Cover image of Payments on Fire
(21)
Business
Technology

Payments on Fire

Updated 1 day ago

Business
Technology
Read more

Podcasts from Glenbrook Partners on the latest developments in payments and fintech. Featuring interviews with opinion leaders, Glenbrook's own take on emerging technologies and industry trends, other news and views on this dynamic industry.

Read more

Podcasts from Glenbrook Partners on the latest developments in payments and fintech. Featuring interviews with opinion leaders, Glenbrook's own take on emerging technologies and industry trends, other news and views on this dynamic industry.

iTunes Ratings

21 Ratings
Average Ratings
20
1
0
0
0

Love your podcasts.

By QCheque - Aug 13 2017
Read more
Thanks for sharing your knowledge and wisdom. You guys are doing excellent work.

Great resource

By Brianpetersyo - Jan 06 2016
Read more
Awesome resource for learning about the payment industry.

iTunes Ratings

21 Ratings
Average Ratings
20
1
0
0
0

Love your podcasts.

By QCheque - Aug 13 2017
Read more
Thanks for sharing your knowledge and wisdom. You guys are doing excellent work.

Great resource

By Brianpetersyo - Jan 06 2016
Read more
Awesome resource for learning about the payment industry.

Listen to:

Cover image of Payments on Fire

Payments on Fire

Updated 1 day ago

Read more

Podcasts from Glenbrook Partners on the latest developments in payments and fintech. Featuring interviews with opinion leaders, Glenbrook's own take on emerging technologies and industry trends, other news and views on this dynamic industry.

Who Are You, Really? - FIDO's Biometric Authentication

Podcast cover
Read more

Since the first promise to pay was made, knowing who you’re dealing with has been a requirement. Authenticating the identity of a trading partner - a customer, an accountholder, a business or even a computer - is a burden that falls on the one extending trust because the giver takes on the transaction risk. In online and mobile transactions, the job of authentication has fallen on the password’s sagging shoulders in combination with other credentials such as a payment card or drivers license.

The smartphone has brought, to this world of stolen passwords, social security numbers, and other bits of personal information, the fingerprint and other biometric techniques. Authentication and convenience are no longer at odds. While Apple’s TouchID is at the heart of Apple Pay, the Android side is made up of a broad assembly of technology providers and users called the Fast Identity Online Alliance or FIDO Alliance. Take a listen to this discussion between FIDO board member Philip Andreae and Glenbrook’s George Peabody on how FIDO works and the growing role of biometrics in authentication.

Oct 12 2015

22mins

Play

Episode 98 - Google Pay Deep Dive with Google's Steve Klebe

Podcast cover
Read more

The global spread of digital payments gets a huge boost from giants like Google. Google’s Google Pay is far more than just a wallet, and the subject of this Payments on Fire® episode with Steve Klebe.

Steve heads Google’s Processor and Partnerships business and has terrific experience in our industry, working with payment gateway CyberSource, payment security firm RSA, and carrier billing firm BilltoMobile. He’s also served multiple times on the board of the Electronic Transaction Association.

In other words, a true payments geek.

Here’s what we talked about:

  • The evolution of Google Pay from its 2011 launch as Google Wallet and the various incarnations since then
  • Google’s business model for GPay and the degree to which the data generated by GPay transactions influence (or not) the advertisements we see on sites using Google’s advertising services
  • Transit payments, Google’s role in the W3C’s Payment Request API, and how Google pulls it into its own tools
  • The Google Pay value proposition and how it combines the value of hundreds of millions of cards on file, their organic growth through Chrome’s auto-fill, Google’s own sales, and making those credentials available to third parties via Google Pay
  • The new Google Pay APIs that focus more on convenience than payments: event ticketing, airline boarding passes, and more
  • Google Pay India, renamed from Tez, and its role in the UPI framework that enables secure bank-to-bank transactions.

We conclude with thoughts on the Open Banking phenomenon and Google’s intentions in that area.

Jul 17 2019

46mins

Play

The Merchant's Challenge with Chargebacks

Podcast cover
Read more

Chargebacks are one of the card system’s great consumer benefits. If fraud happens, the merchant doesn’t deliver on what was promised, or you’re charged six times for something you bought just once, the chargeback mechanism returns your money or restores your credit. What’s not to like? Well, if you’re a merchant, a lot. While there are plenty of legitimate chargebacks, there are also consumers who take advantage of the system through “friendly fraud,” the “I didn’t do it” chargeback category abused by all too many.

Chargebacks are expensive for merchants. There’s a chargeback handling fee from the acquirer. There’s the cost of disputing the chargeback. There’s the cost if, at the network’s discretion, the merchant loses the chargeback. And then there’s the small matter of the cost of the goods or services. Take a listen to this audio primer on chargebacks with Glenbrook’s George Peabody and Chargeback’s CEO Dave Wilkes. Hear how they work, what the trends are, and how Chargeback assists merchants in the chargeback dispute process.

Jun 21 2016

30mins

Play

Networks Put Their Money on Checkout for Mobile

Podcast cover
Read more

Anyone even vaguely conscious during Sunday afternoon football games has seen adverts for Visa Checkout, that shopping cart checkout assistant the card network is encouraging everyone—cardholders, issuers, and merchants—to adopt. Visa is not alone. MasterCard’s MasterPass and American Express Checkout are similar product offerings all meant to add convenience and security to the merchant’s checkout flow.

These checkout assistants—you could even stretch the definition a bit and think of them as wallets—use the payment tokenization specification from EMVCo. But as products from competitive networks, each has unique attributes, never mind its own APIs specification.

Glenbrook’s Russ Jones takes us for a pretty deep dive into how these tools work. And the benefits they provide to merchants especially in mobile commerce. Russ has been under the hood and this is a report on what he’s found.

Jan 18 2016

23mins

Play

Episode 83 - Settlement Systems in Detail - Carol Coye Benson, Glenbrook

Podcast cover
Read more

Payment Innovation Moves to the Core

When we conduct our Glenbrook Payments Boot Camp, our first graphic illustrates the three essential steps in every transaction - initiation, funding, and completion. When looked at through the lens of of the past decade most innovation has been in initiation. Consider: Apple Pay, Google Pay, Venmo, QR codes. The list is long of ways to kick off a transaction.

Funding is all about where the money comes from. Usually a bank account, often a wallet holding money. Some innovation there but not a great deal. There are only so many ways to store funds.

Completion, the last step, is the most important to many participants as it’s when the transaction completes with the final movement of money.

Five years ago, in those boot camps, I said that completion, also called settlement, is the innovation-resistant phase of a transaction. Today, everything has changed.

In the U.S., we have new services such as Zelle and Venmo that appear to the end parties to deliver instant settlement. They may use card rails or bank rails like ACH to complete the transaction. 

Two Forms of Settlement

In this discussion with Glenbrook’s Carol Coye Benson, we look at two forms of settlement: end party settlement - for example, an employer paying an employee - and then Carol focuses on the nuanced world of interbank settlement.

If you’ve heard the terms net settlement, gross settlement, or RTGS and wondered what they mean, take a listen. 

Faster Payments and Settlement

We also talk about the phenomenon of faster payments and the settlement techniques these systems employ. 40 countries around the world are in one stage or another of deploying faster payment systems that push money from bank account to bank account. It's already in the US via the Real Time Payments Network from The Clearing House and, perhaps, a competing service from the Federal Reserve. (To get an update on the Real Time Payment Network, listen to Episode 81 of Payments on Fire).

These faster payment systems vary in their capabilities. Speed and data carrying capacity are just two variables. But we have seen that when a new payment system enters a market innovative offerings can flourish, provided access to that system is encouraged by rule, regulation, or both. However, that level of openness is not guaranteed. As Glenbrook have seen in our work around the world, some systems are essentially closed by market power or operating rules. These constraints limit the network effect's benefits of ubiquity, convenience and, often, cost.

This is an ongoing challenge. In this age of fintech, banks are under pressure to innovate. As owners or participants in new systems, some may choose to limit access to their fancy new rails in an attempt to forestall competitive market entrants. Others will be “encouraged” by regulators to open up. Of course, end party choices will play a big role, provided there’s a choice available.

The New Game

Settlement has traditionally been led by major commercial banks or the central bank of each country. That model still holds. In some markets, including the U.S., we expect a push and pull for control between those two entities. Christine Lagarde, Managing Director of the International Monetary Fund, suggests such tensions may justify  the issuance by a nation's central bank of a fiat digital currency as a counterweight to the alternative control over payments by a concentrated set of banks and processors.

