Bank Automation News

No products in the cart.

Subscribe
  • News
  • Data
  • Transactions
  • Events
    • Bank Automation Summit
    • Apply to Speak
    • Apply to Demo
  • Podcast
  • WEBINARS
    • On-Demand Webinar: Emerging fintechs: New technologies you need to know now
    • Webinar Library
Log In
No Result
View All Result
  • AI
  • Business Banking
  • Core
  • Cloud
  • Payments
  • Retail Banking
  • Risk & Security
Bank Automation News
  • News
  • Data
  • Transactions
  • Events
    • Bank Automation Summit
    • Apply to Speak
    • Apply to Demo
  • Podcast
  • WEBINARS
    • On-Demand Webinar: Emerging fintechs: New technologies you need to know now
    • Webinar Library
BAN PLUS
Log In
No Result
View All Result
Bank Automation News
No Result
View All Result

The Opportunity To Disrupt the Credit Card Rails May Finally Be Opening Up

Daily FintechbyDaily Fintech
August 21, 2016
in Payments
Reading Time: 7 mins read
0
Share on Facebook

men working on railroad

The transition to Chip and PIN credit cards in America currently looks like just a big conversion cost – good for vendors and consultants and a big extra cost and time suck for everybody else. 

However, below the surface something bigger is brewing.  Chip on plastic is incremental change, but Chip on mobile phone is a game-changer. 

Payments has been the boulevard of broken dreams for entrepreneurs, but there is a reason it attracted so much attention – it is a massive market. According to Boston Consulting Group:

“In 2013, payments businesses generated $425 billion in transaction revenues, $336 billion in account-related revenues, and $248 billion in net interest income and penalty fees related to credit cards. The total represented roughly one-quarter of all banking revenues globally. Banks handled $410 trillion in noncash transactions in 2013, more than five times the amount of global GDP.” 

The accepted wisdom is that dreams of disrupting those credit card rails is foolish. You can see that wisdom baked into the stock price of Visa and Mastercard (just shy of $300 billion as I put keys to pixel).For a while, the disruptive crowd looked to Bitcoin but that hope has faded. The accepted wisdom now is that you can only make money within the existing credit card rails.

That maybe about to change (and it is nothing to do with Bitcoin). 

First, lets look at the big switch from mag stripe to chip cards in America

The big switch from mag stripe to chip cards in America

To the rest of the world, America moving from mag stripe to chip cards merits this reaction – “what took you so long?”

AITE Group has run the numbers. Here is one of the headlines from their report:

“the cost to implement PIN for all cards at merchants with PIN pads already installed is low, the costs are much higher for merchants that have yet to install PIN capability”

That is why many merchants in America are currently implementing a strange variant called Chip and Signature – you know, those signatures that nobody ever checks! Signatures are a relic of the past, useless in the digital age. That is why in countries that went to Chip cards a long time ago, it is all now Chip + PIN (but there was a period of transition where checkout staff were clearly trained to look at the signature, although what they could actually check is unclear). That combo of Chip + PIN is pretty secure and that is a big deal for retailers because they now have the liability for fraud.

Chip cards alone are more secure than mag stripe cards. A criminal can steal the PAN (Primary Account Number) if they have your mag stripe card for a minute (one crooked waiter is enough) but with a Chip card they need the card itself to get cash or goods and consumers know when they have lost a card and will report it lost to the bank/issuer, so the time window for a criminal is less. This is a better Single Factor Authentication – something you have.

However Two Factor Authentication – something you have  + something you know is better. That is Chip + PIN.

Where the puck is headed. At some point merchants must start saying “if we are responsible for fraud and all the costs to prevent fraud, why are we paying such a big transaction fee?” Credit Card networks rely on all the parties – consumers, merchants, banks – having aligned interests. If one or more starts to question “what’s in it for me” the network starts to break down.

The next headline focuses on the issuers/banks:

“Issuers would also face significant incremental expense, including the costs to reissue cards, establish and maintain a PIN management system, educate customers, and modify ATMs and interactive voice response platforms. Issuer costs total more than US$2.6 billion, which would result in a five-year fraud-avoidance benefit of about US$850 million”. 

Well, that sounds like a lousy ROI argument – invest US$2.6 billion and get back US$850 million! Pass, thanks. Of course, one can argue with those numbers, but even if they are wrong by a lot, the ROI still looks lousy. Maybe those numbers are so far off that the ROI is viable. Common sense says that they may be way off because issuers did all that in other countries and they would not have done that if the ROI was that bad. Does anybody have better data?

