q1 2016
ALSO INSIDE: INSIGHTFUL HOW-TO’s:
fraud, security, mobile
VENTURE OUT!
5 innovative startups
WHAT’S GO THROUGH THE MOBILE LOOKING GLASS FOR AN EXCITING LOOK AT THE NEW YEAR
V M E U O Y ARE . E R A E W ? Y D A E R Partner with Moneris, the EMV leader Developer Ready Specs for quick and easy integration A layered approach to data security including EMV, end-to-end encryption and tokenization More experience in EMV implementation than any other payment processor in North America
Let us help you become EMV ready today! Contact our strategic partner team at 866-423-8475 or partnerships@moneris.com Visit monerisusa.com/EMV for details on EMV
TABLE OF CONTENTS
Q1 2016
Vol. 2 | No. 1
MOBILE
27 fast & free delivery: a consumer victory
5
app monetization & mobile payments in untapped regions
27 venmo back with a vengeance, targets in-app purchases
6
3 tips to maximize mobile in 2016
7
paypal adds 6.6 million users despite growing competition
28 will 2016 mark the end of the data breach era?
8
millenials disrupt shopping
SECURITY 12 navigating online fraud in 2016: 6 e-tailer essentials for the year ahead 14 how to detect fraud with less friction 13 college campuses expand the use of mobile devices beyond payments 14 biometrics with payments & security 16 understanding why financial systems are more vulnerable and what you can do 18 6 steps to mitigating corporate payments fraud
E-COMMERCE 20 entering the era of data-driven accounting 22 breaking the mold in e-commerce to improve customer experience 24 6 payment trends on the rise in 2016 26 bridging the gap of emv in 201
31 32 32 33 33
VENTURE OUT!
clip treats by clinkle shopventory openbucks cardflight
MERCHANT SOLUTIONS 34 the future of payments? it’s all about the friction baby 36 a look at the next frontier of digital payments 38 9 payment security tips for 2016 and beyond 40 zeroing in on the digital experience for shoppers
GLOBAL PAYMENTS 42 q&a with jon lear, n.a. president of earthport 43 alpha payments cloud taps into chinese e-commerce market with alipay partnership 43 hong king fintech is booming
WHAT TO EXPECT IN 2016
W
elcome to 2016! With the New Year, a new quarter arrives—as well as a new Payment Quarterly, with all the latest on what’s hot and what’s not within the payments industry.
The holiday season has come and gone, making way for the New Year, and a lot of exciting new trends for the coming months. On hand, we have some highly insightful pieces garnered by the pilots of the industry, stretching from security measures of biometric authentication, to the mastering of mobile payment, and e-commerce platforms. We have left nothing to the imagination for this round, and invite you to dive in and submerse yourself in the possibilities of tomorrow. We are stepping into a world that now not only requests mobile retail payment options, but shall soon demand it. We greet a new age in which security in regard to card-present, and card-not-present transactions is being vastly improved—in demand of impenetrability. E-commerce will be taking a giant leap forward this year as well, with brickand-mortar retail locations looking to update their MPOS platforms in hopes to compete. It is all about convenience in this new world of payments, and those who abide by that golden rule will prosper, and those who do not or can not, will surely find themselves in the realm of obscurity. We have a few returning contributors, as well as some newcomers this time around, and all have something valuable to reveal about the in’s and out’s of the industry. With so much in store for 2016, Payment Quarterly is your own personal what’s what, and who’s who for the New Year of Payments. We hope you enjoy what we have in store for Q1!
Mike Dautner
Editor-in-Chief
4
Payment Quarterly | Q1 2016
Felix Shipkevich FOUNDER fshipkevich@lamilmedia.com
Mike Dautner EDITOR-IN-CHIEF mdautner@lamilmedia.com
Michael Millington ASSISTANT EDITOR mmillington@lamilmedia.com
Jason Mongiello DIRECTOR OF MARKETING jmongiello@lamilmedia.com
Erik Ramirez GRAPHIC DESIGNER eramirez@lamilmedia.com
CONTRIBUTING WRITERS Kostas Kastanis Shirra Frost Rodney Mason Bill Zielke Ryan Wilk Jason Chaikin Carl Wright Marlene Lenarduzzi Omar Qari Andy Barker Etie Hertz
Matthew Katz Ruston Miles Healey Cypher Hope Nieman Paul Bridgewater Dax Dasilva Jon Lear Michael Cheng Steven Anderson Melanie Mecinas
APP MONETIZATION & MOBILE PAYMENTS IN UNTAPPED REGIONS
I
n 2015, mobile and tech focused more on growth regions than ever before. With Facebook’s Internet.org push last year, many tech companies followed suit, including Apple and Netflix, offering subscription services in growth regions for their applications that have found great success in western markets. However, just as western consumers have specific wants and needs for their mobile services, so do consumers in these untapped regions. In 2016, as major tech companies with important mobile offerings focus on app monetization in emerging markets, their focus must be on localizing payment options to best fit the financial habits of these consumers. Let’s explore further: CARRIER BILLING & ALTERNATIVE METHODS Appropriate billing methods for emerging markets present a huge obstacle to app monetization in emerging markets. Unlike western markets, markets such as Latin America and Brazil are not accustomed to the same type of payment methods. Reports show that in regions like India, as much as 98% of the populations lacks credit cards and bank accounts. With credit cards and bank account linking as the main methods of payment with most app stores, there is a huge gap in terms of mobile payments in emerging markets. Mobile content providers should consider offering a carrier billing option to ensure all emerging market consumers can pay. Apple has recently taken a step in this direction by introducing carrier billing for iTunes, starting in Germany. Traditionally, iTunes has only accepted payment through debit and credit cards. Adding carrier billing in Germany, which will allow users whose network operator is O2, the choice to bill directly through their carrier. As other carriers
begin to partner with mobile app providers to offer carrier billing, they will find greater success in emerging markets that do not have easy access to credit and debit cards, or even bank accounts. Localizing payment methods to meet the needs of consumers in these is therefore a huge step that companies providing mobile services must take in 2016 if they are to make a realistic play at capturing consumer attention. TIERED & ADJUSTED PRICING It’s not only billing methods that need to be taken into consideration when mobile apps are attempting to make headway in emerging markets. Companies must also consider adjusting pricing. Apple Music has done this successfully. In the U.S., Apple Music is 10 dollars a month. However, Apple has adjusted for global growth regions that were not without the need for content. In India, consumers can access Apple Music at just two dollars a month. Brazil, Indonesia and Thailand customers pay just five dollars a month and in Hong Kong the service is topped at 6 dollars. Adjusting their pricing based on the individual markets has helped the company find success with consumers in each market. This is an option that works for apps that do not offer subscription content as well, as they may just consider lowering their pricing depending on each market. Tiered pricing is also an option that tech companies attempting to provide mobile content in growth regions must note. Some applications may offer basic services at a lower rate, or even for free, then offer premium services at a higher cost. Traditionally, Netflix has been good at this type of adjustment. Their streaming services alone are offered at a lower rate; however a full membership that includes DVD rentals is more expensive. This same type of tiered pricing based on required
By: Kostas Kastanis Head of Strategy Upstream
services can be successful in emerging markets, because it allows consumers to pay for only the content that they’re looking for. PAYMENT FREQUENCIES One other issue that mobile network providers must consider when turning toward emerging markets is payment frequencies. In western markets, most services, especially those that are subscription based, fall into a monthly payment pattern. This works well for western markets, as most consumers are paid on a bi-weekly or bi-monthly basis. The same doesn’t necessarily hold true across the globe, in emerging markets.. Some are paid on a weekly or even day-to-day timeframe, and therefore need a more flexible payment schedule to fit into their earning and spending schedule. Ultimately, mobile offering should be flexible to specific consumers no matter their location. As tiered pricing allows consumers to pick plans that best work for them, in terms of the amount of content they want and they amount of money they would like to spend, flexible payment frequencies allows consumers to choose an option that best fits their lifestyle. It’s said time and time again that localized content is key to finding success in terms of mobile apps in emerging markets. However, in order for tech giants like Facebook and Apple to truly be successful as they turn their sights towards India, Africa and other emerging markets, they must consider localizing all things related to payment as well. Focusing on payment frequencies that best meet consumers needs, adjusted pricing models that allow for flexibility and alternative payment methods that steer away from the unused credit and debit card systems, mobile content providers will find success.
Payment Quarterly | Q1 2016
5
MOBILE
3
TIPS TO MAXIMIZE MOBILE IN 2016 By: Shirra Frost
Director Digital Banking Marketing Fiserv
W
ith the start of the new year, financial institutions may be making their own resolutions to better engage current customers and attract new ones. As mobile technology has become an integral part of people’s lives, it has become a primary channel for engagement. Dedicating resources to the mobile channel will allow financial institutions to provide a better customer experience for their existing customers as well as attract new customers who look to the mobile channel to provide all their banking services. DRIVE ADOPTION OF THE MOBILE CHANNEL The mobile channel is now mainstream, with some financial institutions reporting more consumer interactions via the mobile channel than any other. Fiserv analysis shows
6
Payment Quarterly | Q1 2016
that a mobile adoption rate of 40 percent or more of the online banking user base is a realistic goal for most financial institutions, yet this level of adoption doesn’t happen by itself. By better understanding how mobile banking product attributes impact adoption, financial institutions can develop actionable strategies to drive adoption and increase the return on investment. The ability to add and retain mobile bankers can help drive a financial institution’s growth and profitability. Research has shown that those that bank via mobile are among a financial institution’s most valuable consumers. They use a platform with lower service costs and have a greater propensity to sign up for additional services. The right mobile banking features are critical for achieving the highest levels of channel adoption. Consumers who perceive that mobile banking aligns with their lifestyle are more likely to use the service. Investing in nextgeneration mobile banking products is vital to this initiative. For example, financial institutions that offer mobile deposit see 60 percent more logins and transactions per month per user than financial institutions without the feature. A tailored tablet banking experience can also boost enrollment and activity.
P2P payment and instant balance features also speak to consumer lifestyle preferences. P2P payments are convenient for paying rent, splitting bills or exchanging money among family and friends. Instant balance makes the most common mobile banking activity, checking balances, as easy as swiping a smartphone screen. EMBRACE MOBILE PAYMENTS AS A MEANS OF CUSTOMER RETENTION Financial institutions that push forward with their mobile payment strategies today can establish themselves as the preferred provider of mobile payments and reap the rewards of higher customer retention and compelling returns on investment. In doing so, financial institutions will be better able to compete with the evergrowing number of non-traditional players–and will better position their organizations to win mobile proximity payments as those services become standardized and more commercially viable in the near future. In order to capitalize on consumer preference to execute mobile payments through financial institutions, it’s important for banks and credit unions to deploy, brand and promote current offerings. For example, financial institutions should work to be top of wallet by ensuring that their cards meet the requirements to be used through third-party mobile wallets and making it convenient for consumers to add their cards. When a financial institution establishes their card as the consumers’ card of choice for mobile wallets and apps, they keep the financial institution brand visible to customers and retain a revenue stream from the interchange. Additionally, retaining customers by rewarding them with loyalty programs not only strengthens relationships but also helps ensure the financial institution remains part of the payment. Mobile-driven loyalty programs drive consumer adoption of mobile payments – and influence future choices in mobile payment apps. Capabilities such as mobile alert services, card management and payment-related functionality such as mobile photo bill pay create more value around mobile payments and position financial institutions to
encourage mobile payments at the point of sale. By focusing now on delivering solutions for the way customers are already using mobile payments, financial institutions can benefit from increased transactions and greater customer loyalty while creating the potential to attract new customers as mobile payments become more widespread. PLAN FOR WEARABLES As wearable devices enter the mainstream, they are impacting the dayto-day habits of consumers and bringing potentially significant long-term implications for financial services. More than 80 percent of today’s wearables are worn on the wrist, meaning they are easily accessible and prominently visible to users, traits that make these devices well suited for the delivery of banking information and alerts, as well as conducting transactions. Financial institutions should be mindful of wearables’ potential to influence and drive mobile payment adoption. Not only do they provide users with an additional device through which they can make mobile payments,
they can also enhance convenience and help address security concerns. Paying via wearables, while just as easy as swiping or inserting a credit card, can provide added value as a more secure payment alternative. Tethering a wearable to a smartphone or using geolocation capabilities can ensure the wearable device from which a payment is being made is in the same location as the owner’s mobile phone. If both are present, then it is less likely that the device from which the payment is being initiated is stolen. While most discussion around mobile payment in the industry is focused on payments at the point of sale, wearables could drive mobile payments of all kinds due to the compact nature of the devices and ability to deliver quick, simple messages. Alerts that notify users that their balance is low or a bill is due often spur transactions, presenting the opportunity to motivate a wider variety of mobile payments. Wearable devices present a new opportunity for financial institutions to connect with their customers and enable them to easily conduct important financial transactions during their day-to-day life, while reinforcing
the financial institution brand. While it does not make sense for most financial institutions to develop apps specifically for wearables today, banks and credit unions should be considering ways to extend existing mobile capabilities to these devices as part of an overall mobile banking and payments strategy. This could include offering alerts and making sure that your card is top of wallet inside apps that are used to make purchases at the point of sale, as discussed earlier in this article. Dedicating resources to these three areas – increasing mobile adoption, mobile payments offerings and leveraging wearables, will allow financial institutions to provide a better customer experience for their existing customers as well as attract new customers in 2016.
PayPal Adds 6.6 Million Users Despite Growing Competition
D
uring their recent corporate earnings call, PayPal’s Chief Executive Officer Dan Schulman sounded happy when he announced that his company has managed to gain an additional 6.6 million new users in the fourth quarter of 2015. Currently, PayPal has around 173 million registered accounts. While PayPal is traditionally known to have a strong presence in the web based payments, Mr. Schulman mentioned that the momentum observed at the end of the year in user signup is driven mostly by shoppers who are increasing focus on mobile instead of the desktop. Especially, the introduction of One
Touch service that enables users to login from their mobile phones once, then allows them to make a transaction, which drew the attention of the users. Analysts said that compared to Q4 2014, this single feature helped PayPal to increase their mobile payment volume by 45%, to $20 billion. Last quarter, PayPal’s average quarterly user signup numbers were around 4 million and industry experts were not sure if this surge could be sustained. However, the latest report would prove that PayPal is turning the table as an independent company after being spun off from eBay last year. Commenting on the latest signup trend, Mr. Schulman said that “while
By Michael Cheng
many others are attempting to play in this space, PayPal continues to gain market share.” He was of course indicating a number of companies trying to gain traction in the payment business, including, Apple and Samsung, two of the major mobile device manufacturers. “It’s becoming increasingly evident that payments is a hard business to crack,” he boasted. While newcomers in the payment industry have been focusing on the consumer side of the business, PayPal has focused on offering quality features and services to both merchants and consumers, said Mr. Schulman. He said that PayPal offers a “comprehensive” range of service to create value for both groups of users.