Settlement innovation has created a competitive environment that did not exist before. It will be the interplay of rules, regulations, technical capabilities, end party value proposition, and market power that will determine the evolution of each country's settlement platform. In some, regulators will shape the outcome. In others, system access for fintechs and the "open banking" model will be a determinant. For all, cost effective access for end parties is critical.

So much for thoughts of a static payments ecosystem.

If you think of yourself as a payments geek or just want to get under the hood of how money really moves, Carol is a terrific guide.

Nov 15 2018

44mins

Play

A Large Merchant's Focus on its Payments Strategy

Podcast cover
Read more

Payments industry professionals naturally have a hard focus on the industry’s own dynamics. So, it’s not uncommon to lose sight of who the customer is and who pays the freight. In retailing, yes, the consumer pays, but payments is a direct cost to the merchant. With all of the changes underway in the U.S. payments landscape, merchants now view payments as a complex, strategic element of their business, both as a way to drive new sales as well as a cost component to be tightly managed.

To learn what’s top of mind for a large scale retailer, take a listen to Dean Sheaffer, SVP of Financial Services at Boscov’s Inc., the U.S.'s largest family-owned department store. In this Payments on Fire podcast, Dean addresses payments as a sales tool (Dean and his team have upped usage of the Boscov private label card to 40% of tender!), payments and data security, and the potential of Faster Money.

May 11 2016

23mins

Play

Episode 48 - APIs, ACH, and Faster Money - Dwolla

Podcast cover
Read more

Sometimes a change in direction is the way forward. Network aspirant Dwolla has recently pivoted its work toward the product and development teams inside financial institutions. Instead of being a system operator, Dwolla now offers a broad set of APIs designed for those FIs to take advantage of the ACH’s overnight and Same Day ACH services. Dwolla’s shift also comes as the company and the US anticipates the impact of new immediate funds transfer systems Zelle, The Clearing House, and likely others.

Take a listen to this conversation with Jordan Lampe, Dwolla’s Director of Communications and Policy Affairs, and Glenbrook's George Peabody as they discuss the Federal Reserve Faster Payments Payments Task Force Steering Committee, use cases for Same Day ACH, and more.

Feb 16 2017

32mins

Play

Payments Data with Russ Jones

Podcast cover
Read more

As the breadth of transaction data expands, even the definition of payment data is getting stretched. Payment data, when combined with other sources, is becoming a valuable tool for both commerce and security. If we know your first name, we can figure out if you’re male or female 92%+ of the time. If your email address is at AOL, you’re probably over 50. What you might buy can be inferred from the websites you visit. And that’s just the start of data’s role in payments.

Take a dip into the payment data pool in this podcast with Glenbrook’s Russ Jones. Russ discusses artificial intelligence, privacy, and the spread of Bluetooth beacons. For a deeper dive into the topic, join Russ at the Payments Data Insight Workshop on October 13 in Palo Alto because data’s influence in payments continues to expand.

Sep 22 2016

22mins

Play

Episode 74 - Payment Authentication and Identity in Context - Steve Wilson, Lockstep Technologies

Podcast cover
Read more

Online trust requires a context-based understanding of who we transact with. Attributes about us are needed to build that trust but in many transaction contexts we share more than we need to.

To pick a simple example, the law says you must be 21 to buy alcoholic beverages but our current method of proof is to show our driver's license, an unnecessary oversharing of personal information. Why show that creepy barkeep where you live when you only need to prove you were born before 1997?

In this wide-ranging Payments on Fire podcast, George and Lockstep Technology CEO Steve Wilson discuss how we share the attributes that, in aggregate, define to the online world who we are.

Steve makes the case that security and identity professionals continue to encourage the oversharing of personal data. Now that we have sophisticated network-based fraud management tools - device fingerprinting, behavioral analytics, machine learning and AI - that generate a crisp profile of our devices and our behavior, the attributes that a user must provide could be limited to just what's required and no more.

An "attribute wallet" under the user's control - yes, another role for the smartphone - might prove to be a valuable authentication enabler.

This episode concludes with Steve's report on comments made by some of the deans of modern cryptography on the threat that quantum computing represents. It sounds like good news.

May 08 2018

30mins

Play

Episode 46 - 3D Secure, Visa, and CardinalCommerce

Podcast cover
Read more

One of last year's most anticipated advances in fraud management was the final release of EMVCo’s 3D Secure 2.0 protocol specification. Designed to take a risk-based approach to authorization and lower the checkout friction of its predecessor, 3DS2 will be a new tool in the growing anti-fraud arsenal.

One of its supporters and a service provider that’s been closely tied to 3D Secure is CardinalCommerce. Cardinal, now a new addition to Visa’s arsenal with its recent acquisition, has been working with the risk-based approach for quite awhile. Take a listen to Visa’s Mark Nelson and Mike Keresman and Tim Sherwin of CardinalCommerce in this discussion about 3DS2, card network mandates, Cardinal’s acquisition by Visa, and when the market will see 3DS2 solutions.

Jan 03 2017

31mins

Play

Episode 105 - The Independent Gateway's Enabling Role - Nick Starai, NMI

Podcast cover
Read more

Take a listen as George and Nick Starai, Chief Strategy Officer of NMI discuss the role of the independent payments gateway and its evolution as a technology and business enabler for today’s providers of payment acceptance: ISOs, ISVs, and merchants.

A key technology and business partner for merchants and the first-line providers of payment services (think ISVs and ISOs) is the payment gateway.

At their simplest, gateways provide a single interface to their users that, once built, lets the party using it switch between acquirers with relative ease in order to get better performance, service levels, and/or pricing.

For independent software vendors (ISVs) selling line of business software this flexibility allows their customers to choose their acquirer of choice from the range of acquirers supported by the gateway. Many such relationships are in place long before the ISV relationship is established. ISVs can’t insist that their potential customers change acquiring banks in order to use their software. That’s one use case for a gateway.

Another is the Independent Sales Organizations (ISOs) that also realizes the necessity of using gateway technology in order to reach their increasingly demanding merchant customers. Placing stand-beside payment terminals next to a cash register is no longer nearly enough. Integration of payments into the overall business process of even a smaller merchant is now table stakes. Gateways can help make integration of more advanced capabilities happen.

Independence Means Acquirer Neutrality Many formerly independent gateways have been acquired by processors. What processor wouldn’t want to move all the transactions managed by the gateway onto its own systems? It’s all about volume, after all.

But for independent software vendors, independent sales organizations selling to ISVs and merchants, and for many merchants themselves, an important virtue of the gateway function is its processor and acquirer independence.

Value-added Services Gateway operators generally charge flat fees for each transaction handled so they have every incentive to expand the volume of transactions they manage as well as to provide value-added services that increase revenue on each transaction handled.

To increase volume, gateways make it as easy as possible for a customer to integrate to the gateway. They make their APIs simple and robust so it’s easy to add new services. The gateway provider builds software developer kits (SDK) to support in-app payments and makes sure their code runs on every important operating system.

Gateways often specialize on a particular payment domain such as large ecommerce merchants or in-store systems. Others offer a broader set of services. NMI, the subject of this Payments on Fire® podcast, supports both EMV terminals and the card not present environment.

Payment Facilitation The payment facilitation business model has broadened card payment acceptance to the wide base of small merchants who would otherwise not qualify for a traditional merchant account.

The greatest impact of this payfac model is how it streamlines the onboarding process. Instead of the days-long underwriting process traditionally needed, sellers working through a payment facilitator (PayPal, Square, and Stripe all employ that model) can start to take payments within minutes of creating an account.

Because of that swift onboarding, the payment facilitation model reduces sales friction for ISVs. Their customers can install the ISVs line of business software and start taking payments at the same time.

For the ISV, there’s also the opportunity to earn revenue from their customer’s payment transaction flow. We’ve seen multiple merchant companies selling software services earn substantial revenue from the payments side of their business. NMI provides essential infrastructure services for the payfac business model including onboarding, sub-merchant account creation, KYC, and other reporting services.

The NMI Story Nick relates NMI’s growth and service expansion. It’s a cool story that speaks to the industry’s evolution as well as the company’s own growth. By the end of the podcast, you’ll understand how enabling technology and new business models have shifted, yet again, the payments ecosystem. The gateway and payment facilitation services offered by NMI help move ISVs and tech-forward ISOs into a first position over traditional providers of merchant services.

