that cybercrime is a big and well organized business since we’ve seen it play out, in real time with the near weekly reports of the breaches at retailer’s POS and some of the biggest banks in the world. We also know that cybercrime costs the financial services industry a bundle, with reports suggesting that bundle adds up to more than a half a trillion dollars a year ($575 Billion). We also know that this year alone, many more than 100 million people in the US have had their personal information stolen and many more millions have suffered the same misfortune in Turkey, China, the Netherlands, to name just a few.
But I’ll bet you didn’t know that cybercrime is actually more profitable – and easier to get into and make money from – than the illegal drug trade. That’s the opinion of the Rand Corporation anyway. Rand reports, and this is after talking to a couple of dozen of the foremost security experts in the world, that anyone with an internet connection, access to the dark web, a few bucks and no ethics, can actually get into the business and make a decent living. Do it yourself, SaaS based “exploit kits” - the tools of the hacking trade - cost anywhere from $16 to $325 a pop and make perpetrating breaches a cinch.
It makes sense. Why would any self-respecting bad guy want to go to the trouble and expense of organizing the people and infrastructure (and bear the risk) of getting into the illegal drug business when they can instead buy the “cybercriminals for dummies kit”, steal a bunch of data and sell it – all online from the comfort of their cozy basements – and be paid in untraceable cryptocurrency? Yes, bitcoin and the rise of cryptocurrency, Rand says, has just made it more efficient and easier for commerce – and cybercrime – to flourish.
You’ll also be happy (or terrified out of your wits) to learn that cybercriminals are not only global but also highly specialized. Some have a particular expertise in stealing credit card data, others have expertise in stealing passwords from ecommerce accounts and social media (which, as it turns out, fetches more money). And they know that their fortunes rise and fall on how successful they are at getting their product into the market and sold quickly. These cybercriminals, like the Mafia, apparently, also have their own code of conduct, standards that govern what is in and out of bounds with respect to stealing and then selling the stolen credentials of innocent people. Apparently, not just any bad guy can be a bad guy.
But, perhaps most unsettling is the fact that Rand says that, when taken together, the threat of cybercrime isn’t necessarily from the bumpkins who one day decide to buy a $25 hack-into-your-favorite-merchant kit and steal a few card numbers. They say that the level of sophistication with respect to these attacks shows a tremendous increase in the level of technical expertise and knowledge that these bad guys possess.
And, that has caused Rand to say in their report, and I quote, “the ability to attack will likely outpace the ability to defend.”
We can only hope that the bad guys don’t decide to make it their life’s work to decide how to compromise EMV, which you gotta believe they’re working on in some way shape or form.
Real Time Payments
If you’re into horror movie classics, there’s just nothing like Bela Lugosi in the 1931 movie Count Dracula. And for so many reasons, that seems precisely the right analogy to use when talking about the Real Time payments ambitions that the Federal Reserve Board is advocating here in the U.S.
“I want to suck your blood” was Count Dracula’s motto which sounds oddly like the Fed’s proposal which asks the banks to spend some multi billions of dollars over the next decade to enable them to deliver instant access to funds.
And, maybe, to do it all for free. Okay, maybe they just haven’t clued anyone in on how banks are ever going to get paid for this. If you don’t believe me, read this quote from their web site on the payback for the banks.
“The business case through 2025 for implementing a faster payments solution for the primary use cases is profit contribution net neutral to negative.”
Raise your hands the last time you walked into your bosses office, pitched a project that offered a net neutral to negative return after ten years and billions of dollars of investment and got the money.
The primary use cases that the Fed is talking about represent something like 12 percent of payments (their estimates) and involve those mission critical things like making sure your dog walker gets paid instantly, as if you were putting cash in their hands, when you send them money once the walk is over and they bring Fido back.
Yet when you ask business people, and those who are in the business of payments day in and day out, you get a whole different story.