Payment Quarterly | Q1 2016
7
MOBILE
S
By: Rodney Mason GVP of Marketing Blackhawk Engagement Solutions
8
Payment Quarterly | Q1 2016
ince Millennials’ on-the-cusp habits start trends, we all study the way Millennials shop. In two recent national studies,* we asked Milliennials how they discover, filter and shop, and we learned how profoundly their influence is disrupting shopping patterns. And shop they do, but not in ways we ever could have imagined a few short years ago. SMARTPHONES ARE LIFELINES The handheld device is the primary connection to the Internet (and maybe the outside world) for a Millennial. When asked which devices they own and use daily, an overwhelming 89% cited the smartphone with the laptop following at 75%, and then a major dip — tablets and desktops showing at only 45% and 37%, respectively.
...THEIR INFLUENCE IS DISRUPTING SHOPPING PATTERNS. AND SHOP THEY DO, BUT NOT IN WAYS WE EVER COULD HAVE IMAGINED A FEW SHORT YEARS AGO.
“Millenials will follow a brand on social media to learn about value and savings opportunities, since price is their primary purchase influence” THE #1 SOURCE FOR SHOPPING NEWS IS SOCIAL MEDIA The long-held belief that commercials cast the widest marketing net has changed. In reality, 55% learn about products, special sales and shopping news via social media. Believe it or not, we learned that when it comes to learning about products, shopping news and sales, venerable television is a distant sixth for them — well behind social media and other online forums — demonstrating that, in 2016, social media is an absolute must have for all retail concerned with millennials. Millennials will follow a brand on social media to learn about value and savings opportunities since price is their primary purchase influence, driving their preference for adding savings found in rebates over instant discounts. That trend is unlikely to change, since 95% of Millennials say they’re more (or just as) sensitive to price as last year. And very few use third-party apps, preferring instead to rely on retailer apps for savings at the stores they like. GIVE THEM A REBATE INSTEAD OF AN INSTANT DISCOUNT In key Millennial categories — electronics, iTunes or Google Play gift cards, sporting goods, video games, clothing, wireless and grocery — the majority preferred received a rebate instead of an instant discount. Millennials still prefer prepaid cards as their reward, but digital rewards are gaining popularity — 83% would accept a $25 digital reward on a $100 purchase if it were the only choice.
HOW DO THEY COMPARE PRICES? AMAZON AND GOOGLE Millennials are very price conscious. In fact, price is the primary determining factor in their purchase decisions across categories. They are quick to compare products for a greater value on their smartphones and most favor Amazon and Google as the favorite way they compare prices, versus only 8% taking the time to visit a retail website for price comparisons on their smartphones. That said, having the very best price on your site and merchandising it through Google and Amazon is critical to stay in the hunt for their business. A FEW RETAIL SHOPPING APPS ARE POPULAR, BUT INDEPENDENTS NOT SO MUCH The most used shopping app by far was Amazon, used by 55% of Millennials — evenly split between males and females. Grocery store apps with 18% use (21% female and 15% male), Apple Store 18% with even split between females and males, Groupon at 18% (14% female and 21% male) were a distant second. Out of the top 28 most used apps 5 independents appeared on the chart. As mentioned above, Groupon tied for second place, Etsy tied at sixth with 15% overall (23% female and 5% male), RetailMeNot tied at tenth with 7% overall (11% female and 3% male). Lastly, Coupons.com tied at twelfth for 5% overall (6% female and 3% male) and LivingSocial tied at eighteenth place with 3% overall (4% female and 1% male).
GIFT CARDS ARE ALWAYS A BIG HIT Millennials find safety and flexibility in gift cards. The majority of Millennials in our study believe that gift cards are the safest way to make online purchases by limiting identity fraud. They also like the flexibility of exchanging gift cards received for other available brands — a growing trend among retailers. LOYALTY AND INSTANT GRATIFICATION Millennials also like retail loyalty programs — over 69% belong, preferring to receive and read program information via email, but what they really like is anything that’s right now. Buying online and picking up in-store is popular, giving them the immediacy they crave. In fact, 55% told us they’ve bought online and picked up in-store in the last six months. Expect that trend to increase with the impending holiday season. In 2016 it is imperative to attract Millennial shoppers, so make sure you merchandise where Millennial customers shop — social media, Amazon and Google on their smartphones, with the very best price, typically afforded by rebate promotions. They will use retailer shopping apps, but most savings apps are not popular with this audience. So, for marketers what is the main take away from these numbers and research? Make shopping easy for Millennials and as the trendsetters in the market, others will follow.
Payment Quarterly | Q1 2016
9
SECURITY
NAVIGATING ONLINE FRAUD IN 2016
6 E-TAILER ESSENTIALS FOR THE YEAR AHEAD
By: Bill Zielke Chief Marketing Officer Forter
N
ew technologies and new ways of doing things are driving change in all aspects of our lives, and every year seems to mark the increasing speed at which these shifts occur. This is especially visible in e-commerce, which is by nature so quickly and profoundly impacted by consumer behavior and expectations - and if that’s true for e-commerce, it’s equally true for the online criminals who plague internet retailers. Many factors will affect e-commerce and online fraud over the next year - from EMV to machine learning to the growth of mobile shopping. But if e-commerce merchants want to know what they really need to know about online fraud prevention, and where they should be concentrating their efforts, this is it: Fraud prevention should drive revenue.
10
Payment Quarterly | Q1 2016
STOP THINKING THAT FRAUD PREVENTION IS ALL ABOUT COSTS That’s probably not what you were expecting when you saw an article about fraud prevention. Traditionally, fraud prevention has been considered as being about loss limitation - its job is to ensure that the business doesn’t lose too much money to fraudsters. That role is still crucial, of course, but if companies continue to consider that as the only relevant factor when it comes to fraud prevention, they’re going to suffer from unintended negative consequences – and they probably won’t be combating fraud as effectively as they might be, either, since the latest technology is better at both stopping fraud and promoting profit. In 2016, as customer expectations become even more demanding and it becomes increasingly important to provide smooth, seamless checkout and fast delivery, retailers are going to start realizing what an overly risk-averse approach to fraud prevention does to their business - and they’re going to start wanting to do something about it. Here are 6 things that retailers will begin doing in 2016 to improve not just their fraud prevention, but the impact that their fraud prevention has on their business.
AUTOMATED FRAUD PREVENTION Manually reviewing a transaction takes an average of 5 minutes. But today’s online shopper doesn’t want to wait 5 minutes. Today’s online shopper doesn’t even want to wait 5 seconds. In fact, Kissmetrics has reported that 40% of people abandon a website that takes more than 3 seconds to load. That doesn’t leave retailers with much choice: if they can’t provide real-time service, they’ll lose customers. At the moment, the overwhelming majority (81%) of e-tailers rely on manual reviews to block fraud. Even companies using partial automation continue to rely heavily on slow, expensive manual review. According to Lexis Nexis, in 2015, nearly half (48%) of all transactions were flagged for fraud by automated systems. Close to 46% of flagged transactions get sent for manual review, leaving merchants to render a decision in almost three-quarters of these flagged transactions. That means that even where automation is present, manual review is still a major part of the process - something that is reflecting in the budget: a quarter of the fraud prevention budget goes on manual review. Until recently there was no option when it came to fraud prevention manual review was an essential part of the process. But that’s no longer the case: full automation is now possible, it’s extremely good at stopping fraud without stopping genuine customers, and more and more retailers are going to start adopting it. REAL-TIME FRAUD PREVENTION The great gain from full automation is real-time fraud prevention, something that comes with a number of benefits, and which retailers will be increasingly interested in as the pressures of a real-time world become increasingly apparent. Perhaps the most relevant at this time of year, as retailers strive to learn from the holiday season of 2015, is that during busy times, such as holiday periods, there will be no backlog of orders caused by manual review. Realtime, automated fraud prevention works instantly all year round, so customers
never have to wait for review, worrying about whether the Christmas gifts they have ordered will arrive on time. Customers no longer have to wait for confirmation of their order, something that causes confusion at best and angry frustration at worst. In turn, that means that the retailer no longer has to field puzzled or irritated customer queries and complaints about the status of their unreviewed order. The confirmation element is especially important during sales. For example, on Black Friday and Cyber Monday it is common for online retailers to see that customers who do not receive instant confirmation cancel their order. The sales are only available for a short period, so if they can’t be sure that they’ve benefited on your site, they’ll go to a competitor rather than risk missing out. CONSUMER-CENTRIC FRAUD PREVENTION One key impact of real-time fraud prevention is a much improved customer experience. Customers have the whole internet to choose from, and are used to the convenience of checkouts like Amazon’s 1-click, so retailers have to provide a great experience to entice them to come, and to come back. Fraud prevention needs to become part of that conversation. Some traditional fraud prevention methods, such as 3D Secure, rely on intruding into the checkout process, and demanding further identifying information. Manual review delays confirmation and fulfillment. All of this is no longer acceptable. Even worse, conservative fraud prevention generally comes with the high price of “false positives” good customers mistakenly rejected as fraudulent. Inflexible rules reject customers who show signs associated with fraud - but real people don’t always fit into simple categories and norms. Genuine customers with complex buying stories don’t deserve to be rejected out of an over-abundance of caution. Customers should be “innocent until proven guilty,” something made possible by the latest technology which is accurate rather than risk-averse.
Retailers need machine learning, behavioral analytics and continual research to make sure they’re up to date with the latest consumer trends – and the latest fraudster techniques. Fraud prevention needs to become consumer-centric, just like the rest of the site aims to be. Anything less is selling the customer short - and making it less likely that they’ll return. MOBILE FRAUD PREVENTION Most merchants still don’t track fraud by channel, which means they’re not aware of the distinctions between mobile and e-commerce fraud. That’s unfortunate, because mobile commerce is significantly different in important ways, from checkout flow to the data that websites receive from customers. Fraud prevention needs to start optimizing for mobile, just like the rest of a website. According to IBM, mobile sales on Cyber Monday saw an increase of 27.8% compared to last year, becoming 25.9% of all online sales. With record mobile sales like that over the 2015 holiday period, that’s something that just can’t wait any longer. Fraudsters will take advantage of all the loopholes retailers leave them, while good customers annoyed by subpar experience will simply leave. INTERNATIONAL FRAUD PREVENTION Chinese e-commerce operations across borders is estimated to reach $1.02 trillion in 2016, and the number of China-based consumers buying U.S. brands online over the 2015 holiday season increased 7 times over 2014. Indian e-commerce imports are expected to grow 78% - and 27% of Indian orders are from US-based websites. These numbers are exciting enough that retailers who haven’t yet made the jump to global sales are starting to think about it and, in many cases, get ready. Of course, that has implications for fraud prevention too. Customers, both good and bad, behave differently depending on where they’re from – they have different behavioral norms, different priorities. Retailers are going to start judging fraud prevention on how well it deals
MOST MERCHANTS STILL DON’T TRACK FRAUD BY CHANNEL, WHICH MEANS THEY’RE NOT AWARE OF THE DISTINCTIONS BETWEEN MOBILE AND E-COMMERCE FRAUD.
with different customer behavior from different countries, and how well it is equipped to match the aims of the rest of the company when it comes to driving sales both domestically and abroad. INTEGRATED FRAUD PREVENTION All of this leads to the final point. As should be clear from this article, fraud prevention has a profound impact on diverse aspects of a business - from sales, to marketing, to customer support. All the marketing in the world won’t help a company enter a new market successfully if their fraud prevention rejects new customers as false positives because their new behavior patterns don’t match the domestic ones the system is used to. Sales won’t be happy to see conversion rates dip because the checkout process is too cumbersome, or because customers won’t wait for confirmation. And customer support won’t be happy to field hundreds of calls about missing confirmation emails, or delayed deliveries, caused by conservative fraud prevention. Fraud prevention has traditionally been siloed within companies, treated as an isolated issue. That has to stop and soon.