Oct 25 2019

43mins

Play

Episode 59 - B2B Payments are Hot - Glenbrook's Erin McCune

Podcast cover
Read more

B2B payments are huge. Taken together, these supply chain payments exceed the gross domestic product. But supply chain payments remain an imperfect art. While consumers pay for one purchase at a time, a B2B payment may cover multiple invoices, each with different commercial terms. Given the amount of data about the payment that’s necessary to crisply communicate between a buyer’s accounts payable department and a seller’s receivables group, it’s no wonder paper checks are still in broad use.

While B2B payments have been resistant to “electronification,” the cloud, the mobile user interface, a new data standard (ISO 20022), and APIs into banks and payment schemes are enabling a renewed effort to streamline B2B payment transactions. B2B payments are hot.

Join Erin McCune, partner in charge of Glenbrook’s B2B practice, as she discusses:

  • How B2B payments are different from consumer payments
  • Why B2B is “hot” once again
  • What market forces are pushing B2B forward
  • Why Faster Payments in the U.S. and around the world could have a major impact on supply chain payments

Aug 11 2017

28mins

Play

How to Get, and Stay, Smart in Payments

Podcast cover
Read more

Want to know what it takes to to stay smart in payments? Take a listen to Russ Jones, the Partner in Charge of Glenbrook’s Payments Boot Camp program. Russ gives a look behind the scenes, talks over the boot camp’s evolution, and how it stays forward looking in what’s become a fast changing industry. Over 13,000 payments professionals have experienced the Payments Boot Camp Russ talks about in this Payments on Fire podcast. 

Mar 27 2017

20mins

Play

Faster Payments in the US

Podcast cover
Read more

Sending money in real-time is a capability that is growing around the world. “All bank” systems in the UK and Mexico are thriving. Mobile money services like M-Pesa are changing economies and individual lives in developing countries. But in the US, “things are complicated.” We have a crowded landscape in the US without, as in many global markets, a clear mandate from a regulator. In this Payments on Fire podcast, Glenbrook’s Carol Coye Benson and Dwolla’s Jordan Lampe join George Peabody for a discussion on the evolution of Faster Payments in the US, directories, bill pay, and the challenges of interoperability. And best wishes for a relaxing and happy Thanksgiving! 

Nov 24 2015

26mins

Play

Episode 63 - Payments Come to the Browser - W3C's Ian Jacobs

Podcast cover
Read more

Payments standards typically operate deep within a payment system, invisible to most of us. But before long a new standard for web browsers will touch us all. Known as the Payment Request API, it is one of the newer projects of the Word Wide Web Consortium (W3C). Supported by browser builders Mozilla, Apple, Google, Microsoft, and more, this new API should simplify web payments for consumers and merchants alike.

Join the W3C project leader Ian Jacobs and Glenbrook’s George Peabody as they discuss the effort’s goals, transaction flow, and status. It’s coming very soon.

Sep 28 2017

26mins

Play

Episode 72 - Alipay's North American Acceptance Plan - Souheil Badran

Podcast cover
Read more

The rise of Chinese mobile payment systems is the top global mobile payments story of the last few years. Alipay and WeChat Pay serve hundreds of millions of users with payments, loyalty programs, merchant coupons, and more.

QR codes are used to initiate many of these interactions especially within the point of sale (POS) domain. When there isn’t a legacy payment infrastructure in place, software is easier, and cheaper, to deploy than the hardware-reliant approaches used for card-based transactions.

To serve its millions of accountholders traveling around the world, Alipay is building out its acceptance footprint. In this episode of Payments on Fire, George speaks with payments industry veteran Souheil Badran about his role as president of Alipay Americas and the company’s plans for reaching US merchants in tourist hotspots and beyond.

Apr 13 2018

28mins

Play

Episode 92 - Fintech Leaders Talk Payments - Fintech South Atlanta 2019

Podcast cover
Read more

Payments on Fire® usually focuses on a single topic, typically a fintech company and the business or personal challenges it addresses. In this episode, we take another direction by bringing together three fintech leaders to talk about their company offerings, how they connect up to payments, and some of the obstacles they’ve faced.

George talks with the leadership of three companies working in very different areas: remittances, small business logistics payments, and healthcare.

  • Mike Gaburo, CEO of Brightwell Payments, a company delivering a mobile payments app to global workers for their payroll distribution, enabling card-based purchasing as well as remittance services
  • Robin Gregg, CEO of RoadSync, a business software provider that enables electronic payments to SMBs in the logistics sector; and
  • Alan Nalle Chief Strategy Officer of Patientco, a payments platform with intuitive, mobile-friendly tools for Health Systems to enable patients to pay their healthcare bills.

This conversation illustrates the breadth of payments and the focus required to solve the specific payments needs of each industry segment.

Robin, Mike, and Alan will join Glenbrook partner Beth Horowitz Steel on her panel called Innovative Solutions - Solving Difficult Payment Needs at the Fintech South conference, held April 22 and 23 in Atlanta.

Apr 12 2019

28mins

Play

Episode 61 - Payments Systems in the US - Third Edition - Glenbrook’s Russ Jones

Podcast cover
Read more

We all know that the evolution of payments systems in the U.S. is accelerating. That’s why Glenbrook has just published the third edition of our book, Payments Systems in the U.S. - Third Edition: A Guide for the Payments Professional, the definitive guide to the how and, in particular, the why of our multiple payments systems.

The third edition addresses that evolution through updated examples and, unique to this edition, a focus on payments innovation in all three payments phases: initiation, funding, and settlement.

Join Payments on Fire host George Peabody and Glenbrook’s Russ Jones as they talk about the new edition, what it covers, and the book’s relationship to Glenbrook’s Payments Boot Camp. Payments Systems in the U.S. – Third Edition is available on Amazon.com in paperback and Kindle format. 

Aug 29 2017

18mins

Play

Episode 66 - Real Time Payments Comes to the US - Steve Ledford of TCH

Podcast cover
Read more

Payment innovation runs at multiple speeds. Changes in how a payment is initiated happen almost every day. Payments infrastructure change is a lot slower. But it’s happening. Nudged forward by the Federal Reserve’s Faster Payment Task Force, we are seeing the launch of the first entirely new payment system in decades. Called Real Time Payments (RTP) the new system switched its first real-time payment on November 13, 2017.

Built entirely around the rich payment messaging standard ISO 20022, we have a system that can carry both payment instructions and meta-data about the payment. Data rich, essentially instant, bank-fased account to account push transactions could be a game changer.

Join George and Steve Ledford, Senior Vice President, Product and Strategy, at The Clearing House (TCH) as they discuss the spread of real-time payment systems around the world and take a deep dive into RTP’s operation, rules, and use cases.

Nov 30 2017

50mins

Play

Episode 99 - Reducing Chargeback Handling Pain - Rick Lynch, Verifi

Podcast cover
Read more

One of the privileges of using a card to make a payment is the ability to dispute that charge should something go wrong. Maybe you ordered one garden rake but got charged for two. Perhaps you ordered a sweater and, as my colleague Allen Weinberg puts it, “got shipped a box of rocks.” Or you discover a charge that you didn’t make on your card account and believe it’s fraudulent.

In all those cases, the dispute process involves a chargeback.

The cardholder disputes the charge, the issuer credits the customer for the amount of that charge if it’s an obvious mistake or fraud, and, depending upon the chain of liability rules and the type of transaction, one party—the issuer, the acquirer, or the merchant—will have to bear the cost of the chargeback.

For merchants, just getting a chargeback message is a cost in the form of a fee paid to its acquirer. How does $5 and (way) up sound? Chargebacks, as a payments cost, are no financial joke.

The card system also views the chargeback rate—the percentage of transactions that result in a chargeback—as a leading indicator of poor merchant behavior. Once a merchant’s chargeback rate approaches one percent of its transactions, the merchant’s acquirer or PSP is going to put it on notice. If the merchant doesn’t lower that rate pronto the merchant could lose the ability to accept card payments.

The chargeback process is also a cost to issuers who are generally the party first called by the unhappy customer (issuers will often ask the customer if she or he has called the merchant, too).

In other words, chargebacks are a result of something going wrong and they can be a costly hassle for everyone because, for many stakeholders, chargeback handling is still dealt with manually.

In this Episode 99 of Payments on Fire® we talk with Rick Lynch, VP of Business Development from Verifi, about the impact of chargebacks on merchants and issuers. He updates us on rule changes by Visa and Mastercard. And he addresses the process and techniques needed to handle these post-authorization events.

While only mentioned in passing during the episode, Verifi is being acquired by Visa, in another example of expansion by card network operators into adjacent payment ecosystem roles.

