The Payment Systems Go to Guys

Notes from Las Vegas

noreply@blogger.com (Peter) — Wed, 28 Oct 2009 14:53:00 +0000

We (Quadagno & Associates, Inc.) conducted a workshop last week at SourceMedia's 17th Annual ATM, Debit and Prepaid Forum held at Caesars Palace in Las Vegas. The show and seminar series were well attended with keynoters such as Tim Murphy, Bob Carr and Dominick Ventura. There was Diebold's entire management team there and vendors that spoke of issuing prepaid cards from ATM or ATM-like devices. The hall attendance was good (it satisfied the vendors, which is all that matters) and the presentations, at least on the prepaid side, where I spent most of my time, were well done and thoughtful, addressing a wide variety of industry topics from growth to opportunities and how to best exploit them.

One of the vendors on the floor, Computer Sciences Corporation, was promoting a one-stop shop for software that, besides performing core banking functions, lets you be an acquiring processor, a prepaid issuing processor or almost anything in between. I have it on good sources that CSC is one of two payments industry firms mulling around inside Verizon (the other being First Annapolis). We also know about Verizon's efforts to sign up merchants for acquiring processing services in their deal with J.P.Morgan Chase. Verizon acts as the distribution channel - anyone signing up for a Verizon business line can expect an outbound marketing call selling acquirer processing services. I've watched telephone companies dabble in payment systems since the days of AT&T's original break-up in the 80s. They just never seem to get it right. I wonder if this time will be different. Especially as we begin to see mobile commerce take root. Perhaps the stakes are going up.

Our workshop (Quadagno & Associates and E&S Consulting's principal, Lori Breitzke) was entitled "The Evolution of Prepaid and its Effect on Banks" and was attended by 30 or so industry participants, some of whom could've presented with us (they were advanced in their thinking of how banks can play in prepaid markets). The larger banks are getting it. The community banks are farther behind. Yet, the really interesting issue for community banks is that their opportunities are no less substantive. The larger community banks have trust groups and commercial bank deposits that could benefit from the launch and sponsorship of prepaid programs. As these mid-tier banks begin to understand the revenue opportunities, they'll begin jumping in, creating challenges for the program managers that don't do their own processing.

I liked Carr's speech. I think it's important to belly-up to the bar when something goes wrong. And something is always going to go wrong. So, it's only a matter of choice whether we attempt to sweep it under the carpet or tell what happened in an honest and forthright way. If we choose the former course, we're making a BIG mistake. It will always come to light. It's only a question of time. Choosing the latter course allows us to stay in control. It permits us to decide how the world finds out and what their perception of us will be after they've had some time to consider our plights and how we elected to deal with it. Carr got it right. But then my understanding without truly knowing the man is that he usually does.

Another interesting topic was de-coupled debit, which was declared 'dead' by one of the presenters from Tempo Payment Systems, the former Debitman. I'm not sure the speaker, Mike Grossman, is right. The Merchant Payment Coalition doesn't appear to be nearing an end to their lobbying for interchange governance and I'm watching the price per barrel of oil start climbing as winter arrives. And as long as retailers control what happens at their POS (which I think is a safe statement for the foreseeable future), the topic of discount rates (I don't know why everybody calls it interchange) is not going away any time soon. So as long as that's true, alternative payment schemes like de-coupled debit have a rosy future. Just my opinion.

Maybe it's a topic we'll explore further in my next blog. Or perhaps my next blog is about the opportunities in prepaid for community banks. In the meantime, if you didn't attend the event last week in Vegas, pay attention to the writings of SourceMedia's publications over the next few weeks and you'll get a feel for what was presented and discussed. It was a good show.

Peter J. Quadagno
peterq@quadagno.com

http://www.quadagno.com

The Intersection of Banking with Mobile Phone Technologies

noreply@blogger.com (Peter) — Mon, 21 Sep 2009 19:11:00 +0000

The news just keeps getting louder about the intersection of banking with mobile phone technology. The issues revolve around applications, who controls them, how they get onto your phone, how many people are walking around with 'smart' phones, etc., etc. It is so reminiscent of the days 15 years ago when the rage was smart cards and how stored value or prepaid (there's little difference between these two terms) would require the security that only public key infrastructure or PKI could achieve.

And what happened? There was no one around willing to lay out the $3B to revamp the POS infrastructure. The business case, security and all, just wasn't there. And there was no infrastructure to support new technology at the POS. I have to wonder if the same thing isn't happening again, this time with mobile applications.

With the smart card guys using every breach we experience in today's payment systems to support their efforts to establish contactless smart cards, using EMV's chip and PIN methods, how will these efforts be affected by attempts to marry these two technologies (payment systems with mobile)?

The mobile applications we have today (SMS balances) works because we use host-based systems. What happens if the smart card guys actually realize the day? Will balances kept on a card have a negative impact on innovations using mobile?

