Wednesday, October 28, 2009

Notes from Las Vegas

We (Quadagno & Associates, Inc.) conducted a workshop last week at SourceMedia's 17th Annual ATM, Debit and Prepaid Forum held at Caesars Palace in Las Vegas.  The show and seminar series were well attended with keynoters such as Tim Murphy, Bob Carr and Dominick Ventura.  There was Diebold's entire management team there and vendors that spoke of issuing prepaid cards from ATM or ATM-like devices.  The hall attendance was good (it satisfied the vendors, which is all that matters) and the presentations, at least on the prepaid side, where I spent most of my time, were well done and thoughtful, addressing a wide variety of industry topics from growth to opportunities and how to best exploit them. 


One of the vendors on the floor, Computer Sciences Corporation, was promoting a one-stop shop for software that, besides performing core banking functions, lets you be an acquiring processor, a prepaid issuing processor or almost anything in between.  I have it on good sources that CSC is one of two payments industry firms mulling around inside Verizon (the other being First Annapolis).  We also know about Verizon's efforts to sign up merchants for acquiring processing services in their deal with J.P.Morgan Chase.  Verizon acts as the distribution channel - anyone signing up for a Verizon business line can expect an outbound marketing call selling acquirer processing services.  I've watched telephone companies dabble in payment systems since the days of AT&T's original break-up in the 80s.  They just never seem to get it right.  I wonder if this time will be different.  Especially as we begin to see mobile commerce take root.  Perhaps the stakes are going up. 


Our workshop (Quadagno & Associates and E&S Consulting's principal, Lori Breitzke) was entitled "The Evolution of Prepaid and its Effect on Banks" and was attended by 30 or so industry participants, some of whom could've presented with us (they were advanced in their thinking of how banks can play in prepaid markets).  The larger banks are getting it.  The community banks are farther behind.  Yet, the really interesting issue for community banks is that their opportunities are no less substantive.  The larger community banks have trust groups and commercial bank deposits that could benefit from the launch and sponsorship of prepaid programs.  As these mid-tier banks begin to understand the revenue opportunities, they'll begin jumping in, creating challenges for the program managers that don't do their own processing. 


I liked Carr's speech.  I think it's important to belly-up to the bar when something goes wrong.  And something is always going to go wrong.  So, it's only a matter of choice whether we attempt to sweep it under the carpet or tell what happened in an honest and forthright way.  If we choose the former course, we're making a BIG mistake.  It will always come to light. It's only a question of time.  Choosing the latter course allows us to stay in control.  It permits us to decide how the world finds out and what their perception of us will be after they've had some time to consider our plights and how we elected to deal with it.  Carr got it right.  But then my understanding without truly knowing the man is that he usually does.


Another interesting topic was de-coupled debit, which was declared 'dead' by one of the presenters from Tempo Payment Systems, the former Debitman.  I'm not sure the speaker, Mike Grossman, is right.  The Merchant Payment Coalition doesn't appear to be nearing an end to their lobbying for interchange governance and I'm watching the price per barrel of oil start climbing as winter arrives.  And as long as retailers control what happens at their POS (which I think is a safe statement for the foreseeable future), the topic of discount rates (I don't know why everybody calls it interchange) is not going away any time soon.  So as long as that's true, alternative payment schemes like de-coupled debit have a rosy future.  Just my opinion. 


Maybe it's a topic we'll explore further in my next blog.  Or perhaps my next blog is about the opportunities in prepaid for community banks.  In the meantime, if you didn't attend the event last week in Vegas, pay attention to the writings of SourceMedia's publications over the next few weeks and you'll get a feel for what was presented and discussed.  It was a good show.