Aug 08 2019

31mins

Play

Episode 110 - Building Out and On a National Faster Payments System

Podcast cover
Read more

Deployment of “clean sheet of paper” payment systems is a once in a generation event. In over 50 countries, new account-to-account push payment systems are either in full scale operation, implementation, or fully committed planning stages. The U.S., for example, has the RTP Network in operation and, in a few years, the FedNow system will be online.

This is hard, serious work. Technology decisions need to be paired with equally rigorous rules making. One of the major concerns for these systems is what to do when a transaction is sent in error or initiated by a fraudster. In contrast to card systems, dispute resolution capability is not a standard feature. These choices should reflect clear agreement and follow through by the system’s key participants.

In this Payments on Fire® podcast, Glenbrook’s Elizabeth McQuerry talks with builders of dispute resolution, complex messaging, and connectivity capabilities developed around Australia’s New Payments Platform (NPP).

Joining Elizabeth are Jack Baldwin, Chairman of BHMI, a U.S.-based developer of bank-grade settlement and reconciliation systems, and Nathan Churchward, Head of Product, Emerging Services at Australia’s Cuscal Limited. Cuscal is a developer of payments capabilities that include card issuing and acquiring, mobile payments, fraud prevention, switching and settlement.

There’s a lot to be gained by learning from someone else’s experience. Nathan and Jack address the dispute resolution process, ISO 20022 messaging, and the significant effort needed to build out systemically important payment infrastructure. Take a listen and you’ll gain a deep appreciation of the interplay of rules, regulations, technology, and effort.

Glenbrook Partners is working with the U.S. Faster Payments Council to help shape rules in the U.S. and address significant concerns around system interoperability, directory services, and dispute management. Take a look at the Faster Payments Barometer based on our industry survey. And visit the U.S Faster Payments Council site for more

Dec 09 2019

35mins

Play

Episode 109 - Bitcoin SV, a Payments and Data-focused Path in Bitcoin Evolutio - Jimmy Nguyen, Bitcoin Association

Podcast cover
Read more

If you thought bitcoin was dead as a payments system, take a listen to George and Jimmy Nguyen, founding president of the Bitcoin Association, as they discuss Bitcoin SV, a new version of bitcoin that is a significant upgrade to the performance and capabilities of the original bitcoin protocol put into the world a decade ago.

From a payments perspective, bitcoin has failed. While successful as an albeit volatile store of value, its failings include:

  • It is slow, only able to handle 2 or 3 transactions per second with a peak rate of 7. Visa handles 50K at peak holiday times with aplomb.
  • While transactions are irrevocable, they are not immediately written to the blockchain. Core design specifies that that happens every 10 minutes but when the network is under load it has taken hours.
  • Processing cost is too high, measured in dimes and dollars, and also volatile
  • As the processors, known as miners, are rewarded with fewer bitcoins for their work, they’ll have to rely on processing revenues, transaction fees, to stay viable. Costs are already too high
  • There’s the high power usage of the network that’s needed to maintain consensus, essentially trust in the network.

If you thought bitcoin was dead as a payments system, take a listen to George and Jimmy Nguyen, founding president of the Bitcoin Association, as they discuss Bitcoin SV, a new version of bitcoin that is a significant upgrade to the performance and capabilities of the original bitcoin protocol put into the world a decade ago.

Jimmy brings a refreshing view on cryptocurrencies and payments. Jimmy provides a great review of how bitcoin works and why both its performance and its economics are broken. He explains the advantages of the Bitcoin SV fork and why it was necessary. Suffice it to say, bitcoin’s evolution is subject to the often fractious politics of that community where competing interests inhibit long term thinking.

Bitcoin SV has intriguing potential. Micropayments, sub $1 transactions, have never found a home in electronic payments. BSV could apply there.

BSV is also designed to use enormous blocks in order to keep processing costs low and provide the ability to store massive amounts of data about the payment. 

Nov 27 2019

37mins

Play

Episode 108 - B2B Payments for the Massive Insurance Segment - Jeff Brown, VPay

Podcast cover
Read more

Join Jeff Brown, president of VPay, a firm specializing in insurance claims payments, and George Peabody of Glenbrook Partners in this deep dive discussion of how the work of claims processing is done and how he approaches B2B payments, compliance, and the value-added services needed by the company’s customers.

The B2B Domain

We’re all familiar with the card present POS domain, card not present Remote domain, P2P payments, and the Bill Pay domain. A phone tap here, a card swipe there, a bill payment to the utility company. On a day to day basis, our personal experience with payments is these areas.

The B2B and B2C payment domains are very different. There is a wide range of industries with very specific payment needs. (Listen to episode 92  to hear how customized payments can become. Roadsync’s Robin Gregg talks about the special paper check type built just to serve independent long haul truckers.)

Insurance is Huge

One of the biggest industries is insurance. Premium payments in the U.S. alone are over $1.2 trillion. Payouts by stakeholders, such as healthcare systems and property & casualty insurers, and made to individuals claimants and service providers amount to trillions more.

Insurance is definitely big enough to be a very attractive vertical to a payments service provider.

Knowing Your Customer's Business

If you are a PSP serving a particular vertical market in the B2B space, you have to know at least as much about the vertical you serve as you do about payments operations and services. For example, if you’re making healthcare payments, you have to comply with the strict data privacy requirements specified by HIPAA regulations. You may have to support specific data formats. And you should help your business customers deliver useful features to their own customers.

If you want a great explanation of how payments fits into a vertical market, you can’t do better than listening to this episode of Payments on Fire®.

Nov 19 2019

43mins

Play

Episode 107 - The Financial Inclusion Impact of the Digital Wallet in Columbia - Hernando Rubio, CEO, Movii

Podcast cover
Read more

Digital disruption and financial inclusion are focus areas throughout the developing world and the topics are white hot in Colombia. Listen in as Hernando Rubio, CEO of Moviired, speaks with Elizabeth McQuerry and George Peabody about Movii and payment / financial inclusion ecosystem in Colombia.

Financial Inclusion in Colombia

Although one of the first countries in Latin America to make a big policy push for financial inclusion, those efforts focused a “banking correspondents” or agents in local stores carrying out basic financial services on behalf of banks. While these correspondents greatly improved access to financial services, they have not fully produced the desired results. According to the World Bank, fewer than half of all adults have a bank account and only a handful (less than 5%) have a transaction account from a telco led service. Very few Colombians use those accounts to pay bills or buy something on the internet. Cash is still preferred.

Enter the SEDPEs

In 2015 regulators in Colombia created a new category of licensed financial institutions called a   special company for electronic deposits and payments, or SEDPE by the Spanish language initials. While a bank can also pursue this type license to focus financial inclusion efforts, the main conceptualization of SEDPEs are fintechs that gain authorization to take deposits and make payments – the two most basic (and still lacking) aspects of financial inclusion. SEDPEs are not allowed to make loans but can partner with others to make small credits available.

Movii

Rubio’s Movii was the first SEDPE to be authorized by regulators. Movii is a classic digital service that offers a wallet for storing funds, access to a reloadable debit card from Mastercard for buying in stores and on the internet, bill payment, mobile top ups and transfers to other Movii users. Movii also recently connected to the new national real-time payment service (Transferencias Ya) in order to be able to reach all account holders in Colombia. Movii builds off the company’s experience managing Moviired, an extensive network of physical agents in stores and bank correspondents throughout Colombia, that people use for those basic payments. Hear how a company disrupts itself as it lays the foundation for the next generation of financial services.

Nov 14 2019

37mins

Play

Episode 106 - Payments Infrastructure for the ISV - Richie Serna, Finix

Podcast cover
Read more

The merchant acquiring industry continues its large scale shift from a payments-led to an operations-led purchasing decision for the merchants it serves. Historically based on independent sales organizations (ISOs) and non-bank acquirers, the party that increasingly provides payment acceptance is the independent software vendor (ISV).

This makes sense for a number of reasons:

  • Software is Vertical. Today, the first IT choice more merchants make is the software they use to run their business. This makes sense. Tools that improve overall business operations have a greater impact on success than the comparatively minor differences among payment providers. Auto parts stores need inventory management. Salons need scheduling. Ice cream and coffee shops need quick order entry. Daycare providers need security controls.
  • Payments are Horizontal. Every merchant, regardless of its segment, needs to take payments. While many segments have particular requirements for payments, payment acceptance alone is a commoditized service.
  • The ISV is the First Point of Contact. Given its primary role, the ISV has moved into an excellent position to sell and profit from payment acceptance.
  • Taking a Back Seat in Selling, Payments is Infrastructure. The payments industry has multiple ways of enabling ISVs to sell payments. The ISV may use a gateway to reach multiple acquirers with the gateway itself selling value-added capabilities in areas like fraud management. The ISV may use the payfac model for fast onboarding of new merchants. The ISV may, itself, become an ISO. Multiple forms of business relationship all provide some measure of revenue sharing with the ISV.