The real offering won't happen until we've installed apps onto our phones. USAA recently announced an application for bill pay using smart phones. You have to be approved and download the application to make it work.

Going back to the POS, I keep thinking about how NFC reminds me of the smart card days when no one wanted to ask the question, "So who's going to pay for replacing $3billion worth of POS infrastructure?" This is still a pregnant question almost 2 decades later. I remember we started talking about smart cards in 1990 at the MTA in New York City when we started asking ourselves if we could create a card program inside transit that would allow the cardholder to buy more than just a subway ride. Now the question is being turned into one that asks whether our phones can get us into the subway or not.

EMV's solution of PIN and chip will require almost as much pain in terms of revamping our infrastructure. And if we move to PIN and chip, what happens to NFC and those SIMs that are resident in our smart phones? Will the SIM be capable of PIN and chip? Will Verizon, AT&T, T-Mobile, Sprint and the other MNOs allow handset manufacturers like Nokia, Apple, Blackberry and others to provide downloads that will make their phones true banking end points in the network of terminals? And where are the banks in all of this? Don't we need them and their networks if we're going to intersect any type of technology with payment systems?

And I think that may be the direction. The solution is the one that sees payment networks and mobile network operators interacting in an online, real-time environment. This might make the handset guys willing to work with whichever payment network(s) is first to develop a compatible environment.

I sat through a webinar last week on these topics. It seems the jury is a long way from bringing in a verdict.

Peter J. Quadagno

September 21, 2009

If It Ain’t Broke, Don’t Fix It, But If It Is……

noreply@blogger.com (Paul) — Fri, 28 Aug 2009 13:57:00 +0000

Back in the day, when I was starting out in banking, we had an underwriting model based on trust. We thought that if we lent you money, you would pay it back. As personal honor quietly left the scene and became a thing of the past, we had to find a new model. Some incredibly bright mathematicians began to develop intricate formulae that they perceived could replace honor with predictive behavioral systems. And guess what, for the most part they worked – the FICO score was born.

In fact ,FICO has worked fairly well for more that 4 decades until now. I have been led to believe that two of the major predictors may need to be revamped in light of current economic conditions. They are the formulae that calculate overall credit card debt to overall credit card availability and individual credit card account outstandings versus credit line. Given the problem banks are having relative to bad debt, many issuers are reducing their available lines to many cardholders. This is to be expected as many issuers began accepting lower and lower FICO scores in their quest for more and more borrowers until being an air breather became the standard criteria.

The issuers, as is their wont, overreacted dramatically and cut credit lines incredibly deep across their portfolios. One consumer I spoke with had a credit line cut from $10,000 to $300 with absolutely no explanation other than she hadn’t used the card in a while. Given the interest rate at well over 30% and no rewards program, it was no wonder the card was little used. The impact, however raised her overall outstanding debt to availability quite a bit, thus lowering her FICO score.

Her other creditors quickly noted the lowered score and pounced. The one account she used frequently to maximize mileage rewards had her credit line lowered from $30,000 to $7,500. She happened to have an outstanding balance of $6,000. Her ratio on this account jumped from a comfortable 20% to a whopping 80% overnight. Her FICO score went directly into the toilet. She always paid substantially more than the minimum payment and never, ever paid late. All she did was wake up in the morning. From being credit worthy and respectable to being a bum in the time it took to recalculate a formula.

The reason for my rant is that this could dramatically impact how we underwrite small merchants. Many mom and pop shops rely on their personal FICO score to access financing and try to accept credit and debit cards. If their FICO scores become distorted due to faulty mathematical modeling, we all have a problem. I presume that the geniuses that develop these models have grasped the problem and are diligently working to fix it. But as my dad used to say, “never presume. because when you do, you make a press out of you and me” or something like that. If it ain’t broke, don’t fix it, but if it is….

Paul Martaus

Two Companies Suffering from an Identity Crisis

noreply@blogger.com (Paul) — Fri, 28 Aug 2009 13:13:00 +0000

There was a time in the 80s when NCR attempted to buy into the business created when banks began sharing their ATMs. As these networks took hold, NCR was turning the corner by giving Diebold a run for its money. NCR had studied human/machine ergonomics and was outdoing Diebold on that front while emulating Diebold's success from a machine network standpoint. NCR was just beginning to hit its stride in this competition.

But when you sell an ATM, you make money on that transaction and only that transaction. The only ongoing revenue stream from the vendor's standpoint is the annual maintenance fee. A pittance when you start to think about the revenue streams created by adopting per transaction pricing associated with processing ATM transactions.

Having worked for NCR and then subsequently accepting a position with Manufacturers Hanover Trust, at the time the 4th largest bank in the US, I watched as NCR offered to become an equity partner with Manny Hanny in a shared network we were calling Matrix. Matrix would be owned by some of the large banks in NYC (Chase, Chemical, anybody but Citi, which was all of our competitors and a bank that we watched move market share by 9% points because of their self-service strategy) and NCR, whose management was ready with cash and equipment as their investment vehicle.