Payment Quarterly | Q1 2016
11
SECURITY
T
By: Ryan Wilk VP of Customer Success Nu-Data Security
here are two trends that inform my prediction for 2016. One is the ongoing onslaught of data breaches that loose complete packages of Personally Identifiable Information (PII) onto the black market. Clearly, this indicates that risk prevention methods based on PII are not sufficient to prevent fraud. The other is the ongoing adoption of mobile platforms. This has shortened an already-short attention span and led users to expect a frictionless and quick transaction experience. Taken together, these trends point to the need for passive behavioral biometrics. My prediction is that behavioral biometrics will enjoy a surge in the new year. It’s the only way to protect customer data and accounts and offer a painless user experience at the same time. In fact, the mobile space is a perfect pairing to biometric and behavioral analytics technologies because of the increased number of biometric measurement tools built in to every tablet and smart phone. INTELLIGENCE TO REDUCE FRAUD AND ITS COSTS Fraudsters make off with about $9 billion annually. That number seems staggering, until you learn the cost
12
Payment Quarterly | Q1 2016
of false positives, where legitimate consumer purchases are canceled due to overzealous traditional fraud prevention methods. That’s upwards of $118 billion in lost revenue, according to the report “Future-Proofing Card Authorization” from Javelin Strategy & Research. And as criminals become more adept at successfully jumping Knowledge Based Authentication (KBA) hurdles, legitimate customers push up against ever-greater levels of friction. Risk management leaders need to find a better way to identify their valued customers and identify those who present elevated risk. To minimize the friction legitimate users face while still being able to identify bad users, businesses are using behavioral analytics. This method lets business become better predictors of risk by accurately identifying and verifying customers. Biometric and behavioral analytics greatly increases industry efforts to devalue stolen data, eventually reducing the number, scale and impact of data breaches worldwide. This greatly benefits users, allowing them a frictionless and safe online experience, while continuing to protect their accounts even if their logins and passwords have been compromised. Allowing good customers to continue
to interact safely online will be the most important issue in 2016. THREE COMPONENTS FOR BETTER FRAUD PREVENTION Merchants will focus on creating a frictionless process and eliminating false positives, particularly as users are looking for that fast, no-hassle experience we’ve come to expect on our tablets and smart phones. By harnessing the power of behavioral and biometric analysis, organizations can predict fraud with a very high degree of accuracy by identifying the real user behind the device. Focusing on the good users -- and decreasing customer abandonment and attrition -- can put billions back into merchants’ pockets, The ability to move beyond the machine and truly know your customer will be the differentiator that allows companies to bypass the knowledgebased authentication arms race with fraudsters and leap ahead in terms of customer satisfaction and retention. In the new year, IT security professionals can use a three-pronged approach to achieve this goal of
frictionless user authentication: • Enable business instead of blocking it. Valid user identification creates greater security, which strengthens brand loyalty and increases conversion while protecting brand assets. • Use real-time detection. Measure behavior over time by using an intelligent multi-layer risk prevention platform; this will give you accurate, real-time scoring to let you know exactly who your user is. • Know your user like never before. Use passive biometric and behavioral analytics that enable you to know the user on the other side of the machine. The second point deserves more attention. To go beyond standard fraud detection checks and truly understand the user behind the device, a layered approached—using device and connection, analyzing biometrics, measuring and comparing behavior across networks and over time—is needed. By deploying a continuous evaluation of the user, this empowers organizations to:
• Let real customers self-resolve risk triggers during the transaction process and complete their online experience without additional delay • Figure out how to respond in real time with all the necessary context and data to make a better decision • See high-risk and anomalous activity earlier than ever before • Redirect suspicious users into a different Web experience Fraudsters have proven that they will stop at nothing to take what they want. It’s every merchant’s intention to protect their customers and their own bottom line. The problem is that in defending against the bad users, merchants can unintentionally bar the good users as well. By using biometric and behavioral analytics, though, merchants can not only find the fraudsters but reward the good users with a frictionless experience. That’s why this method will gain prominence in 2016.
College Campuses Expand The Use Of Mobile Devices Beyond Payments By: Michael Cheng
N
ear field communication (NFC) technology has a wide range of uses, from location tracking to wireless transactions. A recently published whitepaper by the Smart Card Alliance uncovered how fast-moving sectors are using the beneficial tool outside of payments. The study revealed that college campuses are promoting the technology for identity verification, clearance and data storage. Quinnipiac, Villanova and Arizona State University were the educational institutions mentioned in the paper. The implementation of NFC on campuses has reduced friction in common transactions. In the case of dorm room access, admins can easily provide students with a digital pass
during check-in, instead of relying on the duplication of traditional keys. The solution is fast, secure and completed in near real-time. When it comes to costs, the schools cited in the study reported savings from the annual turnover process of re-keying dorm rooms. Villanova is currently reaping the benefits from the change. It replaced combination locks with mobile phone activated doors. The shift has also reduced the number of lockouts around the facilities. Reproducing a master key and one-day passes can be done instantly, through a centralized key management system. The spread of wireless payments is contributing to the adoption of
related technologies associated with smartphones in college campuses. Because students have their devices with them at all times, it makes sense for schools to add value to mobile usage around the campus. “NFC is supported by comprehensive technology standards and payment applications using NFC have been deployed using industry standards,” wrote the Smart Card Alliance. “However, many of the nonpayment applications have no industry standards or have standards that are only just emerging. The lack of standards within each non-payment vertical (e.g., automotive, air travel) is a barrier to broad implementation of NFC applications and acceptance infrastructure.”
Payment Quarterly | Q1 2016
13
SECURITY
BIOMETRICS By: Jason Chaikin President Vkansee
B
iometrics is the stuff of movies. For over twenty years, we have seen heroes’ and villains’ fingerprints and iris patterns used to secure their secret lairs and protect the confidential information located inside. We have also seen the biometrics defeated by both simple and complex methods including cutting fingertips off and removing eyes. Truthfully, the reality of biometric security is not far from what is portrayed onscreen; we are on the cusp of integrating biometrics into everyday life, with mobile payments being the launching pad of this movement. With Apple pioneering the use of fingerprint sensors in their iPhone 5S (and subsequent ApplePay), the reality of biometrics is an actuality. In 2015, more than 50 phones had incorporated fingerprint sensors within their systems; Apple, Samsung and Google have all either purchased biometric companies or developed complex systems to enable secure payment by fingerprint. As merchants across the world change their credit card readers to support the new chip-based cards, these readers come equipped to receive the future mobile transactions. Unlike other features on phones such as screen size and camera resolution, biometrics were not driven by direct consumer demand. Users were not demanding fingerprint sensors in their mobile devices. However, after initial positive reactions to conveniently and securely access a phone, many people have realized the benefit of using biometrics as an added layer of security, and they have come to demand them in mobile phones. This relatively new biometric
14
Payment Quarterly | Q1 2016
with
&
PAYMENTS SECURITY
authentication platform is the future of how we will tender for goods and services, and we are entering a guerilla war that will be fought between tech giants rather than traditional banks and payment networks. How the processing fees on transactions across the payment, healthcare, finance sectors, and the costs of backend process get divided in the future will be measured in hundreds of billions of dollars annually. These changes did not come from a vacuum – for years we heard almost daily stories of data breaches, banking fraud and rampant abuses in healthcare reaching billions every year. Thankfully, the tools to solve these problems are quite literally at our fingertips. Applying a biometrics factor to existing authentication transactions ensures the actual individual intended to receive the goods or services is physically part of the authentication process, which eliminates a gross majority of the fraud that is the dark underbelly of our critical payments and healthcare systems. The use of biometrics for mobile security, however, is not foolproof. In December 2014, at the 31st Annual Chaos Computer Club conference in Hamburg, Germany, a hacker named Jan “Starbug” Krissler showed flaws in using biometric technology for passwords, such as the fingerprint sensor found on an iPhone 6. Krissler showed that hackers can take photos of people’s hands and merge them together to recreate a detailed image of a person’s fingerprint, which can be used to form a 3-D “dummy” finger. Krissler then demonstrated how that “dummy” print successfully unlocked an iPhone 6. He also showed how he was able to replicate the fingerprint of German Defense Minister Ursula von der Leyen using multiple photos of her hands taken from three meters away during a press conference. Krissler ran the photos through a software call VeriFinger, which formed her full fingerprint, which
hackers could hypothetically use to break into her phone and various other devices. An example of potentially disastrous biometric hacking happened in 2015, when the Obama administration revealed that over 21.5 million people were exposed to a massive security hack, resulting in personal information (such as social security numbers) being stolen. Of the 21.5 million exposed, 5.6 million federal employee’s fingerprints were stolen. This could be extremely dangerous, as the hackers now potentially have access to data previously only accessible by those with biometric security clearance. Although one layer of biometrics is not free from hacking, there are ways to make it more secure. While passwords are one layer of security, biometric measures, such as fingerprint or iris sensors, are by far the best ways to deter hackers. Companies are dedicated to adding multiple layers of biometrics to increase security – an example would be requiring a fingerprint scan on top of a password to access a mobile phone. When these different security measures are present, it makes mobile phones much more difficult to bypass. Biometrics are the catalyst in the future of secure payments but the system of payments behind them, the backend processing and the standards that will emerge victorious will be the real drama with a profound and pervasive impact to culture. The value of transactions biometrics authenticated and tokenized, and the disruptions to existing markets will ensure the battle is hard fought – like many battles, the unexpected may determine a final outcome. The way we will pay for goods and services both in person and remotely will be vastly different in 10 years than today - in 20 years’ time, cash will be obsolete. The one thing that will remain the same, however, is that the use of biometrics will greatly improve all aspects of security.
Payment Quarterly | Q1 2016
15
SECURITY
UNDERSTANDING WHY
FINANCIAL SYSTEMS
ARE MORE VULNERABLE AND WHAT YOU CAN DO
By: Carl Wright Executive Vice President TrapX Security
16
Payment Quarterly | Q1 2016
FINANCIAL INDUSTRY UNDER INCREASING CYBER THREAT Financial institutions in the United States, the European community and Asia Pacific are experiencing a dramatic increase in the volume and sophistication of cyber attacks. In fact, cyber attackers target major financial service firms more frequently than businesses in other industries. In October 2014, federal officials warned the business community that hackers had stolen more than 500 million financial records over the past 12 months. “We’re in a day when a person can commit about 15,000 bank robberies sitting in their basement,” said Robert Anderson, executive assistant director of the FBI’s Criminal Cyber Response and Services Branch. This uptick has continued in 2015 and is now top of mind for financial services senior executives and the board of directors. “You’re going to be hacked,” warned Joseph Demarest, assistant director of the FBI’s cyber division. “Have a plan.” In 2015, a PwC survey of 175 CEOs of Banking and Capital Markets (BCM) organizations across more than 50 countries showed that 79 percent of BCM CEOs consider cyber threats to be the top potential risk to business growth. Further, a Ponemon report sponsored by Hewlett Packard concluded that the financial sector had the second
highest annual cybercrime expense, second only to utilities and energy. For financial services, this expense on average cost about $13 million per year for each institution. In July of 2015 the FBI identified a new set of targeted extortion attacks from hackers who threatened to take down the targeted firm’s websites unless they paid a ransom. The FBI confirmed that more than 100 companies, big banks, brokerages and insurance companies received distributed denial of service threats, in which attackers attempt to render a website unavailable by flooding it with traffic from thousands of servers around the world. And finally, a recent report issued by the security firm Kaspersky Lab claimed that a multinational gang of cybercriminals stole up to $1 billion over a 24 month period from more than 100 banks in 30 countries. Consequently, in January of 2015, the Bank of England issued a warning to U.K. banks about an “ever-present, ever-evolving threat” from hackers and cybercriminals, and that they should expect any further attempts to penetrate their networks would be successful. ORGANIZED CRIME STEPS FORWARD These focused attacks on financial institutions– dubbed advanced persistent threats (APTs) by cyber security experts -- are launched by sophisticated and motivated attackers. By definition, APTs are executed when one or more sophisticated attackers gain access to enterprise networks and infrastructure and then remain there undetected for a substantial period of time with the intention of surreptitiously accessing funds, stealing data, conducting espionage activities, and then leaving quietly and undiscovered. In some cases these attackers threaten damage to data or overall operations, leveraging numerous tools to support their efforts that include customized viruses, engineered and remanufactured malware, botnets, webbased attacks and phishing schemes based on carefully socially engineered data. Criminals and organized crime seek out financial services firms because
“that’s where the money is and the economic incentive for cybercriminals is compelling. Opportunities to access cash, divert funds, and conduct fraud offer an almost limitless number of financial options for a sophisticated cyber attacker. And all of the financial data on customers is highly valuable to cyber-attackers. Stolen credit card numbers, perhaps one of the least profitable rewards for cyber attackers, are often valued between $1 to $2 apiece when sold within the black market or the dark web. Similarly to healthcare and life sciences, financial institutions also maintain large databases that include detailed personal data on their customers. Cyber attackers view this data as a treasure trove to be further exploited for resale to other elements of organized crime. In order to access this data, attackers carefully research their targets using all available resources, including sources such as blogs and social media. This personal data better enables cyber criminals to entice personnel within the target accounts to engage with them so they can find a successful penetration point on the network. These enticements are often solicited via social media postings, email or other content that appears to be trustworthy. Emails may look like official business, reference details on ACH payments or some other category relevant to the financial firm. All it takes is one employee to click on an email or visit a malware hijacked website to bring an attacker into your enterprise. WHY FINANCIAL NETWORKS ARE SO VULNERABLE The defense architecture that security teams have placed within financial institutions are struggling to effectively protect assets from an onslaught of attackers. These architectures generally attempt to defend the perimeter around the enterprise while trying to keep the attackers out. While a perimeter defense strategy will always remain important, the sophisticated APTs need only one successful and undetected penetration of the network to compromise data and put an organization at risk. In short,
attackers can lose 99 times out of 100 but can still be successful based on a single network breach. Most financial institutions remain unaware of these breaches, as well as the length of time attackers traverse internal networks, which can often be for months at a time. Many ATM systems and networks, which are often believed by bank information technology teams to be more isolated and better protected, are in fact often compromised by sophisticated cyber attackers in attacks that have been kept from the public eye. Perhaps surprisingly, the Federal Financial Institutions Council (FFIC) said that cybercriminals stole more than $40m from 12 debit card accounts via an ATM cyber attack in 2014. And globally, that number is likely to be much higher. Financial networks have additional points of vulnerability, such as older operating systems used within ATM networks, that make them even more susceptible to attack. Until recently many ATM’s were running Windows XP while many still run Windows 7. Windows 7 off the shelf still requires substantial customization and hardening to make it more resistant to attackers. But if an attacker can get inside of your ATM network, they will be able to work around these defenses. The major ATM manufacturers do what they can to harden this turnkey environment with tools like whitelisting
and other special enhancements. However, ATMs are computer systems that sit on networks, connected to the other financial systems so they remain vulnerable. Physical access is often gained by compromising a vector that makes cyber security more difficult. For example, many financial institutions have found a variety of password stealers, software, special electronics and pinhole camera’s surreptitiously installed at their ATM locations. Meanwhile, bank employees’ use of mobile devices, memory sticks and email present a constant target to determined attackers. Malware used by attackers is often re-engineered in just a few minutes to enable movement past signature recognition technologies. Once inside, this malware using encrypted formats, can migrate quickly to establish beachheads (backdoors) that allow attackers to continue stealthy data theft. As such, it is virtually impossible to maintain a perimeter that can keep attackers out. RECOMMENDATIONS • Rapidly evolving industry best practices can help maintain a stronger level of cyber defense. There is much you can do to further fortify and expand your current defense. Best practices include: • Use tools that whitelist files within devices such as ATMs. This enables you to detect attempted malware
Payment Quarterly | Q1 2016
17
MOBILE WALLET WARS SECURITY
installation. Also recognize that certain ATM malware, such as Tyupkin, has specific capabilities that disable this whitelisting cyber defense software. • Move to vendors that utilize digitally signed software. Software signing is a mathematical technique to validate the authenticity and source of the software. • Isolate all vendor enhancements to your application environment in sandboxes to ensure that the software modules don’t contain embedded malware. • Assume that your perimeter and endpoints will be compromised. Implement a strategy to detect attackers already inside the perimeter of your information technology and ATM networks. There are several technologies that do this. The goal is to reduce the time to breach detection. Attackers need time - don’t give it to them. • Do not assume that various subnetworks, such as ATM networks, are as well segregated or isolated from the rest of the network. All it takes is one network connection point or one infected memory stick
to compromise these networks. In one example, a well trusted vendor, introduced malware engineered to open a backdoor for an attacker with a laptop used to provide software update and diagnosis. • Do not assume that employees follow policies carefully. Infected memory sticks will get used within your network. Employees will be successfully lured to click on email links or visit seemingly harmless industry websites. Employees often surf to infected (socially engineered) websites that bring attackers into the enterprise. Plan accordingly. • Internet of Things (IoT) devices that may be installed within your institution present another avenue for attackers to establish back doors within unprotected devices. Once infected with malware that enables a backdoor, standard devices can’t easily be scanned by traditional cyber defense software. Restrict IoT devices from all of your internal networks unless they pass a stringent security review by your internal security operations center teams.