Differentiation in Payments Via New Paths

Differentiation based on value-added services drive revenue in payments. For that reason, we have seen non-bank acquirers and ISOs focus on particular vertical market segments to drive and secure long term revenues. A decade and more ago, Heartland Payment Systems (acquired by Global Payments) doubled down on the restaurant vertical by developing special services for restaurant operators as well as acquiring restaurant-focused ISVs. That lesson has been learned by many since.

Over the last few years, differentiation has also stemmed from how well the payments provider serves the ISV and its developers. Integration of payment services both into the ISVs code and within the provider’s own code base is important. A single API that exposes all of a provider’s services is preferable to integration work requiring knowledge of an API tied to each function. Micro-services based capability is also welcome.

Payment Facilitation as Enabler

While not, in and of itself, a new approach, the payment facilitation model is a major enabler of payment service delivery via ISVs. The payfac model is based on network rules that allows an intermediary to act as the merchant of record in order to provide payment system access to smaller merchants. PayPal did this first for ecommerce merchants. Stripe is another card not present example. Square used the payfac model to offer sellers in the physical world access to card acceptance.

ISVs who become payfacs assume responsibility for the activity of their small merchant customers. So, choosing to become a payfac has its complexities and risks. A number of providers, including Finix, bring expertise in the payments facilitation model to help ISVs make that decision.

In this Payments on Fire®, take a listen to Glenbrook’s Nicole Pinto, Drew Edmond, and Finix CEO and founder Richie Serna as they discuss the payfac phenomenon and the larger shift to the ISV as payments provider. This is a cool conversation about a sea change event in the merchant services industry. 

Nov 08 2019

28mins

Play

Episode 105 - The Independent Gateway's Enabling Role - Nick Starai, NMI

Podcast cover
Read more

Take a listen as George and Nick Starai, Chief Strategy Officer of NMI discuss the role of the independent payments gateway and its evolution as a technology and business enabler for today’s providers of payment acceptance: ISOs, ISVs, and merchants.

A key technology and business partner for merchants and the first-line providers of payment services (think ISVs and ISOs) is the payment gateway.

At their simplest, gateways provide a single interface to their users that, once built, lets the party using it switch between acquirers with relative ease in order to get better performance, service levels, and/or pricing.

For independent software vendors (ISVs) selling line of business software this flexibility allows their customers to choose their acquirer of choice from the range of acquirers supported by the gateway. Many such relationships are in place long before the ISV relationship is established. ISVs can’t insist that their potential customers change acquiring banks in order to use their software. That’s one use case for a gateway.

Another is the Independent Sales Organizations (ISOs) that also realizes the necessity of using gateway technology in order to reach their increasingly demanding merchant customers. Placing stand-beside payment terminals next to a cash register is no longer nearly enough. Integration of payments into the overall business process of even a smaller merchant is now table stakes. Gateways can help make integration of more advanced capabilities happen.

Independence Means Acquirer Neutrality Many formerly independent gateways have been acquired by processors. What processor wouldn’t want to move all the transactions managed by the gateway onto its own systems? It’s all about volume, after all.

But for independent software vendors, independent sales organizations selling to ISVs and merchants, and for many merchants themselves, an important virtue of the gateway function is its processor and acquirer independence.

Value-added Services Gateway operators generally charge flat fees for each transaction handled so they have every incentive to expand the volume of transactions they manage as well as to provide value-added services that increase revenue on each transaction handled.

To increase volume, gateways make it as easy as possible for a customer to integrate to the gateway. They make their APIs simple and robust so it’s easy to add new services. The gateway provider builds software developer kits (SDK) to support in-app payments and makes sure their code runs on every important operating system.

Gateways often specialize on a particular payment domain such as large ecommerce merchants or in-store systems. Others offer a broader set of services. NMI, the subject of this Payments on Fire® podcast, supports both EMV terminals and the card not present environment.

Payment Facilitation The payment facilitation business model has broadened card payment acceptance to the wide base of small merchants who would otherwise not qualify for a traditional merchant account.

The greatest impact of this payfac model is how it streamlines the onboarding process. Instead of the days-long underwriting process traditionally needed, sellers working through a payment facilitator (PayPal, Square, and Stripe all employ that model) can start to take payments within minutes of creating an account.

Because of that swift onboarding, the payment facilitation model reduces sales friction for ISVs. Their customers can install the ISVs line of business software and start taking payments at the same time.

For the ISV, there’s also the opportunity to earn revenue from their customer’s payment transaction flow. We’ve seen multiple merchant companies selling software services earn substantial revenue from the payments side of their business. NMI provides essential infrastructure services for the payfac business model including onboarding, sub-merchant account creation, KYC, and other reporting services.

The NMI Story Nick relates NMI’s growth and service expansion. It’s a cool story that speaks to the industry’s evolution as well as the company’s own growth. By the end of the podcast, you’ll understand how enabling technology and new business models have shifted, yet again, the payments ecosystem. The gateway and payment facilitation services offered by NMI help move ISVs and tech-forward ISOs into a first position over traditional providers of merchant services.

Oct 25 2019

43mins

Play

Episode 104 - The Complex World of Healthcare Payments - Ian Drysdale, Zelis Payments

Podcast cover
Read more

Take a listen to Ian Drysdale of Zelis Payments and George as they discuss how complex the payments process is in the healthcare industry. 

Near the peak of payments complexity and specificity is the healthcare industry. If you’ve ever looked at an explanation of benefits letter from a healthcare insurer, you’ve had a glimpse into the complexity of these payments. Multiple parties are paid a lot of money, before you may be required to ante up a co-payment yourself.

Regulation, compliance, the huge range of services delivered, and the scale of the healthcare ecosystem—from giant healthcare insurers to the local dentist—make healthcare payments a challenging, and attractive, market to serve. It is an enormous business-to-business market. Americans spent $3.5T, over $10K per person, in 2017. We spend something like 1 in 6 of our dollars on healthcare.

Simply getting the payment to the right party is complicated. Consider the imaging clinic that operates within a big regional hospital. It has its own back accounts, its own P&L, its own accounts receivable. Getting payments routed into the right account isn’t easy.

Checks still dominate in this industry because the development and maintenance of databases to track bank accounts is a major headache for a payer like an insurance company. Dropping a check in the mail, along with invoice information, at least communicates what’s necessary despite slow speed and high cost.

That’s where Zelis Payments and Ian Drysdale, its president and guest on this Payments on Fire® podcast, come in. Zelis Payments specializes in shifting healthcare payments from check rails to ACH rails. Using the service, providers get paid within a two or three days instead of two weeks. That speed has a huge impact on cash flow, a business metric of particular importance to smaller providers.

Zelis Payments also enables an EDI message format that communicates what’s being paid for in a manner consumable by the accounts receivable software in almost every healthcare provider’s office. Matching up the ACH deposit to what it covers is automated. While neither ACH or EDI are considered modern technologies, pairing them tightly produces real efficiencies.

Another area of complexity Ian discusses is healthcare fraud. Unfortunately, no small number of providers enter fraudulent claims into the system. They add up to huge numbers.

Zelis Payments adds value specific to the healthcare industry around the general functionality of EDI and ACH rails. If you’re a dentist getting paid 10 days faster than before, that added value is a very good thing.

Oct 18 2019

31mins

Play

Episode 103 - Mining the Dark Web for Early Detection of Fraud - Aamna Zia and David Hetu, Flare Systems

Podcast cover
Read more

Need an early warning system for what payment system hackers are about to do? Then knowing what’s happening on the dark net is imperative.

In this episode of Payments on Fire®, George speaks with Aamna Zia, VP of Finance and Growth at Flare Systems, and David Hetu, its Chief Science Officer. Based in Montreal, Flare Systems operates a dark net monitoring system that brings intelligence to the InfoSec and fraud management teams at banks.

The dark net is a mysterious place for most of us. It exists on something called Tor, an internet overlay that is designed for anonymity. Using a purpose-built browser, users can access websites, chat rooms, and the like, similar services to those we use on the open internet. The anonymity feature makes performance slow but it also works.