The whole idea tanked as we approached banks that were shocked that we'd want to share with an ATM vendor the revenue streams created by the cards that we, the banks, had worked so hard to get consumers to adopt and use. No easy task, let me tell you. Consumers don't change their payment habits with any alacrity whatsoever.

Fast forward 25 years and now we watch NCR go toe-to-toe in the DVD Video Kiosk placement and rental business with Coinstar's Redbox unit. And they've hired the fellow who ran Coinstar's coin business to do it. A fellow who knows little to nothing about networks, real-time, online transaction processing or any of the infrastructure that's required in a network of kiosks that must take orders from a central server farm.

But then, no one at Coinstar understands those real-time, bank-like transaction processing systems. Their kiosks are about as dumb as they come. When you first look at those machines you think “what an asset!” But then once you understand their limitations, you think 'there's more work than opportunity associated with those devices.

That is unless you're NCR.

So while NCR couldn't move the banks in the 80s, maybe the answer this time around is that NCR buys its way into the transaction processing business by buying Coinstar. There's synergy here. NCR knows networking. Coinstar knows how to motivate consumers, which is a talent of the person NCR took from Coinstar (he ran Coinstar's coin-counting business for at least 10 years). But what would be Coinstar's motivation? Certainly, not to get their employee back. Maybe survival?

While Coinstar seems to own the video rental business with Redbox, their coin-counting kiosks are an albatross. Maybe NCR could turn those 10,000+ kiosks into a true asset. I mean if they, NCR, want to be in the transaction processing business and given what they know about it, which is a ton, they might possibly be one of the only companies that could truly exploit the infrastructure Coinstar has created.

Coinstar clearly hasn't and my bet is that they won't (and can't). Although their Redbox unit is looking more and more like the company's crown jewel with networking capabilities, they never knew what they truly needed to know about the 4th Wall to have that strategy make a difference. Combining the best of these two companies might truly benefit all of their shareholders.

Peter Quadagno

Industry’s Tenuous Hold on Security

noreply@blogger.com (Patti Murphy) — Wed, 12 Aug 2009 14:53:00 +0000

August 12, 2009 The news out of Princeton, NJ is a stark reminder of just how big a problem card data security has become.

Heartland Payment Systems, which by most accounts ranks as the nation’s sixth largest card processor in the U.S., took a $2.6 million loss (or 7-cents a share) for the second quarter because of a $19.4 million charge against earnings to settle claims and legal fees related to the massive security breach it uncovered in January. Compare this to figures for the same quarter last year, when Heartland reported an $11.5 million profit, or 30-cents per share.

Card data security ain’t cheap folks. It ain’t easy, either. And if the industry doesn’t make some real changes soon, their hands may be forced to by retailers. Visa and its compatriots on the PCI Council would have us believe data security is as simple as abiding by the PCI Data Security Standards.

But as Heartland, and more recently Network Solutions Inc. discovered, to their horror, the PCI standards aren’t up to the task at hand. At best, they are a first step.

“PCI is nothing more than an elaborate patch,” wrote Dave Hogan, CIO at the National Retail Federation (NRF), in an NRF technology blog entry August 5. Echoing testimony he gave before Congress earlier this year, Hogan continued: “While PCI can reduce some fraud – at extraordinary cost – it is not nearly as effective as a redesign of card processes themselves.”

(The entire blog entry is available at: http://blog.nrf.com/2009/08/05/pci-compliant-you-are-until-they-say-you%E2%80%99re-not/. It’s worth reading if for no other reason than to get a better fix on where retailers are coming from on this issue.)

Hogan’s comments were written in response to news of the Network Solutions breach. A name that is practically synonymous with the Internet, Network Solutions, among other things, provides a full-suite of e-commerce solutions for thousands of smaller merchants. In this capacity, the company regularly relays card transaction data to merchant processors.

I asked this question recently in a column published by the Green Sheet, and it bears repeating here: How many of these high-profile, high-cost breaches must we as an industry experience before the card companies get serious about and improve card data security requirements? (http://www.greensheet.com/gsonline_pdfs/090702.pdf)

Outside of Visa, MasterCard and the PCI Council, a lot of folks (including Heartland CEO Bob Carr and NRF’s Hogan) are pushing for tougher measures, like card data encryption. Last week, Hogan was quoted in a press release from Electronic Payment Exchange, a Wilmington, DE-based payments processor for large retailers and banks.

EPX was announcing a new end-to-end payment solution that incorporates both tokenization and encryption. The company’s trade marked technology, known as BuyerWall, protects data from the moment a card is swiped at the point of sale.