Where the puck is headed. To Issuers (aka Banks), credit cards are the way to to do unsecured consumer lending at the point of need aka point of sale. A consumers is at a store and wants to buy a $1,000 item and  not confident I have $1,000 in their account so they opt for credit.  Unsecured consumer lending is what Marketplace Lenders do. Banks want to be there at the point of need/sale because that means low Customer Acquisition Cost (CAC). So Banks will tighten up limits and be more selective on who they give credit to. That has happened in countries that moved to Chip + PIN. That means that Issuers will implement Chip + PIN no matter what it costs because it is way to stay at the front end of unsecured consumer lending. Any vendors helping them reduce those costs will do well. However, the big picture is that while we use the term issuer and bank interchangeably because most issuers are banks, you do not need to be a bank to be an issuer. You could be an Altfi Lender or MarketPlace Lender or a Merchant.

King Consumer is OK with the big switch

So much for merchants and issuers. What about the critical third player in this network – you and I?

Consumers find Chip + PIN easy enough (spoken as somebody who lived in America for many years and then moved to Europe). Sure, it is a muscle memory change, but it really is not that hard.

Retailers will make the switch because they have to and Issuers/Banks will make the switch because they have to. There will be lots of debate about who pays and how much, but the switch has to happen. The mag stripe alternative is simply not viable  – it is a relic like a fax machine.

But lets consider the other switch, the ones that the criminals do.

The criminal big switch

After Chip + PIN is introduced, fraud in Card Present transactions (aka physical retail) becomes too hard, so criminals shift attention to Card Not Present (CNP aka e-commerce).

Again, who has liability is key. If retailers have liability, they will impose one more step on consumers.

Both Visa and Mastercard have a solution. MasterCard has SecurePay. Visa has Custom Payment Service.

Using myself as a market panel of one, I can tell you that it is no more than a minor irritant, like learning to use a PIN.

So far, the 4 cornered marketplace – consumers, merchants, and issuers and payment networks – is intact and the credit card companies sit in the middle earning their fees as the 4th corner.

However, the big change is when we go to mobile transactions.

Three factor authentication is better

Chip is better than mag stripe for single factor. Chip + PIN is better two factor than Chip + Signature. But 3 factor is best and that is what mobile phones enable:

  • Factor 1: something I own (can be a chip on a card or a chip in a phone)
  • Factor 2: something I know (PIN)
  • Factor 3: something you know about me (location in a mobile phone, not possible with a Chip card).

If the payment authoriser (basically what a credit card company does) knows all three, the chance of fraud is very low. If you reduce fraud costs, the actually costs of making a payment are a blip of attention in one of your servers i.e. so close to zero that you might as well count it that way.

The Mobile Payment tipping point.

If this data from eMarketer is even close to right, we are at the Mobile Payment tipping point:

IMG_0915

When Merchants move into Payments via Tokenisation

Shh, don’t tell, but Uber is really a payments company with an e-commerce skin. So is Amazon. So is AirBnB. People make a big deal about Uber, Amazon and AirBnB not owning the actual physical stuff/service that we buy – as if vertical integration was an issue in the 21st century. What is much more critical is when Merchants become payment businesses through Tokenization.

Tokenization 101

Tokenization is the one-time password that a student of cold war espionage stories would recognize. If you steal the token/one-time password, you can steal the contents of that message/payment and only that message. That is fundamentally different from stealing the Primary Account Number (PAN). If you steal the PAN (by physically stealing a card or reading the mag stripe encoded data from a merchant) you can steal a lot of money.

Remember those merchants upset by the cost of switching to Chip + PIN? They would like to do this as well. Any entrepreneur who figures out how to offer that to small merchants will do well – maybe Square?

It is an aggregation job. If you aggregate a large number of tokens (ie consumers who trust you enough to do payments through you) you have a valuable business.

Think about these giant commerce players – Uber and Amazon and AirBnB – in terms of the 4 cornered marketplace:

  • King Consumer – well somebody has to pay
  • Merchant – tick
  • Issuer – Merchants can also be Issuers. They can lend (they often do, calling it Supply Chain Finance or something)
  • Payment processor. This is where we need to look at Debit Interchange Fees & Mobile Wallets.

Interchange fees & Mobile Wallets.

If you pay via Debit from your bank account, it is simply a blip in a server somewhere i.e. cost is close to zero and where regulation around Interchange Fees come into the picture.