Peter J. Quadagno
peterq@quadagno.com

http://www.quadagno.com

Read more...
at 9:53 AM Links to this post 0 Comments/Click to View or Add

Monday, September 21, 2009

The Intersection of Banking with Mobile Phone Technologies

The news just keeps getting louder about the intersection of banking with mobile phone technology.  The issues revolve around applications, who controls them, how they get onto your phone, how many people are walking around with 'smart' phones, etc., etc.  It is so reminiscent of the days 15 years ago when the rage was smart cards and how stored value or prepaid (there's little difference between these two terms) would require the security that only public key infrastructure or PKI could achieve. 

 

And what happened?  There was no one around willing to lay out the $3B to revamp the POS infrastructure.  The business case, security and all, just wasn't there.  And there was no infrastructure to support new technology at the POS.  I have to wonder if the same thing isn't happening again, this time with mobile applications.

 

With the smart card guys using every breach we experience in today's payment systems to support their efforts to establish contactless smart cards, using EMV's chip and PIN methods, how will these efforts be affected by attempts to marry these two technologies (payment systems with mobile)?

 

The mobile applications we have today (SMS balances) works because we use host-based systems.  What happens if the smart card guys actually realize the day?  Will balances kept on a card have a negative impact on innovations using mobile?

 

The real offering won't happen until we've installed apps onto our phones.  USAA recently announced an application for bill pay using smart phones.  You have to be approved and download the application to make it work.

 

Going back to the POS, I keep thinking about how NFC reminds me of the smart card days when no one wanted to ask the question, "So who's going to pay for replacing $3billion worth of POS infrastructure?"  This is still a pregnant question almost 2 decades later.  I remember we started talking about smart cards in 1990 at the MTA in New York City when we started asking ourselves if we could create a card program inside transit that would allow the cardholder to buy more than just a subway ride.  Now the question is being turned into one that asks whether our phones can get us into the subway or not.

 

EMV's solution of PIN and chip will require almost as much pain in terms of revamping our infrastructure.  And if we move to PIN and chip, what happens to NFC and those SIMs that are resident in our smart phones?  Will the SIM be capable of PIN and chip?  Will Verizon, AT&T, T-Mobile, Sprint and the other MNOs allow handset manufacturers like Nokia, Apple, Blackberry and others to provide downloads that will make their phones true banking end points in the network of terminals?  And where are the banks in all of this?  Don't we need them and their networks if we're going to intersect any type of technology with payment systems? 

 

And I think that may be the direction.  The solution is the one that sees payment networks and mobile network operators interacting in an online, real-time environment.  This might make the handset guys willing to work with whichever payment network(s) is first to develop a compatible environment. 

 

I sat through a webinar last week on these topics.  It seems the jury is a long way from bringing in a verdict.

 

Peter J. Quadagno

September 21, 2009

Read more...
at 2:11 PM Links to this post 0 Comments/Click to View or Add

Friday, August 28, 2009

If It Ain’t Broke, Don’t Fix It, But If It Is……

Back in the day, when I was starting out in banking, we had an underwriting model based on trust. We thought that if we lent you money, you would pay it back. As personal honor quietly left the scene and became a thing of the past, we had to find a new model. Some incredibly bright mathematicians began to develop intricate formulae that they perceived could replace honor with predictive behavioral systems. And guess what, for the most part they worked – the FICO score was born.

In fact ,FICO has worked fairly well for more that 4 decades until now. I have been led to believe that two of the major predictors may need to be revamped in light of current economic conditions. They are the formulae that calculate overall credit card debt to overall credit card availability and individual credit card account outstandings versus credit line. Given the problem banks are having relative to bad debt, many issuers are reducing their available lines to many cardholders. This is to be expected as many issuers began accepting lower and lower FICO scores in their quest for more and more borrowers until being an air breather became the standard criteria.

The issuers, as is their wont, overreacted dramatically and cut credit lines incredibly deep across their portfolios. One consumer I spoke with had a credit line cut from $10,000 to $300 with absolutely no explanation other than she hadn’t used the card in a while. Given the interest rate at well over 30% and no rewards program, it was no wonder the card was little used. The impact, however raised her overall outstanding debt to availability quite a bit, thus lowering her FICO score.

