Disruptive Innovation

Enough With the Disruptive Innovation. Collaborate or Fail.

[This is taken in large part from from an earlier blog, but I feel it needs updating to include more than just payments.]

‘Disruptive Innovation’ has become a common cry for anyone wanting to displace the existing players. It is defined as; “an innovation that helps create a new market and value network, and eventually disrupts an existing market and value network (over a few years or decades), displacing an earlier technology.

Unfortunately the original concept is now grossly misapplied. But like how ‘irony’ now has several meanings, I guess disruptive innovation will have different meaning based on its context.

However, I’ve never heard anyone using the phrase ‘Sustaining Innovation’, which; “does not create new markets or value networks but rather only evolves existing ones with better value, allowing the firms within to compete against each other’s sustaining improvements.

So why is everyone so interesting in disrupting the existing ecosystems? And by “everyone” I of course mean those who are trying to either break into market, or those trying to wrest even more control for themselves. In payments – as my example -, non-cash payments work [mostly], and you have a large degree of faith in your bank’s ability to protect your monetary assets. Do you really want the whole thing to change? Do you even know what it is that you want that’s different?

But do things even need to change? Well yes actually, they do. And are there innovations available NOW that make the payments process easier, cheaper, and more secure for the consumer? Yes, there are. However, can we expect the entire payment industry to throw out everything they have spent billions on over the last few decades, are used BY billions, just to make room for every start-up with a good idea? No, we can’t, and that’s the real issue here.

In the last 10 years there have only been 2 true [potential] disruptors in the payments industry; the mobile phone, and block chains (Bitcoin et al), neither of which has achieved anywhere near its full potential. Yet. Not because the technologies are flawed [necessarily], but because the introduction OF the technologies was done poorly. For mobile devices, the payments challenges included the ‘fight’ between NFC and BlueTooth, the numerous options for security on the device (Secure Elements, Trusted Execution Environments and so on), and the presumed insecurity of the technology overall. For block chains is was, and still is, the almost complete lack of understanding of how they even work in the first place. I’ve looked into them and I still find the concept nearly incomprehensible.

But even these disruptors need current context, and they represent a fundamental shift from our overly complicated view of payments back to its basics; I go to work to earn value (money), the value gets stored somewhere (a bank), and I access the value when I want it regardless of time or location (mobile payment). This would suggest that the only disruption we really need is the disintermediation of some of the players. There are simply too many middle-men whose only input to the new world of payments will be value erosion. Thank God the Mobile Network Operators (MNOs) are too busy bickering amongst themselves or this would be even more complicated!

As a consumer who has a very good idea of what he want to see change, I know that only those who help the payments industry evolve will have a lasting positive impact, and this will only be through collaboration and fair competition.

I’ve used payments as an example, because that’s what I know the best, but the same can be said for almost every other industry sector. The drive to take away what others have, instead of providing a better service for the common good, is capitalism at its worst. And no, I’m not proposing some sort of socialism, it’s just logic; What’s easier? Completely replacing something, or improving what we have in collaboration with multiple players?

It’s not like there isn’t enough to go around.

[If you liked this article, please share! Want more like it, subscribe!]

What Will 2016 Be “The Year Of” In Payments?

I guess it’s quite prophetic that 2016 is the Chinese Year of the Monkey, though I suspect that the Year of the Headless Chicken will be a little more accurate.

Every year, someone either predicts a ‘Year of x‘, or claims that the previous year was ‘The Year of y‘, and usually it’s the very organisations with a direct vested interest in the technology in question. 2015 was the Year of Biometrics, 2014 was the Year of Encryption, and so on.

Thankfully the financial industry at large took a step back and put these, and many other technologies, into an appropriate perspective. Mostly. Especially biometrics, where numerous vendors were dribbling all over themselves when Apple Pay finally hit the mainstream. We heard cries of “The password is dead!” and “Biometrics is the future of authentication!”, all of which was utter nonsense in light of the Payment Services Directive 2 (PSD2).