CONCLUSIONS There are many positive actions financial institutions can take to increase protection against the increasing wave of sophisticated attackers. Financial institutions can benefit significantly from the recommendations listed above. Given the very high risk of data breach, your team should identify and acquire technologies designed to identify attackers that have already bypassed your primary defenses. The goal is to reduce the time to breach detection and find the attackers. From there, you can take concrete steps to stop the attack and resume normal operations. Gartner Group® has reviewed new technologies such as deception technology, a modern and new evolution of the honeypot,that enables you to lure, capture and identify attackers that have already penetrated your networks. This may be an important factor that reduces your time to breach detection and protects your organization from the liability and expense of a major attack.
6 Steps to Mitigating Corporate Payments Fraud T
By: Marlene Lenarduzzi VP, N. American Business Services BMO Financial Group
18
Payment Quarterly | Q1 2016
he fraud landscape today is made up of organized, nimble and focused cybercriminals, and as the payments industry embraces new payment types, fraudsters will continue to refine their capabilities to steal sensitive information, which could translate into more than just monetary losses for businesses. According to the 2015 AFP Payments Fraud and Control survey, 62 percent of all companies are affected by payment fraud today, which results in annual losses of more than $400 billion
globally1. In the face of fraud threats, organizations are looking for new ways to adjust their operations and policies to prevent fraudulent activity of this magnitude. Intentional fraud can be conducted across a variety of payment methods by different groups, including organized crime, foreign governments, other companies and malicious insiders. These parties can use a variety of tactics, including phishing, malware and email takeovers, to target and intercept checks, ACH and wire payments. This
breadth of opportunity for fraudulent activity puts increased pressure on organizations of all sizes to mitigate the risk of a data breach before it happens. THE SHIFTING FRAUD LANDSCAPE Fraud attempts can occur from both outside or within an organization, but 76 percent of all payment fraud is committed by an outside party2. Cybersecurity is becoming increasingly important. In fact, according to PwC’s Global Economic Crime Survey in 2014, 48 percent of organizations believe cybercrime risk has increased, indicating a need for increased cyber protection for every facet of the organization. Hacker groups are often very sophisticated, diversified and adaptable, and can operate globally across all delivery channels. Therefore, it is imperative that businesses are equipped with the right tools and technology to head off fraud to protect both themselves and their customers. SIX TIPS TO GUARD AGAINST ONLINE PAYMENT FRAUD AND BOOST CYBERSECURITY As a starting point, organizations need to have a better understanding of how sensitive data moves internally throughout the organization, as well as externally with vendors, customers and partners. Criminals will evolve and adapt their methods to target the weakest link in the payment ecosystem, forcing organizations to implement extra security precautions, including:
accessing company information, and the process does not take a significant amount of an employee’s time. Strong encryption is also a solid defense against hacking, but encryption alone is not foolproof. Automate processes: By implementing online payment processes such as remote deposit capture for checks, companies can reduce the number of manual touchpoints, thereby decreasing the opportunities for sensitive information to fall into the wrong hands. Additionally, tracking how employees use and have access to these payments services and records can prevent a fraudulent occurrence or data leak from happening internally. The ability to monitor patterns and changes in electronic payments will help alert teams to potential suspicious activity. Implement multiple controls: Having multiple controls and a clear segregation of duties for payments teams can further minimize exposure to both internal and external fraud, as it decreases the power of any one individual. For example, implementing dual controls on electronic payments such as wire transfers for reviewing and approving ensures that no single person is given disproportionate access, thereby mitigating risk of malicious interference
3
4
from an individual. Communicate clear guidelines and repercussions: What happens if sensitive company data is mishandled? Make sure your employees know the stakes, and establish a fail-safe investigation and recovery plan in the event of an internal breach. These steps will help protect an organization’s assets from being leaked. Safeguard against former employees: Once an employee leaves the company, it’s imperative to disable their data access, update all contact information with clients and vendors so that the former employee no longer has access to or control over any company data. As the payments ecosystem becomes increasingly complex, employees need to stay vigilant and ahead of emerging trends in payment security to reduce occurrences of fraud. Through both internal policies and the implementation of monitoring and reporting tools, organizations can stay one step ahead of fraudsters and ensure the security of their company data. While investing in more secure forms of payment and infrastructure may come at a price, implementing these security features mitigates the risk of a costlier breach in terms of brand reputation, service disruption and the bottom line impact.
5
6
1
Ongoing evaluation: Organizations should regularly evaluate fraud management policy and test security features to accommodate changes in business practices. By conducting this evaluation on a regular basis, organizations will identify gaps where they are most vulnerable to a hacker.
2
Implement firewalls and a n t i - m a l wa r e s o f t wa r e : Implementing and updating firewalls and anti-malware software in a timely manner is a definitive step toward thwarting attempted outside attacks aimed at
source: www.gotcredit.com
Payment Quarterly | Q1 2016
19
E-COMMERCE
By: Omar Qari Co-Founder Abacus
B
usinesses today are looking deeper into the factors driving internal organizations or departments – made possible by the democratization of data. This demand for deeper insights has already come to a head in other departments such as marketing, with top marketers relying on real-time data to inform their engagement strategies. As the lifeblood of an organization, finance is the logical and necessary next department where we will see this phenomenon play out, starting in 2016. Finance teams will increasingly leverage data to make more strategic, in-the-moment decisions about how to effectively run a business and boost the organization’s opportunity to succeed. As we enter this new era of data-driven accounting, there are a number of opportunities and challenges for accounting professionals to be prepared for in the year ahead. Based on trends and the current state of finance data management, we think the hot topics are going to be around real-time data, ERP 2.0 (the ecosystem of financial software) and financial data security.
20
Payment Quarterly | Q1 2016
Last month’s numbers are no longer going to be enough. Executives will expect on-demand, reliable information in order to make faster, in-the-moment decisions.
A GREATER NEED FOR REAL-TIME DATA As cloud accounting systems are rolled out, the need for businesses to continuously sync their data between platforms will increase since this is one of the major benefits and selling points of switching to cloud-based software. Systems that capture and process data in real-time will allow finance teams to build a continuous forecasting strategy because they will have access to business spend data as it is happening and can flag discrepancies and readjust budgets in the moment. Also, since the data is collected in realtime, the process for storing it will become more automated – mapping fields between systems to ensure accurate record. This will require less time spent on data entry when reconciling the books and leave more time for strategic thinking. Last month’s numbers are no longer going to be enough. Executives will expect on-demand, reliable information in order to make faster, in-the-moment decisions. This will in turn, put more pressure on the finance team to produce this data. Relying on systems to speed this process up is the only way that they will be able to meet the demand. THE RISE OF ERP 2.0 In the past, ERP systems like Oracle were a necessary and obvious choice for businesses that wanted insights from their data, since the systems’ value proposition was that all services were on one platform that worked together and talked to each other. However, this model didn’t offer businesses the ability to select the solution that was right for them. Rather, it meant they could only pick the one that was close enough. The cost of these systems was also unfathomable
AN ECOSYSTEM OF OFFERINGS
ERP In the past, all services existed on one platform; the vendor offered no option to tailor for specific business needs.
ERP 2.0
Vendors are now specializing in individual platforms that integrate together; businesses can now pick and choose offerings sized to their needs and budget.
for smaller organizations, leaving them with no real options for managing their data. Now, as a more approachable and reasonably priced option, we are seeing vendors focus on providing solutions that do one or two things really well and then using APIs to connect and pass data to other systems. Take Gusto, for example. The company decided to specialize in payroll and benefits, utilizing its API to integrate with other platforms that focus on their own specific value proposition such as bookkeeping or time tracking. They can provide their customers more value by focusing on making payroll and benefits management a superior experience and then integrating with their preferred vendors. By using APIs, vendors are now putting the power in the hands of the business to select the solutions that are the best fit for their needs and fit within their budget. This means that fully integrated solutions like Oracle will be replaced by an ecosystem of offerings. For instance, a business may select an expense management solution fvrom one vendor, an inventory management system from another and a purchaseorder system from a third. This “pick and choose” model results in businesses essentially creating an ERP solution that is completely customized. That’s not to say that the Oracles of the world will take the emergence of ERP 2.0 lying down. We can expect them to acquire smaller vendors that are focused on specific services to create their own a la carte offerings, as well as opening their own APIs to allow for integrations from other vendors to they can participate in the interconnected cloud in order to compete.
therefore, will start to become a prominent question during the buying process for businesses and will push vendors to focus more on security measures for their platforms. Finance teams will need to be educated in security and IT management best practices. They will have to start looking at cloud accounting services in terms of functionality, productivity and security, and will need to start asking tougher questions. We will see them start to team up with IT earlier in the evaluation process to develop and institute SaaS products that are not only valuable, but more secure given the highly sensitive nature of financial data. The other big topic will be around data ownership and storage. With multiple systems housing various pieces of a company’s financial data, it will be imperative that businesses understand the process for exporting their data or porting it to other systems. Businesses will also ask more questions during the evaluation process around how their data is stored – how long, storage location – and who internally has access to that data to ensure that it is protected from all sides. In 2016, we will see the rise of vendors focusing on providing more access to data for those financial teams who are ready to embrace a more agile decision making process. It will also result in a more technical and datadriven finance team that is focused on strategic insights and analysis.
AN EMPHASIS ON SECURITY With the emergence of the interconnected systems of ERP 2.0, it is only inevitable that we will see an increased focus on data security and backup. Highly sensitive financial data – such as corporate card, payroll and revenue information – will come from a variety of platforms to create the finance data engine. This presents data risks like overwriting, accidental deletion and system breaches. Security,
Payment Quarterly | Q1 2016
21
E-COMMERCE
Breaking the Mold in E-Commerce to Improve Customer Experience O
ver the past five years we’ve seen the focus of ecommerce evolve from pure utility to inspiration. Payments are following suit. In 2016, payments will shift from focusing on the transaction to the customer experience. MAKING PAYMENTS INVISIBLE The meteoric rise of the Uber ride sharing service has reinforced that the holy grail of making payments invisible is within reach. By reinventing the entire experience of how people get from point A to point B, Uber is quickly growing into one of the world’s most influential private businesses. One aspect of this was simply making payment much easier. Uber didn’t reinvent payments, they just reinvented the experience. The first time a consumer gets out of a car without fumbling for money feels strangely criminal and then euphoria sets in and they want more. Consumers know they need to pay; they just don’t want the payment to interrupt what they’re doing. They want to get what they want and get on with their day. Uber has reset consumers’ expectations of car service and it is conditioning consumers to expect a seamless payment experience in all their transactions. How will your business meet these heightened consumer expectations in 2016?
MAKE IT PERSONAL Tailor your payment offerings to your customer demographics. Make it personal and pertinent to your unique mix of customers. Cards may be king in the United States and the United Kingdom but outside that many bank based alternative payment methods are not a nice to have but a must. For example, if you’re a fashion business seeing strong cross-border interest from Dutch customers, show them iDEAL (online banking) as a payment method and tender in Euros. When selling in Germany or China, invoice or COD payments types are critical and can drive significant uplift to you business. Optimize your payment methods offered around conversion and not the “flavor of the month” payment types. Make sure they are pertinent to the customer base you are selling to and remember more payments methods doesn’t mean more conversion, in some cases it is the exact opposite. This means you should be looking at your conversion metrics on a regular basis and asking why some methods are converting more then others and adjusting your checkout to optimize around those metrics. Payments is not a set it and forget it business. If you haven’t looked at your conversion metrics in awhile, or at all, you may be loosing good orders.
GET SMARTER WHEN YOU CAN’T MAKE PAYMENTS INVISIBLE If your business isn’t ready to take the Uber payments leap, there are several things you can do to smooth
EVERY PLATFORM IS IMPORTANT Align your payments to today’s omnichannel reality of buy anywhere, fulfill anywhere and return anywhere. As customers start orders on one channel
By: Andy Barker Head of Payment Strategy for Global Payments Magento Commerce
22
Payment Quarterly | Q1 2016
the payment experience for customers.
and finish on another, then pick up goods in a store and return online, we must adapt payments to seamlessly allow that part of the process to recede into the background. Recognize your customer across channels and minimize the need for them to re-enter their payment information multiple times. Utilize technologies like tokenization and secure vaulting to allow for sharing payment credentials between your channels in a secure fashion. Invest in making this seamless for the customer and you will be one step closer to making payments invisible. Make sure money is taken and given back on the same payment instrument. If a customer places an order online and then returns an item in-store, refund their money to their original payment instrument and don’t make the customer-loosing mistake of issuing in-store credit. Work with payment providers that can support this securely and seamlessly. Don’t make the customer carry the burden of merging their online and offline worlds. Optimize your checkout for mobile to take advantage of innovations like autofill, PayPal OneTouch and Apple Pay. Just because you have a great responsive site to get products in the cart, yet you have not optimized your checkout for mobile, you have lost an order or at worst a customer. Mobile
initiated commerce is taking an ever larger part of the ecommerce pie with 80 percent of consumers planning to use their phone for ecommerce within the next 12 months. Make sure you are prepared to meet and exceed their needs on mobile. HAVE A SECURITY PLAN IN PLACE Proactively manage your fraud exposure. While the new “chip-andsignature” cards will better protect merchants and consumers at the brickand-mortar point-of-sale (POS), we will see a dramatic increase in “card-notpresent” fraud in 2016. So whether you manage your fraud protection in house or outsource it, do ensure that you have a plan in place. Don’t simply invest when there is a problem as that is a recipe for more headaches and higher remediation costs down the road. Put in place strategies using an effective mix of technology and people. While merchants may always do some manual fraud checks, there are great software tools that identify both good transactions and likely-fraudulent transactions in mere seconds. These dedicated credit and debit card fraud detection solutions look for fraud in two ways: Identifying stolen or suspect cards by reviewing billions of transactions globally in seconds to see if the card entered has been found faulty and flags
the transaction as “risky”, preventing it from being completed without further examination. IP piercing and device fingerprinting accurately tie individuals to their past purchases to help identify when cards are being used in strange places or on too many devices, which are telltale signs of fraud. Though it may seem counterintuitive, focus on finding your good customers instead of looking for the bad ones. With approximately 0.9% of transactions being fraudulent, fraud is difficult and time-consuming to find. So instead of picking through every transaction, start by identifying good customers, mapping their spending patterns and order history and crossreferencing with information you already have on them. By eliminating good customers from your fraud search, you will ensure that their transactions are never held up in fraud checks, providing a much better customer experience, while shrinking the stack of potentially fraudulent transactions that need further scrutiny. So even if you can’t make payments invisible just yet, you can deliver a superior customer experience by focusing on your customer demographics, thinking omni-channel and proactively managing fraud in 2016.