And that’s why it is the hub that marketers of stolen card numbers, user IDs and passwords, personally identifiable information, and hacking tools use to buy and sell. It’s this activity and the discussions around it that Flare Systems monitors and reports on.

Among the findings of Flare’s analytics is the fact that the vast majority of card data sellers probably have to live with their parents to get by. There’s not a lot of money in that particularly tired approach.

Obviously, there’s plenty of money to be made in payment fraud, though. Account takeover (ATO) fraud is growing quickly as recent losses on the UK’s Faster Payments system demonstrate. Synthetic identity fraud is fueled by the kind of data sold on the dark web.

Take a listen as Aamna Zia and David Hetu as they describe how Flare Systems works and what the hackers are up too. Then, if you’re on a bank’s infosec or security team, try to get some sleep.

Oct 03 2019

44mins

Play

Episode 102 - nexo standards Attacks Point of Sale Complexity - Jacques Soussana, General Secretary

Podcast cover
Read more

Listen to George and Jacques Soussana, General Secretary, of nexo Standards, an organization based in Europe with global goals to establish interoperability of hardware, software, and data across the point of sale and e-commerce domains.

Interoperability in a Complex Ecosystem

The payments industry is in a period of especially swift change. New methods of payment, new payment systems, new ways to initiate a purchase.

Innovation can be wonderful, improving convenience, speed, and reliability. But there is a downsides to all of this creativity: Interoperability. Connecting disparate systems is technically challenging and faces business questions such as “what's the ROI on connecting to yet another system?”

Today interoperability may be difficult or impossible by design. Payment methods stood up by individual companies often remain closed or must rely on other payment systems to actually move transactions.

In what is an increasingly integrated world with payments as an embedded experience, interoperability challenges show up both at the physical point of sale and online. Acquirers often use proprietary adaptations of standard protocols to “enhance” their capabilities and, to a degree, erect competitive barriers. The software used to connect point of sale terminals processed by one vendor must be changed when those same POS devices are connected to another provider.

Further complicating the merchant challenge is the merchant-facing software that connects to those terminals. That software connects to each brand of payment terminal in a proprietary fashion. While gateway providers simplify the payment interface for these independent software vendors (ISVs), each gateway provider has its own approach.

For merchants, then, there’s no such thing as “plug and play” software to connect to terminals or to connect those terminals to payment networks.

This complexity was bad enough when card rails were the only payment method of consequence. Today, however, domestic and regional payment methods are changing, adding account-to-account push payment systems like the U.S Real Time Payment Network from The Clearing House or the European SEPA Instant Credit system.

In other words, there are new payment rails, the systems that actually move money, that matter.

So, this complexity problem must overcome and that is the goal of nexo Standards, the organization Jacques represents and the topic of today's Payments on Fire® discussion.

Getting stakeholders to work on the common goal of interoperability is no easy task. Most often, participants come from competitive companies. Most of these organizations are large because, first, they have to be large to afford the investment in participation, and, second, they have to be large to realize the financial benefits of actual implementation.

This is known as the “Herding Cats Problem” and they aren’t kitty cats.

nexo Standards, and its prior incarnations, has been working on point of sale standards for over a decade. The nexo FAST standard that addresses the physical point of sale, EMV, and how to connect within the SEPA framework is nearly 1,000 pages long. And there are multiple nexo specifications including the Retailer protocol that describes the interfaces between a card payment application and a retail point of sale system

Other nexo standards address security, terminal management, the acquirer connection, and implementation.

So, a complex technical and business environment with nexo Standards bringing a comprehensive set of specifications to address it.

nexo Standards Annual Conference (attendance is free, in London)

Sep 21 2019

38mins

Play

Episode 101 - The U.S. Faster Payments Council - Kim Ford

Podcast cover
Read more

A  Better Way, Please

Last week I tried to connect my accounts at two different banks. Between account type mismatches (my bad), long account numbers, ACH micro-deposits, and balky websites, well, I’ll confess I put a check in the mail as a “quicker” way of overcoming the electronic barriers. Snail mail. Really?

That situation, and many more where speed matters, is exactly why the world is turning to faster payment systems that allow the accountholder to push money from an account she controls to a recipient in near real-time. To eliminate entry, and sharing, of bank routing and recipient account numbers, today’s faster payments systems are often enhanced by a directory that maps the recipient’s name to a mobile number or email address. The director connects those to the underlying bank account.

This is great stuff, especially for the United States where so many push payment methods exist based on closed loop or incumbent payment rails. The U.S. now has providers like Venmo using balance transfers and card rails (Visa Direct, Mastercard Send) to make realtime P2P transfers workable. NACHA has sped up the automated clearinghouse (ACH) system to run batches a few times a day to accomplish its Same Day ACH service.

We have Zelle, the P2P service stood up by Early Warning Services,  that combines a directory with immediate funds transfer availability for the recipient and interbank settlement running over, yet again, an incumbent payment system, in this case the ACH.

Every one of these approaches has merit and traction.

New Rails, New Rules

That said, the new realtime systems are growing here too. Built with modern software and messaging protocols, they promise to change how both end-user settlement and inter-bank settlement is accomplished.

The first on the scene was the Real Time Payment (RTP) network from The Clearing House (TCH). Launched in 2017, the largest financial institutions and bank processors are integrating their core systems—the software that manages accountholder balances and transaction activity—to the RTP Network.

And this summer, the Federal Reserve announced it will build and operate its own faster payments system called FedNow. Like TCH, the Fed has operated multiple payment systems and been the preferred operator for the nation’s smaller financial institutions.

New Complexities

Competitive pressures, market guidance, and regulation are what move the U.S. economy. The Federal Reserve provided plenty of guidance to encourage development and deployment of faster payment systems. THC’s RTP Network was among the first to respond.

These new rails are a result of a multi-year effort by the Federal Reserve to shepherd the highly competitive U.S. payments industry toward the development of these faster payment systems. The RTP Network and FedNow are proof of its success and that of the Faster Payments Task Force, the group convened by the Fed to define the characteristics of the new approaches. 

But there’s still a lot of work to do. Questions of governance, implementation, and more abound. Interoperability concerns are especially high. These are, after all, competitive systems.

The New Organizing Principle - The US Faster Payments Council

To keep the evolution of the U.S. faster payments moving forward, the US Faster Payments Council was formed. Many Task Force members have joined as members of the Council.

The Council serves as an industry-led organization that supports collaboration across multiple areas including security, end user education, and interoperability.

In other words, the Council will be herding some very big cats.

The U.S. Faster Payments Barometer

To support its education and collaboration efforts, the US Faster Payments Council is conducting a survey of industry views on faster payments advancements. A multi-year survey, to monitor the momentum and evolution of Faster Payments here in the U.S. market.

The survey is designed to identify key criteria for market adoption, broadly gauge momentum for various use case applications, and seek to address challenges to be solved in order to have a well-established Faster Payments ecosystem.

Take the Survey

Talking Faster Payments

In this Payments on Fire® episode, Faster Payments Council Executive Director Kim Ford discusses the Council’s work, the U.S. Faster Payments Barometer survey, and where we are today with Glenbrook’s Beth Horowitz Steel and Elizabeth McQuerry. Take a listen and take the survey. You’ll contribute to the Council’s education, planning, and prioritization work.

Sep 16 2019

28mins

Play

Episode 100 - Strong Customer Authentication - Russ Jones, Glenbrook Partners

Podcast cover
Read more

For a nanosecond, about seven years ago, I thought the payments industry was entering a steady state where change, while sure to be accelerated by technology, was going to settle down to the familiar sedate pace the payments industry had taken for decades.

Hah! Payment industry evolution has leapt forward since then based on, yes, technology, but also new rules, regulations, business models, and changes in attitude toward how money moves, security, and privacy.

One major trend I didn’t anticipate then was the global phenomenon of faster payments, now in active implementation or operation in some 40 countries around the world. Another, of course, is cryptocurrencies but I’ll leave that one alone for now.

The emergence of faster payments is a function of new technology with new transaction switching infrastructure and (mostly) a common messaging standard in the form of ISO 20022. But it’s also a function of rules and market response.

Even in the United States, a nation whose payment strategy is largely set by competitive forces, the central bank has had significant influence in launching new settlement capability. (And now, the Fed is planning to build its own version).

Europe and India are standouts when it comes to government guidance and strategy setting for banking and payment systems.

The European Union’s active role in evolving payments policy is recently expressed in the second Payment Services Directive (PSD2).