Yes, many banks have invested significant sums in biometrics (usually to enhance their mobile banking app security), and no, these investments will not be wasted, but from what I’ve seen most of them have missed the point; that authentication is just a temporary means to an end.

The result is that those Hell bent on disruption will fail without collaboration, those with a single authentication technology will fail without partnerships in a multi-factor solution, and those interested only in keeping things the same will be left behind. The only hope of achieving a balance between all of these things is to ask the only stakeholders who have no idea what they want;

The consumer.

Even after a few years of dramatic changes and innovation in payments, what everyone seems to have missed – or at least underestimated – is that payments (or finance in general) is far too complex for the average consumer to understand. In my opinion it’s been made too complex to even be sustainable, especially when you consider that the concept of a payment is actually very simple; I have a value stored here, and I want to transfer it over there in exchange for a product or service. HOW that happens should not be the consumer’s concern, only the security and efficiency of that transaction should.

I have no problem paying my bank to protect my stored value (i.e. money), as long as it’s reasonable. I have no problem paying someone to protect (and accept liability for) the transfer of that money somewhere else, as long as it’s reasonable. What I DO object to is the numerous intermediaries in the current system who not only make the process expensive, but ridiculously slow and inefficient.

But what I really want is for payments to go away entirely, at least from my perspective as a consumer. I want the HOW of the payment to be handled in the background, and the decision made by a trusted third party who found the best all-round deal for the product/service of my choosing. Whether that’s finding a plumber, or shopping for groceries, the only innovations I care about are ones that take care of the things I hate doing; like filling out online payment forms, or lining up in Sainsbury’s to pay for a pint of milk.

So, in truth, 2016 will likely be the Year of Nothing Much Happened. Truly beneficial change will take a long time, and while the pieces necessary for innovation are already available, getting all of the stakeholders to agree on the way forward will extend way beyond this year, and likely next.

I’m hoping that 2016 will actually be the Year of Getting the Future-State Plan Right, but I somehow doubt it.

 

EMV in the US, I Still Can’t Figure Out Why?

Way back in July 2013 I wrote the blog; “Why the US Will Not Adopt EMV (Chip & PIN)“, which, given the current state of EMV adoption in the US, was wayyyy off the mark.

My broken crystal ball aside, – hey, if I was any good at predictions I’d be blogging from my yacht anchored in the Med, not from my kitchen in Barnes – I still can’t figure out why the US would spend billions upon billions of dollars on EMV without demanding that those players with the greatest vested interest in ‘plastic’ build in a more permanent ROI.

Those player are:

  1. The Card Brands: This one is a given, any move away from plastic and towards mobile is one step closer to obsolescence (yes, I am ignoring EMV tokenisation, for many reasons).
    o
  2. Issuers: Also a given, what ELSE are they going to do?
    o
  3. Acquirers / PSPs: They have the best chance of segueing their current position into bringing their merchant-base future-proofed payment innovations and value-add services designed to improve the ‘consumer journey’.
    o
  4. Terminal/PED Manufacturers: Once the US has spent billions replacing their mag stripe PEDs with Chip / Contactless, what is left for PED makers to do? When the whole world finally works out that mobile phones and wearables only need something to read them (e.g another bloody phone), why buy crappy, massively expensive, devices that do next to nothing to improve the customer’s shopping experience?

These players have been around for so long that they are seen as the de facto standard, while all along they have been intermediaries designed only to make non-cash payments safe. To make them trusted. And they did a superb job, so superb in fact that it has taken technology almost SIXTY years to find something better! We went from the first production car to landing on the bloody MOON in the same time!

But it’s here now, and it’s been here since Apple created the iPhone. A device capable of so many modes of every factor of authentication, that we can really start calling it Identity Assurance, which is the foundation of only thing on which a payment is truly based; trust.

A credit card number, regardless of where it’s stored, how it’s stored, or even if it’s tokenised, will never be able to match what my phone can do.

For years now, the functionality of mobile devices has been perfectly placed to provide alternatives to plastic; e-wallets, direct debit, merchant-side tokens, even block chains, but here we are, in 2015, and we are still spending billions on the same technology our parents or even grandparents first used back in the 60’s.