PYMNTS hosted a B2B payments forum in New York a few weeks ago and asked our audience of a couple of hundred payments buyers, suppliers and innovators whether there was a need for real time payments.
No one raised their hands.
Before all of you jump down my throat for being a Luddite and bashing faster payments, let’s separate the notion of faster payments – good – from improving the IT infrastructure that supports it –not so clear just yet—to the business model that underpins it – which seems to be none at all.
Real-time payments is one of those things that sound good—who wouldn’t want instant and free—until you start thinking about the real value and the cost of getting it. Yet, the banks are getting pressure to swallow a scheme that not only costs them money, but provides no clear path to getting a return on that investment.
Here’s the scary part.
Let’s say that the Fed prevails and the banks are forced to march down this road. Merchants will be absolutely giddy, having finally found a “free” method of payments. Innovators new and old will basically rush to build debit-like products that suck the blood (aka the DDA account funding source) from the banks thru them to the merchant. In theory, they win, the issuer loses, an issuer that has already been gutted up and down and sideways on ways to make money, and who now also has the CFPB criticizing the cost of checking accounts as too high.
The “in theory” part that I mention is whether consumers are okay with the switch in payment methods (that’s what CurrentC’s whole value proposition is based on), and that will all depend on who’s asking. It’s what the banks have always objected to with PayPal, and might find over time, if Apple decides to push it, that consumers wouldn’t blink twice. If you’re a network, that means you can also kiss debit volume goodbye over time, too.
This isn’t just a US problem.
Here’s what the Reserve Bank of Australia head, Glenn Stevens said last week, "If those players do not provide Australian end-users with the services they want, surely others will seek to do so. Alternatively, the Reserve Bank would be duty bound to consider a regulatory approach."
What’s scarier than walking thru a cemetery on Halloween night? If you’re an issuer (and a network) Central banks deciding that banks are the piggy banks to be used for their pet projects.
UK Payments System Regulator
What’s one more regulator when you already have a few dozen telling you how to run your business?
That’s at least the sentiment in the UK after creating a new independent regulator for payments as part of its 2013 Banking Reform Act.
This new regulator will be fully operational by April 1, 2015 and will have three goals: (a) to promote competition; (b) to promote innovation; and (c) to ensure that payments systems “operate in the interests of their users.” Specifically, it has the ability to “produce standards, impose required rules, mandate access, alter agreements relating to the payments systems and oversee the disposal of interest in a payments system.”
Isn’t if just great to see governments thinking they can do payments innovation better than the private sector?
Really, these are the governments who haven’t introduced A-N-Y of the major innovations in payments, ever. Well, okay, so it was 3000 years ago that a government introduced a real innovation, and that was metallic money by the Lydians in 700BC. But if it hadn’t been for the private sector innovators, there’d be no electronic payments and the most innovative thing Apple would have been able to do for payments is to figure out how to attach a fancy schmancy money clip to the back of their iPhone.
And don’t even get me going on letting the folks that develop and operate things like healthcare.gov or the Post Office or the CDC get into payments too.
For the moment, the horror movie starring a regulator just for payments is premiering only in UK theatres.
But one can only imagine the nightmare if that show goes on the road.
Speaking of nightmares, for now, there’s nothing scary going on in the US, but it’s like Nightmare on Elm Street in Europe especially if you run a three-party system.
The European Commission and Parliament are running up one of the scariest pieces of payment legislation ever. They are prohibiting merchants from imposing surcharges on MasterCard and Visa but they are specifically allowing merchants to whack American Express, Diners Club, and any of the domestic three-party systems. And if a three-party system does a partnership deal to issue or acquire cards with any bank in any country, they have to make the same deal available to all banks.
My colleague David Evans has a different take on this. Instead of Nightmare on Elm Street he says the legislation is more like Alice in Wonderland. Read all about it here.