Her other creditors quickly noted the lowered score and pounced. The one account she used frequently to maximize mileage rewards had her credit line lowered from $30,000 to $7,500. She happened to have an outstanding balance of $6,000. Her ratio on this account jumped from a comfortable 20% to a whopping 80% overnight. Her FICO score went directly into the toilet. She always paid substantially more than the minimum payment and never, ever paid late. All she did was wake up in the morning. From being credit worthy and respectable to being a bum in the time it took to recalculate a formula.

The reason for my rant is that this could dramatically impact how we underwrite small merchants. Many mom and pop shops rely on their personal FICO score to access financing and try to accept credit and debit cards. If their FICO scores become distorted due to faulty mathematical modeling, we all have a problem. I presume that the geniuses that develop these models have grasped the problem and are diligently working to fix it. But as my dad used to say, “never presume. because when you do, you make a press out of you and me” or something like that. If it ain’t broke, don’t fix it, but if it is….

Paul Martaus

Read more...
at 8:57 AM Links to this post 0 Comments/Click to View or Add

Two Companies Suffering from an Identity Crisis

There was a time in the 80s when NCR attempted to buy into the business created when banks began sharing their ATMs. As these networks took hold, NCR was turning the corner by giving Diebold a run for its money. NCR had studied human/machine ergonomics and was outdoing Diebold on that front while emulating Diebold's success from a machine network standpoint. NCR was just beginning to hit its stride in this competition.

But when you sell an ATM, you make money on that transaction and only that transaction. The only ongoing revenue stream from the vendor's standpoint is the annual maintenance fee. A pittance when you start to think about the revenue streams created by adopting per transaction pricing associated with processing ATM transactions.

Having worked for NCR and then subsequently accepting a position with Manufacturers Hanover Trust, at the time the 4th largest bank in the US, I watched as NCR offered to become an equity partner with Manny Hanny in a shared network we were calling Matrix. Matrix would be owned by some of the large banks in NYC (Chase, Chemical, anybody but Citi, which was all of our competitors and a bank that we watched move market share by 9% points because of their self-service strategy) and NCR, whose management was ready with cash and equipment as their investment vehicle.

The whole idea tanked as we approached banks that were shocked that we'd want to share with an ATM vendor the revenue streams created by the cards that we, the banks, had worked so hard to get consumers to adopt and use. No easy task, let me tell you. Consumers don't change their payment habits with any alacrity whatsoever. 

Fast forward 25 years and now we watch NCR go toe-to-toe in the DVD Video Kiosk placement and rental business with Coinstar's Redbox unit. And they've hired the fellow who ran Coinstar's coin business to do it. A fellow who knows little to nothing about networks, real-time, online transaction processing or any of the infrastructure that's required in a network of kiosks that must take orders from a central server farm.

But then, no one at Coinstar understands those real-time, bank-like transaction processing systems. Their kiosks are about as dumb as they come. When you first look at those machines you think “what an asset!” But then once you understand their limitations, you think 'there's more work than opportunity associated with those devices.

That is unless you're NCR. 

So while NCR couldn't move the banks in the 80s, maybe the answer this time around is that NCR buys its way into the transaction processing business by buying Coinstar. There's synergy here. NCR knows networking. Coinstar knows how to motivate consumers, which is a talent of the person NCR took from Coinstar (he ran Coinstar's coin-counting business for at least 10 years). But what would be Coinstar's motivation? Certainly, not to get their employee back. Maybe survival?

While Coinstar seems to own the video rental business with Redbox, their coin-counting kiosks are an albatross. Maybe NCR could turn those 10,000+ kiosks into a true asset. I mean if they, NCR, want to be in the transaction processing business and given what they know about it, which is a ton, they might possibly be one of the only companies that could truly exploit the infrastructure Coinstar has created.