Again, why?

Let me answer that with another question; How do YOU want to pay for things in a store? If whatever you wanted in payment technology could come true tomorrow, what would it look like?

The odds are that unless you’re in the payments innovation line of work, you really have no idea. You just want it to be painless, convenient, and if you’ve had issues in the past, safe. Payment cards are so much part of our lives that we cannot even imagine anything simpler. It’s only when you know what goes on in the background that the true cost of plastic comes to light.

From interchange fees, to PCI compliance, to fraud, to PEDs, to the plastic cards themselves, taking card payments is a massively expensive undertaking, and if you think those costs are not passed down to us, the consumers, then I have a bridge to sell you.

But you really can’t blame the consumer, we are not the ones who live and die at the whim of consumers in general …but retailers do. Would Walmart be as big if they only took cash? Of course not, they NEED non-cash payments, but what if the top TEN retailers in American had told the card brands that the first one to negate the need to EMV got ALL their business, can you imagine what would have happened?

Top 10 Retailer’s Revenue in 2013

Rank Retailer                   Rev. (USD Millions)
1 Wal-Mart $ 334,302.00
2 Kroger $ 93,598.00
3 Costco $ 74,740.00
4 Target $ 71,279.00
5 The Home Depot $ 69,951.00
6 Walgreen $ 68,068.00
7 CVS Caremark $ 65,618.00
8 Lowe’s $ 52,210.00
9 Amazon.com $ 43,962.00
10 Safeway $ 37,534.00
$ 911,262.00

That’s close to 1 TRILLION USD, the lion’s share of  which was accepted through plastic.

And what could Target have done with the $100M they spent on new PEDs, or the millions they are paying in fines and reparations for their 2013 breach? I point not to their ridiculous back-end processes as the cause of their woes, but their inability to focus on the true cause of their vulnerability; their inability to innovate collaboratively.

I guess, in retrospect, EMV in the US was inevitable, without consumer pressure for alternatives the retail industry just followed along like sheep, perhaps assuming payment cards were some kind of ‘official’ mandate. They are not, and the retail industry in the US missed an incredible opportunity for change. Now all they’ve done is set themselves up to not only pay for the ‘new’ infrastructure (at least up front), but to pay for the fraud as well.

While not entirely appropriate, it’s one of my favourite sayings, and applies to every level in payment food-chain, including the consumer.

“You are not entitled to your opinion. You are entitled to your informed opinion. No one is entitled to be ignorant.”

― Harlan Ellison

The Inherent Limitations Of The Contactless Card

This week saw an announcement from the UK Cards Association that the transaction limit on contactless cards had been raised from £20 to £30 to cover the average supermarket spend of £25. This is also in response to the news that the first half of 2015 saw £2.5bn spent on contactless transactions, compared with £2.3bn for the whole of 2014. Apple Pay has followed suit, although some retailers are considering scrapping the limit altogether given the authenticated nature of the transaction.

This remarkable growth is to be welcomed as it demonstrates the willingness of consumers to embrace new payment methods. Contactless is a swift and easy way to make payments and it is clear that consumers are, finally, adopting the technology, albeit mostly with the continued use of ‘plastic’.

Yet, a closer look at the statistics shows that the use of contactless is still limited and far from reaching its full potential. Figures, again from the UK Cards Association, show that the average spend on a contactless transaction is £6.98. Yet, the average debit card purchase in 2014 was £43.45, over SIX times greater!

Contactless is used, by and large, for small purchases. Even before the raising of the transaction limit to £30, the average spend represented just over a third of the transaction limit. Consumers use it to buy their morning coffee and lunchtime sandwich, and while contactless is growing in consumer popularity and  merchant acceptance, there are still significant gaps in capability distribution.

A look at a list of the companies that accept contactless payments is an impressive who’s-who of household names, but with the exception of Waitrose and Marks and Spencer, large supermarkets are noticeable in their absence.