Meanwhile the Europeans are going to force interchange fees for every four-party system, not just MasterCard and Visa, in every single European country, down to 20 basis points for debit and 30 basis points by credit. Between that and country regulation on checking account (current accounts for you folks in Europe) fees banks have just about no business for payments. Don’t wait for a lot of European banks to sign on to Apple Pay, unless Apple Pay decides it doesn’t need the 15 basis point fee in Europe.
Apple and Payments
Remember the story of Frankenstein? Frankenstein was the genius doctor who wanted to make the perfect person. So, he had this idea to steal “the best” body parts from dead people and then stitch them together to make the perfect human being. Once done, he brought this perfect creature to life by jolting it with electricity.
But rather than a perfect human being grateful for life, Dr. Frankenstein created a huge and powerful monster that terrified the village and villagers. He was unstoppable until he was killed by the very man who created him.
You gotta admit, when you start to think about Apple Pay and the future of payments, it’s a pretty interesting analogy.
We have the networks and issuers playing the role of the good doctor – working hard to create the perfect mobile payments scheme and bring it to life.
They worked for a year-plus to give Apple the best of what they had to offer – an existing payments infrastructure to leverage, an issuer consumer base to tap into, an easy way to provision cards in the mobile wallet, a tokenization scheme that enabled secure commerce across devices and that would pave the way for a powerful digital commerce world, free advertising as emails and TV and web ads promoting Apple Pay flooded airwaves and inboxes, and a business model that paid them basis points from the issuer on each transaction – the cherry on the iPhone 6 and 6 Plus sales sundae.
Apple said at launch that it had no interest in being in payments, just enabling it via their devices and, in essence, digitizing, the existing payments ecosystem. I’m sure that they told the music industry that they had no interest in getting into the record business when they launched iTunes too. And the mobile operator that they had no interest in getting into their business when they launched the iPhone.
But we all know how those movies played out for the record industry and mobile operators. It hasn’t exactly gotten into their businesses, it’s just rewritten the rules of their businesses, completely changing the economics and balance of power in favor of Apple. Given the consumer demographics and popularity of Apple products, both are pretty powerless to push back. After all, who wants to risk losing Apple and Apple’s customers?
Of course, it’s still really early days, one week to be exact, but Apple Pay has shown at least one merchant how much sway its payments brand has as Rite Aid customers use social media to express their displeasure over its decision to ditch Apple Pay. It’s also not inconceivable that once Apple converts a chunk of its iTunes accounts holders to Apple Pay customers, that it decides to use its power in very different ways.
Like flip those customers to ACH.
Or to negotiate more basis points on each transaction as a way not to do that.
Or deciding that they want basis points plus a percentage of offers and advertising that are enabled via iBeacons and Apple Pay, that you know is coming and soon.
Or deciding to buy a network and create its own global payments network.
What’s very clear is that Apple Pay and its payments and iBeacon ecosystems clearly steer innovation in the direction of apps that leverage the Apple ecosystem, giving Apple Pay and Apple a lot of power. Unlike Frankenstein, its good doctor’s won’t kill it, in this crazy payments world of co-opetition, they’ll just be marginalized over time. It’s not like the mobile operators or the record industry are dead, they just aren’t minting as much money as they used to.
But if you ask me, probably the most horrifying thought of all, is to imagine the next decade of payments and commerce as one where we all act as if it’s “game over” because Apple Pay has launched.
That’s the real Nightmare on Payments Street.
What I’ve observed since Apple Pay launched is that everyone is much more focused, and serious now that a new, big and powerful player has entered the market. Like all new players, it will take time to get traction, remember, Apple Pay is only as good as the number of new iPhones it sells – and that’s roughly 26 million in the US – and places to use them – which today is 220k merchant locations.
But, Apple Pay is the catalyst for everyone to refine their mobile payments game and get serious about how they can complement and compete – or both - in an ecosystem where, I think it’s safe to say that we all feel that we are well on our way to a digital payments future.
But surely there are other horrifying thoughts that, in the season of thinking scary thoughts, you have.
So, tell me, what have I missed?