(A bit of background: Encryption built into POS hardware and software protects against potential breaches before card numbers enter into the authorization process by immediately encoding data captured from the mag stripe. Tokenization is the process by which card account numbers get converted to random alpha-numeric gibberish. Combined, these two processes are supposed to render it practically impossible for hackers to capture card numbers in transit, and eliminate any need for merchants to store card numbers in their POS systems or databases.)

"Protecting consumer's credit card data against today’s professional hackers is a challenge for all merchants. EPX's announcement of a solution that offers both end-to-end encryption along with tokenization is going to be well received by the entire retail industry," Hogan stated in a press release EPX sent out today.

Sounds to me like the retailers have spoken. I wonder how the card companies will respond?

Patti Murphy

Congratulations to Donna Embry

noreply@blogger.com (Paul) — Thu, 06 Aug 2009 22:11:00 +0000

The Mid-West Acquiring Association has awarded Donne Embry a lifetime achievement award. I personally think it is a honor that is long overdue. I have known Donna for longer then either of us will admit to and she is one of the good guys. Always quietly working in the background while others go for the credit, she is and always has been the consummate professional. Congratulations Donna, you earned it.

Paul Martaus

The PCI Gotcha Rule

noreply@blogger.com (Paul) — Thu, 06 Aug 2009 19:46:00 +0000

Visa proudly stands behind their pronouncement that no organization that is certified as PCI compliant has ever been breached. Think about that – NEVER! Doesn’t that strike anyone as odd? Billions of dollars have been spent by thousands of companies to ensure that they are PCI compliant, yet the crooks always seem to target those companies that are not PCI compliant. How is that possible? Is there a list somewhere that only crooks have access to that identify these errant companies? Do they have some sort of mark that sets them apart?

Well, actually they do. Every company that has been breached thus far accepts or processes Visa and MasterCards. As such, they fall under Rule 6 of the PCI compliance rules. Paraphrasing Rule 6 - “All participating companies will develop and maintain secure systems and applications.” This rule seems, on the surface, to be innocuous, but upon reflection, it is incredibly nefarious. Why? Because taken to its logical conclusion, it is impossible to ever be PCI compliant. NEVER! Think about it, if you have suffered a breach, you have not maintained a secure system or application and therefore are in violation of Rule 6, thus are not PCI compliant. Now that’s a rule!

No wonder Visa is so strident and resolute in its pronouncement. Logically, they are absolutely right. In the real world where the rest of us live, however, it doesn’t quite ring true. There is something a bit out of whack with the logic. It would seem appropriate, in light of this rule, that all parties that accept or process Visa and MasterCards abandon any further efforts to become PCI compliant and redirect all current and future PCI related dollars into a huge legal defense fund dedicated to destroying the rule making bodies that promulgate or enforce PCI regulations. It only seems right to fight fire with fire.

Another thing about PCI compliance drives me crazy. Visa and MasterCard both maintain that they only enforce the rules promulgated by the PCI council – like they are at arm’s length in the process, although they both are founding and funding members of that august body. Yet they are both “for profit” companies. As such, creating shareholder wealth is their prime directive and motivator. Given that scenario, would it seem too Machiavellian to consider that one way to maximize revenues is to develop a set of standards that cannot be met, thus ensuring a steady flow of income? Just a thought!

Paul Martaus

Kudos to FDC

noreply@blogger.com (Paul) — Tue, 04 Aug 2009 18:57:00 +0000

Unaccustomed as I am to being positive about a lot of things related to our business, I find myself compelled to give credit where credit is due (no banking related pun intended). The recently announced merchant processing relationship between FDC and Bank of America represents a solid win for FDC. Any serious analysis of FDC’s long term prospects following the de-coupling with Chase resulted in questions concerning long term viability. It appeared to many industry observers that the remaining revenue streams from the many and varied FDC business lines were just not strong enough to sustain the entire organization over the long haul. A collapsed economy certainly did not help FDC’s prospects either.

With this announcement, FDC has managed to pull a huge and profitable rabbit out of its hat. The entire industry has long been aware of Bank of America’s struggle to compete effectively in the merchant services arena. Given its huge branch network, B of A seemed destined to become THE dominant player in the industry. But the potential energy was never converted to kinetic. B of A’s abhorrence of interaction with the ISO community, combined with its apparent lack of any recognition of the inherent value of a merchant relationship resulted in no coherent merchant services strategy. If there is one thing FDC can bring to a party it is a thorough understanding of the value of a merchant service relationship, combined with a deep appreciation of the ability of an ISO to close business.

Another strength FDC brings to the table is its ability to recognize an easy mark when it sees one, and its absolute commitment to take full advantage of an opportunity when one presents itself. And B of A certainly fits the profile of an easy mark – lots of money, lots of merchants, lots of potential to access more and no discernible talent in the merchant services marketplace. A marriage made in heaven. The marketplace can certainly anticipate a lot more heavy competition in the future as this relationship reaches fruition. Congratulations to FDC on a well earned win.