Payment Quarterly | Q1 2016
23
E-COMMERCE
charges -- thereby alienating loyal customers. In general, it’s good practice for business owners to upgrade technology when the opportunity presents itself. As merchants continue to educate themselves about the benefits of EMV readers and, in some circumstances, suffer losses due to fraudulent charges, there will be an inevitable uptick in adoption.
By: Etie Hertz
A
SVP of Payments Shopkeep
s small business owners and payments providers prepare for 2016, it’s important to reflect on the key innovations of the year past and set their sights on what’s to come. In 2015 we witnessed the EMV liability shift, the emergence of mobile wallets, and the rising influence of peer-to-peer payments, and yet there’s ample room for continued innovation within the payments world -- and ever more trends on the rise. Do you think you will pay with Google Glass in 2016? Run all of your transactions via Apple Pay? Here’s a look at some of the top payments trends that will make a splash in 2016, as well as tangible ways business owners and payments professionals can plan ahead. EMV ADOPTION EMV was the talk of the payments world in 2015. While the shift provided merchants with an added layer of security, merchants became liable for fraudulent charges occurring after the October 1 deadline. Changing regulations triggered significant confusion among merchants, with business owners fearing both legal and financial repercussions if they failed to comply. Though the deadline has since passed, there is still a longtail of retailers that haven’t made the adjustment. While EMV adoption is not mandatory, it’s an important way for merchants to future-proof their business. Point-by-point encryption safeguards against hackers capturing, counterfeiting and selling customers’ payment data and when a merchant repeatedly doesn’t have these means of protection, they may find themselves cutting into profits to cover false
24
Payment Quarterly | Q1 2016
6
Payment Trends on the Rise in
2016
NEED FOR DIFFERENTIATION AND CONSOLIDATION Although the writing has been on the wall for several years, payment processing has increasingly become a commoditized market. Coupled with pricing transparency triggered by an increase in competition, flat rates being offered by new competitors, the best way for acquirers to gain traction today is to sell value over price and to offer customers truly exemplary experiences. Successful companies are seeking ways not only to differentiate themselves in the market, but consolidate with leading software brands as well. In the last few years, we’ve seen ample traction in the POS world; ShopKeep acquired Payment Revolution, Heartland acquired Digital Dining, Dinerware, pcAmerica and Liquor POS and First Data acquired Clover. In such a competitive environment, customer acquisition is key to success; by consolidating with major players, payments providers can expand their offerings, providing customers with a full-stack of services such as POS technology, loyalty programs and lending. If a company cannot efficiently scale, it won’t be able to meet customer’s advancing needs, thus endangering its long-term viability. Payments providers should think strategically about the features that would be most beneficial to their consumers, whether social integrations or detailed analytics. Acquiring the right assets could help enhance and accelerate a company’s growth. MILLENNIALS AND PEER-TO-PEER PAYMENTS As the America’s next generation of spenders matures, their financial preferences continue to influence the payments space. Millennials account for $600 billion dollars in
purchases each year and they aren’t just seeking payments technology -- they’re demanding it. Unlike their parents, 63% of millennials do not have a credit card and 73% are more excited about financial services from companies like Amazon and Paypal than from nationwide banks. Twice as many millennials are more likely to use a mobile wallet in the next 12 months than those 35 years or older, with 26% aiming to use digital currencies in the near future. Millennials’ eyes are on the digital prize; to attract this coveted demographic, payments providers and third-party companies alike will have to devise new ways to engage Gen Y come the new year, with an emphasis on contactless payments and mobile wallets. Come the new year, payments providers will seek alternative ways to move money. The payments industry is in the midst of transformation and millennials are leading the charge, accounting for 55% of all mobile payments. Millennials use financial technology differently than older generations, often opting for socialintegrated applications like Venmo and Facebook Messenger. With Gen Y flocking to social media, it makes sense that payments solutions with a social integrations would experience steady adoption, especially since millennials prefer not to make cash transactions. These utilities allow millennials to digitally transfer funds while simultaneously engaging with friends within popular social networks like Facebook and Snapchat. WILL EMV DRIVE NFC ADOPTION? Apple recently jumped on the bandwagon, entering a discussion with U.S. banks about peer-to-peer solutions. With Venmo accounting for 19% of p2p payments and gaining popularity among millennials, Apple’s interest comes as no surprise. Given their decision to work directly with banks, Apple is encouraging more rapid mainstream adoption of payments technology. This bold move will likely inspire other key players to further innovate their own solution. An early adopter of NFC technology, Apple’s peer-to-peer solution would likely
dovetail with existing, complementary payments technologies, like Apple Pay, resulting in a single, seamless mobile payments solution. The issue for NFC providers like Apple and Google has been not only merchant acceptance, but user adoption. The rise of EMV is teaching consumers to transact in a new way. In addition to exchanging swiping for dipping, EMV technology provides shoppers with an extra level of security, allowing them to shop with ease. After a tumultuous year of data breaches, it’s essential that both merchants and consumers alike realize the value of encryption. However, EMV transactions may sometimes prove cumbersome, creating experiences that are slow, confusing, or prohibitive in high transaction environments. Such obstacles may lead users to direct their attention towards NFC, in favor of more seamless experiences. By the end of 2016, NFC adoption will likely see significant traction. BITCOIN Over the last few years, there’s been a lot of buzz over the rise of cryptocurrency and whether it will see increased adoption. Since its inception in 2009, bitcoin has been a viable contender, but conversion has been an uphill battle. Last year, Goldman Sachs reported that while 22% of US millennials had used bitcoin in the past (and intended to do so again), 51% had never used the technology, nor did they have plans to do so. According to data from Accenture, affluent consumers are most likely to embrace bitcoin transactions, with 32% expecting to use them by 2020. While it’s unlikely 2016 will spur mass adoption, the industry is continuing to move forward. This past November, Coinbase issued a mainstream debit card to encourage bitcoin spending. Approved in 25 states, the card aims to increase every day transactions and attract new customers to the digital realm. In the next 12 months, bitcoin and other cryptocurrencies will continue to make headlines and, slowly, educate consumers about emerging forms of payments.
BEACON TECHNOLOGY In the last few years, marketers have seen the tangible value of personalization and have worked to implement unique customer experiences into the purchase cycle. Beacon technology, in particular, has played a significant role, helping retailers increase sales and create compelling offers in-store. Approximately 71% cite the ability to track and understand browsing and buying patterns as a key advantage. Another 65% has seen success targeting customers to specific aisles, while 59% note customers were more engaged instore. But while beacons are a frequent presence among big box retailers and established brands, set to fuel $44.4 billion in-store retail sales in 2016, they’re not yet on the radar for many small business owners. According to eMarketer, 35% of small-to-mid-size merchants plan on investing in data-supported marketing by the end of 2016, with 34% looking to implement beacon. When examining the payments space, such growth trajectory makes sense. 2015 was a big year for technology, bombarding merchants with changing EMV liabilities and the expansion of Apple Pay. In all likelihood, the majority of business owners will be familiarizing with these technologies before looking towards beacon adoption, but as we tread closer to 2017, implementation may begin to rise. By keeping 2015’s most significant innovations in mind, small business owners can best prepare for the exciting advancements 2016 will bring. Looking towards the past helps inform the direction of the future, allowing merchants to make investments that make the most sense for their companies. By adopting emerging technologies and reading up on trends to come, independent merchants can ensure the new year will be a bright one.
Payment Quarterly | Q1 2016
25
E-COMMERCE
BRIDGING
OF EMV THE GAP IN 2016
T
he year 2015 has passed us by and left our industry with one of the largest changeovers in recent memory. As you read this article, tens of thousands of US-Based Point of Sale retailers will have transitioned to EMV while an almost equal number will follow. For many of us, it will be hard to take our eye off of EMV’s implementation given the myriad effects it will have on our industry. EMV’s impact is certainly worth observing – and I’ll provide a few of my perspectives below – but I see two additional oncoming developments worth watching in 2016. THE EMV BLOWBACK: CNP FRAUD First, let’s consider EMV and 2016. While POS retailers spent the New Year celebrating EMV, Card Not Present merchants are bracing themselves for an onslaught of fraud as criminals turn their attentions toward CNP and telephone channels. Based on other counties’ experience, we can expect to see increases in CNP fraud while POS numbers reduce. Criminals aren’t always hard workers and will most likely focus on CNP as they will consider it to be the weakest link. According to Aite Group research, CNP fraud is expected to more than double from $2.8 billion to more than $6.3 billion by 2018. Expect to see regulatory intervention as numbers begin to climb. In the meantime, we can expect to see CNP merchants strengthen their risk management in order to counter the oncoming attack. By year’s end, we’ll see that the best fraud prevention strategy is a multifaceted operation that enables merchants to manage multiple anti-fraud tools in real-time. Each merchant action should be based on
26
Payment Quarterly | Q1 2016
analytics provided by fluid data points and back-end feedback loops. This year’s winners will be merchants who deploy post billing chargeback notifications. More than fifty percent of cardholders avoid contacting the merchant when disputing a charge and instead report directly to their issuing bank. 2016 will see broader acceptance of post billing chargeback notification platforms that enables near real-time collaboration for both fraud and non-fraud chargeback disputes. By integrating directly with card issuers and redirecting disputes from the issuer to the merchant for resolution, disputes can be resolved before they escalate and become chargebacks. This solution will enable everyone to win as merchants avoid costly fees, fines or penalties while Issuers experience lower operating expenses while supporting cardholder satisfaction through timely resolution. THE INTERNET OF THINGS, DRIVING M&A In the recent past, we have seen a transformation take place as all things physical seem to enter into the digital realm. The next wave in technology – and in payments – will be a transition in the opposite direction as all things digital infiltrates the physical objects surrounding us. This is the era of the Internet of Things, where everyday objects become interconnected, sending and receiving data from anywhere and everywhere. According to McKinsey & Company research, the Internet of Things could have a financial impact of $11.1 trillion per year by 2025. According to a recent review of global M&A activity by EY, the biggest deals in terms of money exchanged
By: Matthew Katz Founder & CEO Verifi were driven by the Internet of Things, data analytics and payment service technologies. We should expect to see more companies pursue and acquire the technology to monetize their assets now that those assets (or “things) are now creating revenue. CROSS BORDER GROWTH, THANKS TO MOBILE Expect to see cross border selling continue expanding as merchants focus on emerging markets to sell their goods and services. We’ve seen several innovative alternative payment methods come about – especially in the developing and emerging worlds – but credit cards will remain the globally preferred payment method for ecommerce transactions for many years to come thanks to integration into mobile payments. CNP payments are accepted worldwide and can be paid from multiple devices. Expect to see mobile ecommerce attract greater attention this year as merchants realize that a majority of their sales may be coming from consumers’ pocket devices and not their presence in a brick-and-mortar store. According to Aite Group, online payment will continue to supplant traditional POS at both retail and ecommerce. Look for a few break-out merchants to read the writing on the wall and make greater accommodation for mobile payment and commerce. Mobile will grant merchants greater personal communication channels with consumers. The first to combine a trusted payment platform with ease-ofuse will be among 2016’s winners.
Fast and Free Delivery: A Consumer Victory
O
nline shopping is a great thing; having access to goods and services that might not readily be found where one lives, often at better prices, and being able to shop at any time of the day or night is a hard proposition to pass up. One major problem with online shopping, though, was shipping; raised prices and lengthy delays left many shoppers frustrated. This led to demands of fast, free delivery, and these are demands being heard by retailers in many corners. Amazon Prime is leading the way on this, with two-day shipping now available on many items, that wait for a purchased good to arrive at the home is falling through the floor. With Amazon setting the bar, other retailers must match it or risk losing sales to the popular online merchant.
Users’ definitions of fast are falling to match; 90 percent of shoppers in a Deloitte study consider “fast” delivery as anything two days or less, including “two-day,” “next-day,” and “same-day.” Sixty-three percent are more forgiving, giving “fast” nods to “three-day” and “four-day” shipping. Only 18 percent call five-to-seven day shipping “fast.” There isn’t even much of a premium attached to this; while most would pay a maximum of $5.10 for sameday shipping, 25 percent would pay not a penny extra for such speed. This is leading to a variety of response countermeasures; some businesses are expanding ship-to-store operations to allow for faster pickup, or establishing more shipping locations. In the end, this is actually a great development for online vendors; Amazon’s forcing of everyone’s hand
requires the online retailers to actively work to ruin what was pretty much brick-and-mortar’s final saving grace: immediacy. A brick-and-mortar store-purchased item can be taken home immediately, something even Amazon Prime can’t match…at least, not yet. The growth of Amazon’s drone delivery systems might change that, and force others to adjust to match. It’s a lot of change in a fairly short time frame, and society is left struggling to keep up. Will we soon be looking at a shopping field dominated by online vendors and mobile payments? What will the net impact on jobs be? We’ll see what it looks like before too much longer has passed, though, and the only way to prepare for it seems to be to struggle to keep up.