If you pay via Debit from your bank account Debit from cash in your mobile wallet, the cost should be zero. It is like paying in folding notes and coins, with no intermediary. If a merchant who already has your consumer trust, offers you mobile cash as an option at a lower cost it is an easy call. Even in a drunken Uber cab ride home you can peek into your mobile wallet and see if you have enough cash. This is where mobile wallet interoperability and the leapfrogging to mobile money in the Rest (which is a big theme on Daily Fintech) is key.

Daily Fintech Advisers provides strategic consulting to organizations with business and investment interests in Fintech & operates the Fintech Genome P2P Knowledge platform.

Tags: tokenization
Previous Post

Goldman Sachs Takes on Marketplace Lending with Marcus

Next Post

Are We at a Tipping Point for Blockchain?

Related Posts

fis
Payments

Fiserv, Global Payments, FIS tap M&A for growth

May 6, 2025
Payments

Fiserv resolves data center outage

May 6, 2025
A car with the hood open
Payments

Auto aftermarket sees rising need for BNPL

May 6, 2025
Next Post

Are We at a Tipping Point for Blockchain?

Please login to join discussion

Stay Informed with Our Newsletters

EMERGING FINTECH DIRECTORY

Emerging Fintech Directory

The Buzz Podcast

RETAIL BANKING

Huntington Bank’s new branch in Spartanburg

Huntington Bank resolves outage

May 7, 2025
bank

Barclays, Banco Santander, Lloyds plan product expansion

May 5, 2025
satisfactiin

Online banks lead FIs in customer satisfaction

May 2, 2025

SPONSORED

Just Released! 2025 Strategy Benchmark

May 1, 2025

Leverage Treasury Management to Turn Fraud Prevention Into a Strategic, Revenue-Generating Opportunity

April 1, 2025

A growth mindset in banking requires AI

March 27, 2025
  • About Us
  • Help Center
  • Contact Us
  • Privacy Terms
  • ADA Compliance
  • Advertise

 Manage Cookie Consent

Connect

twitter linkedin podcast podcast podcast
© 2025 Royal Media
No Result
View All Result
  • NEWS
    • All News
    • AI
    • Business Banking
    • Core
    • Cloud
    • Payments
    • Retail Banking
    • Risk & Security
  • DATA
  • TRANSACTIONS
  • EVENTS
    • Bank Automation Summit
  • PODCAST
  • WEBINARS
    • Upcoming Webinar
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • NEWS
    • All News
    • AI
    • Business Banking
    • Core
    • Cloud
    • Payments
    • Retail Banking
    • Risk & Security
  • DATA
  • TRANSACTIONS
  • EVENTS
    • Bank Automation Summit
  • PODCAST
  • WEBINARS
    • Upcoming Webinar
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account

THIS WEBSITE USES COOKIES

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “I CONSENT”, you consent to the use of ALL the cookies.