Coinstar clearly hasn't and my bet is that they won't (and can't). Although their Redbox unit is looking more and more like the company's crown jewel with networking capabilities, they never knew what they truly needed to know about the 4th Wall to have that strategy make a difference. Combining the best of these two companies might truly benefit all of their shareholders.

Peter Quadagno

Read more...
at 8:13 AM Links to this post 1 Comments/Click to View or Add

Wednesday, August 12, 2009

Industry’s Tenuous Hold on Security

August 12, 2009 The news out of Princeton, NJ is a stark reminder of just how big a problem card data security has become.

Heartland Payment Systems, which by most accounts ranks as the nation’s sixth largest card processor in the U.S., took a $2.6 million loss (or 7-cents a share) for the second quarter because of a $19.4 million charge against earnings to settle claims and legal fees related to the massive security breach it uncovered in January. Compare this to figures for the same quarter last year, when Heartland reported an $11.5 million profit, or 30-cents per share.

Card data security ain’t cheap folks. It ain’t easy, either. And if the industry doesn’t make some real changes soon, their hands may be forced to by retailers. Visa and its compatriots on the PCI Council would have us believe data security is as simple as abiding by the PCI Data Security Standards.

But as Heartland, and more recently Network Solutions Inc. discovered, to their horror, the PCI standards aren’t up to the task at hand. At best, they are a first step.

“PCI is nothing more than an elaborate patch,” wrote Dave Hogan, CIO at the National Retail Federation (NRF), in an NRF technology blog entry August 5. Echoing testimony he gave before Congress earlier this year, Hogan continued: “While PCI can reduce some fraud – at extraordinary cost – it is not nearly as effective as a redesign of card processes themselves.”

(The entire blog entry is available at: http://blog.nrf.com/2009/08/05/pci-compliant-you-are-until-they-say-you%E2%80%99re-not/. It’s worth reading if for no other reason than to get a better fix on where retailers are coming from on this issue.)

Hogan’s comments were written in response to news of the Network Solutions breach. A name that is practically synonymous with the Internet, Network Solutions, among other things, provides a full-suite of e-commerce solutions for thousands of smaller merchants. In this capacity, the company regularly relays card transaction data to merchant processors.

I asked this question recently in a column published by the Green Sheet, and it bears repeating here: How many of these high-profile, high-cost breaches must we as an industry experience before the card companies get serious about and improve card data security requirements? (http://www.greensheet.com/gsonline_pdfs/090702.pdf)

Outside of Visa, MasterCard and the PCI Council, a lot of folks (including Heartland CEO Bob Carr and NRF’s Hogan) are pushing for tougher measures, like card data encryption. Last week, Hogan was quoted in a press release from Electronic Payment Exchange, a Wilmington, DE-based payments processor for large retailers and banks.

EPX was announcing a new end-to-end payment solution that incorporates both tokenization and encryption. The company’s trade marked technology, known as BuyerWall, protects data from the moment a card is swiped at the point of sale.

(A bit of background: Encryption built into POS hardware and software protects against potential breaches before card numbers enter into the authorization process by immediately encoding data captured from the mag stripe. Tokenization is the process by which card account numbers get converted to random alpha-numeric gibberish. Combined, these two processes are supposed to render it practically impossible for hackers to capture card numbers in transit, and eliminate any need for merchants to store card numbers in their POS systems or databases.)

"Protecting consumer's credit card data against today’s professional hackers is a challenge for all merchants. EPX's announcement of a solution that offers both end-to-end encryption along with tokenization is going to be well received by the entire retail industry," Hogan stated in a press release EPX sent out today.

Sounds to me like the retailers have spoken. I wonder how the card companies will respond?

Patti Murphy

Read more...
at 9:53 AM Links to this post 0 Comments/Click to View or Add
Labels:
Subscribe to: Posts (Atom)

  © Free Blogger Templates Spain by Ourblogtemplates.com 2008

Back to TOP