In part, this could be due to the fact that supermarkets are focussed more on securing consumers’ higher value weekly shops rather than smaller baskets on grocery essentials, but not all PED/terminal estates are even capable of accepting contactless. Just about all new terminals are Near Field Communication (NFC) capable, but older models are not. Cost of replacement must be in line with infrastructure end-of-life, not desire for new capability.

Mobile Commerce (or m-commerce) has also added significant complexity to the retailer’s decision-making process. Traditional (and most legacy) terminals are built for purpose; the acceptance of branded payment plastic. The enormous flexibility and functionality of the MUCH cheaper mobile payment acceptance devices can significantly improve the entire consumer shopping journey, something that no retailer can afford to ignore.

Contactless cards don’t require any initial authentication to use them with the exception of mandatory PIN entry after a specified number of uses (usually 5 in the UK). This limits their usefulness to brick & mortar retail as the risk of fraud and chargebacks is fairly significant. With the use of contactless via a consumer mobile device, the number of authentication factors and modes can make contactless payments as secure as chip & PIN.

When consumers have the ability to seamlessly authenticate themselves to make a payment, the limits on how, and how much they spend, are removed.

So, while it is encouraging to see contactless payments become more popular, it is inevitable they will only reach their true potential via consumer mobile devices, and not plastic cards.

[Ed. Written in collaboration with www.myPINpad.com]

The Changing Face of Payment Card Fraud

According to the most recent Nilsen Report, in 2014 card fraud losses reached $16.31 Billion globally, up 19% over 2013. However, to put this into a better perspective, the average losses to fraudsters per $100 spent went up from $5.5c in 2013 to $5.7c, which in turn is up from $4.5c just 5 years ago.

This may not sound like a lot, but when the total payments volume driven by the major card brands was $23.78 TRILLION, the loss of tiny fractions of a percent per transactions translates to billions; $16.31 billion to be precise.

The biggest victim? That’s right, the US, who accounted for 48.2% of the gross fraud losses, but only generated 21.4% of the global purchase volume, giving them a loss ratio more than double that of the rest of the world (at $12.75 lost / $100 spent).

The causative factors are numerous, some of which are being addressed, some of which will only get worse BECAUSE the first ones are addressed;

  1. By far the biggest cause is the lack of EMV adoption in the US, where card counterfeiting accounted for almost 1/4 of all losses globally ($23.9%). This is particularly frustrating for regions where they have full EMV implementations, but fraudsters can just put transactions through US-based mag stripe terminals
  2. The US’s over reliance on predictive analysis anti-fraud techniques, which given its ‘back-office’ nature, is too little, too late. Besides, it’s only the larger merchants who can afford such measures
  3. US merchants have not embraced 3-D Secure to protect e-commerce transactions as they “care less about merchandise lost than they do shopping cart abandonment”. And it’s not just the loss of a single transaction, as an angry customer is unlikely to hurry back

Not that the rest of the world have anything to boast about, and seeing as the payment card industry will only expand over the next 5 years – which in itself quite ridiculous give the numerous alternatives-, the criminal gangs can be expected to double and re-double their efforts until unsecurable legacy transaction processes are finally replaced.

The only highlight in the entire Nilsen report – if you can call a loss a highlight – is that PIN-based ATM debit transactions were the lowest risk of all transaction types at only $1.3c lost / $100 spent. Which begs the question; Why on earth is the US implementing their EMV rollout with ‘chip & choice’, not ‘chip & PIN’? Why rely on just a more-secure-than-mag-stripe technology when 2-factor authentication is rapdily become a industry standard AND regulation?

The number of solutions to the challenges that are available today make the continued losses all the more frustrating; from mobile devices capable of multi-factor AND multi-mode (multiple instances of a factor) authentication, ‘enhanced positive data’ available from contextualised big data, to identity management techniques capable of adding reputational decisions to a given transaction, are all established products.

Seeing as over 2/3 of all Americans have a smartphone, even the simple and ubiquitous PIN has the capability of vastly reducing the continued fraud associated with magnetic stripe transactions. Integrate an out-of-band PIN authentication within existing acquirer transaction processes and the card data becomes almost meaningless.

Payment innovation will eventually make the current vulnerabilities a thing of the past, but why wait?