Venmo Back With a Vengeance, Targets In-App Purchases
N
ot so long ago, when many thought of Venmo, usually either confusion or memory of its security issues came readily to mind. Venmo has been working very hard to change that, though, and now is making a move on the majors by bringing in-app purchases to its roster of services in a service called Pay With Venmo. Right now, Pay With Venmo’s connection to the in-app payment market is a bit limited, with agreements in place only for Gametime, a sports ticket vendor, and Munchery, a food delivery system. With the agreements, users can pay for Gametime and Munchery’s goods and services directly from the app, using the payment data that’s been stored in Venmo to complete the transaction.
Additionally, the Pay With Venmo service can only be used by certain iOS users for now, but the company’s general manager Michael Vaughan notes that the service will make the jump to Android devices not too far down the line. Venmo should have an edge on future development here thanks to its PayPal connection, and the connection with mobile payments processor Braintree. Indeed, reports note an earnings call back in November where PayPal noted that Venmo should be usable by any app that can use PayPal fairly soon, meaning more Pay With Venmo services should be online in fairly short order. Good news for Venmo, of course, news that it could use going into such an exchange. Venmo is a comparative unknown against the major players in this field, Android Pay and Apple Pay.
By Steven Anderson
By: Steven Anderson
Given that both were looking, to some extent, to take on the in-app payments field, Venmo will need some help getting users interested in its service when two major names are available instead. The PayPal / Braintree connection will certainly help, but it’s still likely to be an uphill slog for Venmo. Bucking those earlier concerns about its security will likely also be a job that needs doing. Uphill, maybe, but not impossible; Venmo will have a fight on its hands getting into this market, but the potential reward is enormous, and worth chasing.
Payment Quarterly | Q1 2016
27
E-COMMERCE
By: Ruston Miles Chief Innovation Officer, Founder Bluefin Payment Systems
I
f 2015 was the year of EMV in the U.S., it seems only fair that 2016 should be the year of its complementary technologies – tokenization and point-to-point encryption (P2PE). Throughout 2015, the extraordinary focus on EMV in the media and elsewhere has sucked the oxygen out of any discussion of the pan-industry Payments Security Taskforce (PST) “secure-all-channels” strategy, of which EMV implementation is but one of three technological elements. Yet this strategy, implemented holistically, is the key to ending the “data breach era”. Whether 2016 can mark the beginning of a new era in payments security depends on a few things happening in the year to come As EMV adoption gathers pace,
28
Payment Quarterly | Q1 2016
we can expect stragglers - indeed gas stations have until 2017 to adopt chip technology. Nevertheless, as chip card use becomes ever more widespread and embedded, we can expect domestic counterfeit fraud to decrease and, to some degree (depending on the authentication protocols set by the issuing banks), lost or stolen card fraud to do likewise. We can expect this to be a relatively shallow but notable upward curve toward the end of the year. Meanwhile, as criminals are thwarted in these areas, they will turn to other areas of perceived weakness in the payments system; for example, card not present (CNP) fraud is expected to increase and merchant systems will be subject to renewed attacks. Reacting to this, and able to turn their attention and resources from EMV, merchants will begin to focus more on securing the data within their systems, through tokenization, which protects data at rest and P2PE, which protects data in transit, particularly at the Point-of-Sale. Protecting the Point-of-Sale is extremely important. Nearly all of the high-profile data breaches of recent years have been a consequence of a criminal attack using Point-of-Sale Malware and the Federal Bureau of Investigation (FBI) continues to warn
regularly of new forms of Malware, usually with exotic names, like Punkey or MalomPOS. We can expect these warnings, and indeed, data breaches to continue in 2016. Further to this, we can expect industries previously untroubled by the hackers to suffer. In late 2015, we saw an increase in attacks on hotels and hospitality management businesses. It is likely that we will also see medical practices and charities targeted, alongside universities where criminals have had considerable success. In the face of renewed attacks, we can expect merchants to focus more on P2PE to protect the Point-of-Sale. In fact, some merchants simply need to activate technology that they already have in place (it is one of the ironies of the Home Depot data breach that, according to an article in the Wall Street Journal, the Malware involved would have been defeated if existing P2PE systems at the Point-of-Sale had been turned on at the time). An increasing realization among merchants that the data breach challenge has to be addressed and that EMV has barely a walk-on role in doing so, will increase demand for P2PE, particularly given unprecedented steps taken in 2015 by the Payment Cards Industry Security Standards Council
(PCI SSC) to incentivize adoption. The updated PCI SSC P2PE standard, released in late 2015, means merchants in 2016 will have a much simpler task adopting PCI-validated P2PE solutions than they would have a year ago. P2PE 2.0, as the updated standard is known, is intended to make merchant and processor adoption more “user-friendly” and was developed in response to requests asking for more flexibility. I, along with many of my colleagues, think that this new streamlined standard has made a good technology excellent. PCI SSC’s Version 1.0 of the P2PE Standard set the bar extremely high. The P2PE Assessors were strict to the standard, and getting through nearly 1,000 requirements covering areas of security and logistics foreign to payment processors was a significant challenge. For example, my company, Bluefin, spent nearly two years and $2 million dollars becoming the first PCI-validated P2PE Solution in North America. For this reason, the first P2PE Standard was called the “gold standard” by some, but held up as unattainable by others. Some processors spent a year trying to comply only to decide that it was not possible to validate their inmarket encryption solutions. Understanding that a standard is only as effective as its adoption, PCI SSC gathered feedback which would allow them to create a 2.0 version that would increase ease of adoption without watering down the protections in it. The updates allow, for the first time, merchants adopting P2PE to partner with other companies that offer validated components without having to have the entire solution re-audited. Significantly, merchants can now also create and manage their own P2PE Solutions, mitigating concerns about processor lock-in – a situation in which processor ownership of encryption/ decryption keys effectively stops a merchant leaving their processor for a better deal. Merchants can also create and manage their own P2PE Solutions or choose from various P2PE Solution Components, in the same way that processors can. These updates save merchant’s time and money, and
greatly reduce complexity. These are groundbreaking changes that will surely spur adoption. So the new standard is good for merchants and good for consumers. If it works as I expect it to and spurs adoption of P2PE technology in 2016, I think we will also see a concurrent increase in levels of confidence in PCI validation. Merchants seeking the very best payments security protections will be able to pick from the PCI list of approved solutions confident in the protections they will be gaining. This may well be helped along by the card networks. In 2015 Visa extended its Technology Innovation Program (TIP) to merchants that implement validated P2PE technology. This program, originally intended to spur EMV adoption, provides a Visa endorsed qualification to adopters which spares them the PCI validation process, further saving time, effort and money. It is likely that the other card networks will follow suit in 2016, increasing the ease of adoption that is so highly valued by merchants. With these changes in train, and P2PE adoption increasing apace, it is possible, even likely, that 2016 will see the first reports of POS Malware being effectively fought off, as Malware is discovered in some national retailer’s Point-of-Sale system, with only worthless data devalued by P2PE available to the criminals. Meanwhile, on Capitol Hill and in
state legislatures around the country, we can expect policymakers to lag behind merchants and the payment industry in appreciating the differences between counterfeit fraud protection (EMV) and payment data protection (tokenization and P2PE). This, I predict, will continue to lead to confusion as EMV and even tokenization are over-emphasized in relation to P2PE which policymakers will be slow to recognize as the primary defense against the primary attack vector. We may however, see some policymakers to look at what Mexico’s Government has done by requiring P2PE and consider such a move in the US. It is my hope as the dust settles around EMV implementation, chip technology will be seen in its proper context – as a single leg of a threelegged stool of technologies. Among these, P2PE is emerging as the killer app for the scourge of data breachcausing POS Malware. Increased adoption of EMV, widespread use of tokenization and rapid deployment of validated P2PE, all underpinned by robust standard setting and enhanced law enforcement add up to a strategy that will provide consumers with the very best protections. In the coming months, if this strategy is implemented as I hope it will be, it will give us a very good chance of establishing 2016 as the year in history in which the payments industry gained a lasting upper hand over the criminals.
Payment Quarterly | Q1 2016
29
MOBILE WALLET VENTURE OUT! WARS
!
T OU
nt e T gm rly e N s e E t l V ar cia u e sp tQ n a e 足is m st y o o a t P m d e e of t h gt ica ps n d i u e t t d ar gh i t l s h ive hig t nts a e v o aym inn p he t y. in : r s t s p u tu r ind a t
E R U
d ure
S
at le e k F n li C p Cli ts by ry a to Tre ven s op uck h S nb ht e Op Flig rd Ca 30
Payment Quarterly | Q1 2016
CLIP
American Express has backed a rising star in the Mexican fintech scene known as Clip. The startup was founded by former Paypal employees and recently finished a significant capital raising round. Mexico has received particular attention as of late in the fintech scene as American companies continue their expansion into Mexico. Adolfo Babatz and Vilash Poovala, two former PayPal employees, founded clip in 2013. The service is similar to its American counterpart square, in that it allows merchants to accept credit card and online payments through a standardized system. Like Square, Clip offers a point of sale terminal for merchants to accept payments in a number
of ways. Also like other fintech startups, Clip offers competitive fees and rates for its clients by utilizing innovative online and financial services. American Express showed interested in Clip after the Mexican startup completed an $8 million Series A funding round, one of the country’s largest. American Express already dominates the payment systems industry in Mexico, with up to 30 percent of payment volumes passing through it. Clip projects up to 11 million businesses that could potentially utilize its services, but as Mexico’s economy continues to climb, that number of potential merchants should increase significantly.
Payment Quarterly | Q1 2016
31
VENTURE OUT!
VENTURE OUT!
SHOPVENTORY
TREATS BY CLINKLE
Already about five years old give or take, Clinkle is making strides in modernizing how people transact. They have gotten down to business by enabling their mobile wallet for daily transactions across numerous college campuses throughout the United States. They boast a mobile wallet experience that consumers can really engage with, as well as a seamless and convenient format to boot. By connecting users through a highly operable network of buyers and sellers, Clinkle is setting itself apart. In addition, they offer rewards to users in which they can share via social features. Treats by Clinkle was founded by Lucas Duplan, and began as a small pocket of college students with big plans in mind. They received $25 million in seed funding back in 2013 and have been gaining traction ever-since. Going live with real money nearly two years ago to just a few employees and friends/family, Treats has been looking up ever since, catering their name and logo to fit more millennial preferences.
32
Payment Quarterly | Q1 2016
Shopventory provides simple inventory management and business analytics for the upcoming generation of mobile POS. They operate through the two major preferred payment processing systems: Square and PayPal. Shopventory is in the business of making retailers lives easier by providing a state-of-the-art management system that allows users to keep tabs on stock levels and inventory usage on demand. In addition, Shopventory’s functionality allows for the analysis of sales patterns for the purpose of increasing sales. The company started in modest form as a solution for some small retail stores in San Diego, CA. In that endeavor, they realized that small businesses using Square were experiencing a great deal of hassle and time consumption in managing their inventory. During their time in the beginning stages, they began to realize what makes for a seamless inventory management system, and began expanding from the initial small San Diego storefronts. Shopventory also brought forth a way for small business owners to add more visibility to other aspects of their business through the convenience of a mobile app called “Thrive.”
CARDFLIGHT
OPENBUCKS
Openbucks is an internet company based in the Silicon Valley, and is a heaven sent for those pre-teen/early teen-aged kids who are chalk full of gift cards, and have yet to establish themselves as highly versed bankers. Openbucks has partnered with major companies such as Subway, CVS Pharmacy, Sports Authority, Burger King, Dollar General, Shell Oil Company, and Circle K to connect gift card bearing customers to their favorite products. Founded back in 2010 by their current CEO Marc Rochman, the main functionality of Openbucks revolves around the ability to allow people who do not own credit cards or bank accounts to pay via online platforms with cash. This means that if you purchase a gift card from participating retail stores you can chose to use it to pay online via websites that have Openbucks as a valid payment option. Openbucks’ most frequent customers, as expected, are teens who struggle with online payments. It is a solution for all of those kids who wish to purchase an item they found online; yet lack the payment tool to actually make the transaction. With their cash and gift cards, Openbucks allows these “under-banked” teens to pay on an Openbucks approved site.
CardFlight is one of the leading providers of tools and technology to aid merchants in accepting in-person credit card payments on Android and iOS devices. CardFlight offers developer tools and software developer essentials that allow retailers to effortlessly build their own custom POS software. The company also offers Swipe Simple, a turnkey mobile app that helps banks and merchant service providers offer a mobile POS solution to their users. They do so without having to build their own version of the necessary technology from the ground-up. CardFlight’s platform is equipped with encrypted card scanners and boasts a PCI Level 1 compliant payment gateway that has the ability to support over twenty different payment processors, to make available complete mobile payments and mobile POS solutions to clients.
Payment Quarterly | Q1 2016
33
MERCHANT SOLUTIONS MERCHANT SOLUTIONS
THE FUTURE OF PAYMENTS? it’s all about the friction, baby.
T
By: Healey Cypher CEO and Co-Founder Oak Labs
his may be an incredibly obvious statement, but retail is nothing without payment. In fact, every ounce of effort put into any channel of commerce, from native mobile applications to interactive mirrors to traditional cash-wraps, is trying gently (okay...aggressively) to guide the consumer to a point of purchase. As such, the payment experience has become a deeply integral part of customer experience. And it’s at constant tension with itself. Consumers want payment to be easy. Retailers, actually, want payment to be easy too. But BOTH need it to be secure. And security tends to introduce additional steps, or: you guessed it, friction. For everyone.