Paul Martaus

We're Baaaaack!

noreply@blogger.com (Paul) — Tue, 04 Aug 2009 17:18:00 +0000

Posting to the blog was suspended for a month due to personal circumstances. My humble apologies to all - now, back to our regularly scheduled programming.

Does Industry Lack Conviction for Interchange Fight?

noreply@blogger.com (Patti Murphy) — Fri, 26 Jun 2009 16:04:00 +0000

Let’s call it the Mobius Defense. You know what I’m talking about – circuitous reasoning, spun by individuals who are so wed to their opinions that they can’t imagine life any other way.

I had a chance to witness this first hand during a public debate on interchange recently. A lawyer representing the status quo offered up this argument: the economic meltdown that began last year was a direct consequence of the federal government not adequately regulating the sub-prime mortgage market, and that’s why we shouldn’t let the government regulate interchange.

I was blown away. There are plenty of arguments one could make in defense of interchange, and this was the best they had to offer? Give me a break!

If proponents of interchange are intent on winning this battle they need better ammunition than that.

What about concrete facts?

For example, can the Merchants Payments Coalition or any other foe of the interchange status quo provide concrete evidence that lower interchange results in lower prices to consumers?

That question was raised a few times last month during the Federal Reserve Bank of Chicago’s 2009 Payments Conference. (This year’s conference was titled “Payments Pricing: Who Bears the Cost?”) But the closest thing to an answer I heard from anti-interchange camp went something like this: it wouldn’t be very significant on a per-purchase basis – perhaps the difference between paying $0.98 for a soft drink instead of $1.00.

Even the Reserve Bank of Australia, which has been leading a multi-government attack on interchange, has been hard pressed to prove the extent to which merchant cost savings from lower interchange are being passed on to consumers in the form of lower prices.

In a paper released last April, the Australian Central Bank estimated that merchants had interchange savings of $1.1 billion in 2007 from mandated price caps. However, it added “no concrete evidence has been presented to the Board regarding the pass-through of these savings.”

Merchants in the U.S. have been claiming for years that interchange is a cash cow, bringing in tens of billions of dollars every year to banks and the card companies. A few months ago, I asked Mallory Duncan, the National Retail Federation’s chief lobbyist, if he could explain the source of NRF’s assertion that banks are reaping a windfall of $48 billion a year from interchange. It turns out that they’re using numbers from a report that’s at least 5 years old and updates are merely extrapolations of that data.

Now, I don’t know about your businesses, but my business has undergone plenty of changes over the past 5 years, and I doubt there is a bank or a merchant in business today that would, for example, assess the risk of lending us money based on 5-year-old financials.

Payments acquirers and their allies need real ammunition to counter claims such as these, not tenuous arguments that go nowhere. Maybe it’s time for the industry (or the card brands) to invest in some honest research of its own.

Patti Murphy

patti@takomagroup.com

Payment System Pricing Negotiations As Blood Sport

noreply@blogger.com (Paul) — Fri, 26 Jun 2009 13:31:00 +0000

It seems the stalwart yet feckless defenders of our freedoms collectively known as the U.S. Congress are at it again. Struggling against two disparate groups of special interests, both of whom, it is rumored, consistently drop off huge bags full of unmarked bills as attention getters, our representatives have proposed legislation that, if enacted, will force their own special brand of free enterprise on the payments world. First we consider H.R. 2695, The Credit Card Fair Fee Act of 2009. We will tackle the Senate version, S. 1212 of this special madness in my next blog.

H.R. 2695 purportedly levels the negotiating playing field as it relates to how much merchant should pay for accepting credit and debit cards at the point of sale. In the House’s defense, the current market-based solution is a bit arcane with dozens of players piling on fees and charges that are almost incomprehensible and in many cases indefensible. Granted the big guys pay a lot less than little guys, ostensibly because they generate more volume thus get better pricing. But even the big guys continually bitch to Congress and everybody else that will listen that they pay a lot more than they should.

Congress has apparently listened, at least to the rustle of all that purported cash. Their proposed solution however is so much more than hapless, it is bizarre. It could only be made more bizarre if they had all of the negotiators enter a cage, buck naked and each carrying knives and the survivors get to set prices. In fact, that may improve the outcome. Here is what they propose for real, at least in the House version.

The ten largest credit and debit issuers, the ten largest acquiring banks, the ten largest “covered” credit/debit electronic payment system (more on that in a minute) and the ten largest merchants (based on credit/debit dollar and transaction volumes) will all provide the Attorney General with an itemized list of costs associated with providing or accessing a “covered” electronic payment system. For good measure all parties have to provide copies of the processing contracts each has with each merchant. And they have 30 days in which to comply.