Cookie settingsI CONSENT

Review our Cookie Policies
.
Manage Cookie Consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
__cfruidsessionCloudflare sets this cookie to identify trusted web traffic.
__RequestVerificationTokensessionThis cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks.
_abck1 yearThis cookie is used to detect and defend when a client attempt to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions.
34f6831605sessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
a64cedc0bfsessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
ak_bmsc2 hoursThis cookie is used by Akamai to optimize site security by distinguishing between humans and bots
ARRAffinitysessionARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSitesessionThis cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
AWSELBsessionAssociated with Amazon Web Services and created by Elastic Load Balancing, AWSELB cookie is used to manage sticky sessions across production servers.
bm_sz4 hoursThis cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions
cf_ob_infopastThe cf_ob_info cookie is set by Cloudflare to provide information on HTTP Status Code returned by the origin web server, the Ray ID of the original failed request and the data center serving the traffic.
cf_use_obpastCloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
CONCRETE5sessionThis cookie is set by the provider Concrete5 web content management system. This is a necessary cookie used for maintaining the user session between pages.
connect.sid1 monthThis cookie is used for authentication and for secure log-in. It registers the log-in information.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookiesession11 yearThis cookie is set by the Fortinet firewall. This cookie is used for protecting the website from abuse.
crmcsrsessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
ep20130 minutesThis cookie is set by Wufoo for load balancing, site traffic and preventing site abuse.
JSESSIONIDsessionThe JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKENsessionCloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
PHPSESSIDsessionThis cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
sxa_sitesessionThis cookie is used to identify the webiste visitor's session state across page requests on server.
ts3 yearsPayPal sets this cookie to enable secure transactions through PayPal.
ts_c3 yearsPayPal sets this cookie to make safe payments through PayPal.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookiesessionThis cookie is used to check if the cookies are enabled on the users' browser.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
__cf_bm30 minutesThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmpsessionZoho sets this cookie for the login function on the website.
663a60c55dsessionThis cookie is related to Zoho (Customer Service) Chatbox
bcookie2 yearsLinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie2 yearsLinkedIn sets this cookie to store performed actions on the website.
e188bc05fesessionThis cookie is set in relation to Zoho Campaigns
geosessionThis cookie is used for identifying the geographical location by country of the user.
iamcsrsessionZoho (Customer Support) sets this cookie and is used for tracking visitors (for performance purposes)
langsessionLinkedIn sets this cookie to remember a user's language setting.
languagesessionThis cookie is used to store the language preference of the user.
lidc1 dayLinkedIn sets the lidc cookie to facilitate data center selection.
optimizelyEndUserId1 yearOptimizely uses this cookie to store a visitor's unique identifier which is a combination of a timestamp and a random number. Different variations of web parts are shown to users that optimizes the website's user experience.
tableau_localesessionTableau uses this cookie to determine the preferred language and country-setting of the visitor - This allows the website to show content most relevant to that region and language.
UserMatchHistory1 monthLinkedIn sets this cookie for LinkedIn Ads ID syncing.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
AWSELBCORS20 minutesThis cookie is used by Elastic Load Balancing from Amazon Web Services to effectively balance load on the servers.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
__gads1 year 24 daysThe __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gcl_au3 monthsProvided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_idneverThis cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.
ajs_group_idneverThis cookie is set by Segment to track visitor usage and events within the website.
ajs_user_idneverThis cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.
browser_id5 yearsThis cookie is used for identifying the visitor browser on re-visit to the website.
CONSENT2 yearsYouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
sid1 yearThe sid cookie contains digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time.
uid1 yearThis is a Google UserID cookie that tracks users across various website segments.
vuid2 yearsVimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
WMF-Last-Access1 month 21 hours 5 minutesThis cookie is used to calculate unique devices accessing the website.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
_dc_gtm_UA-1038974-41 minuteUsed to help identify the visitors by either age, gender, or interests by DoubleClick - Google Tag Manager.
_fbp3 monthsThis cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_pxhdpastUsed by Zoominfo to enhance customer data.
fr3 monthsFacebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE1 year 24 daysGoogle DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie15 minutesThe test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE5 months 27 daysA cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSCsessionYSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devicesneverYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-idneverYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextIdneverThis cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requestsneverThis cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
049fc2ef5beb27056b07d9e4c4d13fd3sessionNo description
akaalb_http_misc_subssessionNo description
AnalyticsSyncHistory1 monthNo description
BIGipServermsocu-web-2-rr.webfarm.ms.com.10882sessionNo description
bm_misessionNo description available.
CX_4061522881 yearNo description
DCID20 minutesNo description
debugneverNo description available.
DrupalVisitorMobilesessionNo description available.
ep2033 monthsNo description available.
frbatlanta#langsessionNo description
geo_info1 yearNo description available.
GoogleAdServingTestsessionNo description
li_gc2 yearsNo description
loglevelneverNo description available.
loom_anon_commentsessionNo description available.
loom_referral_videosessionNo description
mkjs_group_idneverNo description available.
mkjs_user_idneverNo description available.
MorganStanley.ClientServ.Common.IPZipAccess.IPZipCookie.DEFAULT_COOKIE_NAMEpastNo description
NSC_us_nbsl-83+63+21+25-91sessionNo description
nyt-a1 yearThis cookie is set by the provider New York Times. This cookie is used for saving the user preferences. It is used in context with video and audio content.
nyt-gdpr6 hoursNo description available.
nyt-purr1 yearNo description available.
OCC_Encrypted_CookiesessionNo description
polleverywhere_session_id14 daysNo description
ppnet_2020sessionNo description available.
ppnet_2777sessionNo description available.
reuters-geosessionNo description
shell#langsessionNo description
smcx_0_last_shown_atsessionNo description available.
tableau_public_negotiated_localesessionNo description available.
vary1 monthNo description
www#langsessionNo description
X-Vive-CountrysessionNo description
xn_uuid1 monthNo description
Save & Accept
Powered by CookieYes Logo