34
Payment Quarterly | Q1 2016
But before I jump into the concept of the “net friction effect” (an idea my friend Albert Vita from The Home Depot coined), let’s dispel a myth. It’s a myth about data. A common narrative in e-commerce is that data online is superior to that of “offline.” And it’s patently incorrect. Online collects a series of binary signals and tries to determine relevance and insight from it. The physical world (does the word “offline” even exist anymore?) contains all the nuanced micro-interactions that truly provide insight into a customer’s preference. The problem with brick-andmortar is this data has been historically lost. As an example, someone walks into a fitting room with 7 items and only buys 3. Those four items are incredible indicators of intent. That data that has not been captured historically (until recently), I call that lost “ghost data” and it’s being lost every day. The new generation of retail will not allow for this. In the online world, this consumer funnel is thought of as “sessions”: tracking every consumer’s steps as they journey from the landing page to product page, from product page to cart, and from cart to purchase. We track the “drop-off’ between every step and prioritize opportunities for technical investment to reduce dropoff points. This usually means reducing friction between steps. As an example, large online retailers spend millions of dollars shaving milliseconds from the loading time of product pages because it can return millions of dollars of lift. Milliseconds for millions. Crazy. The “session” metaphor applies to the physical store in the absolute same way. When you walk into a store, it’s effectively like entering a “landing page.” You either want to find something specific (search) or want to be inspired (browse). As you browse the visual merchandising, you’re cruising past product pages. Take them to the fitting room? That’s like a cart. Checkout, is checkout. Finding the drop-off points in the physical journey is paramount for the future of retail where customers are conditioned, almost daily, via their connectivity to want experiences to be fast, and robust, and intelligent, and beautiful.
Drop-off points in physical stores are just, if not more, poignant than online. For example, 65% of shoppers will not ask for help to find an item in a different size if they don’t see it out on the floor. If customers perceive a line at a register to be over 7 minutes long, 79% will abandon (Checkout). And likewise, when you get a customer into a fitting room, the chance they purchase goes up tremendously - upwards of 60% (Cart). What does this have to do with payments? Paying is the SINGLE biggest point of friction that can lose the sale... and at the moment when the customer has the strongest indication of intent: they’ve got an item in-hand, and are waiting in line. Reducing friction during checkout is a universal sure-win. A single investment that has proven regardless of almost any vertical within retail to produce returns. A national grocery chain introduced queue distribution into their stores and reduced the checkout “wait” time from 5-7 minutes to 2-3 minutes. They saw a 9% lift in sales. Insane. And while there are definitely cultural nuances to this rule (e.g. Japan’s retail ritual around payment + the need for companies like, say, Cartier, to brand the checkout moment with a highly personal experience that can take, well, tens of minutes), there is one universal truth with payment that spans from fast-fashion to the ultra-luxurious: no one likes to wait. If you can make experiences able to match the exact pace of the customer (read: as quickly as they want), they will be happier. Guaranteed. And they’ll buy more. The idea of “net friction” centers around the concept that introducing new technology (e.g. self checkout kiosks) can sometimes cause a new, different type of friction that doesn’t necessarily improve the ultimate experience (e.g. non-obvious user interfaces that REQUIRE you to have an associate help you through it). And this is where we get to the challenge specific to payment: balancing the need for security, and friction. And from self-checkout kiosks, to mPOS line-busting, to autonomous checkout - this has clearly been an industry focus because there is this universal, almost
visceral, need to expedite the checkout experience. An example of net friction going down: Apple Pay, when implemented well, is incredibly easy. When sitting in an NYC taxi writing emails and texting, it’s a mere motion of my hand and my phone has intelligently converted into my wallet - a fingerprint later and I’m out of there. The alternative requires pulling your wallet out that you’re sitting on, sifting through creditcards/cash, signing the paper... Awful. BUT, when Apple Pay isn’t implemented to its full intent - it can actually be MORE painful than a normal plastic card if you have to confirm, accept, and sign after you’ve used your thumbprint. This has happened as my local grocery store countless times. So how do we reduce the net-friction score for payment? Loyalty could be a big part of the solution. The more verified, historical data a retailer has about a customer’s behavior, the more easily one can make the payment, for lack of a better word, invisible. Your BusinessWeek subscription. Dinners at a hotel. Uber. There’s something beautiful about allowing the experience to be about the experience and not about the payment at the end. When dining, on average people spend 20% of their time waiting for and paying the bill...a buzz kill for the customer that expensively slows down table-turnaround time for the restaurant. So how can we create experiences with pre-authorization (effectively my examples above) that can make payment invisible... and how does that complicate things? As always, the tension between simplicity and security persists. And while you’re thinking through the balance of security and ease, it’s prudent to be cognizant that with any new solution - from self checkout to mPOS, there are very real challenges beyond the technology itself. Consistent across every innovation project in retail, there are a few pitfalls that most will come up against: INFRASTRUCTURE The most basic, foundational component - connectivity- is a common failure point. Everything from network configuration and firewalls to quality of
Payment Quarterly | Q1 2016
35
MERCHANT SOLUTIONS
wifi can make or break your solution. Add the security requirements that come along with payments, like the necessary separation from external internet access, and getting infrastructure right may take as much work as the core product development itself. Definitely don’t “assume” this will work itself out. OPERATIONS If the retail store associates don’t love it, it will fail. Something I’ve witnessed time and again is how much associates LOVE technology that helps them achieve their goals more easily... and conversely, how quickly they abandon or work-around technology that doesn’t. If the internet is slow, or it feels like too many extra steps, or if it’s not in-line with the culture of the staff, your tech innovation will not be
embraced or implemented. TIME HORIZON And finally - the kicker: you’ve got to give your tech enough time to get it right. Launch is no small feat - you secured budget, assembled a team, created a steering committee, validated, customer-tested, piloted – feels like you could have built a space shuttle by now. But launch is just the beginning. You must treat your in-store payment tech like a first version. Constantly challenge yourself and your team not to rest on your laurels but to continue creating & improving. I’ve seen countless big “flagship” launches followed by brands resting on those laurels for years and eventually being surpassed by competitors. In closing, we all see retail changing more in the next five years than the
last twenty. Payments will be a central part of this transformation, especially as consumer expectation continues to accelerate. It’s our task to fastidiously work to make payments as frictionfree as possible while doing the most important thing of all: letting the customer focus on the products, services, and experiences they’re (invisibly?) paying for.
A LOOK AT THE NEXT FRONTIER OF DIGITAL PAYMENTS
T
By: Hope Nieman Chief Marketing Officer Tillster, Inc.
36
Payment Quarterly | Q1 2016
he upcoming year will mark an interesting shift in the increasingly crowded space of mobile payments – away from the enablement of digital wallets and into a phase in which companies look for ways to create less friction by introducing features that provide consumers with meaningful benefits. According to Deloitte’s recent Global Mobile Consumer Survey, only five percent of U.S. shoppers make in-store mobile payments each week, despite electronic technology – especially mobile – moving into an age in which consumers are always connected. Moreover, a recent survey by TechnologyAdvice.com reported that 80 percent of respondents expressed a greater likelihood to shop at locations that offer loyalty programs, presenting an opportunity for brands to attract more consumers by combining convenience and rewards. As such, brands may be able to attract more consumers to embrace digital payments by integrating
payments with affinity programs, delivering visible savings through loyalty programs, coupons or other personalized incentives that can be instantly capitalized on through a seamless digital checkout. For example, brands can incorporate bonus points with mobile payment to increase the frequency of visits among guests who have combined these two elements. Millennials in particular stand to benefit from improved financial technology despite their meager disposable income. According to U.S. News & World Report, they often use digital tools to help manage their funds. Money management programs, like easy-to-use payment apps and loyalty clubs, provide benefits to consumers that make life easier. Such benefits can be as simple as offering easier money management software, reducing the number of clicks to receive both loyalty and payments, and reducing payment wait time at restaurants. In particular, the restaurant industry
faces unique challenges in encouraging customers to change the way they pay for food. The current obstacles preventing greater adoption of digital payments in this industry include: TOO MANY STEPS Restaurants with digital payment options often require consumers to take incremental steps in order to place and complete their order such as, needing to set up user accounts and sign-in through secondary logins. These cumbersome processes create unfriendly experiences that discourage consumers from embracing digital payments. ADDITIONAL HARDWARE As the presence of digital payments has developed, so has the need for additional hardware. For example, many payment digital tools require readers, adding a level of inconvenience and cost to restaurant operators. Additionally, they also only work when the restaurant has the guest at the counter, which is not the case with pick-up from curb-side service. As a result, brands with franchisees are often unwilling to mandate hardware because incremental benefit is not immediately felt by the broad group of franchisees. DIFFICULT INTEGRATION Many brands are in a multi-POS eco-system. Each POS has peculiarities to it, which can affect the consumer flow, especially when coupled with loyalty and other components. More importantly however, the cost to integrate and maintain the various systems can be expensive and brands are often left without a clear ROI model, as one is not always available in the short term. INEFFECTIVE PROMOTION OF BENEFITS Restaurant operators also struggle to easily and clearly illustrate the benefits of adapting digital branded technology, sometimes failing to deliver any benefits at all. Pay only technology is tougher to communicate to guests and requires training of staff, many of whom are not long term employees. In addition,
some of these solutions take away from the opportunity to provide personalized service to consumers, something that many branded concepts find important. SO WHAT’S NEW AND WHAT CAN WE EXPECT IN 2016? A unified mobile application that houses all branded elements, but in particular, allows restaurant guests to view their check and pay the bill with one touch as soon as they are ready to leave. CONSUMER BENEFITS The payment process is reduced to one step, pulling up the bill on a mobile phone or tablet (which can be accomplished with beacon technology) and clicking “pay.” Guests will no longer have to wait to flag a server, be issued the check, and have the server take away the form of payment, bring it back, and then take it away again. RESTAURANT BENEFITS Saving time on obtaining payment from consumers will allow restaurants to turn table fasters, getting in another half or full seating out of busy timeframes. The wait staff can then focus on higher value activities like upselling, guest engagement and actual serving. GUEST ENGAGEMENT BENEFITS Not only is the seated guest benefiting from digital payments, so are customers waiting to be seated as they will experience shorter wait times, making them more likely to come back and feel better about the overall restaurant experience. This way, restaurants can provide a real consumer benefit without solely depending on discounts or other margin reducing programs. By creating experiences that deliver harder to come by benefits, like time, the guest has a far better and longer lasting relationship with the brand MARKETING AND OTHER LEADERSHIP BENEFITS Marketing and leadership brand teams can then have access to digital data – how often customers return,
what they buy during each visit and how long they stay – to more effectively understand their guests. This data will help marketing teams in attracting higher value customers by creating programs and opportunities to retain and more deeply engage with customers. This will result in greater odds of increasing wallet share. The above also helps in creating brand messaging and opportunities. By placing pay at the table in a unified application, guests have a one-stop-shop for all things with respect to the brand, including loyalty programs and even check-in and wait list. This enables easy messaging and engagement and while it is easy for the guest to self-identify to the server, technology like beacons can also be used to find the guest with the app preloaded and prompt with the benefit of on the spot payment. Apps like this one can also be agnostic to what form of payment the guest chooses to preselect, no different than what they do today, but with some additional options, as they would be prepopulated. LOOKING AHEAD In 2016, the digital payments industry will evolve beyond an increased number of ways to pay digitally and self-serving models to take transactions. Industry leaders will need to work creatively with developers and brands to understand consumers’ motivations, mindsets, friction points, and advantages in order to craft experiences that change behaviors while remaining cohesive for users.
Payment Quarterly | Q1 2016
37
MERCHANT SOLUTIONS
9
PAYMENT SECURITY TIPS FOR 2016 - AND BEYOND PRACTICE VIGILANCE SMBs need to keep detailed records of all sales transactions, including the date, time, and names of employees involved in sales. Contact information for customers should also be recorded, if possible. Detailed notes will become invaluable if a data breach does occur.
By: Paul Bridgewater CEO Sage Payment Solutions
T
his year brings a lot of opportunity for small and medium businesses (SMBs). The International Monetary Fund (IMF) expects world economic growth for 2016 to be somewhere around 3.6 percent – higher than the predicted 2015 growth of 3.1 percent. It’s great news for SMBs, however, amidst the positive backdrop, lurks the negative threat posed by the hackers and cyber criminals that prey on them. According to a 2014 Gallup poll, Americans’ number one crime worry is hackers stealing credit card information. With more than 4,000 cyber attacks happening daily and nearly half (47 percent) of the world’s card fraud occurring in the U.S., SMBs are rightfully worried. SMBs can’t ignore the fact that, in many ways, they’re an easier and more alluring target than big-box stores for a cyber attack. In fact, one study notes that one in five SMBs will fall victim to a cyber criminal. With the variety of payment options available to customers, the growth of mobile purchases, and the increased sophistication of cyber attacks, SMBs must take extra precautions to ensure their customers’ data is protected from all angles. Customers need to know their personal information will be kept safe when they make a purchase. Here are nine recommendations that all SMBs should follow as they make shoring up their payment security practices a top business resolution for 2016.
38
Payment Quarterly | Q1 2016
ACT FAST In the event of a data breach, SMBs need to get to work right away to determine the cause of the breach and implement solutions. If businesses have taken detailed records, their notes will help them determine exactly when the breach occurred, allowing them to immediately take the necessary actions to fix the situation and alert affected customers.
COMMUNICATE TO CUSTOMERS A Bizrate Insights study from earlier this year found that more than two-thirds of buyers who are worried about data security feel more confident making online purchases when a well-known trust symbol is visible. An SMB should tell customers about the precautions their business is taking to protect personal information. Communication, especially when it comes to data security, can go a long way to boosting customer confidence.
TRAIN EMPLOYEES Employees are the eyes and ears of a business. SMBs should train their employees on their payment processing program so they’ll be able to detect when something doesn’t seem right. Proper training can help prevent internal problems as well as external threats. SMBs should consider having employees complete a payment checklist each time a purchase is made. The checklist should verify that address verification (AVS) is a match; confirm the 3-digit CVV security code; and ship to the AVS-verified cardholder billing address
PAY SPECIAL ATTENTION TO ONLINE ORDERS When a card isn’t present at the point of sale (POS), such as during an over-the-phone or online order, the transaction is inherently riskier. SMBs should be more on the look-out for possible fraud if any of the following occur:
•
Order is larger than normal
•
Order includes several of the same item
•
Items are being shipped to an international address
•
Transactions include similar account numbers
•
Transactions are placed using multiple credit cards
•
Multiple transactions are placed on one credit card during a short time period
•
Sales are processed through the Deaf Relay System
•
Cardholder asks for Wires or funds through a money transfer service, such as Western Union
Image credit: USDAgov
DON’T SLACK ON COMPLIANCE SMBs need to ensure their software is updated and their businesses’ payment security programs are compliant with the Payment Card Industry (PCI) Security Standards Council. (New PCI regulations came out earlier this year and SMBs can find out more about them on the PCI Security Standards Council site.) An SMB’s software should also be certified by the Payment Application Data Security Standard (PA-DSS).