A “covered” electronic payment systems, btw, is one that processes at least 20% of all bank issued credit card and debit card transactions occurring during the last year. That precludes all but one or two processors – everybody else please wait outside, we will inform you of the outcome later if you are good. I have it on fairly good authority that the largest processors have absolutely no clue as to their cost structures so whatever they send in should probable be clearly labeled “fiction.” Merchants have it easier as they have cancelled checks to refer to, compensating balances and promotional allowances notwithstanding.

Each of the players mentioned above also have 30 days in which to submit to the Attorney General a negotiation schedule and if they miss the deadline the AG will set the schedule for them. These negotiations are designed to result in a fairly and equitably derived price that all merchants will pay for access to the credit and debit authorization and settlement systems regardless of size or volumes – one size fits all. Wal-Mart will pay the same as the local shoe store. Understand that we are not talking about interchange, we are talking about discount – the whole price for access.

Once completed, the negotiators have to file the agreement with the AG disclosing how the deal affect the U.S. and international marketplaces, how the fees are broken out by player a comparison of prices across the largest ten international markets and other conditions. Read very carefully, prices negotiated under the auspices of this proposed legislation will have international implications. Hmmmm. It must be noted that ISO have no say in these negotiations whatsoever but card issuers do. Perversely, Credit Union with assets of less than $1 billion are exempt from this bill. WTF! They wouldn’t be included to begin with given their size. Another lobby heard from!

Finally, two major issues are not addressed in this finely crafted piece of proposed legislation. We have no clue as to what to do when, not if negotiations fail to come to a satisfactory conclusion. And we have no idea as to how long the prices will remain in place, nor do we see a mechanism for adjusting them should market conditions change. Apparently these are not significant enough to take into account. Free enterprise be damned – full speed ahead!

Paul Martaus

paul@martaus.com

Opening the Rails of Open Loop Networks

noreply@blogger.com (Peter) — Thu, 25 Jun 2009 20:10:00 +0000

It was 1997 when the VP at Qwest Communication International's Prepaid Division asked me if it would be possible to create a point-of-sale activation network that wouldn't require the merchant to install any new hardware or software but could still activate a long distance phone card. This was the same question the division manager at MCI Prepaid had asked me in 1996, but MCI had such a hodgepodge of back office systems that complicated the answer to a degree that warranted it unachievable.

But with Qwest, they had a single platform. One place that controlled the database of PINs and card numbers that would allow for a single point of entry. At Qwest, the marching order could be achieved. All we needed to do was get our hands on a 'credit card-like' BIN and have the network keep it out of settlement. This used to be called pre-auths and it was a standard fare offering in ISO 8583. But in 1997, that wasn't the case. Nevertheless, it was clear we needed the type of BIN that any new bank or credit union wanting to launch a new credit or debit card program carrying the Visa or MasterCard logo would need.

The Qwest VP wanted his sales people to be able to walk into any merchant's store and without that merchant doing anything differently, have the ability to activate the Qwest long distance phone card. The VP envisioned the following scenario: My sales person walks into a merchant store and asks the merchant to attempt to make a long distance call with the card the salesperson would hand to that merchant. The merchant would take the card, dial the toll-free number, input the PIN as printed under the scratch-off area on the card and then enter the destination phone number. The call would fail. Then, the Qwest salesperson would ask the merchant to swipe the card through the merchant's EXISTING POS terminal, enter a penny in the value field (POS terminal downloads will stop a transaction if there is no dollar amount entered into the value field) and send the transaction through for authorization. The message back would say, "APPROVED." The salesperson would then ask the merchant to attempt to make the call again. This time, the call would go through. The merchant would stand there in amazement, wondering what magic the salesperson had performed under the merchant's very watchful eyes. It was a powerful selling tool for Qwest Prepaid.

Qwest's bank at the time was Bank 1, which just happened to have a board seat with Visa. So we approached the bank and got a good reception. And they approached Visa and got the same kind of reception. Both companies allocated resources and began discussions to determine how the transactions would be kept out of Visa's Base II settlement system. That was in January 1998. By August 1998, we had a working system that Qwest called SAFER - Secure Activation for Every Retailer. About 8 years later, Qwest sold their prepaid portfolio to IDT. Once again, the telephony-centric folks at IDT had not a clue what this SAFER thing was all about. So they put it on the shelf.

Meanwhile, my partner brought Mellon NSD to InComm with the same concept. This was right around the time NSD was getting sold to US Bank, which is where it sits today under Elan Financial Services' umbrella. This means that InComm has had a 4-series Visa BIN since 1999. InComm's IT unit, having spent their lives in telephony, didn't use the asset to its fullest extent. They simply didn't know what they didn't know. And they were also fearful (or mindful) of the Dorf patent, something MasterCard licensed but Visa hasn't even acknowledged (at least not that I know of). But that InComm BIN is still out there and can be used for non-financial transactions. Something I called 'event notification' (which will be topic for another time - there's a whole business here in getting non-financial transactions from existing POS infrastructure). Indeed, I worked for a start-up in the early 00's and we used the InComm BIN to distribute funds via gift cards to settle a class action law suit against Toshiba where the card could only be used at Best Buy, Circuit City, DAC/Insight, CDW and Comp USA. It worked like a dream.