PSD2 has chosen to address one of the most vexing digital security challenges: strong customer authentication or SCA. Article 4(30) of the directive defines SCA as:

“an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data”

For anyone familiar with authentication requirements, this is hardly a novel approach. That said, as far as the payments ecosystem goes, however, this is a sea change.

This is also a necessary change. Faster payment systems, where the sender pushes the payment to the recipient, make the sender’s bank responsible for authenticating its accountholders. The accountholder has to prove to her bank that she has the right to access her own account and to initiate a payment.

Unfortunately, phishing and malware are attacks that make account takeover easier than ever. There’s been an uptick in authorized push payment fraud in the UK due to ATO.

Therefore, enforcement of multi-factor authentication is seen as a necessary response.

Point of sale transactions already meet the SCA requirement. The card is something you have; The PIN is something you know. That’s enough to meet the SCA requirement. Oh, right, in the US, we don’t put PINs on credit cards. They do in Europe. We’re going to need biometrics in the US (something you are).

PDS2’s SCA mandate requires that multi-factor authentication be used whenever a user logs into her bank account or makes an e-commerce payment. Whenever payment risk is a possibility, SCA has to be used (there are plenty of exemptions but that doesn’t change the point).

Every stakeholder—every bank, every e-commerce site—must comply by doing something they have not done before.

That means a lot of work.

In this Payments on Fire® episode (Episode 100!), I speak with Russ Jones, Glenbrook’s partner in charge of our Education work and a preeminently insightful payments consultant. Russ takes us through SCA, its relationship to other standards, and the impact of its now somewhat delayed implementation.

Russ concludes the conversation with the rather chilling observation that history is about to repeat itself. The US will experience in the digital arena what the US experienced at the physical point of sale.

When EMV chip cards were mandated in Europe, card fraud at the POS and the ATM migrated to the US. Reliant on the static data of the mag stripe, the US became a global magnet for magstripe card fraud.

Once SCA becomes broadly implemented in the EU, in 2021 and beyond, online fraudsters will redouble their already considerable attacks on US financial institutions, tech providers, and merchants. While security tools are more common than ever—FIDO capable smartphones are one example—the US lacks a single entity to mandate and enforce multi-factor authentication in payments.

Scared yet?

Aug 20 2019

26mins

Play

Episode 99 - Reducing Chargeback Handling Pain - Rick Lynch, Verifi

Podcast cover
Read more

One of the privileges of using a card to make a payment is the ability to dispute that charge should something go wrong. Maybe you ordered one garden rake but got charged for two. Perhaps you ordered a sweater and, as my colleague Allen Weinberg puts it, “got shipped a box of rocks.” Or you discover a charge that you didn’t make on your card account and believe it’s fraudulent.

In all those cases, the dispute process involves a chargeback.

The cardholder disputes the charge, the issuer credits the customer for the amount of that charge if it’s an obvious mistake or fraud, and, depending upon the chain of liability rules and the type of transaction, one party—the issuer, the acquirer, or the merchant—will have to bear the cost of the chargeback.

For merchants, just getting a chargeback message is a cost in the form of a fee paid to its acquirer. How does $5 and (way) up sound? Chargebacks, as a payments cost, are no financial joke.

The card system also views the chargeback rate—the percentage of transactions that result in a chargeback—as a leading indicator of poor merchant behavior. Once a merchant’s chargeback rate approaches one percent of its transactions, the merchant’s acquirer or PSP is going to put it on notice. If the merchant doesn’t lower that rate pronto the merchant could lose the ability to accept card payments.

The chargeback process is also a cost to issuers who are generally the party first called by the unhappy customer (issuers will often ask the customer if she or he has called the merchant, too).

In other words, chargebacks are a result of something going wrong and they can be a costly hassle for everyone because, for many stakeholders, chargeback handling is still dealt with manually.

In this Episode 99 of Payments on Fire® we talk with Rick Lynch, VP of Business Development from Verifi, about the impact of chargebacks on merchants and issuers. He updates us on rule changes by Visa and Mastercard. And he addresses the process and techniques needed to handle these post-authorization events.

While only mentioned in passing during the episode, Verifi is being acquired by Visa, in another example of expansion by card network operators into adjacent payment ecosystem roles.

Aug 08 2019

31mins

Play

Episode 98 - Google Pay Deep Dive with Google's Steve Klebe

Podcast cover
Read more

The global spread of digital payments gets a huge boost from giants like Google. Google’s Google Pay is far more than just a wallet, and the subject of this Payments on Fire® episode with Steve Klebe.

Steve heads Google’s Processor and Partnerships business and has terrific experience in our industry, working with payment gateway CyberSource, payment security firm RSA, and carrier billing firm BilltoMobile. He’s also served multiple times on the board of the Electronic Transaction Association.

In other words, a true payments geek.

Here’s what we talked about:

  • The evolution of Google Pay from its 2011 launch as Google Wallet and the various incarnations since then
  • Google’s business model for GPay and the degree to which the data generated by GPay transactions influence (or not) the advertisements we see on sites using Google’s advertising services
  • Transit payments, Google’s role in the W3C’s Payment Request API, and how Google pulls it into its own tools
  • The Google Pay value proposition and how it combines the value of hundreds of millions of cards on file, their organic growth through Chrome’s auto-fill, Google’s own sales, and making those credentials available to third parties via Google Pay
  • The new Google Pay APIs that focus more on convenience than payments: event ticketing, airline boarding passes, and more
  • Google Pay India, renamed from Tez, and its role in the UPI framework that enables secure bank-to-bank transactions.

We conclude with thoughts on the Open Banking phenomenon and Google’s intentions in that area.

Jul 17 2019

46mins

Play

Episode 97 - Data Breach Prevention, Investigation, and Remediation - Chris Uriarte, AON Cyber Solutions

Podcast cover
Read more

Here on Payments on Fire® we've spoken a lot with risk and fraud management firms that generally offer some combination of services and technologies that promises to lower customer exposure to payments fraud, data theft, and operational risk.

There’s another dimension to cyber security that’s based on expertise - before and after a data breach. That's the subject of this episode.

First, a company needs to understand its overall exposure. What do we have and what can we afford to lose? That takes a technical assessment of the firm’s internal and external defenses. It also takes an understanding of what the company has to lose, from reputation-based good will to loss of R&D investment through the theft of intellectual property. Such concerns are now top of mind for corporate directors tasked with shepherding their companies in the complex cyber domain.

Yes, there’s a role for insurance.

Post breach, there is the work of uncovering what happened, the maintenance of evidence so that proper forensic procedures can be taken, and the painful resolution process that may include fines (PCI) and litigation.

All of this is well understood territory for Chris Uriarte, Chief Information Officer at Aon Cyber Solutions who joins George in this episode.

Topics discussed include:

  • The kind of activities and efforts needed to address today’s cyber risk
  • How IoT threats are no longer confined to cheap surveillance cameras
  • The sophistication of the cyber criminal industry
  • The interlocking roles of threat analysis, risks assessment, and insurance
  • The rise of ransomware and the particular exposure larger organizations face from this threat

Jul 10 2019

36mins

Play

Episode 96 - Enterprise Risk, No Time to Relax - Tricia Phillips, Kount

Podcast cover
Read more

The task of risk management in the payments business keeps getting bigger. Where once the concern was confined to payments alone - starting with counterfeit checks and currency - payment electronification has created a universe of potential risks. Risk now includes fraudulent cards, system and network hacks, data breaches, and account takeover with all the havoc that can produce.

And we’re seeing how these impact the reputation and value of businesses even when the hack has nothing to do with payments. (By the way, bogus checks and counterfeit twenties are *still* a problem.)

We’ve touched on this topic in multiple ways on Payments on Fire®. We’ve spoken with Ethoca about its data sharing capabilities. We’ve spoken with Feedzai about its AI and machine learning technology. We’ve spoken with White Pages Pro and its data correlation capabilities. And we’ve spoken to companies deeply involved in the problem of online identity.

Each of those has a particular approach, a particular technology, or a combination of approaches, to apply to the problem of e-commerce or CNP fraud.

In this podcast, we talk to Tricia Phillips, SVP of Product and Strategy, at the fraud and risk management firm Kount. Protecting some 6,500 e-commerce merchants, banks, and payment platforms, Kount takes a deeply layered approach to the risk and fraud management.

This deep dive discussion takes us into not only Kount’s approach but into what fraudsters are doing today and the damage they can do, even to non-payments companies like Yelp. It’s a scary scene. Tricia takes us through it with insight and experience.