USE END-TO-END ENCRYPTION Encryption is one of the best protectors SMBs can use to keep importation information from getting into the wrong hands. When sending sensitive information from one device to another, encryption is especially important because it ensures the data is scrambled before transmission.
GET EDUCATED ON EMV The SMB Technology Adoption Index for fourth quarter 2015 indicates a possible education gap about the risks businesses take when they don’t implement Europay, MasterCard and Visa (EMV) technology. While 38 percent of small and medium business-to-consumer (B2C) companies and 25 percent of small and medium businessto-business (B2B) companies are adopting EMV technology, 64 percent of SMB respondent to the Index survey claim they have no plans to do so. EMV readers are something every business should, at least, consider. Traditional credit and debit cards are prime targets for the bad guys because the data they store doesn’t change. Conversely, the data held in the chip in EMV cards changes each time the card is used to add an additional layer of security. SMBs need to understand that banks and card issuers are no longer automatically responsible if a stolen, counterfeit or compromised card is used. Liability in card-present transactions has shifted to the party with the lowest level of EMV technology – and that could very well be them, the merchant.
DON’T KEEP CREDIT CARD INFORMATION SMBs should know that storing credit card numbers at their business site or on their software is a breach waiting to happen. They shouldn’t rely on data security to be completely safe. If an SMB isn’t storing sensitive credit card data, they’ve already taken a major step toward decreasing their fraud threat level.
Payment Quarterly | Q1 2016
39
MERCHANT SOLUTIONS
ZEROING IN
ON THE DIGITAL EXPERIENCE FOR SHOPPERS By: Dax Dasilva, CEO, Lightspeed POS Shoppers have come to expect a digital experience when shopping in store at big-box retailers and in 2016 they’ll begin to expect the same from local small businesses. It’s time for independent retailers to take full advantage of technology solutions available — and for the payments industry, this shift means a tremendous opportunity to help smaller stores rival the sophistication of global brands. In the new year, we will see successful independent merchants leverage social media as an additional selling channel and adopt strong loyalty programs, all while keeping an ear to the ground for what Generation Z will demand from the shopping experience as it comes of age.
40
Payment Quarterly | Q1 2016
OMNICHANNEL WILL BECOME A NON-NEGOTIABLE: MAIN STREET MOVES ONLINE Consumers have long clung to an outdated idea: while big box retail brands have a robust eCommerce store to match, independent retailers are more of the internet-adverse “mom and pop shop” variety and lack an online presence. This coming year, independent retailers will shed any outdated notions and prove to consumers they’re as tech-forward as their big box competitors. Thanks to a new class of tech tools, online stores are more affordable and easy to build than ever: an omnichannel strategy has become non-negotiable.
SOCIAL GETS SERIOUS Given what we’ve seen from Facebook and Twitter in 2015, it’s easy to say that 2016 will be the year social media tries to take on eCommerce. Facebook is keen on developing itself as the small business owner’s trusty sidekick, with new click-to-buy options, small business concierge messaging apps and the testing of their new “Local Market” feature. This year will be a hugely important time for retailers to get involved in social media eCommerce channels, testing and experimenting as much as they can. In fact, a survey of more than 1,500 independent retailers found 61 percent of independent retailers plan to increase their eCommerce budget in 2016. With 46 percent of those entrepreneurs
planning to up the spend in an effort to increase their visibility, social media will be a key channel for retailers to not only get their names out, but also try their hand at selling through social channels. 2016 WILL NOT BE THE YEAR OF APPLE PAY Consumers are glued to their smartphone screens in-store, but as of October 2015, only 16.5 percent of iPhone 6 users have ever tried Apple Pay. Even among those who have tried it, only about a third (35 percent) reach for their phone before their wallet every chance they get. Will 2016 be the year of Apple Pay? With consumers dragging their feet and only 34 percent of retailers planning to accept Apple Pay by the end of 2016, Apple needs to rethink its strategy. Credit cards offer the advantage of borrowing money for a big purchase, but became the new norm thanks to expertly crafted loyalty programs. The promise of points and miles leads hoards of consumers to instinctively reach for plastic for even smaller purchases on an everyday basis. In order for Apple Pay to make it big in 2016, they’ll need to start thinking more like credit card companies – what kind of loyalty programs will turn Apple Pay from convenience to natural habit? While credit cards and Apple Pay aren’t mutually exclusive, mobile payment providers will still need to think about the incentives that will drive widespread adoption. In 2016, they’ll put some money behind driving adoption in a number of ways, including strategic partnerships with big box and independent retailers alike that will offer discounts in exchange for paying a certain way, or rewards points for customers that choose to pay with Apple Pay. Android Pay has already enabled easy storage of retailers’ loyalty cards, and Google recently partnered with Coca-Cola to allow consumers to earn loyalty points directly through Android Pay vending machine purchases. As retailers develop their own loyalty programs, they’ll look to Apple Pay to follow those examples, offering seamless integration with loyalty programs or certain incentives.
2016 IS ALL ABOUT GETTING READY FOR THE GEN Z SHOPPER In just two and half years, the first wave of Gen Z – people born from the mid 1990s to early 2000s – will graduate college and get their first jobs. Armed with newfound independence and disposable income, their purchasing power is a force to be reckoned with; retailers who want to take advantage will need to start planning now. This generation grew up as digital natives, but the way they view the world and use technology is much different than the that of the generation before them. If retailers don’t already have an omnichannel strategy in place, they’re two steps behind: Gen Z has grown up in a world where the online and offline worlds exist as one, so they’ll expect nothing less from their shopping experience. They’ll expect brands to not only have a social media presence but also provide speedy customer service via social channels. It will no longer be enough to simply have a digital store: Gen Z consumers will prefer to shop brands they can access on any connected device at any time. When it comes to shopping in store, this may be the first generation that never knows a checkout line, as merchants equip their salespeople with iPads and embrace mobile point-of-sale. Understanding Gen Z habits and preferences, and knowing what motivates them, should be top of mind for retailers now. INDEPENDENT RETAILERS WILL PROMOTE LOYALTY THROUGH AMAZON-LIKE SUBSCRIPTION MODELS The world’s largest retailer relies heavily on its Amazon Prime memberships to keep customers coming back time and again. In 2015, we saw the rise of similar brand loyalty programs in the form of subscriptionbased models, like Instacart, Fabletics and Sephora, which have designed membership programs that promise discounts and perks in exchange for an up-front fee. In 2016, we can expect an expansion of upfront fee-based loyalty programs from even smaller retailers. The catch is that those merchants need to be sure the program is profitable – both
IF RETAILERS DON’T ALREADY HAVE AN OMNICHANNEL STRATEGY IN PLACE, THEY’RE TWO STEPS BEHIND.
in terms of bringing in revenue, and as a successful tool to build customer loyalty. Achieving that has been a challenge: data shows just a quarter of independent retailers currently have a loyalty program in place. However, that does not mean entrepreneurs fail to recognize the value of a strong loyalty program, with 30 percent more planning to implement one in 2016. In fact, almost a fifth of those surveyed expect their loyalty program to be one of their top two revenue generators. Providing free shipping is far from free for the retailer, and similar perks that come with the subscription model mean increased overhead cost. Smaller merchants will need to support those programs with sound business management software to ensure they prove to be smart decisions. As technology creates a new consumer experience, shoppers’ expectations for an everyday trip to the store are elevated. Whether via social networks, a wider array of payment options, or an increasingly robust loyalty offering, retailers need to keep pace to stay profitable. As Gen Z consumers flex their buying power retailers need to conceptualize and build toward what the store of 2030 will look like while simultaneously running the store of 2016.
Payment Quarterly | Q1 2016
41
GLOBAL PAYMENTS
By: Jon Lear President, North America Earthport
recent partnership with OnDeck Capital to originate small business loans is a good example of this, just like how at Earthport we’ve partnered with firms like Bank of America to help them scale their cross-border payments solutions. So we’re seeing more and more organizations that would traditionally try to build out a complicated solution themselves becoming open to partnerships with fintech firms like ours.
PQ: What are these firms doing to disrupt the upending banking model?
PQ: What are the major changes expected for 2016 in the cross-border payments industry? LEAR: We expect to see the continued rapid globalization of offerings from existing players across ecommerce, money transfer, global banking and peer-to-peer payments. The demand by companies of all sizes around the globe for new ways to make high volume, low value crossborder payments will also continue to increase, and this is where Earthport comes in. We work with the incumbents on their cross-border solutions, but we are also able to foster innovations from new entrants into the cross-border marketplace. PQ: What major challenges lie ahead for Earthport in 2016? LEAR: We see two primary challenges, which are also big opportunities. The first is how we continue to properly scale and globalize our business to keep pace with the demand for our solution, which is focused on facilitating high volumes of low value cross-border payments for our clients. Five years ago we were a one office, 50-person company and today we are a five office, 200-person company. This rapid growth of course has been in response to the high demand by clients around the world for our specific
42
Payment Quarterly | Q1 2016
solution. Secondly, we expect the strong focus on regulation and compliance to continue around the world in the payments industry. This is a critical issue for our business and the industry as a whole and Earthport has invested heavily in due diligence around these process on a global scale. Since compliance is at the heart of what we do as a regulated payments institution, we can help clients overcome very complex regulatory and compliance hurdles, particularly when it comes to executing high volumes of low value payments across borders.
PQ: Why should more banks look to fintech firms as partners? LEAR: There’s a lot of rhetoric out there around the disruption of the traditional banking model, and if banks will continue to exist in the future in their current state. We think this is a fair discussion to have, but banks are very critical to the global financial system, and as fintech firm we think it’s less about disruption and more about collaboration. For example, we enable our banking clients to globalize their cross-border payments offering straight out of the box without having to make large infrastructure investments or technology upgrades, and more and more banks partnering with fintech firms for these same reasons. JPMC’s
LEAR: I think fintech is a critical part of helping banks exist – one really relies on the other. But an important concept is that there’s a distinction between pure fintech and what we call finserv. While fintech is about the technology, and is focused on solutions rooted in APIs, connectivity and creating new business models, with finserv we actually package up a whole service for our clients, not just the technology. Secondly, fintech (and finserv) companies are really helping their banking clients accelerate the adoption of new technologies and services, either through fear or through partnership. Fear being that the banks try to change themselves, which can be very difficult for such large organizations, or partnership where they see the opportunity and get together to with a fintech partner to provide the right solution for their customers and the marketplace. PQ: What are the hopes and ambitions for Earthport in the New Year? LEAR: We want to continue on our mission of being the global low value payment utility choice for money transfer companies, regional and global banks and ecommerce companies. The way we are going to do this is by continuing to expand our geographic footprint while also continuing to help our clients build their own businesses by using our technology and services.
Alpha Payments Cloud Taps into Chinese E-Commerce Market with Alipay Partnership
T
hird-party payment, risk and commerce solutions provider Alpha Payments Cloud has entered into a partnership with Alipay to become its global acquiring partner. A subsidiary of Chinese e-commerce giant Alibaba, Alipay is a leading internet payment solution in the country with 400 million active users. This figure makes up more than 50 percent and 80 percent of the market share in online payments and mobile payments, respectively. Under the partnership, Alipay will be offered as a payment option through the AlphaHub Payments-as-a-Service platform. The platform features a unique transaction layer that enables thirdparty solutions such as Alipay to be used across e-commerce, m-commerce and point-of-sale (POS) in just a few clicks.
Alipay and Alpha Payments Cloud’s partnership taps into a profitable Chinese e-commerce market, as well as to the 117 million Chinese international travelers annually. Chinese tourists spent about US$165 billion in 2014, making them the single biggest spenders of any nation. Based on figures from the Chinese Commerce Ministry, the country’s e-commerce transactions hit US$2 trillion in 2014. On a monthly basis, more than 642 million users transacted online and more than 565 million used mobile payments, accounting for nearly half of the Chinese population.
“With China predicted to take 50% of the global eCommerce market by 2018, more and more merchants are looking East and partnering with Alipay is of strategic importance. By offering merchants simplified connectivity and access to Alipay they can open up their business to a significantly wider market.” -RÓNÁN GALLAGHER
CHIEF PRODUCT OFFICER ALPHA PAYMENTS CLOUD
Hong Kong Fintech is Booming
T
source: Lutz - Hong Kong 2012 - Flickr.com
he former British colony of Hong Kong is experiencing a financial technology boom seldom seen before. Although the US and UK not surprisingly lead in investment intentions, the small city-state comes out on top for adoption rates of financial technology among its consumers. Hong Kong has long been considered a potential global financial capital, and its adoption and acceptance of fintech innovation could help it secure that title. Hong Kong is not often considered a particularly technologically advanced city compared to its neighbors, such as Tokyo and Seoul. However, Hong Kong boasts the highest adoption rate by far. Hong Kong sits at the top of the percentage of people who have used
By: Melanie Macinas
By: Mike Dautner
at least two fintech services in the last 6-months at 29%. The United States, the second place contender, came in at 17%, while Singapore and the UK came it at 15 percent and 14 percent respectively. The adoption rates parallel other advancements in the Hong Kong fintech scene. Recently, multiple accelerator and incubators have been founded in Hong Kong, with many major players backing the ventures. The city has a few potential advantages that other larger and traditional nations may not have. For one, Hong Kong is but one city, and a city that has an extremely high population density. Moreover, Hong Kong has already been established as a significant player in the financial industry, especially within Asia, giving it a headstart in the fintech game.
Payment Quarterly | Q1 2016
43
THANK YOU TO ALL OUR CONTRIBUTORS
44
Payment Quarterly | Q1 2016
ADVERTISE IN OUR
TRANSACT
EDITION
The next issue of Payment Quarterly will be a special ISO focused edition with additional distribution at the ETA TRANSACT 16 conference. Place your product or services in front of the 4,000+ attendees who are ready to create new relationships and expand their networks. This issue will also reach our 10,000+ readers through mail distribution and our digital edition located on Paymentweek.com. See why thousands of executives rely on Payment Quarterly for critical insights and information on the emerging payments market. Creative Due Date:
April 1, 2016
To Reserve Advertising Contact: Jason Mongiello Director of Marketing jmongiello@lamilmedia.com (212) 592-0300 Payment Quarterly | Q1 2016
45