So here we are more than 10 years later and we still don't have the ability to exploit the grand networks that the payments industry has created over the past 40 years to accomplish anything more than what it set out to do. Now that's progress!! But why? Why can't we use these networks to perform other transaction types that have meaning to both the merchants and the vendors that sell to them. Why did Blackhawk and InComm have to go through the machinations of building host-to-host interfaces to these merchants in order to sell their gift cards from their GCMs? Why, indeed, didn't Visa and/or MasterCard rule the roost in terms of POS activations - something the telephone industry dubbed POSA. This question is particularly applicable to InComm - who will tell you that they just couldn't achieve the flexibility with their US Bank 4-series Visa BIN that they could with a H2H interface. Ok, fair enough. But why!!!!???

The answer lies with the card networks' Fraud and Risk management departments. Sometimes it rests with the brand cops. You know, those people in Purchase and San Francisco who think that if the brand isn't accompanying the transaction, the transaction must be invalid. Not worthy of routing. Not helping the cause. And who cares whether it makes us money or not?

Clearly, at the outset, this kind of thinking was applicable, particularly when the networks were 501c3 companies. These are (or were) the kind of companies that need to spend every nickel they make because they're NOT-FOR-PROFIT.

Today, the landscape has changed. And because they are now FOR PROFIT companies, sooner or later their new shareholders will start asking the question that every subordinate has ever heard from any supervisor - WHAT HAVE YOU DONE FOR ME LATELY? And something tells me the answer isn't going to lie with the people who are in charge of protecting the brand. Nor will the answer lie with those who are responsible for protecting the integrity of the transaction, although I have to admit, the role of the anti-fraud and risk management people strike me as something that will always be needed.

While branding will remain important, it won't be the be all and end all of it all. Which means the branding cops will have to re-think how they approach the branding issue. That is, it's no longer just about the brand. It's now about exploiting the great and comprehensive infrastructure we've spent the past 40 years or so building. It's about time for us to exploit the opportunities that are staring us in the face and that we've been prevented from exploiting because of our fears, whether those fears emanate from risk or just plain brand positioning.

I think it's time we begin allowing non-financial or event notification transactions over VisaNet and Banknet. It will create new revenue streams for both networks, give them an ability to differentiate themselves (something they've always struggled to do) and give the entrepreneurs another venue to pursue. And it has an awful lot of implications for all of those who are attempting to figure out the reload issues for the general purpose prepaid programs already in the market.

Peter Quadagno
peterq@quadagno.com

Advocate Wanted

noreply@blogger.com (Paul) — Fri, 19 Jun 2009 19:42:00 +0000

While reviewing all of the “interchange” related legislation under consideration that directly impacts the paycheck of every ISO out there, it struck me that there is no single voice advocating on behalf of the ISO community. Think about it for a minute. ISOs close the overwhelming percentage of merchant contracts, place the lion’s share of terminals into the mom and pop retailers and maintain the largest number of relationship with merchants in the marketplace yet have absolutely no say in determining pricing of the very commodity they sell. Isn’t that strange?

Whether you know it or not, the Congress of the United States is proposing legislation right now to set pricing for access to the payment infrastructure. The proposals specifically exclude non-bank representatives from participating in price related negotiations going forward. You can rest assured that the bankcard associations, the banks, and the huge processing organizations all have paid lobbyists working diligently at representing their constituent’s point of view. Yet the ISOs have no voice.

Their best bet seems to be the ETA but the ETA is a registered trade association, not a lobby organization and represents a much larger constituency than just the ISO community. The ETA has to represent all of their members equally, which includes any company than participates in the electronic payments industry. I truly don’t have an answer here and the legislation in Congress is moving forward. It may be too late to do anything. But somebody may want to think hard and fast to come up with a solution. The ISOs very way of life may be at stake.

Paul Martaus

Public Transit and Payment Systems

noreply@blogger.com (Peter) — Wed, 17 Jun 2009 14:17:00 +0000

It was 1989 when the MTA in NYC entered into discussions with NYNEX and Mitsui (which had acquired the worldwide licensing rights to Nippon Telegraph & Telephone's prepaid phone card technology) to explore the concept of using prepaid transit cards to buy small dollar value items in and around NYC. MetroCard was on the drawing boards and we hadn't named the product yet. But we had 3600 payphones on the MTA's properties and ran it as a business - for profit. I wanted to do the same thing with our proposed new prepaid card that we eventually called 'MetroCard.' Turn it into a for profit business. So we spent resources to determine the best approach for expanding MetroCard's payment utility. Simultaneously, WMATA in DC was expending resources to investigate the use of bank-issued cards to pay for transit rides and access. Peter Benjamin, WMATA's-then CFO, would argue with us at the MTA on two fronts. First, we stole their name. Since they were the Metro, they should have rights to MetroCard. Secondly, he thought we should leave payment systems to those who did it for a living. Banks and networks, not transit operators. But since my background was payment systems, I argued against his position.