If Risk in Payments is a topic of interest, check out our upcoming Insight Workshop by the same name. Led by Russ Jones and Yvette Bohanan, you won’t find a more knowledgeable team to guide you through what is, as I hope we’ve demonstrated, one very complex topic.

Jun 12 2019

44mins

Play

Episode 95 - Hiding Data Jewels in the Tokenization Vault - Alex Pezold, CEO, Tokenex

Podcast cover
Read more

One of the biggest payments challenges for merchants is how to handle payment data - whether it’s at the POS or in the remote domain where e-commerce and mobile payments take place. A lot of this concern is driven directly by PCI DSS compliance and broadly by the reputational risk data breach represents.

One of the major techniques merchants employ, in order to remove the need to store payment data, is tokenization - the replacement of the high value card data with a low value representation managed by another party. Merchants just store the token for lookup purposes while the third party maintains the database that links these low value tokens to the true primary account number or PAN.

At Glenbrook, we refer to these as merchant tokens because they are specific to and paid for by the merchant. We’ve also heard them referred to as acquirer tokens because the tokenization function is often performed by the merchant’s acquirer, processor, gateway, or payment service provider.

Makes sense, right? Put the radioactive payment card data into another party’s hands.

But for large and mid-size merchants, the provision of tokenization services to an acquirer has a few downsides:

  1. The token database maintained by the provider is specific to the merchant. If the merchant wants to shift to another provider, tokenization portability can be an issue and a costly one.
  2. In our merchant work, we are seeing the largest ones looking at a multi-acquirer topology for cost, redundancy, and channel flexibility purposes. But each acquirer will use its own tokenization scheme, adding complexity and limiting functionality.
  3. Omnichannel merchants may employ one provider for POS transactions and another for ecommerce. That doesn’t work when you want to provide a consistent experience to your returning customer. You want a token that works across channels, i.e. an omnichannel token.

In this Payments on Fire® episode we talk with Alex Pezold, CEO of Token, an acquirer neutral, independent tokenization provider. We talk a lot about protecting payment and bank account data. But we also address the growing need for protecting other data assets and how tokenization can help accomplish that.

Jun 10 2019

42mins

Play

Episode 94 - Digital Identity and Blockchain Tech - Andre Boysen, SecureKey

Podcast cover
Read more

Digital identity is one of the most solution resistant challenges to online commerce and, indeed, our online lives. It is basic to online trust, an elusive condition undermined by data breaches, abuse of our data by service provider, and fraudsters.

That’s not say we aren’t trying. Providers of all stripes are applying their value add to the problem. Smartphone makers have a role. Fraud management providers see themselves as having a role because they see so many users visiting their merchant customers’ websites or using their apps.

Networks do, too, as evidenced by Mastercard’s recent interest in identity services.

Then there are specialists in identity who play a role between the end user and the party granting access to a service, i.e. a bank. Today’s podcast is with SecureKey, a Canadian firm that has built a system to generate online trust while not sharing too much data between the parties.

Blockchain technology has increasingly gotten the attention of those in the identity space because the idea of having an immutable database as a single source of truth for identity credentials just seems so obvious.

Well, it’s not exactly as simple as putting your drivers license on a blockchain. SecureKey has partnered with IBM to use blockchain technology in support of its function as a provider of identity services.

SecureKey’s Verified.Me service gives the user the ability to quickly identity themselves and to share only the personally identifiable information they consent to share. Customers include Canadian banks CIBC, Desjardins, RBC, Scotiabank and TD. BMO and National Bank of Canada will be available later this year.

Take a listen to this conversation with Andre Boysen, SecureKey's Chief Identity Officer, and Glenbrook’s George Peabody and imagine the power of coupling a service like this to strong authentication services that use biometrics.

Jun 06 2019

35mins

Play

Episode 93 - Fitting QR Codes into the Card System - Bastien Latge, EMVCo

Podcast cover
Read more

Ever wonder about EMVCo's role in the development and implementation of its technical specifications? Take a listen to Bastien Latge, EMVCo's director of technology and Glenbrook's George Peabody as they discuss EMVCo's EMV®* QR Code Specification for QR code-based transaction initiation in the card system. While developed card markets are shifting to contactless cards and NFC-using mobile phone wallets to kick off payments, the QR code offers a flexible, very low cost alternative. There's a lot to learn here.

Most of us are familiar with QR codes to retrieve product information from websites or print media, or perhaps when authenticating a mobile device to a web page.

In payments, many of the caffeine-reliant among us use the Starbucks app with its 2D barcode to initiate the transaction. It makes it so easy to know when we have enough gold stars to ask the barista for a drink on the house.

Some merchant apps use a QR code for the consumer to present when initiating a payment transaction that calls on card on file payment credentials. Walmart Pay for example.

In China - and really throughout Asia - providers like Alipay and WeChat Pay have been hugely successful with QR code-using payment apps.

In Japan, the proliferation of closed loop QR code-based payment tools, each encoding data differently, has created a cacophony of incompatible approaches. A new industry collaboration effort is attempting to lower the technical noise level by using a common technology provider. 

The card industry, named because of those 85.60 mm × 53.98 mm (​3 3/8 × ​2 1/8 inches) pieces of plastic we carry around, is, of course, far more than the cards it uses to initiate a transaction. Their rules and global networks are unparalleled in reach and sophistication.

But at the edge of those networks, the card format is becoming less important (think mobile wallets) and useless in those markets lacking a terminal infrastructure. To make sure card network transactions can take hold in card-less regions, the card brands put their technical specification organization to work.

In 2017, EMVCo released its EMV QR Code Specification, designed to encode and represent the card message structure in QR code format.

A major hallmark of the EMV Chip Specification in cards is the generation of dynamic data, of a cryptogram unique to that transaction, that prevents replay attacks. The EMV QR Code Specification supports such dynamic data as well as the issuer tokenization framework also codified by EMVCo. Even the payment account reference number (PAR) is accommodated here.

To accelerate use of QR code EMVCo recently built self-assessment tools for both merchant- and consumer-presented that validate the QR format. Certification to individual networks and acquirers is not supported by the EMVCo tools.

* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

May 17 2019

33mins

Play

Episode 92 - Fintech Leaders Talk Payments - Fintech South Atlanta 2019

Podcast cover
Read more

Payments on Fire® usually focuses on a single topic, typically a fintech company and the business or personal challenges it addresses. In this episode, we take another direction by bringing together three fintech leaders to talk about their company offerings, how they connect up to payments, and some of the obstacles they’ve faced.

George talks with the leadership of three companies working in very different areas: remittances, small business logistics payments, and healthcare.

  • Mike Gaburo, CEO of Brightwell Payments, a company delivering a mobile payments app to global workers for their payroll distribution, enabling card-based purchasing as well as remittance services
  • Robin Gregg, CEO of RoadSync, a business software provider that enables electronic payments to SMBs in the logistics sector; and
  • Alan Nalle Chief Strategy Officer of Patientco, a payments platform with intuitive, mobile-friendly tools for Health Systems to enable patients to pay their healthcare bills.

This conversation illustrates the breadth of payments and the focus required to solve the specific payments needs of each industry segment.

Robin, Mike, and Alan will join Glenbrook partner Beth Horowitz Steel on her panel called Innovative Solutions - Solving Difficult Payment Needs at the Fintech South conference, held April 22 and 23 in Atlanta.

Apr 12 2019

28mins

Play

Episode 91 - Contactless Magic on a Merchant Smartphone - Maxime de Nanclas, Mobeewave

Podcast cover
Read more

Five years on from Apple Pay’s release, contactless payment cards are just getting off the ground here in the US but in much of the rest of the card world, contactless payments of both kinds are common practice. In London, half of the card transactions are contactless. The same is true in Canada. While it’s true that the vast majority of these are card-based, not via mobile wallets like Apple Pay and Google Pay, even the mobile wallets are gaining momentum.

To expand contactless usage, Mobeewave has developed software tools for financial institutions to integrate into their merchant app that turn the merchant’s smartphone into a contactless acceptance device. No added hardware: software only.

We’re talking with Maxime de Nanclas, Mobeewave‘s co-CEO and co-founder. A firm based in Montreal, Mobeewave has worked to turn smartphones into general purpose contactless payment terminals.

This is cool tech and, as Maxime tells it, a great journey for the company. Take a listen as he describes what their software does, how they built it, and their experience navigating the complexities of device certification.

Apr 12 2019

42mins

Play