Today, London, Hong Kong and Singapore are 3 cities that have made their transit-issued prepaid cards usable for purchases other than transit. And they're finding merchants willing to accept it as payment. Meanwhile, Visa and MasterCard are in tests with the MTA in NYC and other cities in the US to determine if bank-issued, contactless smart cards can be used to access and pay for transit services. The fact is, my premise for MetroCard was based on two important ingredients - we (the MTA) had over 5.3 million riders daily, which translated into about 3 million people. And we could force adoption. A payment system that can force adoption by that many people (by eliminating tokens and telling those 3 million people that if they want a bus or subway ride, they'll have to adopt MetroCard) can realize great success, as measured by cards in use, the transactions they perform and the places where the card can be used. It will draw in merchants because so many people are carrying and using the card. But in cities like Atlanta, Pittsburgh, Philadelphia, Boston, Miami and Los Angeles, using transit cards to pay for everyday, small dollar value items just doesn't stack up to making a payment system successful. There are too few people and that, in turn, will draw in too few merchants. And that means taking a long, hard look at what WMATA wanted to do all along. WMATA would tell you, "we're transit people - we know how to move a person from point A to point B. We're not payments industry people and we should leave card issuance and payment system functions to those that know it best - THE NETWORKS and THE BANKS.

I think I've come full circle. I think WMATA and Peter Benjamin's position is the correct one and we ought to get the transit vendors and the payments industry people singing out of the same hymnal. And because transit systems are, by nature, insular, this won't be an easy task. Nevertheless, Cubic, Scheidt & Bachmann and Thales all seem willing to go down this path, which needs to be explored thoroughly. We should all look forward to the outcomes of the tests that Visa and MasterCard are conducting these days.

Regards from a payments industry person who spent time in transit clothing

Peter Quadagno

H.R. 2382 - A Real Sleeper

noreply@blogger.com (Paul) — Fri, 12 Jun 2009 21:46:00 +0000

Do you want to lose your lunch? Go read H. R. 2382 – A Bill to amend the Truth in Lending Act to prohibit unfair practices in electronic payment system networks, and for other purposes. Its short title is the ‘Credit Card Interchange Fees Act of 2009’. Here is the Cliffs Notes version.

If enacted:
- Issuers, acquirers, processors and ISOs are prohibited from charging merchants different interchange or “other fees” for accepting rewards cards.
- Merchants can advertise charging different prices for accepting cash versus credit.
- Merchants can refuse to accept different types of Visa, MasterCard, Discover, American Express and other brands of debit, credit or prepaid cards based on the cost of accepting each type.
- Merchants can steer consumers to use the type or kind of payment alternative they prefer.
- Merchants can accept payment cards at one of their locations but not others.
- Merchants can set minimum and maximum purchase amounts for accepting different types of payment alternatives including credit and debit.
- Merchants can direct authorization and settlement transactions according to any route they choose.
- Acquirers, processors and ISOs cannot impose minimum transaction volumes on merchants nor charge a fee for failing to meet minimum transaction volumes.
- Merchants must be provided a copy all relevant rules and regulations to which they are subject under the terms of their merchant agreement.
- Merchants must be provided complete operating rules and regulations of all relevant networks that offer cards with logos.
- The FTC shall prescribe regulations that ensure merchants are not subjected to unfair trade practices by networks.
- The FTC shall prescribe regulations that prohibit any unfair, deceptive or anti-competitive act by networks.
- The FTC must regularly review all rules, terms and conditions established by networks, processors, acquirers and ISOs.
- The FTC shall collect, publish, and disseminate to the public complete information on the interchange, processing and other fees charged by each network, acquirer, processor and ISO in connection with any aspect of transactions initiated by consumers using payment cards.
- The FTC shall collect, publish, and disseminate to the public all of the rules, terms, and conditions to which a merchant or a consumer is subject under an agreement with any network, processor, acquirer or ISO directly or indirectly by contract or through a licensing arrangement for transactions indicated by consumers using payment cards.
- The FTC may prescribe regulations and issue orders requiring any electronic payment system network, and any agent, processor, or licensed member of any such network, to submit any information, including rules, agreements, and contracts, that the FTC determines to be necessary or appropriate for the FTC to meet the requirements of this act.

Have a nice day!
Paul Martaus